qemu: domain: Store data for 'secret' object representing http cookies

The http cookies can have potentially sensitive values and thus should not be leaked into the command line. This means that we'll need to instantiate a 'secret' object in qemu to pass the value encrypted. This patch adds infrastructure for storing of the alias in the status XML. Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com>

qemu: domain: Store data for 'secret' object representing http cookies
The http cookies can have potentially sensitive values and thus should not be leaked into the command line. This means that we'll need to instantiate a 'secret' object in qemu to pass the value encrypted. This patch adds infrastructure for storing of the alias in the status XML. Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Ján Tomko <jtomko@redhat.com>
4e8faa5c · Peter Krempa · 304da937 · 4e8faa5c · 4e8faa5c · 4e8faa5c
Showing with 11 addition and 1 deletion

src/qemu/qemu_domain.c src/qemu/qemu_domain.c +7 -1

src/qemu/qemu_domain.h src/qemu/qemu_domain.h +3 -0

tests/qemustatusxml2xmldata/modern-in.xml tests/qemustatusxml2xmldata/modern-in.xml +1 -0

未找到文件。
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2352,6 +2352,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
    qemuDomainStorageSourcePrivatePtr priv;
    g_autofree char *authalias = NULL;
    g_autofree char *encalias = NULL;
+    g_autofree char *httpcookiealias = NULL;

    src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
    src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
@@ -2365,8 +2366,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,

    authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
    encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
+    httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt);

-    if (authalias || encalias) {
+    if (authalias || encalias || httpcookiealias) {
        if (!src->privateData &&
            !(src->privateData = qemuDomainStorageSourcePrivateNew()))
            return -1;
@@ -2378,6 +2380,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,

        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
            return -1;
+
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0)
+            return -1;
    }

    if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
@@ -2428,6 +2433,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
    if (srcPriv) {
        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
+        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie");
    }

    if (src->tlsAlias)

--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -463,6 +463,9 @@ struct _qemuDomainStorageSourcePrivate {

    /* data required for decryption of encrypted storage source */
    qemuDomainSecretInfoPtr encinfo;
+
+    /* secure passthrough of the http cookie */
+    qemuDomainSecretInfoPtr httpcookie;
 };

 virObjectPtr qemuDomainStorageSourcePrivateNew(void);

--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -332,6 +332,7 @@
              <objects>
                <secret type='auth' alias='test-auth-alias'/>
                <secret type='encryption' alias='test-encryption-alias'/>
+                <secret type='httpcookie' alias='http-cookie-alias'/>
                <TLSx509 alias='transport-alias'/>
              </objects>
            </privateData>