From 4e8faa5cdc54ce637f760ad4513753e17d2b9a4f Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Mon, 9 Mar 2020 08:19:02 +0100 Subject: [PATCH] qemu: domain: Store data for 'secret' object representing http cookies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The http cookies can have potentially sensitive values and thus should not be leaked into the command line. This means that we'll need to instantiate a 'secret' object in qemu to pass the value encrypted. This patch adds infrastructure for storing of the alias in the status XML. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/qemu/qemu_domain.c | 8 +++++++- src/qemu/qemu_domain.h | 3 +++ tests/qemustatusxml2xmldata/modern-in.xml | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index c4270755be..1be9b2c8ac 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -2352,6 +2352,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, qemuDomainStorageSourcePrivatePtr priv; g_autofree char *authalias = NULL; g_autofree char *encalias = NULL; + g_autofree char *httpcookiealias = NULL; src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt); src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt); @@ -2365,8 +2366,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt); encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt); + httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt); - if (authalias || encalias) { + if (authalias || encalias || httpcookiealias) { if (!src->privateData && !(src->privateData = qemuDomainStorageSourcePrivateNew())) return -1; @@ -2378,6 +2380,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0) return -1; + + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0) + return -1; } if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0) @@ -2428,6 +2433,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src, if (srcPriv) { qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth"); qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption"); + qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie"); } if (src->tlsAlias) diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index ad7ed3b9f0..031a5f2ad4 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -463,6 +463,9 @@ struct _qemuDomainStorageSourcePrivate { /* data required for decryption of encrypted storage source */ qemuDomainSecretInfoPtr encinfo; + + /* secure passthrough of the http cookie */ + qemuDomainSecretInfoPtr httpcookie; }; virObjectPtr qemuDomainStorageSourcePrivateNew(void); diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml index c8d21ceada..cb56cdcef9 100644 --- a/tests/qemustatusxml2xmldata/modern-in.xml +++ b/tests/qemustatusxml2xmldata/modern-in.xml @@ -332,6 +332,7 @@ + -- GitLab