render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
d76c62
From 270be96a2730304de8f5dd1d24dd367c9ed52b22 Mon Sep 17 00:00:00 2001
d76c62
Message-Id: <270be96a2730304de8f5dd1d24dd367c9ed52b22@dist-git>
d76c62
From: Peter Krempa <pkrempa@redhat.com>
d76c62
Date: Mon, 16 Mar 2020 22:12:02 +0100
d76c62
Subject: [PATCH] qemu: domain: Store data for 'secret' object representing
d76c62
 http cookies
d76c62
MIME-Version: 1.0
d76c62
Content-Type: text/plain; charset=UTF-8
d76c62
Content-Transfer-Encoding: 8bit
d76c62
d76c62
The http cookies can have potentially sensitive values and thus should
d76c62
not be leaked into the command line. This means that we'll need to
d76c62
instantiate a 'secret' object in qemu to pass the value encrypted.
d76c62
d76c62
This patch adds infrastructure for storing of the alias in the status
d76c62
XML.
d76c62
d76c62
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
d76c62
Reviewed-by: Ján Tomko <jtomko@redhat.com>
d76c62
(cherry picked from commit 4e8faa5cdc54ce637f760ad4513753e17d2b9a4f)
d76c62
d76c62
 Conflicts:
d76c62
	src/qemu/qemu_domain.c:
d76c62
        Context conflict with missing backport of cleanups. (mentioned
d76c62
                                                             earlier)
d76c62
d76c62
https://bugzilla.redhat.com/show_bug.cgi?id=1804750
d76c62
Message-Id: <b51659e22b0840ca6c5431c4e212445bdeb4c12d.1584391727.git.pkrempa@redhat.com>
d76c62
Reviewed-by: Ján Tomko <jtomko@redhat.com>
d76c62
---
d76c62
 src/qemu/qemu_domain.c                    | 8 +++++++-
d76c62
 src/qemu/qemu_domain.h                    | 3 +++
d76c62
 tests/qemustatusxml2xmldata/modern-in.xml | 1 +
d76c62
 3 files changed, 11 insertions(+), 1 deletion(-)
d76c62
d76c62
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
d76c62
index 2920e699f6..9391bc37e0 100644
d76c62
--- a/src/qemu/qemu_domain.c
d76c62
+++ b/src/qemu/qemu_domain.c
d76c62
@@ -2341,6 +2341,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
d76c62
     char *authalias = NULL;
d76c62
     char *encalias = NULL;
d76c62
     int ret = -1;
d76c62
+    g_autofree char *httpcookiealias = NULL;
d76c62
 
d76c62
     src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
d76c62
     src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
d76c62
@@ -2354,8 +2355,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
d76c62
 
d76c62
     authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
d76c62
     encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
d76c62
+    httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt);
d76c62
 
d76c62
-    if (authalias || encalias) {
d76c62
+    if (authalias || encalias || httpcookiealias) {
d76c62
         if (!src->privateData &&
d76c62
             !(src->privateData = qemuDomainStorageSourcePrivateNew()))
d76c62
             goto cleanup;
d76c62
@@ -2367,6 +2369,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
d76c62
 
d76c62
         if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
d76c62
             goto cleanup;
d76c62
+
d76c62
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0)
d76c62
+            goto cleanup;
d76c62
     }
d76c62
 
d76c62
     if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
d76c62
@@ -2423,6 +2428,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
d76c62
     if (srcPriv) {
d76c62
         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
d76c62
         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
d76c62
+        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie");
d76c62
     }
d76c62
 
d76c62
     if (src->tlsAlias)
d76c62
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
d76c62
index bd9ac85ae2..5733954679 100644
d76c62
--- a/src/qemu/qemu_domain.h
d76c62
+++ b/src/qemu/qemu_domain.h
d76c62
@@ -460,6 +460,9 @@ struct _qemuDomainStorageSourcePrivate {
d76c62
 
d76c62
     /* data required for decryption of encrypted storage source */
d76c62
     qemuDomainSecretInfoPtr encinfo;
d76c62
+
d76c62
+    /* secure passthrough of the http cookie */
d76c62
+    qemuDomainSecretInfoPtr httpcookie;
d76c62
 };
d76c62
 
d76c62
 virObjectPtr qemuDomainStorageSourcePrivateNew(void);
d76c62
diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
d76c62
index c8d21ceada..cb56cdcef9 100644
d76c62
--- a/tests/qemustatusxml2xmldata/modern-in.xml
d76c62
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
d76c62
@@ -332,6 +332,7 @@
d76c62
               <objects>
d76c62
                 <secret type='auth' alias='test-auth-alias'/>
d76c62
                 <secret type='encryption' alias='test-encryption-alias'/>
d76c62
+                <secret type='httpcookie' alias='http-cookie-alias'/>
d76c62
                 <TLSx509 alias='transport-alias'/>
d76c62
               </objects>
d76c62
             </privateData>
d76c62
-- 
d76c62
2.25.1
d76c62