[PATCH 19/30] qemu: domain: Store data for 'secret' object representing http cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The http cookies can have potentially sensitive values and thus should
not be leaked into the command line. This means that we'll need to
instantiate a 'secret' object in qemu to pass the value encrypted.

This patch adds infrastructure for storing of the alias in the status
XML.t

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/qemu/qemu_domain.c                    | 8 +++++++-
 src/qemu/qemu_domain.h                    | 3 +++
 tests/qemustatusxml2xmldata/modern-in.xml | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e7aaded4d5..b36ff434f3 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2314,6 +2314,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
     qemuDomainStorageSourcePrivatePtr priv;
     g_autofree char *authalias = NULL;
     g_autofree char *encalias = NULL;
+    g_autofree char *httpcookiealias = NULL;

     src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
     src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
@@ -2327,8 +2328,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,

     authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
     encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
+    httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt);

-    if (authalias || encalias) {
+    if (authalias || encalias || httpcookiealias) {
         if (!src->privateData &&
             !(src->privateData = qemuDomainStorageSourcePrivateNew()))
             return -1;
@@ -2340,6 +2342,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,

         if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
             return -1;
+
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0)
+            return -1;
     }

     if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
@@ -2390,6 +2395,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
     if (srcPriv) {
         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
+        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie");
     }

     if (src->tlsAlias)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 202b85e39a..4e59f316fa 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -460,6 +460,9 @@ struct _qemuDomainStorageSourcePrivate {

     /* data required for decryption of encrypted storage source */
     qemuDomainSecretInfoPtr encinfo;
+
+    /* secure passthrough of the http cookie */
+    qemuDomainSecretInfoPtr httpcookie;
 };

 virObjectPtr qemuDomainStorageSourcePrivateNew(void);
diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
index c8d21ceada..cb56cdcef9 100644
--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -332,6 +332,7 @@
               <objects>
                 <secret type='auth' alias='test-auth-alias'/>
                 <secret type='encryption' alias='test-encryption-alias'/>
+                <secret type='httpcookie' alias='http-cookie-alias'/>
                 <TLSx509 alias='transport-alias'/>
               </objects>
             </privateData>
-- 
2.24.1





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux