|
|
a41c76 |
From 270be96a2730304de8f5dd1d24dd367c9ed52b22 Mon Sep 17 00:00:00 2001
|
|
|
a41c76 |
Message-Id: <270be96a2730304de8f5dd1d24dd367c9ed52b22@dist-git>
|
|
|
a41c76 |
From: Peter Krempa <pkrempa@redhat.com>
|
|
|
a41c76 |
Date: Mon, 16 Mar 2020 22:12:02 +0100
|
|
|
a41c76 |
Subject: [PATCH] qemu: domain: Store data for 'secret' object representing
|
|
|
a41c76 |
http cookies
|
|
|
a41c76 |
MIME-Version: 1.0
|
|
|
a41c76 |
Content-Type: text/plain; charset=UTF-8
|
|
|
a41c76 |
Content-Transfer-Encoding: 8bit
|
|
|
a41c76 |
|
|
|
a41c76 |
The http cookies can have potentially sensitive values and thus should
|
|
|
a41c76 |
not be leaked into the command line. This means that we'll need to
|
|
|
a41c76 |
instantiate a 'secret' object in qemu to pass the value encrypted.
|
|
|
a41c76 |
|
|
|
a41c76 |
This patch adds infrastructure for storing of the alias in the status
|
|
|
a41c76 |
XML.
|
|
|
a41c76 |
|
|
|
a41c76 |
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
a41c76 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
a41c76 |
(cherry picked from commit 4e8faa5cdc54ce637f760ad4513753e17d2b9a4f)
|
|
|
a41c76 |
|
|
|
a41c76 |
Conflicts:
|
|
|
a41c76 |
src/qemu/qemu_domain.c:
|
|
|
a41c76 |
Context conflict with missing backport of cleanups. (mentioned
|
|
|
a41c76 |
earlier)
|
|
|
a41c76 |
|
|
|
a41c76 |
https://bugzilla.redhat.com/show_bug.cgi?id=1804750
|
|
|
a41c76 |
Message-Id: <b51659e22b0840ca6c5431c4e212445bdeb4c12d.1584391727.git.pkrempa@redhat.com>
|
|
|
a41c76 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
a41c76 |
---
|
|
|
a41c76 |
src/qemu/qemu_domain.c | 8 +++++++-
|
|
|
a41c76 |
src/qemu/qemu_domain.h | 3 +++
|
|
|
a41c76 |
tests/qemustatusxml2xmldata/modern-in.xml | 1 +
|
|
|
a41c76 |
3 files changed, 11 insertions(+), 1 deletion(-)
|
|
|
a41c76 |
|
|
|
a41c76 |
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
|
|
|
a41c76 |
index 2920e699f6..9391bc37e0 100644
|
|
|
a41c76 |
--- a/src/qemu/qemu_domain.c
|
|
|
a41c76 |
+++ b/src/qemu/qemu_domain.c
|
|
|
a41c76 |
@@ -2341,6 +2341,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
|
|
|
a41c76 |
char *authalias = NULL;
|
|
|
a41c76 |
char *encalias = NULL;
|
|
|
a41c76 |
int ret = -1;
|
|
|
a41c76 |
+ g_autofree char *httpcookiealias = NULL;
|
|
|
a41c76 |
|
|
|
a41c76 |
src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
|
|
|
a41c76 |
src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
|
|
|
a41c76 |
@@ -2354,8 +2355,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
|
|
|
a41c76 |
|
|
|
a41c76 |
authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
|
|
|
a41c76 |
encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
|
|
|
a41c76 |
+ httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt);
|
|
|
a41c76 |
|
|
|
a41c76 |
- if (authalias || encalias) {
|
|
|
a41c76 |
+ if (authalias || encalias || httpcookiealias) {
|
|
|
a41c76 |
if (!src->privateData &&
|
|
|
a41c76 |
!(src->privateData = qemuDomainStorageSourcePrivateNew()))
|
|
|
a41c76 |
goto cleanup;
|
|
|
a41c76 |
@@ -2367,6 +2369,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
|
|
|
a41c76 |
|
|
|
a41c76 |
if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
|
|
|
a41c76 |
goto cleanup;
|
|
|
a41c76 |
+
|
|
|
a41c76 |
+ if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0)
|
|
|
a41c76 |
+ goto cleanup;
|
|
|
a41c76 |
}
|
|
|
a41c76 |
|
|
|
a41c76 |
if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
|
|
|
a41c76 |
@@ -2423,6 +2428,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
|
|
|
a41c76 |
if (srcPriv) {
|
|
|
a41c76 |
qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
|
|
|
a41c76 |
qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
|
|
|
a41c76 |
+ qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie");
|
|
|
a41c76 |
}
|
|
|
a41c76 |
|
|
|
a41c76 |
if (src->tlsAlias)
|
|
|
a41c76 |
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
|
|
|
a41c76 |
index bd9ac85ae2..5733954679 100644
|
|
|
a41c76 |
--- a/src/qemu/qemu_domain.h
|
|
|
a41c76 |
+++ b/src/qemu/qemu_domain.h
|
|
|
a41c76 |
@@ -460,6 +460,9 @@ struct _qemuDomainStorageSourcePrivate {
|
|
|
a41c76 |
|
|
|
a41c76 |
/* data required for decryption of encrypted storage source */
|
|
|
a41c76 |
qemuDomainSecretInfoPtr encinfo;
|
|
|
a41c76 |
+
|
|
|
a41c76 |
+ /* secure passthrough of the http cookie */
|
|
|
a41c76 |
+ qemuDomainSecretInfoPtr httpcookie;
|
|
|
a41c76 |
};
|
|
|
a41c76 |
|
|
|
a41c76 |
virObjectPtr qemuDomainStorageSourcePrivateNew(void);
|
|
|
a41c76 |
diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
|
|
|
a41c76 |
index c8d21ceada..cb56cdcef9 100644
|
|
|
a41c76 |
--- a/tests/qemustatusxml2xmldata/modern-in.xml
|
|
|
a41c76 |
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
|
|
|
a41c76 |
@@ -332,6 +332,7 @@
|
|
|
a41c76 |
<objects>
|
|
|
a41c76 |
<secret type='auth' alias='test-auth-alias'/>
|
|
|
a41c76 |
<secret type='encryption' alias='test-encryption-alias'/>
|
|
|
a41c76 |
+ <secret type='httpcookie' alias='http-cookie-alias'/>
|
|
|
a41c76 |
<TLSx509 alias='transport-alias'/>
|
|
|
a41c76 |
</objects>
|
|
|
a41c76 |
</privateData>
|
|
|
a41c76 |
--
|
|
|
a41c76 |
2.25.1
|
|
|
a41c76 |
|