From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 9 Mar 2020 07:19:02 +0000 (+0100)
Subject: qemu: domain: Store data for 'secret' object representing http cookies
X-Git-Tag: v6.2.0-rc1~187
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e8faa5cdc54ce637f760ad4513753e17d2b9a4f;p=thirdparty%2Flibvirt.git

qemu: domain: Store data for 'secret' object representing http cookies

The http cookies can have potentially sensitive values and thus should
not be leaked into the command line. This means that we'll need to
instantiate a 'secret' object in qemu to pass the value encrypted.

This patch adds infrastructure for storing of the alias in the status
XML.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index c4270755be..1be9b2c8ac 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2352,6 +2352,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
     qemuDomainStorageSourcePrivatePtr priv;
     g_autofree char *authalias = NULL;
     g_autofree char *encalias = NULL;
+    g_autofree char *httpcookiealias = NULL;
 
     src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
     src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
@@ -2365,8 +2366,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
 
     authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
     encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt);
+    httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt);
 
-    if (authalias || encalias) {
+    if (authalias || encalias || httpcookiealias) {
         if (!src->privateData &&
             !(src->privateData = qemuDomainStorageSourcePrivateNew()))
             return -1;
@@ -2378,6 +2380,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
 
         if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
             return -1;
+
+        if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0)
+            return -1;
     }
 
     if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
@@ -2428,6 +2433,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
     if (srcPriv) {
         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth");
         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
+        qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie");
     }
 
     if (src->tlsAlias)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index ad7ed3b9f0..031a5f2ad4 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -463,6 +463,9 @@ struct _qemuDomainStorageSourcePrivate {
 
     /* data required for decryption of encrypted storage source */
     qemuDomainSecretInfoPtr encinfo;
+
+    /* secure passthrough of the http cookie */
+    qemuDomainSecretInfoPtr httpcookie;
 };
 
 virObjectPtr qemuDomainStorageSourcePrivateNew(void);
diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
index c8d21ceada..cb56cdcef9 100644
--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -332,6 +332,7 @@
               <objects>
                 <secret type='auth' alias='test-auth-alias'/>
                 <secret type='encryption' alias='test-encryption-alias'/>
+                <secret type='httpcookie' alias='http-cookie-alias'/>
                 <TLSx509 alias='transport-alias'/>
               </objects>
             </privateData>