[PATCH 19/30] qemu: domain: Store data for 'secret' object representing http cookies
The http cookies can have potentially sensitive values and thus should
not be leaked into the command line. This means that we'll need to
instantiate a 'secret' object in qemu to pass the value encrypted.
This patch adds infrastructure for storing of the alias in the status
XML.t
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_domain.c | 8 +++++++-
src/qemu/qemu_domain.h | 3 +++
tests/qemustatusxml2xmldata/modern-in.xml | 1 +
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e7aaded4d5..b36ff434f3 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2314,6 +2314,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
qemuDomainStorageSourcePrivatePtr priv;
g_autofree char *authalias = NULL;
g_autofree char *encalias = NULL;
+ g_autofree char *httpcookiealias = NULL;
src->nodestorage =
virXPathString("string(./nodenames/nodename[@type='storage']/@name)",
ctxt);
src->nodeformat =
virXPathString("string(./nodenames/nodename[@type='format']/@name)",
ctxt);
@@ -2327,8 +2328,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
authalias =
virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt);
encalias =
virXPathString("string(./objects/secret[@type='encryption']/@alias)",
ctxt);
+ httpcookiealias =
virXPathString("string(./objects/secret[@type='httpcookie']/@alias)",
ctxt);
- if (authalias || encalias) {
+ if (authalias || encalias || httpcookiealias) {
if (!src->privateData &&
!(src->privateData = qemuDomainStorageSourcePrivateNew()))
return -1;
@@ -2340,6 +2342,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo,
&encalias) < 0)
return -1;
+
+ if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie,
&httpcookiealias) < 0)
+ return -1;
}
if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0)
@@ -2390,6 +2395,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
if (srcPriv) {
qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo,
"auth");
qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo,
"encryption");
+ qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie,
"httpcookie");
}
if (src->tlsAlias)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 202b85e39a..4e59f316fa 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -460,6 +460,9 @@ struct _qemuDomainStorageSourcePrivate {
/* data required for decryption of encrypted storage source */
qemuDomainSecretInfoPtr encinfo;
+
+ /* secure passthrough of the http cookie */
+ qemuDomainSecretInfoPtr httpcookie;
};
virObjectPtr qemuDomainStorageSourcePrivateNew(void);
diff --git a/tests/qemustatusxml2xmldata/modern-in.xml
b/tests/qemustatusxml2xmldata/modern-in.xml
index c8d21ceada..cb56cdcef9 100644
--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -332,6 +332,7 @@
<objects>
<secret type='auth' alias='test-auth-alias'/>
<secret type='encryption'
alias='test-encryption-alias'/>
+ <secret type='httpcookie'
alias='http-cookie-alias'/>
<TLSx509 alias='transport-alias'/>
</objects>
</privateData>
--
2.24.1