Bug 1447413

Summary: RFE: provide a secure way to pass cookies to curl block driver
Product: Red Hat Enterprise Linux 7 Reporter: Daniel Berrangé <berrange>
Component: qemu-kvm-rhevAssignee: Hanna Czenczek <hreitz>
Status: CLOSED ERRATA QA Contact: Longxiang Lyu <lolyu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: aliang, chayang, coli, hreitz, juzhang, knoel, michen, mrezanin, mtessun, ngu, pkrempa, qzhang, virt-maint, yhong
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.10.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-11 00:16:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1140164    

Description Daniel Berrangé 2017-05-02 16:37:26 UTC 
Description of problem:
The curl block driver support for HTTP/HTTPS allows cookies to be set via the "cookie" option

eg 

qemu-img info 'json: {
        "file.driver":"https",
        "file.url":"https://vcenter/folder/Windows%202003/Windows%202003-flat.vmdk?dcPath=Datacenter&dsName=datastore1",
        "file.sslverify":"off",
        "file.cookie":"vmware_soap_session=\"52a01262-bf93-ccce-d379-8dabb3e55560\""}'

this is bad because many cookies are security sensitive (as in this example), essentially equivalent to passwords, and this syntax exposes them on the command line for all to see. 

QEMU has a secrets object which can be used to pass security sensitive data to QEMU without exposing it to snooping. 

The curl driver needs to be extended so that the cookie values can be passed in via secret objects.

This is a pre-requisite for being able to pass cookies into QEMU from libvirt.

A second problem is that the 'cookie' parameter is badly modelled from a QAPI schema. It is using a "str" to encode a list of key, value pairs, where it should be using a qapi list of structs. This likely needs to be fixed at the same time


Version-Release number of selected component (if applicable):
2.9.0
Comment 2 Peter Krempa 2017-07-24 11:36:04 UTC 
commit 327c8ebd7035e4d3d94b08dd741906f1d8bb8a53
Author: Peter Krempa <pkrempa>
Date:   Thu May 4 16:00:06 2017 +0200

    block: curl: Allow passing cookies via QCryptoSecret
    
    Since cookies can contain sensitive data (session ID, etc ...) it is
    desired to hide them from the prying eyes of users. Add a possibility to
    pass them via the secret infrastructure.
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1447413
    
    Signed-off-by: Peter Krempa <pkrempa>
    Reviewed-by: Eric Blake <eblake>
    Reviewed-by: Jeff Cody <jcody>
    Message-id: f4a22cdebdd0bca6a13a43a2a6deead7f2ec4bb3.1493906281.git.pkrempa
    Signed-off-by: Jeff Cody <jcody>
Comment 4 Longxiang Lyu 2017-10-23 10:40:26 UTC 
Hi, Max, could you please give some hint about verification?
Comment 5 Hanna Czenczek 2017-10-25 15:57:48 UTC 
Hi loyu,

I set up a script on http://78.47.108.109:8080/cgi-bin/cookie-test.rb which displays the raw cookie data passed to it.

You can use it to test the new feature like this:

$ qemu-img convert -f raw -O raw \
  --object secret,id=cookies,data=cookie-data-to-test \
  "json:{'file.driver':'http',
         'file.cookie-secret':'cookies',
         'file.url':'http://78.47.108.109:8080/cgi-bin/cookie-test.rb'}" \
  /tmp/cookie-data

And then the file /tmp/cookie-data should contain the string "cookie-data-to-test" (probably padded with zero-bytes to a length of 512 bytes).


Max
Comment 6 Longxiang Lyu 2017-10-26 05:40:15 UTC 
Verified that qemu-kvm-rhev-2.10.0-3.el7 supports pass http cookies in the file.

Step to verify:
# qemu-img info "json:{'file.driver':'http','file.cookie-secret':'cookies','file.url':'http://10.66.11.1/image/rhel74-64-virtio.qcow2'}" --object secret,id=cookies,data=this-is-a-test
image: json:{"driver": "qcow2", "file": {"url": "http://10.66.11.1/image/rhel74-64-virtio.qcow2", "cookie-secret": "cookies", "driver": "http"}}
file format: qcow2
virtual size: 20G (21474836480 bytes)
disk size: unavailable
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false
Comment 8 errata-xmlrpc 2018-04-11 00:16:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1104