From 44b8a63a2e0bcd5740db4c9f49d635ab1d5b9b25 Mon Sep 17 00:00:00 2001 Message-Id: <44b8a63a2e0bcd5740db4c9f49d635ab1d5b9b25@dist-git> From: John Ferlan Date: Thu, 13 Dec 2018 10:26:46 -0500 Subject: [PATCH] secret: Add check/validation for correct usage when LookupByUUID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://bugzilla.redhat.com/show_bug.cgi?id=1656255 If virSecretGetSecretString is using by secretLookupByUUID, then it's possible the found sec->usageType doesn't match the desired @secretUsageType. If this occurs for the encrypted volume creation processing and a subsequent pool refresh is executed, then the secret used to create the volume will not be found by the storageBackendLoadDefaultSecrets which expects to find secrets by VIR_SECRET_USAGE_TYPE_VOLUME. Add a check to virSecretGetSecretString to avoid the possibility along with an error indicating the incorrect matched types. Signed-off-by: John Ferlan ACKed-by: Michal Privoznik (cherry picked from commit e0eb8a8a696ee334fa33281b880e480e76348052) Reviewed-by: Ján Tomko --- src/secret/secret_util.c | 17 +++++++++++++++++ tests/qemuxml2argvtest.c | 4 +++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c index 16e43ab2cc..27e164a425 100644 --- a/src/secret/secret_util.c +++ b/src/secret/secret_util.c @@ -71,6 +71,23 @@ virSecretGetSecretString(virConnectPtr conn, if (!sec) goto cleanup; + /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking + * for UUID lookups. Normal secret XML processing would fail if + * the usage type was NONE and since we have no way to set the + * expected usage in that environment, let's just accept NONE */ + if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE && + sec->usageType != secretUsageType) { + char uuidstr[VIR_UUID_STRING_BUFLEN]; + + virUUIDFormat(seclookupdef->u.uuid, uuidstr); + virReportError(VIR_ERR_INVALID_ARG, + _("secret with uuid %s is of type '%s' not " + "expected '%s' type"), + uuidstr, virSecretUsageTypeToString(sec->usageType), + virSecretUsageTypeToString(secretUsageType)); + goto cleanup; + } + *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0, VIR_SECRET_GET_VALUE_INTERNAL_CALL); diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 0908bc5d08..bd4aa1266d 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -80,7 +80,9 @@ static virSecretPtr fakeSecretLookupByUUID(virConnectPtr conn, const unsigned char *uuid) { - return virGetSecret(conn, uuid, 0, ""); + /* NB: This mocked value could be "tls" or "volume" depending on + * which test is being run, we'll leave at NONE (or 0) */ + return virGetSecret(conn, uuid, VIR_SECRET_USAGE_TYPE_NONE, ""); } static virSecretDriver fakeSecretDriver = { -- 2.20.1