From 9d482a415b796d5f380d3622d91b68af35123042 Mon Sep 17 00:00:00 2001
From: Kristina Hanicova <khanicov@redhat.com>
Date: Fri, 20 Aug 2021 14:30:38 +0200
Subject: [PATCH] secret_conf: add validation against schema in define
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We need to validate the XML against schema if option '--validate'
was passed to the virsh command. This patch also includes
propagation of flags into the virSecretDefParse() function.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
 src/conf/secret_conf.c     | 13 ++++++++-----
 src/conf/secret_conf.h     |  2 +-
 src/secret/secret_driver.c |  2 +-
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c
index ef6a4b606e..1dee90eba1 100644
--- a/src/conf/secret_conf.c
+++ b/src/conf/secret_conf.c
@@ -191,12 +191,14 @@ secretXMLParseNode(xmlDocPtr xml, xmlNodePtr root)
 
 static virSecretDef *
 virSecretDefParse(const char *xmlStr,
-                  const char *filename)
+                  const char *filename,
+                  unsigned int flags)
 {
     g_autoptr(xmlDoc) xml = NULL;
     virSecretDef *ret = NULL;
 
-    if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"), NULL, false))) {
+    if ((xml = virXMLParse(filename, xmlStr, _("(definition_of_secret)"), "secret.rng",
+                           flags & VIR_SECRET_DEFINE_VALIDATE))) {
         ret = secretXMLParseNode(xml, xmlDocGetRootElement(xml));
     }
 
@@ -204,15 +206,16 @@ virSecretDefParse(const char *xmlStr,
 }
 
 virSecretDef *
-virSecretDefParseString(const char *xmlStr)
+virSecretDefParseString(const char *xmlStr,
+                        unsigned int flags)
 {
-    return virSecretDefParse(xmlStr, NULL);
+    return virSecretDefParse(xmlStr, NULL, flags);
 }
 
 virSecretDef *
 virSecretDefParseFile(const char *filename)
 {
-    return virSecretDefParse(NULL, filename);
+    return virSecretDefParse(NULL, filename, 0);
 }
 
 static int
diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h
index 373c96b729..36d50407fd 100644
--- a/src/conf/secret_conf.h
+++ b/src/conf/secret_conf.h
@@ -35,7 +35,7 @@ struct _virSecretDef {
 void virSecretDefFree(virSecretDef *def);
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecretDef, virSecretDefFree);
 
-virSecretDef *virSecretDefParseString(const char *xml);
+virSecretDef *virSecretDefParseString(const char *xml, unsigned int flags);
 virSecretDef *virSecretDefParseFile(const char *filename);
 char *virSecretDefFormat(const virSecretDef *def);
 
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index d2175de8ed..6b3f0711aa 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -222,7 +222,7 @@ secretDefineXML(virConnectPtr conn,
 
     virCheckFlags(0, NULL);
 
-    if (!(def = virSecretDefParseString(xml)))
+    if (!(def = virSecretDefParseString(xml, 0)))
         return NULL;
 
     if (virSecretDefineXMLEnsureACL(conn, def) < 0)