External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 03:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

secret: Add check/validation for correct usage when LookupByUUID

Browse Source 
https://bugzilla.redhat.com/show_bug.cgi?id=1656255

If virSecretGetSecretString is using by secretLookupByUUID,
then it's possible the found sec->usageType doesn't match the
desired @secretUsageType. If this occurs for the encrypted
volume creation processing and a subsequent pool refresh is
executed, then the secret used to create the volume will not
be found by the storageBackendLoadDefaultSecrets which expects
to find secrets by VIR_SECRET_USAGE_TYPE_VOLUME.

Add a check to virSecretGetSecretString to avoid the possibility
along with an error indicating the incorrect matched types.

Signed-off-by: John Ferlan <jferlan@redhat.com>
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
John Ferlan 2018-12-04 15:15:22 -05:00
parent b7378a6d29
commit e0eb8a8a69
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/secret/secret_util.c
View File

@ -71,6 +71,23 @@ virSecretGetSecretString(virConnectPtr conn,
if (!sec) if (!sec)
goto cleanup; goto cleanup;
/* NB: NONE is a byproduct of the qemuxml2argvtest test mocking
* for UUID lookups. Normal secret XML processing would fail if
* the usage type was NONE and since we have no way to set the
* expected usage in that environment, let's just accept NONE */
if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE &&
sec->usageType != secretUsageType) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(seclookupdef->u.uuid, uuidstr);
virReportError(VIR_ERR_INVALID_ARG,
_("secret with uuid %s is of type '%s' not "
"expected '%s' type"),
uuidstr, virSecretUsageTypeToString(sec->usageType),
virSecretUsageTypeToString(secretUsageType));
goto cleanup;
}
*secret = conn->secretDriver->secretGetValue(sec, secret_size, 0, *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
VIR_SECRET_GET_VALUE_INTERNAL_CALL); VIR_SECRET_GET_VALUE_INTERNAL_CALL);

4
tests/qemuxml2argvtest.c
View File

@ -77,7 +77,9 @@ static virSecretPtr
fakeSecretLookupByUUID(virConnectPtr conn, fakeSecretLookupByUUID(virConnectPtr conn,
const unsigned char *uuid) const unsigned char *uuid)
{ {
return virGetSecret(conn, uuid, 0, ""); /* NB: This mocked value could be "tls" or "volume" depending on
* which test is being run, we'll leave at NONE (or 0) */
return virGetSecret(conn, uuid, VIR_SECRET_USAGE_TYPE_NONE, "");
} }
static virSecretDriver fakeSecretDriver = { static virSecretDriver fakeSecretDriver = {