secret: Add check/validation for correct usage when LookupByUUID

https://bugzilla.redhat.com/show_bug.cgi?id=1656255 If virSecretGetSecretString is using by secretLookupByUUID, then it's possible the found sec->usageType doesn't match the desired @secretUsageType. If this occurs for the encrypted volume creation processing and a subsequent pool refresh is executed, then the secret used to create the volume will not be found by the storageBackendLoadDefaultSecrets which expects to find secrets by VIR_SECRET_USAGE_TYPE_VOLUME. Add a check to virSecretGetSecretString to avoid the possibility along with an error indicating the incorrect matched types. Signed-off-by: John Ferlan <jferlan@redhat.com> ACKed-by: Michal Privoznik <mprivozn@redhat.com>
2025-01-03 03:25:20 +00:00 · 2018-12-04 15:15:22 -05:00 · 2018-12-04 15:15:22 -05:00 · e0eb8a8a69
commit e0eb8a8a69
parent b7378a6d29
2 changed files with 20 additions and 1 deletions
--- a/src/secret/secret_util.c
+++ b/src/secret/secret_util.c
@ -71,6 +71,23 @@ virSecretGetSecretString(virConnectPtr conn,
    if (!sec)
        goto cleanup;

+    /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking
+     * for UUID lookups. Normal secret XML processing would fail if
+     * the usage type was NONE and since we have no way to set the
+     * expected usage in that environment, let's just accept NONE */
+    if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE &&
+        sec->usageType != secretUsageType) {
+        char uuidstr[VIR_UUID_STRING_BUFLEN];
+
+        virUUIDFormat(seclookupdef->u.uuid, uuidstr);
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("secret with uuid %s is of type '%s' not "
+                         "expected '%s' type"),
+                       uuidstr, virSecretUsageTypeToString(sec->usageType),
+                       virSecretUsageTypeToString(secretUsageType));
+        goto cleanup;
+    }
+
    *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
                                                 VIR_SECRET_GET_VALUE_INTERNAL_CALL);

--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@ -77,7 +77,9 @@ static virSecretPtr
 fakeSecretLookupByUUID(virConnectPtr conn,
                       const unsigned char *uuid)
 {
-    return virGetSecret(conn, uuid, 0, "");
+    /* NB: This mocked value could be "tls" or "volume" depending on
+     * which test is being run, we'll leave at NONE (or 0) */
+    return virGetSecret(conn, uuid, VIR_SECRET_USAGE_TYPE_NONE, "");
 }

 static virSecretDriver fakeSecretDriver = {