|
 |
9c6c51 |
From 44b8a63a2e0bcd5740db4c9f49d635ab1d5b9b25 Mon Sep 17 00:00:00 2001
|
|
|
9c6c51 |
Message-Id: <44b8a63a2e0bcd5740db4c9f49d635ab1d5b9b25@dist-git>
|
|
|
9c6c51 |
From: John Ferlan <jferlan@redhat.com>
|
|
|
9c6c51 |
Date: Thu, 13 Dec 2018 10:26:46 -0500
|
|
|
9c6c51 |
Subject: [PATCH] secret: Add check/validation for correct usage when
|
|
|
9c6c51 |
LookupByUUID
|
|
|
9c6c51 |
MIME-Version: 1.0
|
|
|
9c6c51 |
Content-Type: text/plain; charset=UTF-8
|
|
|
9c6c51 |
Content-Transfer-Encoding: 8bit
|
|
|
9c6c51 |
|
|
|
9c6c51 |
https://bugzilla.redhat.com/show_bug.cgi?id=1656255
|
|
|
9c6c51 |
|
|
|
9c6c51 |
If virSecretGetSecretString is using by secretLookupByUUID,
|
|
|
9c6c51 |
then it's possible the found sec->usageType doesn't match the
|
|
|
9c6c51 |
desired @secretUsageType. If this occurs for the encrypted
|
|
|
9c6c51 |
volume creation processing and a subsequent pool refresh is
|
|
|
9c6c51 |
executed, then the secret used to create the volume will not
|
|
|
9c6c51 |
be found by the storageBackendLoadDefaultSecrets which expects
|
|
|
9c6c51 |
to find secrets by VIR_SECRET_USAGE_TYPE_VOLUME.
|
|
|
9c6c51 |
|
|
|
9c6c51 |
Add a check to virSecretGetSecretString to avoid the possibility
|
|
|
9c6c51 |
along with an error indicating the incorrect matched types.
|
|
|
9c6c51 |
|
|
|
9c6c51 |
Signed-off-by: John Ferlan <jferlan@redhat.com>
|
|
|
9c6c51 |
ACKed-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
9c6c51 |
(cherry picked from commit e0eb8a8a696ee334fa33281b880e480e76348052)
|
|
|
9c6c51 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
9c6c51 |
---
|
|
|
9c6c51 |
src/secret/secret_util.c | 17 +++++++++++++++++
|
|
|
9c6c51 |
tests/qemuxml2argvtest.c | 4 +++-
|
|
|
9c6c51 |
2 files changed, 20 insertions(+), 1 deletion(-)
|
|
|
9c6c51 |
|
|
|
9c6c51 |
diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c
|
|
|
9c6c51 |
index 16e43ab2cc..27e164a425 100644
|
|
|
9c6c51 |
--- a/src/secret/secret_util.c
|
|
|
9c6c51 |
+++ b/src/secret/secret_util.c
|
|
|
9c6c51 |
@@ -71,6 +71,23 @@ virSecretGetSecretString(virConnectPtr conn,
|
|
|
9c6c51 |
if (!sec)
|
|
|
9c6c51 |
goto cleanup;
|
|
|
9c6c51 |
|
|
|
9c6c51 |
+ /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking
|
|
|
9c6c51 |
+ * for UUID lookups. Normal secret XML processing would fail if
|
|
|
9c6c51 |
+ * the usage type was NONE and since we have no way to set the
|
|
|
9c6c51 |
+ * expected usage in that environment, let's just accept NONE */
|
|
|
9c6c51 |
+ if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE &&
|
|
|
9c6c51 |
+ sec->usageType != secretUsageType) {
|
|
|
9c6c51 |
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
|
|
|
9c6c51 |
+
|
|
|
9c6c51 |
+ virUUIDFormat(seclookupdef->u.uuid, uuidstr);
|
|
|
9c6c51 |
+ virReportError(VIR_ERR_INVALID_ARG,
|
|
|
9c6c51 |
+ _("secret with uuid %s is of type '%s' not "
|
|
|
9c6c51 |
+ "expected '%s' type"),
|
|
|
9c6c51 |
+ uuidstr, virSecretUsageTypeToString(sec->usageType),
|
|
|
9c6c51 |
+ virSecretUsageTypeToString(secretUsageType));
|
|
|
9c6c51 |
+ goto cleanup;
|
|
|
9c6c51 |
+ }
|
|
|
9c6c51 |
+
|
|
|
9c6c51 |
*secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
|
|
|
9c6c51 |
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
|
|
|
9c6c51 |
|
|
|
9c6c51 |
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
|
|
|
9c6c51 |
index 0908bc5d08..bd4aa1266d 100644
|
|
|
9c6c51 |
--- a/tests/qemuxml2argvtest.c
|
|
|
9c6c51 |
+++ b/tests/qemuxml2argvtest.c
|
|
|
9c6c51 |
@@ -80,7 +80,9 @@ static virSecretPtr
|
|
|
9c6c51 |
fakeSecretLookupByUUID(virConnectPtr conn,
|
|
|
9c6c51 |
const unsigned char *uuid)
|
|
|
9c6c51 |
{
|
|
|
9c6c51 |
- return virGetSecret(conn, uuid, 0, "");
|
|
|
9c6c51 |
+ /* NB: This mocked value could be "tls" or "volume" depending on
|
|
|
9c6c51 |
+ * which test is being run, we'll leave at NONE (or 0) */
|
|
|
9c6c51 |
+ return virGetSecret(conn, uuid, VIR_SECRET_USAGE_TYPE_NONE, "");
|
|
|
9c6c51 |
}
|
|
|
9c6c51 |
|
|
|
9c6c51 |
static virSecretDriver fakeSecretDriver = {
|
|
|
9c6c51 |
--
|
|
|
9c6c51 |
2.20.1
|
|
|
9c6c51 |
|