[libvirt] [PATCH] secret: Add check/validation for correct usage when LookupByUUID

John Ferlan jferlan at redhat.com
Tue Dec 4 20:32:54 UTC 2018

If virSecretGetSecretString is using by secretLookupByUUID,
then it's possible the found sec->usageType doesn't match the
desired @secretUsageType. If this occurs for the encrypted
volume creation processing and a subsequent pool refresh is
executed, then the secret used to create the volume will not
be found by the storageBackendLoadDefaultSecrets which expects
to find secrets by VIR_SECRET_USAGE_TYPE_VOLUME.

Add a check to virSecretGetSecretString to avoid the possibility
along with an error indicating the incorrect matched types.

Signed-off-by: John Ferlan <jferlan at redhat.com>

 If someone has an idea regarding how the usage could be filled
 in "properly" for the qemuxml2argvtest, I'm willing to give it
 a shot. However, fair warning trying to "mock" for tls, volume,
 iscsi, and ceph could be rather painful. Thus the NONE was the
 well, easiest way to go since the stored secret (ahem) shouldn't
 be of usageType "none" (famous last words).

 src/secret/secret_util.c | 17 +++++++++++++++++
 tests/qemuxml2argvtest.c |  4 +++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/secret/secret_util.c b/src/secret/secret_util.c
index 16e43ab2cc..27e164a425 100644
--- a/src/secret/secret_util.c
+++ b/src/secret/secret_util.c
@@ -71,6 +71,23 @@ virSecretGetSecretString(virConnectPtr conn,
     if (!sec)
         goto cleanup;
+    /* NB: NONE is a byproduct of the qemuxml2argvtest test mocking
+     * for UUID lookups. Normal secret XML processing would fail if
+     * the usage type was NONE and since we have no way to set the
+     * expected usage in that environment, let's just accept NONE */
+    if (sec->usageType != VIR_SECRET_USAGE_TYPE_NONE &&
+        sec->usageType != secretUsageType) {
+        char uuidstr[VIR_UUID_STRING_BUFLEN];
+        virUUIDFormat(seclookupdef->u.uuid, uuidstr);
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("secret with uuid %s is of type '%s' not "
+                         "expected '%s' type"),
+                       uuidstr, virSecretUsageTypeToString(sec->usageType),
+                       virSecretUsageTypeToString(secretUsageType));
+        goto cleanup;
+    }
     *secret = conn->secretDriver->secretGetValue(sec, secret_size, 0,
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index e17709e7e1..700868ca0b 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -77,7 +77,9 @@ static virSecretPtr
 fakeSecretLookupByUUID(virConnectPtr conn,
                        const unsigned char *uuid)
-    return virGetSecret(conn, uuid, 0, "");
+    /* NB: This mocked value could be "tls" or "volume" depending on
+     * which test is being run, we'll leave at NONE (or 0) */
+    return virGetSecret(conn, uuid, VIR_SECRET_USAGE_TYPE_NONE, "");
 static virSecretDriver fakeSecretDriver = {

More information about the libvir-list mailing list