luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

use provided namespace for wrapping lookup cubbyhole request (#15583) 

* use provided namespace for wrapping lookup cubbyhole request

* add changelog entry
This commit is contained in:
Chris Capurso 2022-05-26 15:17:29 -04:00 committed by GitHub
parent fddbd2fe66
commit cdb73ab265
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/15583.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core (enterprise): Fix bug where wrapping token lookup does not work within namespaces.
```

12
vault/logical_system.go
View File

@ -3404,13 +3404,23 @@ func (b *SystemBackend) handleWrappingLookup(ctx context.Context, req *logical.R
return nil, errors.New("token is not a valid unwrap token")
}
lookupNS, err := NamespaceByID(ctx, te.NamespaceID, b.Core)
if err != nil {
return nil, err
}
if lookupNS == nil {
return nil, errors.New("token is not from a valid namespace")
}
lookupCtx := namespace.ContextWithNamespace(ctx, lookupNS)
cubbyReq := &logical.Request{
Operation: logical.ReadOperation,
Path: "cubbyhole/wrapinfo",
ClientToken: token,
}
cubbyReq.SetTokenEntry(te)
cubbyResp, err := b.Core.router.Route(ctx, cubbyReq)
cubbyResp, err := b.Core.router.Route(lookupCtx, cubbyReq)
if err != nil {
return nil, fmt.Errorf("error looking up wrapping information: %w", err)
}