Bug 441494

Summary: passwd_file does not work for key=passphrase
Product: Red Hat Enterprise Linux 5 Reporter: Jan Tluka <jtluka>
Component: ecryptfs-utilsAssignee: Karsten Hopp <karsten>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 5.2CC: mhalcrow, mnowak
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-20 21:59:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Tluka 2008-04-08 13:36:53 UTC 
Description of problem:
This bug is related to bug #432961.
Man pages for ecryptfs were updated and claim that 'passwd_file' key option is
used to specify file that contains passphrase.
When I want to use 'passwd_file' with 'key=passphrase' I get error when parsing
options. When I use 'passfile' instead of 'passwd_file' it works fine.
We need to have either one common option for the password file or man pages
should note that different option is used for different key types. I'd prefer
first approach.

Version-Release number of selected component (if applicable):
ecryptfs-utils-41

How reproducible:
100%

Steps to Reproduce:
as root:
1. Look at the documentation
 man ecryptfs # and look for passwd_file in 'KEY OPTIONS'
2. prepare password file
 cd ~
 echo "secret_password" > .my_password
 mkdir .secret
3. mount directory
mount -t ecryptfs .secret .secret -o
key=passphrase:passwd_file=/root/.my_password,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,verbosity=0
  
Actual results:
from mount:
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your
system logs

from system log:
ecryptfs_parse_options: You must supply at least one valid auth tok signature as
a mount parameter; see the eCryptfs README
Error parsing options; rc = [-22]

Expected results:
Filesystem is mounted without errors.

Additional info:
The same should be done for passwd_fd key option.
Comment 1 Jan Tluka 2008-04-08 14:30:19 UTC 
There is also difference between content of password files.

In case of passfile the content has to be:
#cat .my_password
secret_password
#

In case of passwd_file the content has to be:
# cat .my_password
passwd=secret_password
#
Comment 2 Jan Tluka 2008-04-08 15:46:18 UTC 
Please ignore my comment #1.
The password file in both cases has to be:
# cat .my_password
passwd=secret_password
#
Comment 3 Phil Knirsch 2008-04-28 12:47:46 UTC 
Looks like a simple fix.

Proposing for RHEL-5.3 and granting Devel ACK.

Read ya, Phil
Comment 4 Phil Knirsch 2008-05-14 14:00:06 UTC 
Proposing bug for RHEL-5.3 FasTrack.

Read ya, Phil
Comment 7 Karsten Hopp 2008-06-05 08:41:23 UTC 
Upstream answer:
passfile and passwd_file are two separate and distinct parameters that
apply to two different key modules (passphrase and openssl,
respectively).

There is an obvious namespace problem with the key modules that I
would like to fix for RHEL 5.3. My original approach was to qualify
module parameters by evaluating them in module parameter list
context. Given that parameters can be given in any order in a
configuration file, that does not work out very well. It would
probably make more sense to explicitly indicate which key modules
which parameters apply to by prefixing the parameter with the key
module alias (i.e., "openssl_passwd_file" and
"passphrase_passwd_file").

Any objections to making this change for RHEL 5.3?
Comment 8 Kevin Krafthefer 2008-06-06 17:34:31 UTC 
approved comp, clearing fast flag
Comment 9 Karsten Hopp 2008-08-14 12:21:43 UTC 
Version 56 has upstream fixes for the namespace problems.

The testcase in the description now needs to be written as:
mount -t ecryptfs .secret .secret -o key=passphrase:passphrase_passwd_file=/root/.my_password,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,verbosity=0
Comment 16 errata-xmlrpc 2009-01-20 21:59:57 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0203.html