Bug 500352

Summary: mount helper asks different set questions when the mount options are OK and when are not
Product: Red Hat Enterprise Linux 5 Reporter: Michal Nowak <mnowak>
Component: ecryptfs-utilsAssignee: Michal Hlavinka <mhlavink>
Status: CLOSED ERRATA QA Contact: BaseOS QE <qe-baseos-auto>
Severity: low Docs Contact:
Priority: low    
Version: 5.4CC: ohudlick, rvokal
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 09:57:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
allow only correct values to ecryptfs_key_bytes none

Description Michal Nowak 2009-05-12 12:12:53 UTC 
Description of problem:

[root@hp-ml370g4-01 tmp]# mount.ecryptfs secret/ secret/ -o key=passphrase:passphrase_passwd=newman:ecryptfs_cipher=aes:ecryptfs_key_bytes=32
Enable plaintext passthrough (y/n) [n]: y

^^^ Asks for "plaintext passthrough", which is OK.

Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_passthrough
  ecryptfs_key_bytes=32
  ecryptfs_cipher=aes
  ecryptfs_sig=26d2955806590f9d
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key 
before. This could mean that you have typed your 
passphrase wrong.

Would you like to proceed with the mount (yes/no)? yes
Would you like to append sig [26d2955806590f9d] to
[/root/.ecryptfs/sig-cache.txt] 
in order to avoid this warning in the future (yes/no)? no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs

[root@hp-ml370g4-01 tmp]# mount | grep secret
/tmp/secret on /tmp/secret type ecryptfs (rw,ecryptfs_sig=26d2955806590f9d,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough,ecryptfs_unlink_sigs)

[root@hp-ml370g4-01 tmp]# umount secret/

[root@hp-ml370g4-01 tmp]# umount secret/
umount: secret/: not mounted

[root@hp-ml370g4-01 tmp]# mount.ecryptfs secret/ secret/ -o key=passphrase:passphrase_passwd=newman:ecryptfs_cipher=aes:ecryptfs_key_bytes=31

^^^ No, question about "plaintext passthrough", coz helper knows of the stupid "ecryptfs_key_bytes" value "31"?

Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_cipher=aes
  ecryptfs_sig=26d2955806590f9d
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key 
before. This could mean that you have typed your 
passphrase wrong.

Would you like to proceed with the mount (yes/no)? yes
Would you like to append sig [26d2955806590f9d] to
[/root/.ecryptfs/sig-cache.txt] 
in order to avoid this warning in the future (yes/no)? no
Not adding sig to user sig cache file; continuing with mount.
Required mount option not provided: [ecryptfs_key_bytes=]
Invalid mount options; aborting. rc = [-22]
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>

Version-Release number of selected component (if applicable):

ecryptfs-utils-75-1.el5

How reproducible:

always

Actual results:

...

Expected results:

A) It should ask all the nice question all the time. When the parameters/values make sence and when they don't.

or (preferably):

B) Parse the "-o" part and when is incorrect, exit, no "wise" questions like:

"Would you like to append sig ..." and co are necessary.

Additional info:

Also, again, error msg like this are hardly of much use:

"""
Required mount option not provided: [ecryptfs_key_bytes=]
Invalid mount options; aborting. rc = [-22]
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>
"""

And, btw., is incorrect - I provided the "ecryptfs_key_bytes", but with crap. Also in the log is nothing, just:

"""
May 12 07:41:03 hp-ml370g4-01 kernel: ecryptfs_parse_options: eCryptfs: unrecognized option 'ecryptfs_unlink_sigs'
"""
Comment 1 Michal Hlavinka 2009-05-12 15:53:40 UTC 
I've prepared patch, where checking wrong ecryptfs_key_bytes is fixed. Now you can use only listed values. So it behaves like expected result B).

> Error mounting eCryptfs: [-22] Invalid argument
...
> And, btw., is incorrect - I provided the "ecryptfs_key_bytes", but with crap.

no, it's not completely incorrect. You've provided ecryptfs_key_bytes and err. message is not "missing value", you've provided wrong value and err. message is "Invalid argument". For wrong values mount.ecryptfs always returns EINVAL error code.

I agree, situation with error messages is unpleasant, but I've discussed this with upstream several times and they think the situation is not so bad. Most mount helpers replies with just "mount failed". For most cases you can find additional error messages in /var/log/messages. Returned (and interpreted) are only error codes, so you can't expect much more...
Comment 2 Michal Hlavinka 2009-05-12 15:54:51 UTC 
Created attachment 343609 [details]
allow only correct values to ecryptfs_key_bytes
Comment 8 errata-xmlrpc 2009-09-02 09:57:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1307.html