[Bug 2108] New: delegation_003 reports key was not loaded, but it was..

Sat, 31 May 2008 00:00:01 -0700 (PDT) 

http://defect.opensolaris.org/bz/show_bug.cgi?id=2108

           Summary: delegation_003 reports key was not loaded, but it was..
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P3
         Component: other
        AssignedTo: ajscarp at yahoo.com
        ReportedBy: ajscarp at yahoo.com
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


There may be more failures contained in this bug, the results file is a bit
hard to read because the stderr is not lining up property with the commands.. 
What I know for sure is that loading a dataset key returns a failure, but the
key is loaded successfully.  In the below case the user has mount & keyuse
privileges, so it should success.. the kernel does the right thing by mounting
the key,  The problem appears to be ioctl apparently returns failure return
code..

$ zfs key -l tank/enc
Enter passphrase for 'tank/enc': 
cannot mount 'tank/enc': Insufficient privileges
Key error in 'tank/enc': crypto key failure
$ echo $?
1
$ zfs key -l tank/enc
Key error in 'tank/enc': Key already loaded.

Keystatus shows the key as available...


----
stdout| 140160| /usr/sbin/zpool create -f pool_140160 /export/home/vdev_file_1
stdout| 140160| /usr/sbin/zfs create -o encryption=on -o keyscope=dataset      
    -o
keysource=hex,file:///net/borg/cube/builds/izick/zfscrypto-test/proto/suites/security/zfs-crypto/etc/hex_key_file
pool_140160/fs
stdout| 140160| cp
/net/borg/cube/builds/izick/zfscrypto-test/proto/suites/security/zfs-crypto/etc/file1.txt
/pool_140160/fs
stdout| file1.txt
Msg| 140160 | [ - Result ]
Msg| 140160 | RESULT:  PASS
Msg| 140160 |  
Msg| 140160 | [ - Progress ]
Msg| 140160 | Testing with keyuse,mount delegated, a non-root user can do 'zfs
key -l'
Msg| 140160 |  
stdout| 140160| Expected return value: 0
stdout| 140160| Actual return value: 1
stderr| cannot mount 'pool_140160/fs': Insufficient privileges
stderr| Key error in 'pool_140160/fs': crypto key failure
Msg| 140160 | [ - Result ]
Msg| 140160 | RESULT:  FAIL

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Reply via email to