zfs crypto discuss - May 2008 - [Bug 2108] New: delegation_003 reports key was not loaded, but it was..

http://defect.opensolaris.org/bz/show_bug.cgi?id=2108

           Summary: delegation_003 reports key was not loaded, but it was..
    Classification: Development
           Product: zfs-crypto
           Version: unspecified
          Platform: Other
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P3
         Component: other
        AssignedTo: ajscarp at yahoo.com
        ReportedBy: ajscarp at yahoo.com
         QAContact: hua.tang at sun.com
                CC: zfs-crypto-discuss at opensolaris.org
   Estimated Hours: 0.0


There may be more failures contained in this bug, the results file is a bit
hard to read because the stderr is not lining up property with the commands.. 
What I know for sure is that loading a dataset key returns a failure, but the
key is loaded successfully.  In the below case the user has mount & keyuse
privileges, so it should success.. the kernel does the right thing by mounting
the key,  The problem appears to be ioctl apparently returns failure return
code..

$ zfs key -l tank/enc
Enter passphrase for ''tank/enc'': 
cannot mount ''tank/enc'': Insufficient privileges
Key error in ''tank/enc'': crypto key failure
$ echo $?
1
$ zfs key -l tank/enc
Key error in ''tank/enc'': Key already loaded.

Keystatus shows the key as available...


----
stdout| 140160| /usr/sbin/zpool create -f pool_140160 /export/home/vdev_file_1
stdout| 140160| /usr/sbin/zfs create -o encryption=on -o keyscope=dataset      
    -o
keysource=hex,file:///net/borg/cube/builds/izick/zfscrypto-test/proto/suites/security/zfs-crypto/etc/hex_key_file
pool_140160/fs
stdout| 140160| cp
/net/borg/cube/builds/izick/zfscrypto-test/proto/suites/security/zfs-crypto/etc/file1.txt
/pool_140160/fs
stdout| file1.txt
Msg| 140160 | [ - Result ]
Msg| 140160 | RESULT:  PASS
Msg| 140160 |  
Msg| 140160 | [ - Progress ]
Msg| 140160 | Testing with keyuse,mount delegated, a non-root user can do
''zfs
key -l''
Msg| 140160 |  
stdout| 140160| Expected return value: 0
stdout| 140160| Actual return value: 1
stderr| cannot mount ''pool_140160/fs'': Insufficient privileges
stderr| Key error in ''pool_140160/fs'': crypto key failure
Msg| 140160 | [ - Result ]
Msg| 140160 | RESULT:  FAIL

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=2108


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darrenm at opensolaris.org




--- Comment #1 from Darren J Moffat <darrenm at opensolaris.org> 
2008-06-02 02:27:06 ---
The user needs to own the mountpoint as well.

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://defect.opensolaris.org/bz/show_bug.cgi?id=2108


Darren J Moffat <darrenm at opensolaris.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |CLOSED
         Resolution|                            |DUPLICATE




--- Comment #2 from Darren J Moffat <darrenm at opensolaris.org> 
2008-06-02 07:51:46 ---
Test suite bug see Bugster 6709577

*** This bug has been marked as a duplicate of bug 2114 ***

-- 
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.