From: Eric Sandeen <sandeen@redhat.com> Date: Thu, 3 Jul 2008 15:24:58 -0500 Subject: [fs] ecryptfs: propagate key errors up at mount time Message-id: 486D359A.3040900@redhat.com O-Subject: [PATCH RHEL5.3] ecryptfs: propagate key errors up at mount time Bugzilla: 440413 RH-Acked-by: Jeff Moyer <jmoyer@redhat.com> RH-Acked-by: Jarod Wilson <jwilson@redhat.com> This is for: Bugzilla Bug 440413: ecryptfs module incorrectly checks error codes in process_request_key_err which noted that the errors were wrong; the attached patch also fails the mount if key signatures are requested which are not available. Patch is acked by the ecryptfs maintainer & currently in -mm. Thanks, -Eric ------- Subject: ecryptfs: propagate key errors up at mount time From: Eric Sandeen <sandeen@redhat.com> Mounting with invalid key signatures should probably fail, if they were specifically requested but not available. Also fix case checks in process_request_key_err() for the right sign of the errnos, as spotted by Jan Tluka. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Jan Tluka <jtluka@redhat.com> Acked-by: Michael Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> fs/ecryptfs/keystore.c | 9 ++++----- fs/ecryptfs/main.c | 4 ++-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 5911e19..47986d6 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c @@ -44,15 +44,15 @@ static int process_request_key_err(long err_code) int rc = 0; switch (err_code) { - case ENOKEY: + case -ENOKEY: ecryptfs_printk(KERN_WARNING, "No key\n"); rc = -ENOENT; break; - case EKEYEXPIRED: + case -EKEYEXPIRED: ecryptfs_printk(KERN_WARNING, "Key expired\n"); rc = -ETIME; break; - case EKEYREVOKED: + case -EKEYREVOKED: ecryptfs_printk(KERN_WARNING, "Key revoked\n"); rc = -EINVAL; break; @@ -963,8 +963,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { printk(KERN_ERR "Could not find key with description: [%s]\n", sig); - process_request_key_err(PTR_ERR(*auth_tok_key)); - rc = -EINVAL; + rc = process_request_key_err(PTR_ERR(*auth_tok_key)); goto out; } (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 8eef175..1aa122b 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -262,10 +262,11 @@ static int ecryptfs_init_global_auth_toks( "session keyring for sig specified in mount " "option: [%s]\n", global_auth_tok->sig); global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; - rc = 0; + goto out; } else global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; } +out: return rc; } @@ -430,7 +431,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) printk(KERN_WARNING "One or more global auth toks could not " "properly register; rc = [%d]\n", rc); } - rc = 0; out: return rc; }