eCryptfs

Problem decrypting an nfs mount

Asked by Rutger Hendriks

I have two machines, both with an encrypted homedir and running Ubuntu 10.04.
I would like to have all my important files on the desktop machine and still be able to use or edit them on my laptop machine. Also I would like to keep both my homedirs encrypted.

So, I have mounted my .Private folder (with filename encryption) of the desktop machine over nfs on the laptop in a separate directory. When I decrypt this on the laptop and run 'ls', the correct filenames appear, but my dmesg shows the error:
ecryptfs_read_and_validate_header_region: Error reading header region; rc = [-5]

Any subsequent runs of 'ls' show no files! Running 'mount' or 'df' instead of 'ls' does not give this error and they can be run multiple times.
I can now unmount the decrypted mountpoint and mount it again, and the same behaviour occurs.

Can anyone help me solve this problem?

Background:
I have copied the .ecryptfs folder of the desktop machine to the laptop and changed the Private.mnt to point to the correct mountpoint.
To facilitate mounting I copied mount.ecryptfs_private.c to mount.ecryptfs_cwd.c and changed it so it does not look in the homedir for the .ecryptfs and .Private folders, but it looks in the current working directory, see this patch:
diff mount.ecryptfs_private.c mount.ecryptfs_cwd.c
52a53
> #define MAX_PATH_SIZE 0xa000
343c344
< char *dev, *mnt, *opt;
---
> char *cw_dir, *buf, *dev, *mnt, *opt;
346a348,357
> /* Get the current working directory.
> * The directories .ecryptfs and .Private are searched in the current
> * working directory instead of in pwd->pw_dir as is done in the
> * program mount.ecryptfs_private.c
> */
> if ((cw_dir = get_current_dir_name()) == NULL) {
> perror("get_current_dir_name");
> goto fail;
> }
>
390c401
< sig = fetch_sig(pwd->pw_dir, 0);
---
> sig = fetch_sig(cw_dir, 0);
395c406
< sig_fnek = fetch_sig(pwd->pw_dir, 1);
---
> sig_fnek = fetch_sig(cw_dir, 1);
404c415
< (asprintf(&dev, "%s/.%s", pwd->pw_dir, ECRYPTFS_PRIVATE_DIR) < 0) ||
---
> (asprintf(&dev, "%s/.%s", cw_dir, ECRYPTFS_PRIVATE_DIR) < 0) ||
409c420
< mnt = ecryptfs_fetch_private_mnt(pwd->pw_dir);
---
> mnt = ecryptfs_fetch_private_mnt(cw_dir);

Question information

Language:
English Edit question
Status:
Solved
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
Last query:
Last reply:
Revision history for this message
Best Dustin Kirkland  (kirkland) said : 		#1

Sorry, eCryptfs does not yet work over NFS. See Bug #277578.

Revision history for this message
Rutger Hendriks (rutgerhendriks) said : 		#2

OK, I'll wait for that.

Revision history for this message
Rutger Hendriks (rutgerhendriks) said : 		#3

Thanks Dustin Kirkland, that solved my question.