Skip to content
This repository has been archived by the owner on Jan 5, 2024. It is now read-only.

cannot export file if drive is already unlocked #12

Closed
sssoleileraaa opened this issue Sep 11, 2019 · 5 comments · Fixed by #39
Closed

cannot export file if drive is already unlocked #12

sssoleileraaa opened this issue Sep 11, 2019 · 5 comments · Fixed by #39
Assignees
@sssoleileraaa
Labels
needs/reproduction

Comments

@sssoleileraaa
Copy link
Contributor

Description

When the drive is already unlocked, the return code is USB_BAD_PASSPHRASE and the file is not copied to the usb drive.

Steps to Repro

  1. From the Qubes menu in the upper-lefthand corner, hover over sd-export-usb and select sd-export-usb: Files
  2. Select your thumb drive folder, enter in your luks passphrase with the default selection to keep the device unlocked
  3. run qvm-open-in-vm sd-export-usb archive.sd-export from sd-svs and see that you get back USB_BAD_PASSPHRASE
@sssoleileraaa sssoleileraaa changed the title get wrong error code if drive is already unlocked cannot export file if drive is already unlocked Sep 11, 2019
@sssoleileraaa
Copy link
Contributor Author

Another way to Repro

  1. From the Qubes menu in the upper-lefthand corner, hover over sd-export-usb and select sd-export-usb: Files
  2. Select your thumb drive folder, enter in your luks passphrase with the Forget password immediately option selected
  3. Run qvm-open-in-vm sd-export-usb archive.sd-export from sd-svs

Expected
Either:

  1. You get back USB_DRIVE_UNLOCKED during the preflight checks to indicate to the client that it doesn't need to request the user's passphrase, then the client provides the export without an encryption_key and the export is successful.
  2. We just always ask the user for their passphrase and the export is successful

Actual
You get back USB_BAD_PASSPHRASE and the export is not successful

@eloquence eloquence mentioned this issue Sep 26, 2019
Merged
@sssoleileraaa
Copy link
Contributor Author

Sounds like this has been repro'd but keeping label so in case someone wants to repro this less-than-ideal fix:

Unplug usb device, plug back in, try again. I don't think this will work if you say to remember the passphrase forever though.

@sssoleileraaa sssoleileraaa self-assigned this Nov 7, 2019
@redshiftzero
Copy link
Contributor

I tried to reproduce this before attempting a fix but it seems like this is resolved on master. To repro I unlocked my export drive manually in sd-export-usb prior to clicking export in the client. The export still occurred successfully.

Looking at the code, this if statement should handle the case where the drive has already been unlocked: https://github.com/freedomofpress/securedrop-export/blob/master/securedrop_export/export.py#L247

If you agree @creviera, I think we can close this one

@sssoleileraaa
Copy link
Contributor Author

I still see this bug by running through the steps here: #12 (comment) except instead of seeing USB_BAD_PASSPHRASE you see ERROR_GENERIC now.

@sssoleileraaa
Copy link
Contributor Author

i think the way to prevent this is to check if the drive is already unlocked and then skip the luksOpen step and later the unmount+luksClose step

@sssoleileraaa sssoleileraaa mentioned this issue Dec 12, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sssoleileraaa sssoleileraaa

Labels
needs/reproduction
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

check if already unlocked and mounted freedomofpress/securedrop-export
3 participants
@eloquence @sssoleileraaa @redshiftzero