diff options
| author | Jeff Layton <jlayton@samba.org> | 2012-07-20 10:30:50 -0400 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2012-07-20 10:30:50 -0400 |
| commit | c44d290f3b5f221e7617bdb409bb8e44ceafef3e (patch) | |
| tree | 4b54fd2d23627313532fc0f3995fd3192d94bd04 /cifscreds.c | |
| parent | 877701f3cc23df3cb2a293c060bdbf05a87bff6a (diff) | |
| download | cifs-utils-c44d290f3b5f221e7617bdb409bb8e44ceafef3e.tar.gz cifs-utils-c44d290f3b5f221e7617bdb409bb8e44ceafef3e.tar.bz2 cifs-utils-c44d290f3b5f221e7617bdb409bb8e44ceafef3e.zip | |
cifscreds: add a check and warnings for session keyring problems
Many distros do not call into pam_keyinit to set up the session keyring
properly at login time. When cifscreds add is used in such a session,
the kernel will spawn a new session keyring in which to install the
credentials. That keyring will then go away once the cifscreds process
exits.
Check for this situation by looking to see if the session and
user-session keyrings are the same. Throw a warning if so, and add some
verbiage to the cifscreds manpage that explains the issue. Also, if
the session keyring can't be queried for any reason, then cause the
program to error out.
Acked-by: David Howells <dhowells@redhat.com>
Reported-by: Milan Knížek <knizek.confy@gmail.com>
Signed-off-by: Jeff Layton <jlayton@samba.org>
Diffstat (limited to 'cifscreds.c')
| -rw-r--r-- | cifscreds.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/cifscreds.c b/cifscreds.c index efc76e6..bb35c02 100644 --- a/cifscreds.c +++ b/cifscreds.c @@ -28,6 +28,7 @@ #include <ctype.h> #include <keyutils.h> #include <getopt.h> +#include <errno.h> #include "mount.h" #include "resolve_host.h" #include "util.h" @@ -465,6 +466,36 @@ static int cifscreds_update(struct cmdarg *arg) return EXIT_SUCCESS; } +static int +check_session_keyring(void) +{ + key_serial_t ses_key, uses_key; + + ses_key = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0); + if (ses_key == -1) { + if (errno == ENOKEY) + fprintf(stderr, "Error: you have no session keyring. " + "Consider using pam_keyinit to " + "install one.\n"); + else + fprintf(stderr, "Error: unable to query session " + "keyring: %s\n", strerror(errno)); + return (int)ses_key; + } + + /* A problem querying the user-session keyring isn't fatal. */ + uses_key = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0); + if (uses_key == -1) + return 0; + + if (ses_key == uses_key) + fprintf(stderr, "Warning: you have no persistent session " + "keyring. cifscreds keys will not persist " + "after this process exits. See " + "pam_keyinit(8).\n"); + return 0; +} + int main(int argc, char **argv) { struct command *cmd, *best; @@ -535,5 +566,8 @@ int main(int argc, char **argv) if (arg.user == NULL) arg.user = getusername(getuid()); + if (check_session_keyring()) + return EXIT_FAILURE; + return best->action(&arg); } |