diff options
| -rw-r--r-- | cifscreds.1 | 9 | ||||
| -rw-r--r-- | cifscreds.c | 34 | ||||
| -rw-r--r-- | cifscreds.pod | 8 |
3 files changed, 50 insertions, 1 deletions
diff --git a/cifscreds.1 b/cifscreds.1 index 44a02a2..83afae6 100644 --- a/cifscreds.1 +++ b/cifscreds.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CIFSCREDS 1" -.TH CIFSCREDS 1 "2012-01-24" "" "" +.TH CIFSCREDS 1 "2012-07-17" "" "" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -186,6 +186,13 @@ different username. The cifscreds utility requires a kernel built with support for the \&\fBlogin\fR key type. That key type was added in v3.3 in mainline Linux kernels. +.PP +Since \fBcifscreds\fR adds keys to the session keyring, it is highly +recommended that one use \fBpam_keyinit\fR to ensure that a session keyring +is established at login time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIpam_keyinit\fR\|(8) .SH "AUTHORS" .IX Header "AUTHORS" The cifscreds program was originally developed by Igor Druzhinin diff --git a/cifscreds.c b/cifscreds.c index efc76e6..bb35c02 100644 --- a/cifscreds.c +++ b/cifscreds.c @@ -28,6 +28,7 @@ #include <ctype.h> #include <keyutils.h> #include <getopt.h> +#include <errno.h> #include "mount.h" #include "resolve_host.h" #include "util.h" @@ -465,6 +466,36 @@ static int cifscreds_update(struct cmdarg *arg) return EXIT_SUCCESS; } +static int +check_session_keyring(void) +{ + key_serial_t ses_key, uses_key; + + ses_key = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0); + if (ses_key == -1) { + if (errno == ENOKEY) + fprintf(stderr, "Error: you have no session keyring. " + "Consider using pam_keyinit to " + "install one.\n"); + else + fprintf(stderr, "Error: unable to query session " + "keyring: %s\n", strerror(errno)); + return (int)ses_key; + } + + /* A problem querying the user-session keyring isn't fatal. */ + uses_key = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0); + if (uses_key == -1) + return 0; + + if (ses_key == uses_key) + fprintf(stderr, "Warning: you have no persistent session " + "keyring. cifscreds keys will not persist " + "after this process exits. See " + "pam_keyinit(8).\n"); + return 0; +} + int main(int argc, char **argv) { struct command *cmd, *best; @@ -535,5 +566,8 @@ int main(int argc, char **argv) if (arg.user == NULL) arg.user = getusername(getuid()); + if (check_session_keyring()) + return EXIT_FAILURE; + return best->action(&arg); } diff --git a/cifscreds.pod b/cifscreds.pod index 17e453f..c3bafb5 100644 --- a/cifscreds.pod +++ b/cifscreds.pod @@ -79,6 +79,14 @@ The cifscreds utility requires a kernel built with support for the B<login> key type. That key type was added in v3.3 in mainline Linux kernels. +Since B<cifscreds> adds keys to the session keyring, it is highly +recommended that one use B<pam_keyinit> to ensure that a session keyring +is established at login time. + +=head1 SEE ALSO + +pam_keyinit(8) + =head1 AUTHORS The cifscreds program was originally developed by Igor Druzhinin |