.\" ========================================================================
.\"
.IX Title "CIFSCREDS 1"
-.TH CIFSCREDS 1 "2012-01-24" "" ""
+.TH CIFSCREDS 1 "2012-07-17" "" ""
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
The cifscreds utility requires a kernel built with support for the
\&\fBlogin\fR key type. That key type was added in v3.3 in mainline Linux
kernels.
+.PP
+Since \fBcifscreds\fR adds keys to the session keyring, it is highly
+recommended that one use \fBpam_keyinit\fR to ensure that a session keyring
+is established at login time.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIpam_keyinit\fR\|(8)
.SH "AUTHORS"
.IX Header "AUTHORS"
The cifscreds program was originally developed by Igor Druzhinin
#include <ctype.h>
#include <keyutils.h>
#include <getopt.h>
+#include <errno.h>
#include "mount.h"
#include "resolve_host.h"
#include "util.h"
return EXIT_SUCCESS;
}
+static int
+check_session_keyring(void)
+{
+ key_serial_t ses_key, uses_key;
+
+ ses_key = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
+ if (ses_key == -1) {
+ if (errno == ENOKEY)
+ fprintf(stderr, "Error: you have no session keyring. "
+ "Consider using pam_keyinit to "
+ "install one.\n");
+ else
+ fprintf(stderr, "Error: unable to query session "
+ "keyring: %s\n", strerror(errno));
+ return (int)ses_key;
+ }
+
+ /* A problem querying the user-session keyring isn't fatal. */
+ uses_key = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
+ if (uses_key == -1)
+ return 0;
+
+ if (ses_key == uses_key)
+ fprintf(stderr, "Warning: you have no persistent session "
+ "keyring. cifscreds keys will not persist "
+ "after this process exits. See "
+ "pam_keyinit(8).\n");
+ return 0;
+}
+
int main(int argc, char **argv)
{
struct command *cmd, *best;
if (arg.user == NULL)
arg.user = getusername(getuid());
+ if (check_session_keyring())
+ return EXIT_FAILURE;
+
return best->action(&arg);
}
B<login> key type. That key type was added in v3.3 in mainline Linux
kernels.
+Since B<cifscreds> adds keys to the session keyring, it is highly
+recommended that one use B<pam_keyinit> to ensure that a session keyring
+is established at login time.
+
+=head1 SEE ALSO
+
+pam_keyinit(8)
+
=head1 AUTHORS
The cifscreds program was originally developed by Igor Druzhinin