'\" t .\" Title: cifs.upcall .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 01/14/2010 .\" Manual: System Administration tools .\" Source: Samba 3.3 .\" Language: English .\" .TH "CIFS\&.UPCALL" "8" "01/14/2010" "Samba 3\&.3" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" cifs.upcall \- Userspace upcall helper for Common Internet File System (CIFS) .SH "SYNOPSIS" .HP \w'\ 'u cifs\&.upcall [\-\-trust\-dns|\-t] [\-\-version|\-v] {keyid} .SH "DESCRIPTION" .PP This tool is part of the \fBsamba\fR(7) suite\&. .PP cifs\&.upcall is a userspace helper program for the linux CIFS client filesystem\&. There are a number of activities that the kernel cannot easily do itself\&. This program is a callout program that does these things for the kernel and then returns the result\&. .PP cifs\&.upcall is generally intended to be run when the kernel calls request\-key(1M) for a particular key type\&. While it can be run directly from the command\-line, it\'s not generally intended to be run that way\&. .SH "OPTIONS" .PP \-c .RS 4 This option is deprecated and is currently ignored\&. .RE .PP \-\-trust\-dns|\-t .RS 4 With krb5 upcalls, the name used as the host portion of the service principal defaults to the hostname portion of the UNC\&. This option allows the upcall program to reverse resolve the network address of the server in order to get the hostname\&. .sp This is less secure than not trusting DNS\&. When using this option, it\'s possible that an attacker could get control of DNS and trick the client into mounting a different server altogether\&. It\'s preferable to instead add server principals to the KDC for every possible hostname, but this option exists for cases where that isn\'t possible\&. The default is to not trust reverse hostname lookups in this fashion\&. .RE .PP \-\-version|\-v .RS 4 Print version number and exit\&. .RE .SH "CONFIGURATION FOR KEYCTL" .PP cifs\&.upcall is designed to be called from the kernel via the request\-key callout program\&. This requires that request\-key be told where and how to call this program\&. The current cifs\&.upcall program handles two different key types: .PP cifs\&.spnego .RS 4 This keytype is for retrieving kerberos session keys .RE .PP dns_resolver .RS 4 This key type is for resolving hostnames into IP addresses .RE .PP To make this program useful for CIFS, you\'ll need to set up entries for them in request\-key\&.conf(4)\&. Here\'s an example of an entry for each key type: .sp .if n \{\ .RS 4 .\} .nf #OPERATION TYPE D C PROGRAM ARG1 ARG2\&.\&.\&. #========= ============= = = ================================ create cifs\&.spnego * * /usr/local/sbin/cifs\&.upcall %k create dns_resolver * * /usr/local/sbin/cifs\&.upcall %k .fi .if n \{\ .RE .\} .PP See \fBrequest-key.conf5\fR() for more info on each field\&. .SH "SEE ALSO" .PP \fBrequest-key.conf\fR(4), \fBmount.cifs\fR(1M) .SH "AUTHOR" .PP Igor Mammedov wrote the cifs\&.upcall program\&. .PP Jeff Layton authored this manpage\&. .PP The maintainer of the Linux CIFS VFS is Steve French\&. .PP The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs\&.