--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="cifs.upcall.8">
+
+
+<refmeta>
+ <refentrytitle>cifs.upcall</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.2</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+ <refname>cifs.upcall</refname>
+ <refpurpose>Userspace upcall helper for Common Internet File System (CIFS)</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>cifs.upcall</command>
+ <arg choice="opt">-c</arg>
+ <arg choice="opt">-v</arg>
+ <arg choice="req">keyid</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+<para>cifs.upcall is a userspace helper program for the linux CIFS client
+filesystem. There are a number of activities that the kernel cannot easily
+do itself. This program is a callout program that does these things for the
+kernel and then returns the result.</para>
+
+<para>cifs.upcall is generally intended to be run when the kernel calls
+request-key<manvolnum>8</manvolnum> for a particular key type. While it
+can be run directly from the command-line, it's not generally intended
+to be run that way.</para>
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>-c</term>
+ <listitem><para>When handling a kerberos upcall, use a service principal that starts with "cifs/". The default is to use the "host/" service principal.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-v</term>
+ <listitem><para>Print version number and exit.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>CONFIGURATION FOR KEYCTL</title>
+ <para>cifs.upcall is designed to be called from the kernel via the request-key callout program. This requres that request-key be told where and how to call this program. The current cifs.upcall program handles two different key types:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>cifs.spnego</term>
+ <listitem><para>This keytype is for retrieving kerberos session keys
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>cifs.resolve</term>
+ <listitem><para>This key type is for resolving hostnames into IP addresses
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>To make this program useful for CIFS, you'll need to set up entries for them in request-key.conf<manvolnum>5</manvolnum>. Here's an example of an entry for each key type:</para>
+<programlisting>
+#OPERATION TYPE D C PROGRAM ARG1 ARG2...
+#========= ============= = = ==========================================
+create cifs.spnego * * /usr/local/sbin/cifs.upcall -c %k
+create cifs.resolver * * /usr/local/sbin/cifs.upcall %k
+</programlisting>
+<para>
+See <citerefentry><refentrytitle>request-key.conf<manvolnum>5</manvolnum></refentrytitle></citerefentry> for more info on each field.
+</para>
+</refsect1>
+
+<refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry><refentrytitle>request-key.conf</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>mount.cifs</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>Igor Mammedov wrote the cifs.upcall program.</para>
+ <para>Jeff Layton authored this manpage.</para>
+ <para>The maintainer of the Linux CIFS VFS is Steve French.</para>
+ <para>The <ulink url="mailto:linux-cifs-client@lists.samba.org">Linux
+ CIFS Mailing list</ulink> is the preferred place to ask
+ questions regarding these programs.
+ </para>
+</refsect1>
+
+</refentry>
SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ bin/swat@EXEEXT@ @EXTRA_SBIN_PROGS@
-ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSSPNEGO_PROGS@
+ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSUPCALL_PROGS@
BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \
bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@
CIFS_UMOUNT_OBJ = client/umount.cifs.o
-CIFS_SPNEGO_OBJ = client/cifs.spnego.o
+CIFS_UPCALL_OBJ = client/cifs.upcall.o
NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) \
$(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ)
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS)
-bin/cifs.spnego@EXEEXT@: $(BINARY_PREREQS) $(CIFS_SPNEGO_OBJ) $(LIBSMBCLIENT_OBJ) bin/.dummy
+bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ) bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(CIFS_SPNEGO_OBJ) $(DYNEXP) $(LDFLAGS) -lkeyutils $(LIBS) \
+ @$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) -lkeyutils $(LIBS) \
$(LIBSMBCLIENT_OBJ) $(KRB5LIBS) $(LDAP_LIBS)
bin/testparm@EXEEXT@: proto_exists $(TESTPARM_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(DYNEXP) script/tests/timelimit.o
-install: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSSPNEGO@ installman installscripts installdat installswat installmodules @INSTALL_LIBSMBCLIENT@ @INSTALL_LIBMSRPC@ @INSTALL_PAM_MODULES@ @INSTALL_LIBSMBSHAREMODES@
+install: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman installscripts installdat installswat installmodules @INSTALL_LIBSMBCLIENT@ @INSTALL_LIBMSRPC@ @INSTALL_PAM_MODULES@ @INSTALL_LIBSMBSHAREMODES@
install-everything: install installmodules
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS) $(DESTDIR) $(ROOTSBINDIR)
@$(SHELL) script/installbin.sh $(INSTALLPERMS) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
-installcifsspnego: @CIFSSPNEGO_PROGS@
+installcifsupcall: @CIFSUPCALL_PROGS@
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
- @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSSPNEGO_PROGS@
+ @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@
# Some symlinks are required for the 'probing' of modules.
# This mechanism should go at some point..
@echo " swatdir: $(SWATDIR)"
-uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSSPNEGO@ uninstallscripts uninstalldat uninstallswat uninstallmodules @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_LIBMSRPC@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@
+uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_LIBMSRPC@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@
uninstallman:
@$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) C
uninstallcifsmount:
@$(SHELL) script/uninstallbin.sh $(INSTALLPERMS) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
-uninstallcifsspnego:
- @$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSSPNEGO_PROGS@
+uninstallcifsupcall:
+ @$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@
uninstallmodules:
@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR) $(prefix) $(VFSLIBDIR) $(VFS_MODULES)
/*
-* CIFS SPNEGO user-space helper.
+* CIFS user-space helper.
* Copyright (C) Igor Mammedov (niallain@gmail.com) 2007
*
* Used by /sbin/request-key for handling
* You should have keyutils installed and add following line to
* /etc/request-key.conf file
-create cifs.spnego * * /usr/local/sbin/cifs.spnego [-v][-c] %k
-create cifs.resolver * * /usr/local/sbin/cifs.spnego [-v] %k
+create cifs.spnego * * /usr/local/sbin/cifs.upcall [-v][-c] %k
+create cifs.resolver * * /usr/local/sbin/cifs.upcall [-v] %k
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#include "cifs_spnego.h"
const char *CIFSSPNEGO_VERSION = "1.1";
-static const char *prog = "cifs.spnego";
+static const char *prog = "cifs.upcall";
typedef enum _secType {
KRB5,
MS_KRB5
return 0;
}
+void
+usage(const char *prog)
+{
+ syslog(LOG_WARNING, "Usage: %s [-c] [-v] key_serial", prog);
+ fprintf(stderr, "Usage: %s [-c] [-v] key_serial\n", prog);
+}
+
int main(const int argc, char *const argv[])
{
struct cifs_spnego_msg *keydata = NULL;
char *buf, *hostname = NULL;
openlog(prog, 0, LOG_DAEMON);
- if (argc < 1) {
- syslog(LOG_WARNING, "Usage: %s [-c] key_serial", prog);
- goto out;
- }
while ((c = getopt(argc, argv, "cv")) != -1) {
switch (c) {
break;
}
case 'v':{
- syslog(LOG_WARNING, "version: %s", CIFSSPNEGO_VERSION);
- fprintf(stderr, "version: %s", CIFSSPNEGO_VERSION);
- break;
+ printf("version: %s\n", CIFSSPNEGO_VERSION);
+ goto out;
}
default:{
syslog(LOG_WARNING, "unknow option: %c", c);
}
}
}
+
+ /* is there a key? */
+ if (argc <= optind) {
+ usage(prog);
+ goto out;
+ }
+
/* get key and keyring values */
errno = 0;
key = strtol(argv[optind], NULL, 10);
AC_SUBST(CIFSMOUNT_PROGS)
AC_SUBST(INSTALL_CIFSMOUNT)
AC_SUBST(UNINSTALL_CIFSMOUNT)
-AC_SUBST(CIFSSPNEGO_PROGS)
-AC_SUBST(INSTALL_CIFSSPNEGO)
-AC_SUBST(UNINSTALL_CIFSSPNEGO)
+AC_SUBST(CIFSUPCALL_PROGS)
+AC_SUBST(INSTALL_CIFSUPCALL)
+AC_SUBST(UNINSTALL_CIFSUPCALL)
AC_SUBST(EXTRA_SBIN_PROGS)
AC_SUBST(EXTRA_ALL_TARGETS)
AC_SUBST(CONFIG_LIBS)
)
#################################################
-# check for cifs.spnego support
+# check for cifs.upcall support
AC_CHECK_HEADERS([keyutils.h], [HAVE_KEYUTILS_H=1], [HAVE_KEYUTILS_H=0])
-CIFSSPNEGO_PROGS=""
-INSTALL_CIFSSPNEGO=""
-UNINSTALL_CIFSSPNEGO=""
-AC_MSG_CHECKING(whether to build cifs.spnego)
-AC_ARG_WITH(cifsspnego,
-[ --with-cifsspnego Include cifs.spnego (Linux only) support (default=no)],
+CIFSUPCALL_PROGS=""
+INSTALL_CIFSUPCALL=""
+UNINSTALL_CIFSUPCALL=""
+AC_MSG_CHECKING(whether to build cifs.upcall)
+AC_ARG_WITH(cifsupcall,
+[ --with-cifsupcall Include cifs.upcall (Linux only) support (default=no)],
[ case "$withval" in
no)
AC_MSG_RESULT(no)
case "$host_os" in
*linux*)
if test x"$use_ads" != x"yes"; then
- AC_MSG_ERROR(ADS support should be enabled for building cifs.spnego)
+ AC_MSG_ERROR(ADS support should be enabled for building cifs.upcall)
elif test x"$HAVE_KEYUTILS_H" != "x1"; then
- AC_MSG_ERROR(keyutils package is required for cifs.spnego)
+ AC_MSG_ERROR(keyutils package is required for cifs.upcall)
else
AC_MSG_RESULT(yes)
- AC_DEFINE(WITH_CIFSSPNEGO,1,[whether to build cifs.spnego])
- CIFSSPNEGO_PROGS="bin/cifs.spnego"
- INSTALL_CIFSSPNEGO="installcifsspnego"
- UNINSTALL_CIFSSPNEGO="uninstallcifsspnego"
+ AC_DEFINE(WITH_CIFSUPCALL,1,[whether to build cifs.upcall])
+ CIFSUPCALL_PROGS="bin/cifs.upcall"
+ INSTALL_CIFSUPCALL="installcifsupcall"
+ UNINSTALL_CIFSUPCALL="uninstallcifsupcall"
fi
;;
*)
git.samba.org / metze / samba / wip.git / commitdiff