diff options
| author | Aurelien Aptel <aaptel@suse.com> | 2017-09-29 16:03:03 +0200 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2017-10-03 06:32:08 -0400 |
| commit | d999610bf985f19fcc1984be95f11da7a3e88533 (patch) | |
| tree | c93b2baeb09842266ba79f1d99f4a0943cde7fbd | |
| parent | 48d88f946e72a3a8618498524e61f9053bb565f4 (diff) | |
| download | cifs-utils-d999610bf985f19fcc1984be95f11da7a3e88533.tar.gz cifs-utils-d999610bf985f19fcc1984be95f11da7a3e88533.tar.bz2 cifs-utils-d999610bf985f19fcc1984be95f11da7a3e88533.zip | |
man: generate all man pages from POD files when buidling
Move all man pages to easily editable POD files and generate troff
source when building.
Previous .in troff file are still preprocessed before final generation
to use configured path (.pod.in -> .pod -> troff). All temporary
files (.pod.in and troff sources) are properly deleted on clean.
Remove all troff file, no need to keep generated copies under source
control.
This commit does not change the content of the man pages but makes
future editing easier.
Adds a new --enable-man/--disable-man configure option to control the
generation and installation of man pages. The option is automatically
enabled if the system supports it. Explicitly enabling it will make the
configure script fail if pod2man is not installed.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
| -rw-r--r-- | Makefile.am | 88 | ||||
| -rw-r--r-- | cifs.idmap.8.in | 101 | ||||
| -rw-r--r-- | cifs.idmap.pod.in | 100 | ||||
| -rw-r--r-- | cifs.upcall.8.in | 132 | ||||
| -rw-r--r-- | cifs.upcall.pod.in | 147 | ||||
| -rw-r--r-- | cifscreds.1 | 200 | ||||
| -rw-r--r-- | configure.ac | 21 | ||||
| -rw-r--r-- | getcifsacl.1.in | 59 | ||||
| -rw-r--r-- | getcifsacl.pod.in | 60 | ||||
| -rw-r--r-- | idmapwb.8.in | 148 | ||||
| -rw-r--r-- | idmapwb.pod.in (renamed from idmapwb.pod) | 0 | ||||
| -rw-r--r-- | mount.cifs.8 | 856 | ||||
| -rw-r--r-- | mount.cifs.pod | 933 | ||||
| -rw-r--r-- | pam_cifscreds.8 | 207 | ||||
| -rw-r--r-- | pam_cifscreds.pod | 2 | ||||
| -rw-r--r-- | setcifsacl.1.in | 113 | ||||
| -rw-r--r-- | setcifsacl.pod.in | 117 |
17 files changed, 1431 insertions, 1853 deletions
diff --git a/Makefile.am b/Makefile.am index 4823b63..559ce08 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,98 +5,114 @@ root_sbindir = $(ROOTSBINDIR) root_sbin_PROGRAMS = mount.cifs mount_cifs_SOURCES = mount.cifs.c mtab.c resolve_host.c util.c mount_cifs_LDADD = $(LIBCAP) $(CAPNG_LDADD) $(RT_LDADD) - -man_MANS = mount.cifs.8 include_HEADERS = cifsidmap.h +pod_man_pages = mount.cifs.8 + +# +# Generate man pages troff source from POD format +# +man_MANS= + +POD2MAN = pod2man -s $$(echo $@ | sed 's,.*\([1-9]\)$$,\1,' ) \ + -c 'System Administration Tools' -u -r '' --stderr $< $@ + +%.1: %.pod + $(POD2MAN) +%.2: %.pod + $(POD2MAN) +%.3: %.pod + $(POD2MAN) +%.4: %.pod + $(POD2MAN) +%.5: %.pod + $(POD2MAN) +%.6: %.pod + $(POD2MAN) +%.7: %.pod + $(POD2MAN) +%.8: %.pod + $(POD2MAN) + +CLEANFILES = bin_PROGRAMS = sbin_PROGRAMS = -clean-local: clean-local-upcall clean-local-idmap clean-local-cifsacl if CONFIG_CIFSUPCALL sbin_PROGRAMS += cifs.upcall cifs_upcall_SOURCES = cifs.upcall.c data_blob.c asn1.c spnego.c cifs_upcall_LDADD = -ltalloc -lkeyutils $(KRB5_LDADD) $(CAPNG_LDADD) -man_MANS += cifs.upcall.8 - +pod_man_pages += cifs.upcall.8 # # Fix the pathnames in manpages. To prevent @label@ being replaced by m4, we # need to obfuscate the LHS of the regex (hence the trivial one character set). # -cifs.upcall.8: cifs.upcall.8.in +cifs.upcall.pod: cifs.upcall.pod.in $(SED) 's,[@]sbindir@,$(sbindir),' $(srcdir)/$@.in > $@-t && mv $@-t $@ endif -clean-local-upcall: -if CONFIG_CIFSUPCALL - rm -f cifs.upcall.8 cifs.upcall.8-t -endif - if CONFIG_CIFSCREDS bin_PROGRAMS += cifscreds cifscreds_SOURCES = cifscreds.c cifskey.c resolve_host.c util.c cifscreds_LDADD = -lkeyutils -man_MANS += cifscreds.1 + +pod_man_pages += cifscreds.1 + endif if CONFIG_CIFSIDMAP sbin_PROGRAMS += cifs.idmap cifs_idmap_SOURCES = cifs.idmap.c idmap_plugin.c cifs_idmap_LDADD = -lkeyutils -ldl -man_MANS += cifs.idmap.8 - -cifs.idmap.8: cifs.idmap.8.in +pod_man_pages += cifs.idmap.8 +CLEANFILES += cifs.idmap.pod +cifs.idmap.pod: cifs.idmap.pod.in $(SED) -e 's,[@]sbindir@,$(sbindir),' -e 's,[@]pluginpath@,$(pluginpath),' $(srcdir)/$@.in > $@-t && mv $@-t $@ endif -clean-local-idmap: -if CONFIG_CIFSIDMAP - rm -f cifs.idmap.8 cifs.idmap.8-t -endif - if CONFIG_CIFSACL bin_PROGRAMS += getcifsacl getcifsacl_SOURCES = getcifsacl.c idmap_plugin.c getcifsacl_LDADD = -ldl -man_MANS += getcifsacl.1 -getcifsacl.1: getcifsacl.1.in +pod_man_pages += getcifsacl.1 +CLEANFILES += getcifsacl.pod +getcifsacl.pod: getcifsacl.pod.in $(SED) 's,[@]pluginpath@,$(pluginpath),' $(srcdir)/$@.in > $@-t && mv $@-t $@ bin_PROGRAMS += setcifsacl setcifsacl_SOURCES = setcifsacl.c idmap_plugin.c setcifsacl_LDADD = -ldl -man_MANS += setcifsacl.1 -setcifsacl.1: setcifsacl.1.in +pod_man_pages += setcifsacl.1 +CLEANFILES += setcifsacl.pod +setcifsacl.pod: setcifsacl.pod.in $(SED) 's,[@]pluginpath@,$(pluginpath),' $(srcdir)/$@.in > $@-t && mv $@-t $@ endif -clean-local-cifsacl: -if CONFIG_CIFSACL - rm -f getcifsacl.1 getcifsacl.1-t - rm -f setcifsacl.1 setcifsacl.1-t -endif - if CONFIG_PLUGIN plugindir = $(pkglibdir) plugin_PROGRAMS = idmapwb.so -man_MANS += idmapwb.8 - idmapwb.so: idmapwb.c $(CC) $(DEFS) $(CFLAGS) $(AM_CFLAGS) $(WBCLIENT_CFLAGS) $(LDFLAGS) -shared -fpic -o $@ $+ $(WBCLIENT_LIBS) -idmapwb.8: idmapwb.8.in +pod_man_pages += idmapwb.8 +CLEANFILES += idmapwb.pod +idmapwb.pod: idmapwb.pod.in $(SED) 's,[@]pluginpath@,$(pluginpath),' $(srcdir)/$@.in > $@-t && mv $@-t $@ - endif if CONFIG_PAM pam_PROGRAMS = pam_cifscreds.so - +pod_man_pages += pam_cifscreds.8 pam_cifscreds.so: pam_cifscreds.c cifskey.c resolve_host.c util.c $(CC) $(DEFS) $(CFLAGS) $(AM_CFLAGS) $(LDFLAGS) -shared -fpic -o $@ $+ -lpam -lkeyutils -man_MANS += pam_cifscreds.8 + +endif + +if CONFIG_MAN +man_MANS += $(pod_man_pages) +CLEANFILES += $(pod_man_pages) endif SUBDIRS = contrib diff --git a/cifs.idmap.8.in b/cifs.idmap.8.in deleted file mode 100644 index 07863ba..0000000 --- a/cifs.idmap.8.in +++ /dev/null @@ -1,101 +0,0 @@ -'\" t -.\" Title: cifs.idmap -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 05/26/2011 -.\" Manual: System Administration tools -.\" Source: cifs-utils 4.0 -.\" Language: English -.\" -.TH "CIFS\&.IDMAP" "8" "05/26/2011" "cifs-utils" "System Administration tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -cifs.idmap \- Userspace helper for mapping ids for Common Internet File System (CIFS) -.SH "SYNOPSIS" -.HP \w'\ 'u -cifs.idmap [--help|-h] [--timeout|-t] [--version|-v] {keyid} -.SH "DESCRIPTION" -.PP -This tool is part of the cifs-utils suite\&. -.PP -cifs\&.idmap is a userspace helper program for the linux CIFS client filesystem\&. There are a number of activities that the kernel cannot easily do itself\&. This program is a callout program that does these things for the kernel and then returns the result\&. -.PP -cifs\&.idmap is generally intended to be run when the kernel calls request\-key(8) -for a particular key type\&. While it can be run directly from the command\-line, it is not generally intended to be run that way\&. -.PP -This program is only called if a share is mounted with the \fBcifsacl\fR mount -option. The kernel will only upcall to do this conversion if that mount option -is specified. -.PP -cifs.idmap relies on a plugin to handle the ID mapping. If it can't find the -plugin then it will not work properly. The plugin (or a symlink to it) must be -at \fB@pluginpath@\fR. -.PP -In the case where cifs.idmap or the plugin are unavailable, file objects in a mounted share are assigned uid and gid of the credentials of the process that mounted the share\&. It is strongly recomemended to use mount options of uid and gid to specify a default uid and gid to map owner SIDs and group SIDs in this -situation. -.SH "OPTIONS" -.PP ---help|-h -.RS -Print the usage message and exit. -.RE -.PP ---timeout|-t -.RS 4 -Set the expiration timer, in seconds on the key. The default is 600 seconds (10 minutes). Setting this to 0 will cause the key to never expire. -.RE -.PP -\-\-version|\-v -.RS 4 -Print version number and exit\&. -.RE -.SH "CONFIGURATION FOR KEYCTL" -.PP -cifs\&.idmap is designed to be called from the kernel via the request\-key callout program\&. This requires that request\-key be told where and how to call this program\&. Currently cifs\&.idmap handles a key type of: -.PP -cifs\&.idmap -.RS 4 -This keytype is for mapping a SID to either an uid or a gid -.RE -.PP -To make this program useful for CIFS, you will need to set up entry for it in request\-key\&.conf(5)\&. Here is an example of an entry for this key type: -.sp -.if n \{\ -.RS 4 -.\} -.nf -#OPERATION TYPE D C PROGRAM ARG1 ARG2\&.\&.\&. -#========= ============= = = ================================ -create cifs\&.idmap * * @sbindir@/cifs\&.idmap %k -.fi -.if n \{\ -.RE -.\} -.PP -See -\fBrequest-key.conf\fR(5) -for more info on each field\&. -.SH "NOTES" -.PP -Support for upcalls to cifs.idmap was initially introduced in the 3.0 kernel. -.SH "SEE ALSO" -.PP - -\fBrequest-key.conf\fR(5), -\fBmount.cifs\fR(8) -.SH "AUTHOR" -.PP -Shirish Pargaonkar wrote the cifs\&.idmap program\&. -.PP -The -Linux CIFS Mailing list -is the preferred place to ask questions regarding these programs\&. diff --git a/cifs.idmap.pod.in b/cifs.idmap.pod.in new file mode 100644 index 0000000..9ff92c2 --- /dev/null +++ b/cifs.idmap.pod.in @@ -0,0 +1,100 @@ +# turn into a manpage with the following command: +# +# pod2man -s 1 -u -c '' -r '' --stderr cifs.idmap.pod cifs.idmap.8 +# + +=head1 NAME + +cifs.idmap - Userspace helper for mapping ids for Common Internet File System (CIFS) + +=head1 SYNOPSIS + +cifs.idmap [--help|-h] [--timeout|-t] [--version|-v] {keyid} + +=head1 DESCRIPTION + +This tool is part of the cifs-utils suite. + +B<cifs.idmap> is a userspace helper program for the linux CIFS client +filesystem. There are a number of activities that the kernel cannot +easily do itself. This program is a callout program that does these +things for the kernel and then returns the result. + +B<cifs.idmap> is generally intended to be run when the kernel calls +L<request-key(8)> for a particular key type. While it can be run +directly from the command-line, it is not generally intended to be run +that way. + +This program is only called if a share is mounted with the B<cifsacl> +mount option. The kernel will only upcall to do this conversion if +that mount option is specified. + +B<cifs.idmap> relies on a plugin to handle the ID mapping. If it can't +find the plugin then it will not work properly. The plugin (or a +symlink to it) must be at @pluginpath@. + +In the case where B<cifs.idmap> or the plugin are unavailable, file +objects in a mounted share are assigned uid and gid of the credentials +of the process that mounted the share. It is strongly recomemended to +use mount options of uid and gid to specify a default uid and gid to +map owner SIDs and group SIDs in this situation. + +=head1 OPTIONS + +=over + +=item B<--help|-h> + +Print the usage message and exit. + +=item B<--timeout|-t> + +Set the expiration timer, in seconds on the key. The default is 600 +seconds (10 minutes). Setting this to 0 will cause the key to never +expire. + +=item B<--version|-v> + +Print version number and exit. + +=back + +=head1 CONFIGURATION FOR KEYCTL + +B<cifs.idmap> is designed to be called from the kernel via the +request-key callout program. This requires that request-key be told +where and how to call this program. Currently B<cifs.idmap> handles a +key type of: + +=over + +=item B<cifs.idmap> + +This keytype is for mapping a SID to either an uid or a gid + +=back + +To make this program useful for CIFS, you will need to set up entry for it in +L<request-key.conf(5)>. Here is an example of an entry for this key type: + + #OPERATION TYPE D C PROGRAM ARG1 ARG2... + #========= ============= = = ================================ + create cifs.idmap * * @sbindir@/cifs.idmap %k + +See L<request-key.conf(5)> for more info on each field. + +=head1 NOTES + +Support for upcalls to cifs.idmap was initially introduced in the 3.0 +kernel. + +=head1 SEE ALSO + +L<request-key.conf(5)>, L<mount.cifs(8)> + +=head1 AUTHOR + +Shirish Pargaonkar wrote the cifs.idmap program. + +The Linux CIFS Mailing list is the preferred place to ask questions +regarding these programs. diff --git a/cifs.upcall.8.in b/cifs.upcall.8.in deleted file mode 100644 index 81481a4..0000000 --- a/cifs.upcall.8.in +++ /dev/null @@ -1,132 +0,0 @@ -'\" t -.\" Title: cifs.upcall -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 02/07/2010 -.\" Manual: System Administration tools -.\" Source: cifs-utils 4.0 -.\" Language: English -.\" -.TH "CIFS\&.UPCALL" "8" "02/07/2010" "cifs-utils" "System Administration tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -cifs.upcall \- Userspace upcall helper for Common Internet File System (CIFS) -.SH "SYNOPSIS" -.HP \w'\ 'u -cifs\&.upcall [\-\-trust\-dns|\-t] [\-\-version|\-v] [\-\-legacy\-uid|\-l] [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid} -.SH "DESCRIPTION" -.PP -This tool is part of the cifs-utils suite\&. -.PP -cifs\&.upcall is a userspace helper program for the linux CIFS client filesystem\&. There are a number of activities that the kernel cannot easily do itself\&. This program is a callout program that does these things for the kernel and then returns the result\&. -.PP -cifs\&.upcall is generally intended to be run when the kernel calls request\-key(8) -for a particular key type\&. While it can be run directly from the command\-line, it\'s not generally intended to be run that way\&. -.SH "OPTIONS" -.PP -\-c -.RS 4 -This option is deprecated and is currently ignored\&. -.RE -.PP -\-\-no-env-probe|\-E -.RS 4 -Normally, cifs.upcall will probe the environment variable space of the process -that initiated the upcall in order to fetch the value of $KRB5CCNAME. This can -assist the program with finding credential caches in non-default locations. If -this option is set, then the program won't do this and will rely on finding -credcaches in the default locations specified in krb5.conf. Note that this is -never performed when the uid is 0. The default credcache location is always -used when the uid is 0, regardless of the environment variable setting in the -process. -.RE -.PP -\--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf -.RS 4 -This option allows administrators to set an alternate location for the -krb5.conf file that cifs.upcall will use. -.RE -.PP -\--keytab=/path/to/keytab|-K /path/to/keytab -.RS 4 -This option allows administrators to specify a keytab file to be used. When a user has no credential cache already established, cifs.upcall will attempt to use this keytab to acquire them. The default is the system-wide keytab /etc/krb5.keytab. -.RE -.PP -\-\-trust\-dns|\-t -.RS 4 -With krb5 upcalls, the name used as the host portion of the service principal defaults to the hostname portion of the UNC\&. This option allows the upcall program to reverse resolve the network address of the server in order to get the hostname\&. -.sp -This is less secure than not trusting DNS\&. When using this option, it\'s possible that an attacker could get control of DNS and trick the client into mounting a different server altogether\&. It\'s preferable to instead add server principals to the KDC for every possible hostname, but this option exists for cases where that isn\'t possible\&. The default is to not trust reverse hostname lookups in this fashion\&. -.RE -.PP -\-\-legacy\-uid|\-l -.RS 4 -Traditionally, the kernel has sent only a single uid= parameter to the upcall for the SPNEGO upcall that\'s used to determine what user's credential cache to use. This parameter is affected by the uid= mount option, which also governs the ownership of files on the mount\&. -.sp -Newer kernels send a creduid= option as well, which contains what uid it thinks actually owns the credentials that it\'s looking for\&. At mount time, this is generally set to the real uid of the user doing the mount. For multisession mounts, it's set to the fsuid of the mount user. Set this option if you want cifs.upcall to use the older uid= parameter instead of the creduid= parameter\&. -.RE -.PP -\-\-version|\-v -.RS 4 -Print version number and exit\&. -.RE -.SH "CONFIGURATION FOR KEYCTL" -.PP -cifs\&.upcall is designed to be called from the kernel via the request\-key callout program\&. This requires that request\-key be told where and how to call this program\&. The current cifs\&.upcall program handles two different key types: -.PP -cifs\&.spnego -.RS 4 -This keytype is for retrieving kerberos session keys -.RE -.PP -dns_resolver -.RS 4 -This key type is for resolving hostnames into IP addresses. Support for this key type may eventually be deprecated (see below). -.RE -.PP -To make this program useful for CIFS, you\'ll need to set up entries for them in request\-key\&.conf(5)\&. Here\'s an example of an entry for each key type: -.sp -.if n \{\ -.RS 4 -.\} -.nf -#OPERATION TYPE D C PROGRAM ARG1 ARG2\&.\&.\&. -#========= ============= = = ================================ -create cifs\&.spnego * * @sbindir@/cifs\&.upcall %k -create dns_resolver * * @sbindir@/cifs\&.upcall %k -.fi -.if n \{\ -.RE -.\} -.PP -See -\fBrequest-key.conf\fR(5) -for more info on each field\&. - -The keyutils package has also started including a dns_resolver handling program as well that is preferred over the one in cifs.upcall. If you are using a keyutils version equal to or greater than 1.5, you should use key.dns_resolver to handle the dns_resolver keytype instead of cifs.upcall. See \fBkey.dns_resolver\fR(8) for more info. -.SH "SEE ALSO" -.PP - -\fBrequest-key.conf\fR(5), -\fBmount.cifs\fR(8), -\fBkey.dns_resolver\fR(8) -.SH "AUTHOR" -.PP -Igor Mammedov wrote the cifs\&.upcall program\&. -.PP -Jeff Layton authored this manpage\&. -.PP -The maintainer of the Linux CIFS VFS is Steve French\&. -.PP -The -Linux CIFS Mailing list -is the preferred place to ask questions regarding these programs\&. diff --git a/cifs.upcall.pod.in b/cifs.upcall.pod.in new file mode 100644 index 0000000..ced3aed --- /dev/null +++ b/cifs.upcall.pod.in @@ -0,0 +1,147 @@ +# turn into a manpage with the following command: +# +# pod2man -s 1 -u -c '' -r '' --stderr cifs.upcall.pod cifs.upcall.8 +# + +=head1 NAME + +cifs.upcall - Userspace upcall helper for Common Internet File System (CIFS) + +=head1 SYNOPSIS + + cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] + [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] + [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid} + +=head1 DESCRIPTION + +This tool is part of the cifs-utils suite. + +B<cifs.upcall> is a userspace helper program for the linux CIFS client +filesystem. There are a number of activities that the kernel cannot +easily do itself. This program is a callout program that does these +things for the kernel and then returns the result. + +B<cifs.upcall> is generally intended to be run when the kernel calls +L<request-key(8)> for a particular key type. While it can be run +directly from the command-line, it's not generally intended to be run +that way. + +=head1 OPTIONS + +=over + +=item B<-c> + +This option is deprecated and is currently ignored. + +=item B<--no-env-probe|-E> + +Normally, B<cifs.upcall> will probe the environment variable space of +the process that initiated the upcall in order to fetch the value of +C<$KRB5CCNAME>. This can assist the program with finding credential +caches in non-default locations. If this option is set, then the +program won't do this and will rely on finding credcaches in the +default locations specified in F<krb5.conf>. Note that this is never +performed when the uid is 0. The default credcache location is always +used when the uid is 0, regardless of the environment variable setting +in the process. + +=item B<--krb5conf=F</path/to/krb5.conf>|-k F</path/to/krb5.conf>> + +This option allows administrators to set an alternate location for the +F<krb5.conf> file that B<cifs.upcall> will use. + +=item B<--keytab=F</path/to/keytab>|-K F</path/to/keytab>> + +This option allows administrators to specify a keytab file to be +used. When a user has no credential cache already established, +B<cifs.upcall> will attempt to use this keytab to acquire them. The +default is the system-wide keytab F</etc/krb5.keytab>. + +=item B<--trust-dns|-t> + +With krb5 upcalls, the name used as the host portion of the service +principal defaults to the hostname portion of the UNC. This option +allows the upcall program to reverse resolve the network address of +the server in order to get the hostname. + +This is less secure than not trusting DNS. When using this option, +it's possible that an attacker could get control of DNS and trick the +client into mounting a different server altogether. It's preferable to +instead add server principals to the KDC for every possible hostname, +but this option exists for cases where that isn't possible. The +default is to not trust reverse hostname lookups in this fashion. + +=item B<--legacy-uid|-l> + +Traditionally, the kernel has sent only a single uid= parameter to the +upcall for the SPNEGO upcall that's used to determine what user's +credential cache to use. This parameter is affected by the B<uid=> +mount option, which also governs the ownership of files on the mount. + +Newer kernels send a creduid= option as well, which contains what uid +it thinks actually owns the credentials that it's looking for. At +mount time, this is generally set to the real uid of the user doing +the mount. For multisession mounts, it's set to the fsuid of the mount +user. Set this option if you want cifs.upcall to use the older B<uid=> +parameter instead of the creduid= parameter. + +=item B<--version|-v> + +Print version number and exit. + +=back + +=head1 CONFIGURATION FOR KEYCTL + +B<cifs.upcall> is designed to be called from the kernel via the +request-key callout program. This requires that request-key be told +where and how to call this program. The current B<cifs.upcall> +program handles two different key types: + +=over + +=item B<cifs.spnego> + +This keytype is for retrieving kerberos session keys + +=item B<dns_resolver> + +This key type is for resolving hostnames into IP addresses. Support +for this key type may eventually be deprecated (see below). + +To make this program useful for CIFS, you'll need to set up entries +for them in L<request-key.conf(5)>. Here's an example of an entry for +each key type: + + #OPERATION TYPE D C PROGRAM ARG1 ARG2... + #========= ============= = = ================================ + create cifs.spnego * * @sbindir@/cifs.upcall %k + create dns_resolver * * @sbindir@/cifs.upcall %k + +See L<request-key.conf(5)> for more info on each field. + +The keyutils package has also started including a dns_resolver +handling program as well that is preferred over the one in +B<cifs.upcall.> If you are using a keyutils version equal to or +greater than 1.5, you should use C<key.dns_resolver> to handle the +C<dns_resolver> keytype instead of B<cifs.upcall>. See +L<key.dns_resolver(8)> for more info. + +=back + +=head1 SEE ALSO + +L<request-key.conf(5)>, L<mount.cifs(8)>, L<key.dns_resolver(8)> + +=head1 AUTHOR + +Igor Mammedov wrote the cifs.upcall program. + +Jeff Layton authored this manpage. + +The maintainer of the Linux CIFS VFS is Steve French. + +The Linux CIFS Mailing list is the preferred place to ask questions +regarding these programs. diff --git a/cifscreds.1 b/cifscreds.1 deleted file mode 100644 index 83afae6..0000000 --- a/cifscreds.1 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX -.. -.\} -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CIFSCREDS 1" -.TH CIFSCREDS 1 "2012-07-17" "" "" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -cifscreds \- manage NTLM credentials in kernel keyring -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -cifscreds add|clear|clearall|update [\-u username] [\-d] host|domain -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBcifscreds\fR program is a tool for managing credentials (username -and password) for the purpose of establishing sessions in multiuser -mounts. -.PP -When a cifs filesystem is mounted with the \*(L"multiuser\*(R" option, and does -not use krb5 authentication, it needs to be able to get the credentials -for each user from somewhere. The \fBcifscreds\fR program is the tool used -to provide these credentials to the kernel. -.PP -The first non-option argument to cifscreds is a command (see the -\&\fB\s-1COMMANDS\s0\fR section below). The second non-option argument is a hostname -or address, or an \s-1NT\s0 domain name. -.SH "COMMANDS" -.IX Header "COMMANDS" -.IP "\fBadd\fR" 4 -.IX Item "add" -Add credentials to the kernel to be used for connecting to the given server, or servers in the given domain. -.IP "\fBclear\fR" 4 -.IX Item "clear" -Clear credentials for a particular host or domain from the kernel. -.IP "\fBclearall\fR" 4 -.IX Item "clearall" -Clear all cifs credentials from the kernel. -.IP "\fBupdate\fR" 4 -.IX Item "update" -Update stored credentials in the kernel with a new username and -password. -.SH "OPTIONS" -.IX Header "OPTIONS" -.IP "\fB\-d\fR, \fB\-\-domain\fR" 4 -.IX Item "-d, --domain" -The provided host/domain argument is a \s-1NT\s0 domainname. -.Sp -Ordinarily the second argument provided to cifscreds is treated as a -hostname or \s-1IP\s0 address. This option causes the cifscreds program to -treat that argument as an \s-1NT\s0 domainname instead. -.Sp -If there are not host specific credentials for the mounted server, then -the kernel will next look for a set of domain credentials equivalent to -the domain= option provided at mount time. -.IP "\fB\-u\fR, \fB\-\-username\fR" 4 -.IX Item "-u, --username" -Ordinarily, the username is derived from the unix username of the user -adding the credentials. This option allows the user to substitute a -different username. -.SH "NOTES" -.IX Header "NOTES" -The cifscreds utility requires a kernel built with support for the -\&\fBlogin\fR key type. That key type was added in v3.3 in mainline Linux -kernels. -.PP -Since \fBcifscreds\fR adds keys to the session keyring, it is highly -recommended that one use \fBpam_keyinit\fR to ensure that a session keyring -is established at login time. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fIpam_keyinit\fR\|(8) -.SH "AUTHORS" -.IX Header "AUTHORS" -The cifscreds program was originally developed by Igor Druzhinin -<jaxbrigs@gmail.com>. This manpage and a redesign of the code was done -by Jeff Layton <jlayton@samba.org>. diff --git a/configure.ac b/configure.ac index cfd9f0b..0e118a9 100644 --- a/configure.ac +++ b/configure.ac @@ -50,6 +50,11 @@ AC_ARG_ENABLE(systemd, enable_systemd=$enableval, enable_systemd="maybe") +AC_ARG_ENABLE(man, + [AS_HELP_STRING([--enable-man],[Enable generation and installation of man pages @<:@default=yes@:>@])], + enable_man=$enableval, + enable_man="maybe") + # "with" options AC_ARG_WITH(idmap-plugin, [AS_HELP_STRING([--with-idmap-plugin=/path/to/plugin],[Define the path to the plugin that the idmapping infrastructure should use @<:@default=/etc/cifs-utils/idmap-plugin@:>@])], @@ -245,11 +250,27 @@ if test $enable_systemd != "no"; then AC_DEFINE(ENABLE_SYSTEMD, 1, [Enable systemd specific behavior for mount.cifs]) fi +# if docs are not disabled, check if pod2man is available +if test $enable_man != "no"; then + AC_CHECK_PROG(have_pod2man, pod2man, yes, no) + if test $have_pod2man = "no"; then + if test $enable_man = "yes"; then + AC_MSG_ERROR([pod2man not found: cannot generate man pages, consider installing perl.]) + else + AC_MSG_WARN([pod2man not found: cannot generate man pages, consider installing perl. Disabling man page generation.]) + enable_man="no" + fi + else + enable_man="yes" + fi +fi + # MIT krb5 < 1.7 does not have this declaration but does have the symbol AC_CHECK_DECLS(krb5_auth_con_set_req_cksumtype, [], [], [#include <krb5.h>]) LIBS=$cu_saved_libs |