summaryrefslogtreecommitdiff
path: root/docs-xml
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2009-08-26 06:26:02 -0400
committerJeff Layton <jlayton@redhat.com>2009-08-26 06:26:02 -0400
commitda99e3a724b493ba47a06d0704b891819ad16647 (patch)
tree55a2bfd8341e38e642fc8d40ea4daeb481dd4c89 /docs-xml
parent3544e685ade5b331e473c8680d42a748d9389125 (diff)
downloadsamba-da99e3a724b493ba47a06d0704b891819ad16647.tar.gz
samba-da99e3a724b493ba47a06d0704b891819ad16647.tar.bz2
samba-da99e3a724b493ba47a06d0704b891819ad16647.zip
cifs.upcall: make using ip address conditional on new option
Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com>
Diffstat (limited to 'docs-xml')
-rw-r--r--docs-xml/manpages-3/cifs.upcall.8.xml15
1 files changed, 10 insertions, 5 deletions
diff --git a/docs-xml/manpages-3/cifs.upcall.8.xml b/docs-xml/manpages-3/cifs.upcall.8.xml
index 427bb44479..05a5e0a9ec 100644
--- a/docs-xml/manpages-3/cifs.upcall.8.xml
+++ b/docs-xml/manpages-3/cifs.upcall.8.xml
@@ -19,8 +19,8 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>cifs.upcall</command>
- <arg choice="opt">-c</arg>
- <arg choice="opt">-v</arg>
+ <arg choice="opt">--trust-dns|-t</arg>
+ <arg choice="opt">--version|-v</arg>
<arg choice="req">keyid</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -51,9 +51,14 @@ to be run that way.</para>
<listitem><para>This option is deprecated and is currently ignored.
</para></listitem>
</varlistentry>
-
<varlistentry>
- <term>-v</term>
+ <term>--trust-dns|-t</term>
+ <listitem><para>With krb5 upcalls, the name used as the host portion of the service principal defaults to the hostname portion of the UNC. This option allows the upcall program to reverse resolve the network address of the server in order to get the hostname.</para>
+ <para>This is less secure than not trusting DNS. When using this option, it's possible that an attacker could get control of DNS and trick the client into mounting a different server altogether. It's preferable to instead add server principals to the KDC for every possible hostname, but this option exists for cases where that isn't possible. The default is to not trust reverse hostname lookups in this fashion.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>--version|-v</term>
<listitem><para>Print version number and exit.
</para></listitem>
</varlistentry>
@@ -85,7 +90,7 @@ to be run that way.</para>
<para>To make this program useful for CIFS, you'll need to set up entries for them in request-key.conf<manvolnum>5</manvolnum>. Here's an example of an entry for each key type:</para>
<programlisting>
#OPERATION TYPE D C PROGRAM ARG1 ARG2...
-#========= ============= = = ==========================================
+#========= ============= = = ================================
create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
create dns_resolver * * /usr/local/sbin/cifs.upcall %k
</programlisting>