4 files changed, 161 insertions, 37 deletions

diff --git a/docs-xml/manpages-3/cifs.upcall.8.xml b/docs-xml/manpages-3/cifs.upcall.8.xml
new file mode 100644
index 0000000000..8df776bbd4
--- /dev/null
+++ b/docs-xml/manpages-3/cifs.upcall.8.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="cifs.upcall.8">
+
+
+<refmeta>
+        <refentrytitle>cifs.upcall</refentrytitle>
+        <manvolnum>8</manvolnum>
+        <refmiscinfo class="source">Samba</refmiscinfo>
+        <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+        <refmiscinfo class="version">3.2</refmiscinfo>
+</refmeta>
+
+<refnamediv>
+        <refname>cifs.upcall</refname>
+        <refpurpose>Userspace upcall helper for Common Internet File System (CIFS)</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+        <cmdsynopsis>
+                <command>cifs.upcall</command>
+                <arg choice="opt">-c</arg>
+                <arg choice="opt">-v</arg>
+                <arg choice="req">keyid</arg>
+        </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsect1>
+        <title>DESCRIPTION</title>
+
+        <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+        <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+<para>cifs.upcall is a userspace helper program for the linux CIFS client
+filesystem. There are a number of activities that the kernel cannot easily
+do itself. This program is a callout program that does these things for the
+kernel and then returns the result.</para>
+
+<para>cifs.upcall is generally intended to be run when the kernel calls
+request-key<manvolnum>8</manvolnum> for a particular key type. While it
+can be run directly from the command-line, it's not generally intended
+to be run that way.</para>
+</refsect1>
+
+<refsect1>
+	<title>OPTIONS</title>
+	<variablelist>
+		<varlistentry>
+		<term>-c</term>
+		<listitem><para>When handling a kerberos upcall, use a service principal that starts with "cifs/". The default is to use the "host/" service principal.
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-v</term>
+		<listitem><para>Print version number and exit.
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+</refsect1>
+
+<refsect1>
+	<title>CONFIGURATION FOR KEYCTL</title>
+	<para>cifs.upcall is designed to be called from the kernel via the request-key callout program. This requres that request-key be told where and how to call this program. The current cifs.upcall program handles two different key types:</para>
+
+	<variablelist>
+		<varlistentry>
+		<term>cifs.spnego</term>
+		<listitem><para>This keytype is for retrieving kerberos session keys
+		</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>cifs.resolve</term>
+		<listitem><para>This key type is for resolving hostnames into IP addresses
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
+
+	<para>To make this program useful for CIFS, you'll need to set up entries for them in request-key.conf<manvolnum>5</manvolnum>. Here's an example of an entry for each key type:</para>
+<programlisting>
+#OPERATION  TYPE           D C PROGRAM ARG1 ARG2...
+#=========  =============  = = ==========================================
+create	    cifs.spnego    * * /usr/local/sbin/cifs.upcall -c %k
+create      cifs.resolver  * * /usr/local/sbin/cifs.upcall %k
+</programlisting>
+<para>
+See <citerefentry><refentrytitle>request-key.conf<manvolnum>5</manvolnum></refentrytitle></citerefentry> for more info on each field.
+</para>
+</refsect1>
+
+<refsect1>
+        <title>SEE ALSO</title>
+        <para>
+	<citerefentry><refentrytitle>request-key.conf</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry>,
+	<citerefentry><refentrytitle>mount.cifs</refentrytitle>
+        <manvolnum>8</manvolnum></citerefentry>
+	</para>
+</refsect1>
+
+<refsect1>
+        <title>AUTHOR</title>
+
+	<para>Igor Mammedov wrote the cifs.upcall program.</para>
+	<para>Jeff Layton authored this manpage.</para>
+	<para>The maintainer of the Linux CIFS VFS is Steve French.</para>
+        <para>The <ulink url="mailto:linux-cifs-client@lists.samba.org">Linux
+		CIFS Mailing list</ulink> is the preferred place to ask
+		questions regarding these programs.
+	</para>
+</refsect1>
+
+</refentry>
diff --git a/source3/Makefile.in b/source3/Makefile.in
index cd70183711..85837a8943 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -178,7 +178,7 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
 
 SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@
 
-ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSSPNEGO_PROGS@
+ROOT_SBIN_PROGS = @CIFSMOUNT_PROGS@ @CIFSUPCALL_PROGS@
 
 BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \
 	bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@
@@ -878,7 +878,7 @@ CIFS_MOUNT_OBJ = client/mount.cifs.o
 
 CIFS_UMOUNT_OBJ = client/umount.cifs.o
 
-CIFS_SPNEGO_OBJ = client/cifs.spnego.o
+CIFS_UPCALL_OBJ = client/cifs.upcall.o
 
 NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \
                $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSAMBA_OBJ)
@@ -1340,9 +1340,9 @@ bin/umount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @BUILD_POPT@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
 
-bin/cifs.spnego@EXEEXT@: $(BINARY_PREREQS) $(CIFS_SPNEGO_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CIFS_SPNEGO_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
 		-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
 		$(LIBTDB_LIBS)
@@ -2449,7 +2449,7 @@ bin/rpc_open_tcp@EXEEXT@: $(BINARY_PREREQS) $(RPC_OPEN_TCP_OBJ) @LIBTALLOC_SHARE
 		$(LIBS) $(LIBTALLOC_LIBS) @LIBTDB_SHARED@ $(WINBIND_LIBS) \
 		$(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS)
 
-install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSSPNEGO@ installman \
+install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman \
 		installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ \
 		@INSTALL_PAM_MODULES@ installlibs
 
@@ -2476,9 +2476,9 @@ installcifsmount:: @CIFSMOUNT_PROGS@
 	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
 	@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
 
-installcifsspnego:: @CIFSSPNEGO_PROGS@
+installcifsupcall:: @CIFSUPCALL_PROGS@
 	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(ROOTSBINDIR)
-	@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSSPNEGO_PROGS@
+	@$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@
 
 # Some symlinks are required for the 'probing' of modules.
 # This mechanism should go at some point..
@@ -2545,7 +2545,7 @@ showlayout::
 	@echo "  swatdir:     $(SWATDIR)"
 
 
-uninstall:: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSSPNEGO@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@
+uninstall:: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@
 
 uninstallman::
 	@$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) C
@@ -2559,8 +2559,8 @@ uninstallbin::
 uninstallcifsmount::
 	@$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSMOUNT_PROGS@
 
-uninstallcifsspnego::
-	@$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSSPNEGO_PROGS@
+uninstallcifsupcall::
+	@$(SHELL) script/uninstallbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(ROOTSBINDIR) @CIFSUPCALL_PROGS@
 
 uninstallmodules::
 	@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(VFSLIBDIR) $(VFS_MODULES)
diff --git a/source3/client/cifs.spnego.c b/source3/client/cifs.upcall.c
index d10d19da96..3860f33e38 100644
--- a/source3/client/cifs.spnego.c
+++ b/source3/client/cifs.upcall.c
@@ -1,5 +1,5 @@
 /*
-* CIFS SPNEGO user-space helper.
+* CIFS user-space helper.
 * Copyright (C) Igor Mammedov (niallain@gmail.com) 2007
 *
 * Used by /sbin/request-key for handling
@@ -8,8 +8,8 @@
 * You should have keyutils installed and add following line to
 * /etc/request-key.conf file
 
-create cifs.spnego * * /usr/local/sbin/cifs.spnego [-v][-c] %k
-create cifs.resolver * * /usr/local/sbin/cifs.spnego [-v] %k
+create cifs.spnego * * /usr/local/sbin/cifs.upcall [-v][-c] %k
+create cifs.resolver * * /usr/local/sbin/cifs.upcall [-v] %k
 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -30,7 +30,7 @@ create cifs.resolver * * /usr/local/sbin/cifs.spnego [-v] %k
 #include "cifs_spnego.h"
 
 const char *CIFSSPNEGO_VERSION = "1.1";
-static const char *prog = "cifs.spnego";
+static const char *prog = "cifs.upcall";
 typedef enum _secType {
 	KRB5,
 	MS_KRB5
@@ -200,6 +200,13 @@ int cifs_resolver(const key_serial_t key, const char *key_descr)
 	return 0;
 }
 
+void
+usage(const char *prog)
+{
+	syslog(LOG_WARNING, "Usage: %s [-c] [-v] key_serial", prog);
+	fprintf(stderr, "Usage: %s [-c] [-v] key_serial\n", prog);
+}
+
 int main(const int argc, char *const argv[])
 {
 	struct cifs_spnego_msg *keydata = NULL;
@@ -215,10 +222,6 @@ int main(const int argc, char *const argv[])
 	char *buf, *hostname = NULL;
 
 	openlog(prog, 0, LOG_DAEMON);
-	if (argc < 1) {
-		syslog(LOG_WARNING, "Usage: %s [-c] key_serial", prog);
-		goto out;
-	}
 
 	while ((c = getopt(argc, argv, "cv")) != -1) {
 		switch (c) {
@@ -227,9 +230,8 @@ int main(const int argc, char *const argv[])
 			break;
 			}
 		case 'v':{
-			syslog(LOG_WARNING, "version: %s", CIFSSPNEGO_VERSION);
-			fprintf(stderr, "version: %s", CIFSSPNEGO_VERSION);
-			break;
+			printf("version: %s\n", CIFSSPNEGO_VERSION);
+			goto out;
 			}
 		default:{
 			syslog(LOG_WARNING, "unknow option: %c", c);
@@ -237,6 +239,13 @@ int main(const int argc, char *const argv[])
 			}
 		}
 	}
+
+	/* is there a key? */
+	if (argc <= optind) {
+		usage(prog);
+		goto out;
+	}
+
 	/* get key and keyring values */
 	errno = 0;
 	key = strtol(argv[optind], NULL, 10);
diff --git a/source3/configure.in b/source3/configure.in
index 2ae5e35295..cb0e37e4a2 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -109,9 +109,9 @@ AC_SUBST(EXTRA_BIN_PROGS)
 AC_SUBST(CIFSMOUNT_PROGS)
 AC_SUBST(INSTALL_CIFSMOUNT)
 AC_SUBST(UNINSTALL_CIFSMOUNT)
-AC_SUBST(CIFSSPNEGO_PROGS)
-AC_SUBST(INSTALL_CIFSSPNEGO)
-AC_SUBST(UNINSTALL_CIFSSPNEGO)
+AC_SUBST(CIFSUPCALL_PROGS)
+AC_SUBST(INSTALL_CIFSUPCALL)
+AC_SUBST(UNINSTALL_CIFSUPCALL)
 AC_SUBST(EXTRA_SBIN_PROGS)
 AC_SUBST(EXTRA_ALL_TARGETS)
 AC_SUBST(CONFIG_LIBS)
@@ -4035,14 +4035,14 @@ AC_ARG_WITH(cifsmount,
 )
 
 #################################################
-# check for cifs.spnego support
+# check for cifs.upcall support
 AC_CHECK_HEADERS([keyutils.h], [HAVE_KEYUTILS_H=1], [HAVE_KEYUTILS_H=0])
-CIFSSPNEGO_PROGS=""
-INSTALL_CIFSSPNEGO=""
-UNINSTALL_CIFSSPNEGO=""
-AC_MSG_CHECKING(whether to build cifs.spnego)
-AC_ARG_WITH(cifsspnego,
-[AS_HELP_STRING([--with-cifsspnego], [Include cifs.spnego (Linux only) support (default=no)])],
+CIFSUPCALL_PROGS=""
+INSTALL_CIFSUPCALL=""
+UNINSTALL_CIFSUPCALL=""
+AC_MSG_CHECKING(whether to build cifs.upcall)
+AC_ARG_WITH(cifsupcall,
+[AS_HELP_STRING([--with-cifsupcall], [Include cifs.upcall (Linux only) support (default=no)])],
 [ case "$withval" in
   no)
 	AC_MSG_RESULT(no)
@@ -4051,15 +4051,15 @@ AC_ARG_WITH(cifsspnego,
 	case "$host_os" in
 	*linux*)
 		if test x"$use_ads" != x"yes"; then
-			AC_MSG_ERROR(ADS support should be enabled for building cifs.spnego)
+			AC_MSG_ERROR(ADS support should be enabled for building cifs.upcall)
 		elif test x"$HAVE_KEYUTILS_H" != "x1"; then
-			AC_MSG_ERROR(keyutils package is required for cifs.spnego)
+			AC_MSG_ERROR(keyutils package is required for cifs.upcall)
 		else
 			AC_MSG_RESULT(yes)
-			AC_DEFINE(WITH_CIFSSPNEGO,1,[whether to build cifs.spnego])
-			CIFSSPNEGO_PROGS="bin/cifs.spnego"
-			INSTALL_CIFSSPNEGO="installcifsspnego"
-			UNINSTALL_CIFSSPNEGO="uninstallcifsspnego"
+			AC_DEFINE(WITH_CIFSUPCALL,1,[whether to build cifs.upcall])
+			CIFSUPCALL_PROGS="bin/cifs.upcall"
+			INSTALL_CIFSUPCALL="installcifsupcall"
+			UNINSTALL_CIFSUPCALL="uninstallcifsupcall"
 		fi
 		;;
 	*)