Packages and Binaries:

cifs-utils

The SMB/CIFS protocol provides support for cross-platform file sharing with Microsoft Windows, OS X, and other Unix systems.

This package provides utilities for managing mounts of CIFS network file systems.

Installed size: 316 KB
How to install: sudo apt install cifs-utils

Dependencies:
  • libc6
  • libcap-ng0
  • libgssapi-krb5-2
  • libkeyutils1
  • libkrb5-3
  • libpam0g
  • libtalloc2
  • libwbclient0
  • python3
cifs.idmap

Userspace helper for mapping ids for Common Internet File System (CIFS)

root@kali:~# cifs.idmap -h
Usage: cifs.idmap [-h] [-v] [-t timeout] key_serial

cifs.upcall

Userspace upcall helper for Common Internet File System (CIFS)

root@kali:~# man cifs.upcall
CIFS.UPCALL(8)              System Manager's Manual              CIFS.UPCALL(8)

NAME
       cifs.upcall  -  Userspace  upcall helper for Common Internet File System
       (CIFS)

SYNOPSIS
          cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l]
                 [--krb5conf=/path/to/krb5.conf|-k          /path/to/krb5.conf]
                 [--keytab=/path/to/keytab|-K   /path/to/keytab]   [--expire|-e
                 nsecs] {keyid}

DESCRIPTION
       This tool is part of the cifs-utils suite.

       cifs.upcall is a userspace helper program  for  the  linux  CIFS  client
       filesystem. There are a number of activities that the kernel cannot eas-
       ily  do itself. This program is a callout program that does these things
       for the kernel and then returns the result.

       cifs.upcall is generally intended to be run when the  kernel  calls  re-
       quest-key(8)  for  a  particular  key type. While it can be run directly
       from the command-line, it's not generally intended to be run that way.

OPTIONS
       -c     This option is deprecated and is currently ignored.

       --no-env-probe|-E
              Normally, cifs.upcall will probe the environment  variable  space
              of  the  process  that initiated the upcall in order to fetch the
              value of $KRB5CCNAME. This can assist the  program  with  finding
              credential  caches  in  non-default  locations. If this option is
              set, then the program won't do this  and  will  rely  on  finding
              credcaches  in the default locations specified in krb5.conf. Note
              that this is never performed when the uid is 0. The default cred-
              cache location is always used when the uid is  0,  regardless  of
              the environment variable setting in the process.

       --krb5conf|-k=/path/to/krb5.conf
              This  option  allows  administrators to set an alternate location
              for the krb5.conf file that cifs.upcall will use.

       --keytab=|-K=/path/to/keytab
              This option allows administrators to specify a keytab file to  be
              used.  When  a  user has no credential cache already established,
              cifs.upcall will attempt to use this keytab to acquire them.  The
              default is the system-wide keytab /etc/krb5.keytab.

       --trust-dns|-t
              With  krb5 upcalls, the name used as the host portion of the ser-
              vice principal defaults to the hostname portion of the UNC.  This
              option  allows  the upcall program to reverse resolve the network
              address of the server in order to get the hostname.

              This is less secure than not trusting DNS. When  using  this  op-
              tion, it's possible that an attacker could get control of DNS and
              trick  the  client  into  mounting a different server altogether.
              It's preferable to instead add server principals to the  KDC  for
              every  possible  hostname, but this option exists for cases where
              that isn't possible. The default is to not trust reverse hostname
              lookups in this fashion.

       --legacy-uid|-l
              Traditionally, the kernel has sent only a single  uid=  parameter
              to the upcall for the SPNEGO upcall that's used to determine what
              user's  credential  cache  to use.  This parameter is affected by
              the uid= mount option, which also governs the ownership of  files
              on the mount.

              Newer kernels send a creduid= option as well, which contains what
              uid  it  thinks  actually  owns the credentials that it's looking
              for. At mount time, this is generally set to the real uid of  the
              user  doing  the  mount. For multisession mounts, it's set to the
              fsuid of the mount user. Set this option if you want  cifs.upcall
              to  use  the older uid= parameter instead of the creduid= parame-
              ter.

       --expire|-e
              Override default timeout value  (600  seconds)  for  dns_resolver
              key.

       --version|-v
              Print version number and exit.

ENVIRONMENT VARIABLES
       GSS_USE_PROXY="yes"
              Enable  usage of gssproxy for credential retrieval. This includes
              keytab based client initiation as well as (Resource  Based)  Con-
              strained Delegation.  See gssproxy-mech(8).

CONFIGURATION FOR KEYCTL
       cifs.upcall is designed to be called from the kernel via the request-key
       callout program. This requires that request-key be told where and how to
       call  this program.  The current cifs.upcall program handles two differ-
       ent key types:

       cifs.spnego
              This keytype is for retrieving kerberos session keys

       dns_resolver
              This key type is for resolving hostnames into IP addresses.  Sup-
              port for this key type may eventually be deprecated (see below).

              To  make  this program useful for CIFS, you'll need to set up en-
              tries for them in request-key.conf(5). Here's an  example  of  an
              entry for each key type:

                 #OPERATION  TYPE           D C PROGRAM ARG1 ARG2...
                 #=========  =============  = = ================================
                 create      cifs.spnego    * * /usr/sbin/cifs.upcall %k
                 create      dns_resolver   * * /usr/sbin/cifs.upcall %k

              See request-key.conf(5) for more info on each field.

              The  keyutils  package  has also started including a dns_resolver
              handling program as well  that  is  preferred  over  the  one  in
              cifs.upcall.  If  you  are  using  a keyutils version equal to or
              greater than 1.5, you should use key.dns_resolver to  handle  the
              dns_resolver  keytype  instead  of  cifs.upcall.  See key.dns_re-
              solver(8) for more info.

SEE ALSO
       request-key.conf(5), mount.cifs(8), key.dns_resolver(8)

AUTHOR
       Igor Mammedov wrote the cifs.upcall program.

       Jeff Layton authored this manpage.

       The maintainer of the Linux CIFS VFS is Steve French.

       The Linux CIFS Mailing list is the preferred place to ask questions  re-
       garding these programs.

                                                                 CIFS.UPCALL(8)

cifscreds

Manage NTLM credentials in kernel keyring

root@kali:~# cifscreds -h
cifscreds: invalid option -- 'h'
Usage:
	cifscreds add [-u username] [-d] <host|domain>
	cifscreds clear [-u username] [-d] <host|domain>
	cifscreds clearall 
	cifscreds update [-u username] [-d] <host|domain>


getcifsacl

Userspace helper to display an ACL in a security descriptor for Common Internet File System (CIFS)

root@kali:~# getcifsacl --help
getcifsacl: invalid option -- '-'
getcifsacl: Display CIFS/NTFS ACL in a security descriptor of a file object
Usage: getcifsacl [option] <file_name1> [<file_name2>,<file_name3>,...]
Valid options:
	-h	Display this help text

	-v	Version of the program

	-R 	recurse into subdirectories

	-r	Display raw values of the ACE fields

Refer to getcifsacl(1) manpage for details

mount.cifs

Mount using the Common Internet File System (CIFS)

root@kali:~# mount.cifs -h

Usage:  mount.cifs <remotetarget> <dir> -o <options>

Mount the remote target, specified as a UNC name, to a local directory.

Options:
	user=<arg>
	pass=<arg>
	dom=<arg>

Less commonly used options:
	credentials=<filename>,guest,perm,noperm,setuids,nosetuids,rw,ro,
	sep=<char>,iocharset=<codepage>,suid,nosuid,exec,noexec,serverino,
	noserverino,mapchars,nomapchars,nolock,servernetbiosname=<SRV_RFC1001NAME>
	cache=<strict|none|loose>,nounix,cifsacl,sec=<authentication mechanism>,
	sign,seal,fsc,snapshot=<token|time>,nosharesock,persistenthandles,
	resilienthandles,rdma,vers=<smb_dialect>,cruid

Options not needed for servers supporting CIFS Unix extensions
	(e.g. unneeded for mounts to most Samba versions):
	uid=<uid>,gid=<gid>,dir_mode=<mode>,file_mode=<mode>,sfu,
	mfsymlinks,idsfromsid

Rarely used options:
	port=<tcpport>,rsize=<size>,wsize=<size>,unc=<unc_name>,ip=<ip_address>,
	dev,nodev,nouser_xattr,netbiosname=<OUR_RFC1001NAME>,hard,soft,intr,
	nointr,ignorecase,noposixpaths,noacl,prefixpath=<path>,nobrl,
	echo_interval=<seconds>,actimeo=<seconds>,max_credits=<credits>,
	bsize=<size>

Options are described in more detail in the manual page
	man 8 mount.cifs

To display the version number of the mount helper:
	mount.cifs -V

mount.smb3

Mount using the Common Internet File System (CIFS)

root@kali:~# mount.smb3 -h

Usage:  mount.smb3 <remotetarget> <dir> -o <options>

Mount the remote target, specified as a UNC name, to a local directory.

Options:
	user=<arg>
	pass=<arg>
	dom=<arg>

Less commonly used options:
	credentials=<filename>,guest,perm,noperm,setuids,nosetuids,rw,ro,
	sep=<char>,iocharset=<codepage>,suid,nosuid,exec,noexec,serverino,
	noserverino,mapchars,nomapchars,nolock,servernetbiosname=<SRV_RFC1001NAME>
	cache=<strict|none|loose>,nounix,cifsacl,sec=<authentication mechanism>,
	sign,seal,fsc,snapshot=<token|time>,nosharesock,persistenthandles,
	resilienthandles,rdma,vers=<smb_dialect>,cruid

Options not needed for servers supporting CIFS Unix extensions
	(e.g. unneeded for mounts to most Samba versions):
	uid=<uid>,gid=<gid>,dir_mode=<mode>,file_mode=<mode>,sfu,
	mfsymlinks,idsfromsid

Rarely used options:
	port=<tcpport>,rsize=<size>,wsize=<size>,unc=<unc_name>,ip=<ip_address>,
	dev,nodev,nouser_xattr,netbiosname=<OUR_RFC1001NAME>,hard,soft,intr,
	nointr,ignorecase,noposixpaths,noacl,prefixpath=<path>,nobrl,
	echo_interval=<seconds>,actimeo=<seconds>,max_credits=<credits>,
	bsize=<size>

Options are described in more detail in the manual page
	man 8 mount.smb3

To display the version number of the mount helper:
	mount.smb3 -V

setcifsacl

Userspace helper to alter components of a security descriptor for Common Internet File System (CIFS)

root@kali:~# setcifsacl -h
setcifsacl: Alter components of CIFS/NTFS security descriptor of a file object
Usage: setcifsacl option [<list_of_ACEs>|<SID>] <file_name>
Valid options:
	-v	Version of the program
	-U	Used in combination with -a, -D, -M, -S in order to 
		apply the actions to SALC (aUdit ACL); if not specified, 
		the actions apply to DACL

	-a	Add ACE(s), separated by a comma, to an ACL
	setcifsacl -a "ACL:Administrator:ALLOWED/0x0/FULL" <file_name>

	-A	Add ACE(s) and reorder, separated by a comma, to an ACL
	setcifsacl -A "ACL:Administrator:ALLOWED/0x0/FULL" <file_name>

	-D	Delete ACE(s), separated by a comma, from an ACL
	setcifsacl -D "ACL:Administrator:DENIED/0x0/D" <file_name>

	-M	Modify ACE(s), separated by a comma, in an ACL
	setcifsacl -M "ACL:user1:ALLOWED/0x0/0x1e01ff" <file_name>

	-S	Replace existing ACL with ACE(s), separated by a comma
	setcifsacl -S "ACL:Administrator:ALLOWED/0x0/D" <file_name>

	-o	Set owner using specified SID (name or raw format)
	setcifsacl -o "Administrator" <file_name>

	-g	Set group using specified SID (name or raw format)
	setcifsacl -g "Administrators" <file_name>

Refer to setcifsacl(1) manpage for details

smb2-quota

Userspace helper to display quota information for the Linux SMB client file system (CIFS)

root@kali:~# smb2-quota -h
usage: smb2-quota [-h] [-t] [-c] [-l] <filename>

Please specify an action to perform.

positional arguments:
  <filename>     filename on a share

options:
  -h, --help     show this help message and exit
  -t, --tabular  print quota information in tabular format
  -c, --csv      print quota information in csv format
  -l, --list     print quota information in list format

smbinfo

Userspace helper to display SMB-specific file information for the Linux SMB client file system (CIFS)

root@kali:~# smbinfo -h
usage: smbinfo [-h] [-V]
               {fileaccessinfo,filealigninfo,fileallinfo,filebasicinfo,fileeainfo,filefsfullsizeinfo,fileinternalinfo,filemodeinfo,filepositioninfo,filestandardinfo,filestreaminfo,fsctl-getobjid,getcompression,setcompression,list-snapshots,quota,secdesc,keys}
               ...

Display SMB-specific file information using cifs IOCTL

positional arguments:
  {fileaccessinfo,filealigninfo,fileallinfo,filebasicinfo,fileeainfo,filefsfullsizeinfo,fileinternalinfo,filemodeinfo,filepositioninfo,filestandardinfo,filestreaminfo,fsctl-getobjid,getcompression,setcompression,list-snapshots,quota,secdesc,keys}
                        sub-commands help
    fileaccessinfo      Prints FileAccessInfo for a cifs file
    filealigninfo       Prints FileAlignInfo for a cifs file
    fileallinfo         Prints FileAllInfo for a cifs file
    filebasicinfo       Prints FileBasicInfo for a cifs file
    fileeainfo          Prints FileEAInfo for a cifs file
    filefsfullsizeinfo  Prints FileFsFullSizeInfo for a cifs file
    fileinternalinfo    Prints FileInternalInfo for a cifs file
    filemodeinfo        Prints FileModeInfo for a cifs file
    filepositioninfo    Prints FilePositionInfo for a cifs file
    filestandardinfo    Prints FileStandardInfo for a cifs file
    filestreaminfo      Prints FileStreamInfo for a cifs file
    fsctl-getobjid      Prints the objectid of the file and GUID of the
                        underlying volume.
    getcompression      Prints the compression setting for the file
    setcompression      Sets the compression level for the file
    list-snapshots      List the previous versions of the volume that backs
                        this file
    quota               Prints the quota for a cifs file
    secdesc             Prints the security descriptor for a cifs file
    keys                Prints the decryption information needed to view
                        encrypted network traces

options:
  -h, --help            show this help message and exit
  -V, --verbose         verbose output

Updated on: 2024-Aug-06