Packages and Binaries:

cifs-utils

The SMB/CIFS protocol provides support for cross-platform file sharing with Microsoft Windows, OS X, and other Unix systems.

This package provides utilities for managing mounts of CIFS network file systems.

Installed size: 307 KB
How to install: sudo apt install cifs-utils

  • libc6
  • libcap-ng0
  • libkeyutils1
  • libkrb5-3
  • libpam0g
  • libtalloc2
  • libwbclient0
  • python3
cifs.idmap

Userspace helper for mapping ids for Common Internet File System (CIFS)

root@kali:~# cifs.idmap -h
Usage: cifs.idmap [-h] [-v] [-t timeout] key_serial

cifs.upcall

Userspace upcall helper for Common Internet File System (CIFS)

root@kali:~# man cifs.upcall
CIFS.UPCALL(8)                                                  CIFS.UPCALL(8)

NAME
       cifs.upcall  -  Userspace upcall helper for Common Internet File System
       (CIFS)

SYNOPSIS
          cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l]
                 [--krb5conf=/path/to/krb5.conf|-k         /path/to/krb5.conf]
                 [--keytab=/path/to/keytab|-K   /path/to/keytab]  [--expire|-e
                 nsecs] {keyid}

DESCRIPTION
       This tool is part of the cifs-utils suite.

       cifs.upcall is a userspace helper program for  the  linux  CIFS  client
       filesystem.  There  are  a  number of activities that the kernel cannot
       easily do itself. This program is a callout  program  that  does  these
       things for the kernel and then returns the result.

       cifs.upcall  is  generally intended to be run when the kernel calls re-
       quest-key(8) for a particular key type. While it can  be  run  directly
       from the command-line, it's not generally intended to be run that way.

OPTIONS
       -c     This option is deprecated and is currently ignored.

       --no-env-probe|-E
              Normally,  cifs.upcall will probe the environment variable space
              of the process that initiated the upcall in order to  fetch  the
              value  of  $KRB5CCNAME. This can assist the program with finding
              credential caches in non-default locations. If  this  option  is
              set,  then  the  program  won't do this and will rely on finding
              credcaches in the default locations specified in krb5.conf. Note
              that  this  is  never  performed  when the uid is 0. The default
              credcache location is always used when the uid is 0,  regardless
              of the environment variable setting in the process.

       --krb5conf|-k=/path/to/krb5.conf
              This  option  allows administrators to set an alternate location
              for the krb5.conf file that cifs.upcall will use.

       --keytab=|-K=/path/to/keytab
              This option allows administrators to specify a keytab file to be
              used.  When  a user has no credential cache already established,
              cifs.upcall will attempt to use this keytab to acquire them. The
              default is the system-wide keytab /etc/krb5.keytab.

       --trust-dns|-t
              With krb5 upcalls, the name used as the host portion of the ser-
              vice principal defaults to the hostname portion of the UNC. This
              option  allows the upcall program to reverse resolve the network
              address of the server in order to get the hostname.

              This is less secure than not trusting DNS. When using  this  op-
              tion,  it's  possible  that an attacker could get control of DNS
              and trick the client into  mounting  a  different  server  alto-
              gether.  It's preferable to instead add server principals to the
              KDC for every possible hostname,  but  this  option  exists  for
              cases where that isn't possible. The default is to not trust re-
              verse hostname lookups in this fashion.

       --legacy-uid|-l
              Traditionally, the kernel has sent only a single uid=  parameter
              to  the  upcall  for  the SPNEGO upcall that's used to determine
              what user's credential cache to use.  This parameter is affected
              by  the  uid=  mount option, which also governs the ownership of
              files on the mount.

              Newer kernels send a creduid= option  as  well,  which  contains
              what uid it thinks actually owns the credentials that it's look-
              ing for. At mount time, this is generally set to the real uid of
              the  user  doing the mount. For multisession mounts, it's set to
              the fsuid of the  mount  user.  Set  this  option  if  you  want
              cifs.upcall  to use the older uid= parameter instead of the cre-
              duid= parameter.

       --expire|-e
              Override default timeout value (600  seconds)  for  dns_resolver
              key.

       --version|-v
              Print version number and exit.

CONFIGURATION FOR KEYCTL
       cifs.upcall  is  designed  to  be  called  from  the kernel via the re-
       quest-key callout program. This requires that request-key be told where
       and  how to call this program.  The current cifs.upcall program handles
       two different key types:

       cifs.spnego
              This keytype is for retrieving kerberos session keys

       dns_resolver
              This key type is for resolving hostnames into IP addresses. Sup-
              port for this key type may eventually be deprecated (see below).

              To  make this program useful for CIFS, you'll need to set up en-
              tries for them in request-key.conf(5). Here's an example  of  an
              entry for each key type:

                 #OPERATION  TYPE           D C PROGRAM ARG1 ARG2...
                 #=========  =============  = = ================================
                 create      cifs.spnego    * * /usr/sbin/cifs.upcall %k
                 create      dns_resolver   * * /usr/sbin/cifs.upcall %k

              See request-key.conf(5) for more info on each field.

              The  keyutils  package has also started including a dns_resolver
              handling program as well that  is  preferred  over  the  one  in
              cifs.upcall.  If  you  are  using a keyutils version equal to or
              greater than 1.5, you should use key.dns_resolver to handle  the
              dns_resolver  keytype  instead  of  cifs.upcall. See key.dns_re-
              solver(8) for more info.

SEE ALSO
       request-key.conf(5), mount.cifs(8), key.dns_resolver(8)

AUTHOR
       Igor Mammedov wrote the cifs.upcall program.

       Jeff Layton authored this manpage.

       The maintainer of the Linux CIFS VFS is Steve French.

       The Linux CIFS Mailing list is the preferred place to ask questions re-
       garding these programs.

                                                                CIFS.UPCALL(8)

cifscreds

Manage NTLM credentials in kernel keyring

root@kali:~# cifscreds -h
cifscreds: invalid option -- 'h'
Usage:
	cifscreds add [-u username] [-d] <host|domain>
	cifscreds clear [-u username] [-d] <host|domain>
	cifscreds clearall 
	cifscreds update [-u username] [-d] <host|domain>


getcifsacl

Userspace helper to display an ACL in a security descriptor for Common Internet File System (CIFS)

root@kali:~# getcifsacl --help
getcifsacl: invalid option -- '-'
getcifsacl: Display CIFS/NTFS ACL in a security descriptor of a file object
Usage: getcifsacl [option] <file_name1> [<file_name2>,<file_name3>,...]
Valid options:
	-h	Display this help text

	-v	Version of the program

	-R 	recurse into subdirectories

	-r	Display raw values of the ACE fields

Refer to getcifsacl(1) manpage for details

mount.cifs

(unknown subject)

root@kali:~# mount.cifs -h

Usage:  mount.cifs <remotetarget> <dir> -o <options>

Mount the remote target, specified as a UNC name, to a local directory.

Options:
	user=<arg>
	pass=<arg>
	dom=<arg>

Less commonly used options:
	credentials=<filename>,guest,perm,noperm,setuids,nosetuids,rw,ro,
	sep=<char>,iocharset=<codepage>,suid,nosuid,exec,noexec,serverino,
	noserverino,mapchars,nomapchars,nolock,servernetbiosname=<SRV_RFC1001NAME>
	cache=<strict|none|loose>,nounix,cifsacl,sec=<authentication mechanism>,
	sign,seal,fsc,snapshot=<token|time>,nosharesock,persistenthandles,
	resilienthandles,rdma,vers=<smb_dialect>,cruid

Options not needed for servers supporting CIFS Unix extensions
	(e.g. unneeded for mounts to most Samba versions):
	uid=<uid>,gid=<gid>,dir_mode=<mode>,file_mode=<mode>,sfu,
	mfsymlinks,idsfromsid

Rarely used options:
	port=<tcpport>,rsize=<size>,wsize=<size>,unc=<unc_name>,ip=<ip_address>,
	dev,nodev,nouser_xattr,netbiosname=<OUR_RFC1001NAME>,hard,soft,intr,
	nointr,ignorecase,noposixpaths,noacl,prefixpath=<path>,nobrl,
	echo_interval=<seconds>,actimeo=<seconds>,max_credits=<credits>,
	bsize=<size>

Options are described in more detail in the manual page
	man 8 mount.cifs

To display the version number of the mount helper:
	mount.cifs -V

mount.smb3

(unknown subject)

root@kali:~# mount.smb3 -h

Usage:  mount.smb3 <remotetarget> <dir> -o <options>

Mount the remote target, specified as a UNC name, to a local directory.

Options:
	user=<arg>
	pass=<arg>
	dom=<arg>

Less commonly used options:
	credentials=<filename>,guest,perm,noperm,setuids,nosetuids,rw,ro,
	sep=<char>,iocharset=<codepage>,suid,nosuid,exec,noexec,serverino,
	noserverino,mapchars,nomapchars,nolock,servernetbiosname=<SRV_RFC1001NAME>
	cache=<strict|none|loose>,nounix,cifsacl,sec=<authentication mechanism>,
	sign,seal,fsc,snapshot=<token|time>,nosharesock,persistenthandles,
	resilienthandles,rdma,vers=<smb_dialect>,cruid

Options not needed for servers supporting CIFS Unix extensions
	(e.g. unneeded for mounts to most Samba versions):
	uid=<uid>,gid=<gid>,dir_mode=<mode>,file_mode=<mode>,sfu,
	mfsymlinks,idsfromsid

Rarely used options:
	port=<tcpport>,rsize=<size>,wsize=<size>,unc=<unc_name>,ip=<ip_address>,
	dev,nodev,nouser_xattr,netbiosname=<OUR_RFC1001NAME>,hard,soft,intr,
	nointr,ignorecase,noposixpaths,noacl,prefixpath=<path>,nobrl,
	echo_interval=<seconds>,actimeo=<seconds>,max_credits=<credits>,
	bsize=<size>

Options are described in more detail in the manual page
	man 8 mount.smb3

To display the version number of the mount helper:
	mount.smb3 -V

setcifsacl

Userspace helper to alter an ACL in a security descriptor for Common Internet File System (CIFS)

root@kali:~# setcifsacl -h
setcifsacl: Alter CIFS/NTFS ACL in a security descriptor of a file object
Usage: setcifsacl option <list_of_ACEs> <file_name>
Valid options:
	-v	Version of the program

	-a	Add ACE(s), separated by a comma, to an ACL
	setcifsacl -a "ACL:Administrator:ALLOWED/0x0/FULL" <file_name>

	-D	Delete ACE(s), separated by a comma, from an ACL
	setcifsacl -D "ACL:Administrator:DENIED/0x0/D" <file_name>

	-M	Modify ACE(s), separated by a comma, in an ACL
	setcifsacl -M "ACL:user1:ALLOWED/0x0/0x1e01ff" <file_name>

	-S	Replace existing ACL with ACE(s), separated by a comma
	setcifsacl -S "ACL:Administrator:ALLOWED/0x0/D" <file_name>

Refer to setcifsacl(1) manpage for details

smb2-quota

Userspace helper to display quota information for the Linux SMB client file system (CIFS)

root@kali:~# smb2-quota -h
usage: smb2-quota [-h] [-t] [-c] [-l] <filename>

Please specify an action to perform.

positional arguments:
  <filename>     filename on a share

optional arguments:
  -h, --help     show this help message and exit
  -t, --tabular  print quota information in tabular format
  -c, --csv      print quota information in csv format
  -l, --list     print quota information in list format

smbinfo

Userspace helper to display SMB-specific file information for the Linux SMB client file system (CIFS)

root@kali:~# smbinfo -h
Usage: smbinfo [-V] <command> <file>
-V for verbose output
-h display this help text
-v print smbinfo version
Commands are
  fileaccessinfo:
      Prints FileAccessInfo for a cifs file.
  filealigninfo:
      Prints FileAlignInfo for a cifs file.
  fileallinfo:
      Prints FileAllInfo for a cifs file.
  filebasicinfo:
      Prints FileBasicInfo for a cifs file.
  fileeainfo:
      Prints FileEAInfo for a cifs file.
  filefsfullsizeinfo:
      Prints FileFsFullSizeInfo for a cifs share.
  fileinternalinfo:
      Prints FileInternalInfo for a cifs file.
  filemodeinfo:
      Prints FileModeInfo for a cifs file.
  filepositioninfo:
      Prints FilePositionInfo for a cifs file.
  filestandardinfo:
      Prints FileStandardInfo for a cifs file.
  fsctl-getobjid:
      Prints the objectid of the file and GUID of the underlying volume.
  getcompression:
      Prints the compression setting for the file.
  setcompression <no|default|lznt1>:
      Sets the compression level for the file.
  list-snapshots:
      List the previous versions of the volume that backs this file.
  quota:
      Prints the quota for a cifs file.
  secdesc:
      Prints the security descriptor for a cifs file.
  keys:
      Prints the decryption information needed to view encrypted network traces.

Updated on: 2021-Sep-16