diff mbox series

[cifs-utils,RFC,02/12] upcall-helper: add a sample config file

Message ID 20250510161609.2615639-3-sorenson@redhat.com
State New
Headers show
Series cifs.upcall helper script enabling complex key description matching | expand

Commit Message

Frank Sorenson May 10, 2025, 4:15 p.m. UTC 
Add a file containing example config lines, demonstrating various
ways to match hostname, user, IP, etc., and options to apply
when executing cifs.upcall.

Signed-off-by: Frank Sorenson <sorenson@redhat.com>
---
 .../cifs-upcall-helper.conf.examples          | 66 +++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 contrib/upcall-helper/cifs-upcall-helper.conf.examples
diff mbox series

Patch

diff --git a/contrib/upcall-helper/cifs-upcall-helper.conf.examples b/contrib/upcall-helper/cifs-upcall-helper.conf.examples
new file mode 100644
index 0000000..f963f78
--- /dev/null
+++ b/contrib/upcall-helper/cifs-upcall-helper.conf.examples
@@ -0,0 +1,66 @@ 
+# example cifs-upcall-helper.conf lines:
+
+# set a default option to be applied on any future matches
+default                    use_proxy
+
+# set the log level to 1/info:
+log_level                  info
+
+# match usernames; add the keytab option (to already configured default of
+#   'use_proxy')
+user=cifsclientvm23        keytab=/etc/cifsclientvm23.keytab
+user=user2                 keytab=/etc/cifsuser2.keytab
+
+# clear current default options; don't set any default options
+default                    -
+
+# match usernames with regex; add the keytab options using % macro for username
+user~cifsuser[1-5]         keytab=/etc/cifs_keytabs/%u.keytab
+
+# match a cifs server hostname; no additional options applied
+host=server1               -
+
+# all hostnames containing 'chicago', and use a single keytab for all hosts
+host=*chicago*             keytab=/etc/cifs-chicago.keytab
+
+# all hostnames containing 'london', and use a separate keytab for
+#   each host (%h macro for hostname):
+host=*london*              keytab=/etc/cifs-%h.keytab
+
+# match cifs server hostnames using regex; add keytab option
+host~svr(chicago|london)[0-9]+  keytab=/etc/cifs_keytabs/chi_ldn.keytab
+
+# match cifs server hostnames using regex to select some, then exclude a specific
+#   hostname; add keytab
+host~svrchicago[1-5],host!=svrchicago3  keytab=/etc/cifs_keytabs/chi_not3.keytab
+
+# for 'user1' (regardless of hostname, etc.), enable gssproxy and
+#   specify a krb5.conf file to use:
+user=user1          krb5conf=/etc/krb5-cifs-user1.conf,use_proxy
+
+# match specified uid; add keytab
+uid=501                    keytab=/etc/cifsuser5.keytab
+
+# match uid greater than 500; add keytab
+uid>500                    keytab=/etc/cifsusers.keytab
+
+# all uids from 1000-2000, executing cifs.upcall with current default arguments
+uid>=1000,uid<=2000        -
+
+# several ip4 formats; no additional options
+ip4=192.168.122.73                 -
+ip4=192.168.122.70-192.168.122.80  -
+ip4=192.168.123.0/255.255.255.0    -
+ip4=192.168.123.0/24               -
+
+# any IP except this one; create/append to kerberos trace log
+ip4!=192.168.122.73        krb5_trace=/tmp/krb5_trace.out
+
+# match both an ip AND a user (all criteria must be met to match); add keytab
+ip4=10.2.3.4,user=user1    keytab=/etc/cifsuser1.keytab
+
+
+# always match, don't add any more options; equivalent to reaching
+#   the end of the file without matching any lines; '*' can be used
+#   to bypass the remainder of the file
+*                          -