cifs.upcall

cifs.upcall [-v] [-t timeout]

-v, --verbose
    Enable verbose logging for debugging upcalls.

-t, --timeout=<NUM>
    Set operation timeout in seconds (default: 30).

--help
    Display help summary and exit.

--version
    Print version information and exit.

cifs.upcall is a setuid-root userspace helper program for the Linux CIFS (SMB) filesystem. It processes kernel upcalls via the request-key mechanism for operations the kernel cannot handle directly, such as DNS resolution of mount hostnames and retrieval of Kerberos v5 tickets.

During CIFS mount or access, the kernel invokes cifs.upcall to:
• Resolve UNC hostnames (e.g., //server/share) to IP addresses using dns_resolve key type.
• Obtain Kerberos integrity tokens via krb5i key type from keytabs or keyring.

It requires privileges to read /etc/krb5.keytab and perform network lookups. Installed via cifs-utils package, it is configured in /etc/request-key.d/. Direct user invocation is rare; errors like "cifs.upcall: upcall failed" signal config issues. Supports IPv4/IPv6 and timeout handling for reliability in enterprise environments.

Must be SUID root (/sbin/cifs.upcall); direct use uncommon, relies on request-key.conf. Fails without keyutils or DNS. Not for ID mapping (use cifs.idmapupcall).

dns_resolve: Resolves hostname to IPs.
krb5i: Fetches Kerberos tokens from keyring/keytab.

Enabled via /etc/request-key.d/cifs.utils.conf and /etc/request-key.conf entries like:
create dns_resolve * * /sbin/cifs.upcall %k

Introduced in cifs-utils 6.2 (2011) for Kerberos/DNS upcalls; enhanced in later versions for IPv6 and timeout support, tied to Linux kernel 3.0+ CIFS improvements.

request-key(8), mount.cifs(8), cifs(5), keyctl(1), cifscreds(1)