Retire NETSMBCRYPTO as a kernel option and make its functionality

enabled by default in NETSMB and smbfs.ko. With the most of modern SMB providers requiring encryption by default, there is little sense left in keeping the crypto part of NETSMB optional at the build time. This will also return smbfs.ko to its former properties users are rather accustomed to. Discussed with: freebsd-stable, re (scottl) Not objected by: bp, tjr (silence) MFC after: 5 days
author: yar <yar@FreeBSD.org> 2006-03-05 22:52:17 +0000
committer: yar <yar@FreeBSD.org> 2006-03-05 22:52:17 +0000
commit: 66715ad5a3d7d2253ba5215689c262551c691bc6 (patch)
tree: 42d69dbc46168ef705cc8d1fdd34c38e8020ff20
parent: 5d4e90d7750c8099d9fafe80c202756922b60e01 (diff)
download: FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.zip
FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.tar.gz
14 files changed, 17 insertions, 57 deletions
diff --git a/UPDATING b/UPDATING
index 014f74b..f850a76 100644
--- a/UPDATING
+++ b/UPDATING
@@ -21,6 +21,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 7.x IS SLOW:
 	developers choose to disable these features on build machines
 	to maximize performance.
 
+20060305:
+	The NETSMBCRYPTO kernel option has been retired because its
+	functionality is always included in NETSMB and smbfs.ko now.
+
 20060303:
 	The TDFX_LINUX kernel option was retired and replaced by the
 	tdfx_linux device.  The latter can be loaded as a kernel module.
diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index a6daab6..12398cc 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -489,9 +489,7 @@ options 	NETATALKDEBUG		#Appletalk debugging
 # SMB/CIFS requester
 # NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV
 # options.
-# NETSMBCRYPTO enables support for encrypted passwords.
 options 	NETSMB			#SMB/CIFS requester
-options 	NETSMBCRYPTO		#encrypted password support for SMB
 
 # mchain library. It can be either loaded as KLD or compiled into kernel
 options 	LIBMCHAIN
diff --git a/sys/conf/files b/sys/conf/files
index b46ff28..cc91a6a 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -334,8 +334,8 @@ contrib/pf/net/pf_osfp.c	optional pf \
 contrib/pf/netinet/in4_cksum.c	optional pf inet
 crypto/blowfish/bf_ecb.c	optional ipsec ipsec_esp
 crypto/blowfish/bf_skey.c	optional crypto | ipsec ipsec_esp
-crypto/des/des_ecb.c		optional crypto | ipsec ipsec_esp | netsmbcrypto
-crypto/des/des_setkey.c		optional crypto | ipsec ipsec_esp | netsmbcrypto
+crypto/des/des_ecb.c		optional crypto | ipsec ipsec_esp | netsmb
+crypto/des/des_setkey.c		optional crypto | ipsec ipsec_esp | netsmb
 crypto/rc4/rc4.c		optional netgraph_mppc_encryption
 crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \
 					 ipsec | random | wlan_ccmp
diff --git a/sys/conf/files.alpha b/sys/conf/files.alpha
index cef1c35..46c4ce3 100644
--- a/sys/conf/files.alpha
+++ b/sys/conf/files.alpha
@@ -146,7 +146,7 @@ compat/linux/linux_stats.c	optional	compat_linux
 compat/linux/linux_util.c	optional	compat_linux
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/advansys/adv_isa.c		optional	adv isa
 dev/aic/aic_isa.c		optional	aic isa
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64
index 403e5ee..41c9c33 100644
--- a/sys/conf/files.amd64
+++ b/sys/conf/files.amd64
@@ -131,7 +131,7 @@ amd64/pci/pci_bus.c		optional	pci
 amd64/pci/pci_cfgreg.c		optional	pci
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/acpica/acpi_if.m		standard
 dev/arcmsr/arcmsr.c		optional	arcmsr pci
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
diff --git a/sys/conf/files.i386 b/sys/conf/files.i386
index e5d6b1a..71c9db1 100644
--- a/sys/conf/files.i386
+++ b/sys/conf/files.i386
@@ -126,7 +126,7 @@ bf_enc.o			optional crypto | ipsec ipsec_esp	\
 	dependency	"$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
 	compile-with	"${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
 	no-implicit-rule
-crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmbcrypto
+crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmb
 crypto/via/padlock.c		optional padlock
 dev/advansys/adv_isa.c		optional adv isa
 dev/aic/aic_isa.c		optional aic isa
diff --git a/sys/conf/files.ia64 b/sys/conf/files.ia64
index 7495a6a..42285f9 100644
--- a/sys/conf/files.ia64
+++ b/sys/conf/files.ia64
@@ -44,7 +44,7 @@ contrib/ia64/libuwx/src/uwx_uinfo.c		standard
 contrib/ia64/libuwx/src/uwx_utable.c		standard
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/advansys/adv_isa.c		optional	adv isa
 dev/aic/aic_isa.c		optional	aic isa
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
diff --git a/sys/conf/files.pc98 b/sys/conf/files.pc98
index ea96e45..4621cef 100644
--- a/sys/conf/files.pc98
+++ b/sys/conf/files.pc98
@@ -82,7 +82,7 @@ bf_enc.o			optional crypto | ipsec ipsec_esp	\
 	dependency	"$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
 	compile-with	"${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
 	no-implicit-rule
-crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmbcrypto
+crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmb
 dev/aic/aic_cbus.c		optional aic isa
 dev/ar/if_ar.c			optional ar
 dev/ar/if_ar_pci.c		optional ar pci
diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc
index b10c32e..3494687 100644
--- a/sys/conf/files.powerpc
+++ b/sys/conf/files.powerpc
@@ -71,7 +71,7 @@ powerpc/powerpc/db_hwwatch.c	optional	ddb
 powerpc/powerpc/db_trace.c	optional	ddb
 
 crypto/blowfish/bf_enc.c	optional	ipsec ipsec_esp
-crypto/des/des_enc.c		optional	ipsec ipsec_esp | netsmbcrypto
+crypto/des/des_enc.c		optional	ipsec ipsec_esp | netsmb
 
 dev/ofw/openfirm.c		standard
 dev/ofw/ofw_bus_if.m		standard
diff --git a/sys/conf/files.sparc64 b/sys/conf/files.sparc64
index 5c82173..8d4afab 100644
--- a/sys/conf/files.sparc64
+++ b/sys/conf/files.sparc64
@@ -20,7 +20,7 @@ ukbdmap.h			optional	ukbd_dflt_keymap	\
 #
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
 dev/atkbdc/atkbd_atkbdc.c	optional	atkbd atkbdc
 dev/atkbdc/atkbdc.c		optional	atkbdc
diff --git a/sys/conf/options b/sys/conf/options
index 52c6ec8..33b7c98 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -242,8 +242,7 @@ UFS_DIRHASH	opt_ufs.h
 NFS_ROOT	opt_nfsroot.h
 
 # SMB/CIFS requester
-NETSMB			opt_netsmb.h
-NETSMBCRYPTO		opt_netsmb.h
+NETSMB		opt_netsmb.h
 
 # Experimental support for large MS-DOS filesystems; SEE WARNING IN "NOTES"!
 MSDOSFS_LARGE	opt_msdosfs.h
diff --git a/sys/modules/smbfs/Makefile b/sys/modules/smbfs/Makefile
index bc4316d..e8432e3 100644
--- a/sys/modules/smbfs/Makefile
+++ b/sys/modules/smbfs/Makefile
@@ -19,16 +19,13 @@ SRCS=	vnode_if.h \
 	smbfs_vfsops.c smbfs_node.c smbfs_io.c smbfs_vnops.c \
 	smbfs_subr.c smbfs_smb.c
 
-NETSMBCRYPTO=
-
-.if defined(NETSMBCRYPTO)
+# NETSMBCRYPTO
 SRCS+=	des_ecb.c des_setkey.c
 .if ${MACHINE_ARCH} == "i386"
 SRCS+=	des_enc.S
 .else
 SRCS+=	des_enc.c
 .endif
-.endif
 
 # Build with IPX support (1|0)
 SMB_IPX?=	0
@@ -52,12 +49,6 @@ opt_inet.h:
 opt_ipx.h:
 	echo "#define IPX 1" > ${.TARGET}
 .endif
-
-# XXX netsmb should be a separate module
-.if defined(NETSMBCRYPTO)
-opt_netsmb.h:
-	echo "#define NETSMBCRYPTO 1" > ${.TARGET}
-.endif
 .endif
 
 .include <bsd.kmod.mk>
diff --git a/sys/netsmb/smb_crypt.c b/sys/netsmb/smb_crypt.c
index e45c379..928ba8c 100644
--- a/sys/netsmb/smb_crypt.c
+++ b/sys/netsmb/smb_crypt.c
@@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$");
 #include <netsmb/smb_rq.h>
 #include <netsmb/smb_dev.h>
 
-#include "opt_netsmb.h"
-
-#ifdef NETSMBCRYPTO
-
 #include <crypto/des/des.h>
 
+#include "opt_netsmb.h"
+
 static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
 
 
@@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest)
 	des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1);
 	free(ksp, M_SMBTEMP);
 }
-#endif
 
 
 int
 smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
 {
-#ifdef NETSMBCRYPTO
 	u_char *p, *P14, *S21;
 
 	p = malloc(14 + 21, M_SMBTEMP, M_WAITOK);
@@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
 	smb_E(S21 + 14, C8, RN + 16);
 	free(p, M_SMBTEMP);
 	return 0;
-#else
-	SMBERROR("password encryption is not available\n");
-	bzero(RN, 24);
-	return EAUTH;
-#endif
 }
 
 int
 smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
 {
-#ifdef NETSMBCRYPTO
 	u_char S21[21];
 	u_int16_t *unipwd;
 	MD4_CTX *ctxp;
@@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
 	smb_E(S21 + 7, C8, RN + 8);
 	smb_E(S21 + 14, C8, RN + 16);
 	return 0;
-#else
-	SMBERROR("password encryption is not available\n");
-	bzero(RN, 24);
-	return EAUTH;
-#endif
 }
 
 /*
@@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
 int
 smb_calcmackey(struct smb_vc *vcp)
 {
-#ifdef NETSMBCRYPTO
 	const char *pwd;
 	u_int16_t *unipwd;
 	int len;
@@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp)
 	smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32);
 
 	return (0);
-#else
-	panic("smb_calcmackey: encryption not available");
-	return (0);
-#endif	/* NETSMBCRYPTO */
 }
 
 /*
@@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp)
 int
 smb_rq_sign(struct smb_rq *rqp)
 {
-#ifdef NETSMBCRYPTO
 	struct smb_vc *vcp = rqp->sr_vc;
 	struct mbchain *mbp;
 	struct mbuf *mb;
@@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp)
 	bcopy(digest, rqp->sr_rqsig, 8);
 
 	return (0);
-#else
-	panic("smb_rq_sign: encryption not available");
-	return (0);
-#endif	/* NETSMBCRYPTO */
 }
 
 /*
@@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp)
 int
 smb_rq_verify(struct smb_rq *rqp)
 {
-#ifdef NETSMBCRYPTO
 	struct smb_vc *vcp = rqp->sr_vc;
 	struct mdchain *mdp;
 	u_char sigbuf[8];
@@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp)
 		return (EAUTH);
 
 	return (0);
-#else
-	panic("smb_rq_verify: encryption not available");
-	return (0);
-#endif	/* NETSMBCRYPTO */
 }
diff --git a/sys/netsmb/smb_smb.c b/sys/netsmb/smb_smb.c
index 953456e..6393a9f 100644
--- a/sys/netsmb/smb_smb.c
+++ b/sys/netsmb/smb_smb.c
@@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
 				vcp->vc_chlen = sblen;
 				vcp->obj.co_flags |= SMBV_ENCRYPT;
 			}
-#ifdef NETSMBCRYPTO
 			if (sp->sv_sm & SMB_SM_SIGS_REQUIRE)
 				vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
-#endif
 			vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
 			if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
 			    sp->sv_maxtx < 4096 &&
author	yar <yar@FreeBSD.org>	2006-03-05 22:52:17 +0000
committer	yar <yar@FreeBSD.org>	2006-03-05 22:52:17 +0000
commit	66715ad5a3d7d2253ba5215689c262551c691bc6 (patch)
tree	42d69dbc46168ef705cc8d1fdd34c38e8020ff20
parent	5d4e90d7750c8099d9fafe80c202756922b60e01 (diff)
download	FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.zip FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.tar.gz