diff options
author | yar <yar@FreeBSD.org> | 2006-03-05 22:52:17 +0000 |
---|---|---|
committer | yar <yar@FreeBSD.org> | 2006-03-05 22:52:17 +0000 |
commit | 66715ad5a3d7d2253ba5215689c262551c691bc6 (patch) | |
tree | 42d69dbc46168ef705cc8d1fdd34c38e8020ff20 /sys/netsmb | |
parent | 5d4e90d7750c8099d9fafe80c202756922b60e01 (diff) | |
download | FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.zip FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.tar.gz |
Retire NETSMBCRYPTO as a kernel option and make its functionality
enabled by default in NETSMB and smbfs.ko.
With the most of modern SMB providers requiring encryption by
default, there is little sense left in keeping the crypto part
of NETSMB optional at the build time.
This will also return smbfs.ko to its former properties users
are rather accustomed to.
Discussed with: freebsd-stable, re (scottl)
Not objected by: bp, tjr (silence)
MFC after: 5 days
Diffstat (limited to 'sys/netsmb')
-rw-r--r-- | sys/netsmb/smb_crypt.c | 34 | ||||
-rw-r--r-- | sys/netsmb/smb_smb.c | 2 |
2 files changed, 2 insertions, 34 deletions
diff --git a/sys/netsmb/smb_crypt.c b/sys/netsmb/smb_crypt.c index e45c379..928ba8c 100644 --- a/sys/netsmb/smb_crypt.c +++ b/sys/netsmb/smb_crypt.c @@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$"); #include <netsmb/smb_rq.h> #include <netsmb/smb_dev.h> -#include "opt_netsmb.h" - -#ifdef NETSMBCRYPTO - #include <crypto/des/des.h> +#include "opt_netsmb.h" + static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; @@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest) des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1); free(ksp, M_SMBTEMP); } -#endif int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char *p, *P14, *S21; p = malloc(14 + 21, M_SMBTEMP, M_WAITOK); @@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 14, C8, RN + 16); free(p, M_SMBTEMP); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char S21[21]; u_int16_t *unipwd; MD4_CTX *ctxp; @@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } /* @@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) int smb_calcmackey(struct smb_vc *vcp) { -#ifdef NETSMBCRYPTO const char *pwd; u_int16_t *unipwd; int len; @@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp) smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32); return (0); -#else - panic("smb_calcmackey: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp) int smb_rq_sign(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mbchain *mbp; struct mbuf *mb; @@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp) bcopy(digest, rqp->sr_rqsig, 8); return (0); -#else - panic("smb_rq_sign: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp) int smb_rq_verify(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mdchain *mdp; u_char sigbuf[8]; @@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp) return (EAUTH); return (0); -#else - panic("smb_rq_verify: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } diff --git a/sys/netsmb/smb_smb.c b/sys/netsmb/smb_smb.c index 953456e..6393a9f 100644 --- a/sys/netsmb/smb_smb.c +++ b/sys/netsmb/smb_smb.c @@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred) vcp->vc_chlen = sblen; vcp->obj.co_flags |= SMBV_ENCRYPT; } -#ifdef NETSMBCRYPTO if (sp->sv_sm & SMB_SM_SIGS_REQUIRE) vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE; -#endif vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES; if (dp->d_id == SMB_DIALECT_NTLM0_12 && sp->sv_maxtx < 4096 && |