diff options
author | yar <yar@FreeBSD.org> | 2006-03-05 22:52:17 +0000 |
---|---|---|
committer | yar <yar@FreeBSD.org> | 2006-03-05 22:52:17 +0000 |
commit | 66715ad5a3d7d2253ba5215689c262551c691bc6 (patch) | |
tree | 42d69dbc46168ef705cc8d1fdd34c38e8020ff20 /sys | |
parent | 5d4e90d7750c8099d9fafe80c202756922b60e01 (diff) | |
download | FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.zip FreeBSD-src-66715ad5a3d7d2253ba5215689c262551c691bc6.tar.gz |
Retire NETSMBCRYPTO as a kernel option and make its functionality
enabled by default in NETSMB and smbfs.ko.
With the most of modern SMB providers requiring encryption by
default, there is little sense left in keeping the crypto part
of NETSMB optional at the build time.
This will also return smbfs.ko to its former properties users
are rather accustomed to.
Discussed with: freebsd-stable, re (scottl)
Not objected by: bp, tjr (silence)
MFC after: 5 days
Diffstat (limited to 'sys')
-rw-r--r-- | sys/conf/NOTES | 2 | ||||
-rw-r--r-- | sys/conf/files | 4 | ||||
-rw-r--r-- | sys/conf/files.alpha | 2 | ||||
-rw-r--r-- | sys/conf/files.amd64 | 2 | ||||
-rw-r--r-- | sys/conf/files.i386 | 2 | ||||
-rw-r--r-- | sys/conf/files.ia64 | 2 | ||||
-rw-r--r-- | sys/conf/files.pc98 | 2 | ||||
-rw-r--r-- | sys/conf/files.powerpc | 2 | ||||
-rw-r--r-- | sys/conf/files.sparc64 | 2 | ||||
-rw-r--r-- | sys/conf/options | 3 | ||||
-rw-r--r-- | sys/modules/smbfs/Makefile | 11 | ||||
-rw-r--r-- | sys/netsmb/smb_crypt.c | 34 | ||||
-rw-r--r-- | sys/netsmb/smb_smb.c | 2 |
13 files changed, 13 insertions, 57 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index a6daab6..12398cc 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -489,9 +489,7 @@ options NETATALKDEBUG #Appletalk debugging # SMB/CIFS requester # NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV # options. -# NETSMBCRYPTO enables support for encrypted passwords. options NETSMB #SMB/CIFS requester -options NETSMBCRYPTO #encrypted password support for SMB # mchain library. It can be either loaded as KLD or compiled into kernel options LIBMCHAIN diff --git a/sys/conf/files b/sys/conf/files index b46ff28..cc91a6a 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -334,8 +334,8 @@ contrib/pf/net/pf_osfp.c optional pf \ contrib/pf/netinet/in4_cksum.c optional pf inet crypto/blowfish/bf_ecb.c optional ipsec ipsec_esp crypto/blowfish/bf_skey.c optional crypto | ipsec ipsec_esp -crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmbcrypto -crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmb +crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmb crypto/rc4/rc4.c optional netgraph_mppc_encryption crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \ ipsec | random | wlan_ccmp diff --git a/sys/conf/files.alpha b/sys/conf/files.alpha index cef1c35..46c4ce3 100644 --- a/sys/conf/files.alpha +++ b/sys/conf/files.alpha @@ -146,7 +146,7 @@ compat/linux/linux_stats.c optional compat_linux compat/linux/linux_util.c optional compat_linux crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64 index 403e5ee..41c9c33 100644 --- a/sys/conf/files.amd64 +++ b/sys/conf/files.amd64 @@ -131,7 +131,7 @@ amd64/pci/pci_bus.c optional pci amd64/pci/pci_cfgreg.c optional pci crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/acpica/acpi_if.m standard dev/arcmsr/arcmsr.c optional arcmsr pci dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.i386 b/sys/conf/files.i386 index e5d6b1a..71c9db1 100644 --- a/sys/conf/files.i386 +++ b/sys/conf/files.i386 @@ -126,7 +126,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \ dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \ compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \ no-implicit-rule -crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb crypto/via/padlock.c optional padlock dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa diff --git a/sys/conf/files.ia64 b/sys/conf/files.ia64 index 7495a6a..42285f9 100644 --- a/sys/conf/files.ia64 +++ b/sys/conf/files.ia64 @@ -44,7 +44,7 @@ contrib/ia64/libuwx/src/uwx_uinfo.c standard contrib/ia64/libuwx/src/uwx_utable.c standard crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.pc98 b/sys/conf/files.pc98 index ea96e45..4621cef 100644 --- a/sys/conf/files.pc98 +++ b/sys/conf/files.pc98 @@ -82,7 +82,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \ dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \ compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \ no-implicit-rule -crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb dev/aic/aic_cbus.c optional aic isa dev/ar/if_ar.c optional ar dev/ar/if_ar_pci.c optional ar pci diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc index b10c32e..3494687 100644 --- a/sys/conf/files.powerpc +++ b/sys/conf/files.powerpc @@ -71,7 +71,7 @@ powerpc/powerpc/db_hwwatch.c optional ddb powerpc/powerpc/db_trace.c optional ddb crypto/blowfish/bf_enc.c optional ipsec ipsec_esp -crypto/des/des_enc.c optional ipsec ipsec_esp | netsmbcrypto +crypto/des/des_enc.c optional ipsec ipsec_esp | netsmb dev/ofw/openfirm.c standard dev/ofw/ofw_bus_if.m standard diff --git a/sys/conf/files.sparc64 b/sys/conf/files.sparc64 index 5c82173..8d4afab 100644 --- a/sys/conf/files.sparc64 +++ b/sys/conf/files.sparc64 @@ -20,7 +20,7 @@ ukbdmap.h optional ukbd_dflt_keymap \ # crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/atkbdc/atkbd.c optional atkbd atkbdc dev/atkbdc/atkbd_atkbdc.c optional atkbd atkbdc dev/atkbdc/atkbdc.c optional atkbdc diff --git a/sys/conf/options b/sys/conf/options index 52c6ec8..33b7c98 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -242,8 +242,7 @@ UFS_DIRHASH opt_ufs.h NFS_ROOT opt_nfsroot.h # SMB/CIFS requester -NETSMB opt_netsmb.h -NETSMBCRYPTO opt_netsmb.h +NETSMB opt_netsmb.h # Experimental support for large MS-DOS filesystems; SEE WARNING IN "NOTES"! MSDOSFS_LARGE opt_msdosfs.h diff --git a/sys/modules/smbfs/Makefile b/sys/modules/smbfs/Makefile index bc4316d..e8432e3 100644 --- a/sys/modules/smbfs/Makefile +++ b/sys/modules/smbfs/Makefile @@ -19,16 +19,13 @@ SRCS= vnode_if.h \ smbfs_vfsops.c smbfs_node.c smbfs_io.c smbfs_vnops.c \ smbfs_subr.c smbfs_smb.c -NETSMBCRYPTO= - -.if defined(NETSMBCRYPTO) +# NETSMBCRYPTO SRCS+= des_ecb.c des_setkey.c .if ${MACHINE_ARCH} == "i386" SRCS+= des_enc.S .else SRCS+= des_enc.c .endif -.endif # Build with IPX support (1|0) SMB_IPX?= 0 @@ -52,12 +49,6 @@ opt_inet.h: opt_ipx.h: echo "#define IPX 1" > ${.TARGET} .endif - -# XXX netsmb should be a separate module -.if defined(NETSMBCRYPTO) -opt_netsmb.h: - echo "#define NETSMBCRYPTO 1" > ${.TARGET} -.endif .endif .include <bsd.kmod.mk> diff --git a/sys/netsmb/smb_crypt.c b/sys/netsmb/smb_crypt.c index e45c379..928ba8c 100644 --- a/sys/netsmb/smb_crypt.c +++ b/sys/netsmb/smb_crypt.c @@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$"); #include <netsmb/smb_rq.h> #include <netsmb/smb_dev.h> -#include "opt_netsmb.h" - -#ifdef NETSMBCRYPTO - #include <crypto/des/des.h> +#include "opt_netsmb.h" + static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; @@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest) des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1); free(ksp, M_SMBTEMP); } -#endif int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char *p, *P14, *S21; p = malloc(14 + 21, M_SMBTEMP, M_WAITOK); @@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 14, C8, RN + 16); free(p, M_SMBTEMP); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char S21[21]; u_int16_t *unipwd; MD4_CTX *ctxp; @@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } /* @@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) int smb_calcmackey(struct smb_vc *vcp) { -#ifdef NETSMBCRYPTO const char *pwd; u_int16_t *unipwd; int len; @@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp) smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32); return (0); -#else - panic("smb_calcmackey: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp) int smb_rq_sign(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mbchain *mbp; struct mbuf *mb; @@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp) bcopy(digest, rqp->sr_rqsig, 8); return (0); -#else - panic("smb_rq_sign: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp) int smb_rq_verify(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mdchain *mdp; u_char sigbuf[8]; @@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp) return (EAUTH); return (0); -#else - panic("smb_rq_verify: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } diff --git a/sys/netsmb/smb_smb.c b/sys/netsmb/smb_smb.c index 953456e..6393a9f 100644 --- a/sys/netsmb/smb_smb.c +++ b/sys/netsmb/smb_smb.c @@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred) vcp->vc_chlen = sblen; vcp->obj.co_flags |= SMBV_ENCRYPT; } -#ifdef NETSMBCRYPTO if (sp->sv_sm & SMB_SM_SIGS_REQUIRE) vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE; -#endif vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES; if (dp->d_id == SMB_DIALECT_NTLM0_12 && sp->sv_maxtx < 4096 && |