diff options
| author | Yaroslav Tykhiy <ytykhiy@gmail.com> | 2006-03-05 22:52:17 +0000 |
|---|---|---|
| committer | Yaroslav Tykhiy <ytykhiy@gmail.com> | 2006-03-05 22:52:17 +0000 |
| commit | 8d96e455313f137de3023d7c893b4b24975c47bb (patch) | |
| tree | 42d69dbc46168ef705cc8d1fdd34c38e8020ff20 /sys | |
| parent | 62fba1c39711542435d617d34d6849485d0fa8c7 (diff) | |
| download | src-8d96e455313f137de3023d7c893b4b24975c47bb.tar.gz src-8d96e455313f137de3023d7c893b4b24975c47bb.zip | |
Retire NETSMBCRYPTO as a kernel option and make its functionality
enabled by default in NETSMB and smbfs.ko.
With the most of modern SMB providers requiring encryption by
default, there is little sense left in keeping the crypto part
of NETSMB optional at the build time.
This will also return smbfs.ko to its former properties users
are rather accustomed to.
Discussed with: freebsd-stable, re (scottl)
Not objected by: bp, tjr (silence)
MFC after: 5 days
Notes
Notes:
svn path=/head/; revision=156326
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/conf/NOTES | 2 | ||||
| -rw-r--r-- | sys/conf/files | 4 | ||||
| -rw-r--r-- | sys/conf/files.alpha | 2 | ||||
| -rw-r--r-- | sys/conf/files.amd64 | 2 | ||||
| -rw-r--r-- | sys/conf/files.i386 | 2 | ||||
| -rw-r--r-- | sys/conf/files.ia64 | 2 | ||||
| -rw-r--r-- | sys/conf/files.pc98 | 2 | ||||
| -rw-r--r-- | sys/conf/files.powerpc | 2 | ||||
| -rw-r--r-- | sys/conf/files.sparc64 | 2 | ||||
| -rw-r--r-- | sys/conf/options | 3 | ||||
| -rw-r--r-- | sys/modules/smbfs/Makefile | 11 | ||||
| -rw-r--r-- | sys/netsmb/smb_crypt.c | 34 | ||||
| -rw-r--r-- | sys/netsmb/smb_smb.c | 2 |
13 files changed, 13 insertions, 57 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index a6daab6fbe2f..12398cc92f86 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -489,9 +489,7 @@ options NETATALKDEBUG #Appletalk debugging # SMB/CIFS requester # NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV # options. -# NETSMBCRYPTO enables support for encrypted passwords. options NETSMB #SMB/CIFS requester -options NETSMBCRYPTO #encrypted password support for SMB # mchain library. It can be either loaded as KLD or compiled into kernel options LIBMCHAIN diff --git a/sys/conf/files b/sys/conf/files index b46ff2816c1a..cc91a6ab5d37 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -334,8 +334,8 @@ contrib/pf/net/pf_osfp.c optional pf \ contrib/pf/netinet/in4_cksum.c optional pf inet crypto/blowfish/bf_ecb.c optional ipsec ipsec_esp crypto/blowfish/bf_skey.c optional crypto | ipsec ipsec_esp -crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmbcrypto -crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmb +crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmb crypto/rc4/rc4.c optional netgraph_mppc_encryption crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \ ipsec | random | wlan_ccmp diff --git a/sys/conf/files.alpha b/sys/conf/files.alpha index cef1c350e22d..46c4ce3fc5f4 100644 --- a/sys/conf/files.alpha +++ b/sys/conf/files.alpha @@ -146,7 +146,7 @@ compat/linux/linux_stats.c optional compat_linux compat/linux/linux_util.c optional compat_linux crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64 index 403e5ee55c16..41c9c3379a5c 100644 --- a/sys/conf/files.amd64 +++ b/sys/conf/files.amd64 @@ -131,7 +131,7 @@ amd64/pci/pci_bus.c optional pci amd64/pci/pci_cfgreg.c optional pci crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/acpica/acpi_if.m standard dev/arcmsr/arcmsr.c optional arcmsr pci dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.i386 b/sys/conf/files.i386 index e5d6b1a5da1d..71c9db186505 100644 --- a/sys/conf/files.i386 +++ b/sys/conf/files.i386 @@ -126,7 +126,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \ dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \ compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \ no-implicit-rule -crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb crypto/via/padlock.c optional padlock dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa diff --git a/sys/conf/files.ia64 b/sys/conf/files.ia64 index 7495a6afa221..42285f9ad7db 100644 --- a/sys/conf/files.ia64 +++ b/sys/conf/files.ia64 @@ -44,7 +44,7 @@ contrib/ia64/libuwx/src/uwx_uinfo.c standard contrib/ia64/libuwx/src/uwx_utable.c standard crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.pc98 b/sys/conf/files.pc98 index ea96e4560a93..4621cef32004 100644 --- a/sys/conf/files.pc98 +++ b/sys/conf/files.pc98 @@ -82,7 +82,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \ dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \ compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \ no-implicit-rule -crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb dev/aic/aic_cbus.c optional aic isa dev/ar/if_ar.c optional ar dev/ar/if_ar_pci.c optional ar pci diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc index b10c32e1e45e..349468751a52 100644 --- a/sys/conf/files.powerpc +++ b/sys/conf/files.powerpc @@ -71,7 +71,7 @@ powerpc/powerpc/db_hwwatch.c optional ddb powerpc/powerpc/db_trace.c optional ddb crypto/blowfish/bf_enc.c optional ipsec ipsec_esp -crypto/des/des_enc.c optional ipsec ipsec_esp | netsmbcrypto +crypto/des/des_enc.c optional ipsec ipsec_esp | netsmb dev/ofw/openfirm.c standard dev/ofw/ofw_bus_if.m standard diff --git a/sys/conf/files.sparc64 b/sys/conf/files.sparc64 index 5c82173f170c..8d4afabaf3ab 100644 --- a/sys/conf/files.sparc64 +++ b/sys/conf/files.sparc64 @@ -20,7 +20,7 @@ ukbdmap.h optional ukbd_dflt_keymap \ # crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/atkbdc/atkbd.c optional atkbd atkbdc dev/atkbdc/atkbd_atkbdc.c optional atkbd atkbdc dev/atkbdc/atkbdc.c optional atkbdc diff --git a/sys/conf/options b/sys/conf/options index 52c6ec8f5c1b..33b7c98d3364 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -242,8 +242,7 @@ UFS_DIRHASH opt_ufs.h NFS_ROOT opt_nfsroot.h # SMB/CIFS requester -NETSMB opt_netsmb.h -NETSMBCRYPTO opt_netsmb.h +NETSMB opt_netsmb.h # Experimental support for large MS-DOS filesystems; SEE WARNING IN "NOTES"! MSDOSFS_LARGE opt_msdosfs.h diff --git a/sys/modules/smbfs/Makefile b/sys/modules/smbfs/Makefile index bc4316de4a4f..e8432e39297c 100644 --- a/sys/modules/smbfs/Makefile +++ b/sys/modules/smbfs/Makefile @@ -19,16 +19,13 @@ SRCS= vnode_if.h \ smbfs_vfsops.c smbfs_node.c smbfs_io.c smbfs_vnops.c \ smbfs_subr.c smbfs_smb.c -NETSMBCRYPTO= - -.if defined(NETSMBCRYPTO) +# NETSMBCRYPTO SRCS+= des_ecb.c des_setkey.c .if ${MACHINE_ARCH} == "i386" SRCS+= des_enc.S .else SRCS+= des_enc.c .endif -.endif # Build with IPX support (1|0) SMB_IPX?= 0 @@ -52,12 +49,6 @@ opt_inet.h: opt_ipx.h: echo "#define IPX 1" > ${.TARGET} .endif - -# XXX netsmb should be a separate module -.if defined(NETSMBCRYPTO) -opt_netsmb.h: - echo "#define NETSMBCRYPTO 1" > ${.TARGET} -.endif .endif .include <bsd.kmod.mk> diff --git a/sys/netsmb/smb_crypt.c b/sys/netsmb/smb_crypt.c index e45c379ad746..928ba8ce4b86 100644 --- a/sys/netsmb/smb_crypt.c +++ b/sys/netsmb/smb_crypt.c @@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$"); #include <netsmb/smb_rq.h> #include <netsmb/smb_dev.h> -#include "opt_netsmb.h" - -#ifdef NETSMBCRYPTO - #include <crypto/des/des.h> +#include "opt_netsmb.h" + static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; @@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest) des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1); free(ksp, M_SMBTEMP); } -#endif int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char *p, *P14, *S21; p = malloc(14 + 21, M_SMBTEMP, M_WAITOK); @@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 14, C8, RN + 16); free(p, M_SMBTEMP); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char S21[21]; u_int16_t *unipwd; MD4_CTX *ctxp; @@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } /* @@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) int smb_calcmackey(struct smb_vc *vcp) { -#ifdef NETSMBCRYPTO const char *pwd; u_int16_t *unipwd; int len; @@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp) smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32); return (0); -#else - panic("smb_calcmackey: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp) int smb_rq_sign(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mbchain *mbp; struct mbuf *mb; @@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp) bcopy(digest, rqp->sr_rqsig, 8); return (0); -#else - panic("smb_rq_sign: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp) int smb_rq_verify(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mdchain *mdp; u_char sigbuf[8]; @@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp) return (EAUTH); return (0); -#else - panic("smb_rq_verify: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } diff --git a/sys/netsmb/smb_smb.c b/sys/netsmb/smb_smb.c index 953456e1c85f..6393a9f05565 100644 --- a/sys/netsmb/smb_smb.c +++ b/sys/netsmb/smb_smb.c @@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred) vcp->vc_chlen = sblen; vcp->obj.co_flags |= SMBV_ENCRYPT; } -#ifdef NETSMBCRYPTO if (sp->sv_sm & SMB_SM_SIGS_REQUIRE) vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE; -#endif vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES; if (dp->d_id == SMB_DIALECT_NTLM0_12 && sp->sv_maxtx < 4096 && |