1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-24 07:40:52 +00:00

Retire NETSMBCRYPTO as a kernel option and make its functionality

enabled by default in NETSMB and smbfs.ko.

With the most of modern SMB providers requiring encryption by
default, there is little sense left in keeping the crypto part
of NETSMB optional at the build time.

This will also return smbfs.ko to its former properties users
are rather accustomed to.

Discussed with:		freebsd-stable, re (scottl)
Not objected by:	bp, tjr (silence)
MFC after:		5 days
This commit is contained in:
Yaroslav Tykhiy 2006-03-05 22:52:17 +00:00
parent 62fba1c397
commit 8d96e45531
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=156326
14 changed files with 17 additions and 57 deletions

View File

@ -21,6 +21,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 7.x IS SLOW:
developers choose to disable these features on build machines
to maximize performance.
20060305:
The NETSMBCRYPTO kernel option has been retired because its
functionality is always included in NETSMB and smbfs.ko now.
20060303:
The TDFX_LINUX kernel option was retired and replaced by the
tdfx_linux device. The latter can be loaded as a kernel module.

View File

@ -489,9 +489,7 @@ options NETATALKDEBUG #Appletalk debugging
# SMB/CIFS requester
# NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV
# options.
# NETSMBCRYPTO enables support for encrypted passwords.
options NETSMB #SMB/CIFS requester
options NETSMBCRYPTO #encrypted password support for SMB
# mchain library. It can be either loaded as KLD or compiled into kernel
options LIBMCHAIN

View File

@ -334,8 +334,8 @@ contrib/pf/net/pf_osfp.c optional pf \
contrib/pf/netinet/in4_cksum.c optional pf inet
crypto/blowfish/bf_ecb.c optional ipsec ipsec_esp
crypto/blowfish/bf_skey.c optional crypto | ipsec ipsec_esp
crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmbcrypto
crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmbcrypto
crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmb
crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmb
crypto/rc4/rc4.c optional netgraph_mppc_encryption
crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \
ipsec | random | wlan_ccmp

View File

@ -146,7 +146,7 @@ compat/linux/linux_stats.c optional compat_linux
compat/linux/linux_util.c optional compat_linux
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
netsmbcrypto
netsmb
dev/advansys/adv_isa.c optional adv isa
dev/aic/aic_isa.c optional aic isa
dev/atkbdc/atkbd.c optional atkbd atkbdc

View File

@ -131,7 +131,7 @@ amd64/pci/pci_bus.c optional pci
amd64/pci/pci_cfgreg.c optional pci
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
netsmbcrypto
netsmb
dev/acpica/acpi_if.m standard
dev/arcmsr/arcmsr.c optional arcmsr pci
dev/atkbdc/atkbd.c optional atkbd atkbdc

View File

@ -126,7 +126,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \
dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
no-implicit-rule
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb
crypto/via/padlock.c optional padlock
dev/advansys/adv_isa.c optional adv isa
dev/aic/aic_isa.c optional aic isa

View File

@ -44,7 +44,7 @@ contrib/ia64/libuwx/src/uwx_uinfo.c standard
contrib/ia64/libuwx/src/uwx_utable.c standard
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
netsmbcrypto
netsmb
dev/advansys/adv_isa.c optional adv isa
dev/aic/aic_isa.c optional aic isa
dev/atkbdc/atkbd.c optional atkbd atkbdc

View File

@ -82,7 +82,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \
dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
no-implicit-rule
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb
dev/aic/aic_cbus.c optional aic isa
dev/ar/if_ar.c optional ar
dev/ar/if_ar_pci.c optional ar pci

View File

@ -71,7 +71,7 @@ powerpc/powerpc/db_hwwatch.c optional ddb
powerpc/powerpc/db_trace.c optional ddb
crypto/blowfish/bf_enc.c optional ipsec ipsec_esp
crypto/des/des_enc.c optional ipsec ipsec_esp | netsmbcrypto
crypto/des/des_enc.c optional ipsec ipsec_esp | netsmb
dev/ofw/openfirm.c standard
dev/ofw/ofw_bus_if.m standard

View File

@ -20,7 +20,7 @@ ukbdmap.h optional ukbd_dflt_keymap \
#
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
netsmbcrypto
netsmb
dev/atkbdc/atkbd.c optional atkbd atkbdc
dev/atkbdc/atkbd_atkbdc.c optional atkbd atkbdc
dev/atkbdc/atkbdc.c optional atkbdc

View File

@ -242,8 +242,7 @@ UFS_DIRHASH opt_ufs.h
NFS_ROOT opt_nfsroot.h
# SMB/CIFS requester
NETSMB opt_netsmb.h
NETSMBCRYPTO opt_netsmb.h
NETSMB opt_netsmb.h
# Experimental support for large MS-DOS filesystems; SEE WARNING IN "NOTES"!
MSDOSFS_LARGE opt_msdosfs.h

View File

@ -19,16 +19,13 @@ SRCS= vnode_if.h \
smbfs_vfsops.c smbfs_node.c smbfs_io.c smbfs_vnops.c \
smbfs_subr.c smbfs_smb.c
NETSMBCRYPTO=
.if defined(NETSMBCRYPTO)
# NETSMBCRYPTO
SRCS+= des_ecb.c des_setkey.c
.if ${MACHINE_ARCH} == "i386"
SRCS+= des_enc.S
.else
SRCS+= des_enc.c
.endif
.endif
# Build with IPX support (1|0)
SMB_IPX?= 0
@ -52,12 +49,6 @@ opt_inet.h:
opt_ipx.h:
echo "#define IPX 1" > ${.TARGET}
.endif
# XXX netsmb should be a separate module
.if defined(NETSMBCRYPTO)
opt_netsmb.h:
echo "#define NETSMBCRYPTO 1" > ${.TARGET}
.endif
.endif
.include <bsd.kmod.mk>

View File

@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$");
#include <netsmb/smb_rq.h>
#include <netsmb/smb_dev.h>
#include "opt_netsmb.h"
#ifdef NETSMBCRYPTO
#include <crypto/des/des.h>
#include "opt_netsmb.h"
static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest)
des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1);
free(ksp, M_SMBTEMP);
}
#endif
int
smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
{
#ifdef NETSMBCRYPTO
u_char *p, *P14, *S21;
p = malloc(14 + 21, M_SMBTEMP, M_WAITOK);
@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
smb_E(S21 + 14, C8, RN + 16);
free(p, M_SMBTEMP);
return 0;
#else
SMBERROR("password encryption is not available\n");
bzero(RN, 24);
return EAUTH;
#endif
}
int
smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
{
#ifdef NETSMBCRYPTO
u_char S21[21];
u_int16_t *unipwd;
MD4_CTX *ctxp;
@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
smb_E(S21 + 7, C8, RN + 8);
smb_E(S21 + 14, C8, RN + 16);
return 0;
#else
SMBERROR("password encryption is not available\n");
bzero(RN, 24);
return EAUTH;
#endif
}
/*
@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
int
smb_calcmackey(struct smb_vc *vcp)
{
#ifdef NETSMBCRYPTO
const char *pwd;
u_int16_t *unipwd;
int len;
@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp)
smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32);
return (0);
#else
panic("smb_calcmackey: encryption not available");
return (0);
#endif /* NETSMBCRYPTO */
}
/*
@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp)
int
smb_rq_sign(struct smb_rq *rqp)
{
#ifdef NETSMBCRYPTO
struct smb_vc *vcp = rqp->sr_vc;
struct mbchain *mbp;
struct mbuf *mb;
@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp)
bcopy(digest, rqp->sr_rqsig, 8);
return (0);
#else
panic("smb_rq_sign: encryption not available");
return (0);
#endif /* NETSMBCRYPTO */
}
/*
@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp)
int
smb_rq_verify(struct smb_rq *rqp)
{
#ifdef NETSMBCRYPTO
struct smb_vc *vcp = rqp->sr_vc;
struct mdchain *mdp;
u_char sigbuf[8];
@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp)
return (EAUTH);
return (0);
#else
panic("smb_rq_verify: encryption not available");
return (0);
#endif /* NETSMBCRYPTO */
}

View File

@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
vcp->vc_chlen = sblen;
vcp->obj.co_flags |= SMBV_ENCRYPT;
}
#ifdef NETSMBCRYPTO
if (sp->sv_sm & SMB_SM_SIGS_REQUIRE)
vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
#endif
vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
sp->sv_maxtx < 4096 &&