mirror of
https://git.FreeBSD.org/src.git
synced 2024-11-24 07:40:52 +00:00
Retire NETSMBCRYPTO as a kernel option and make its functionality
enabled by default in NETSMB and smbfs.ko. With the most of modern SMB providers requiring encryption by default, there is little sense left in keeping the crypto part of NETSMB optional at the build time. This will also return smbfs.ko to its former properties users are rather accustomed to. Discussed with: freebsd-stable, re (scottl) Not objected by: bp, tjr (silence) MFC after: 5 days
This commit is contained in:
parent
62fba1c397
commit
8d96e45531
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=156326
4
UPDATING
4
UPDATING
@ -21,6 +21,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 7.x IS SLOW:
|
||||
developers choose to disable these features on build machines
|
||||
to maximize performance.
|
||||
|
||||
20060305:
|
||||
The NETSMBCRYPTO kernel option has been retired because its
|
||||
functionality is always included in NETSMB and smbfs.ko now.
|
||||
|
||||
20060303:
|
||||
The TDFX_LINUX kernel option was retired and replaced by the
|
||||
tdfx_linux device. The latter can be loaded as a kernel module.
|
||||
|
@ -489,9 +489,7 @@ options NETATALKDEBUG #Appletalk debugging
|
||||
# SMB/CIFS requester
|
||||
# NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV
|
||||
# options.
|
||||
# NETSMBCRYPTO enables support for encrypted passwords.
|
||||
options NETSMB #SMB/CIFS requester
|
||||
options NETSMBCRYPTO #encrypted password support for SMB
|
||||
|
||||
# mchain library. It can be either loaded as KLD or compiled into kernel
|
||||
options LIBMCHAIN
|
||||
|
@ -334,8 +334,8 @@ contrib/pf/net/pf_osfp.c optional pf \
|
||||
contrib/pf/netinet/in4_cksum.c optional pf inet
|
||||
crypto/blowfish/bf_ecb.c optional ipsec ipsec_esp
|
||||
crypto/blowfish/bf_skey.c optional crypto | ipsec ipsec_esp
|
||||
crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmbcrypto
|
||||
crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmbcrypto
|
||||
crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmb
|
||||
crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmb
|
||||
crypto/rc4/rc4.c optional netgraph_mppc_encryption
|
||||
crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \
|
||||
ipsec | random | wlan_ccmp
|
||||
|
@ -146,7 +146,7 @@ compat/linux/linux_stats.c optional compat_linux
|
||||
compat/linux/linux_util.c optional compat_linux
|
||||
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
|
||||
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
|
||||
netsmbcrypto
|
||||
netsmb
|
||||
dev/advansys/adv_isa.c optional adv isa
|
||||
dev/aic/aic_isa.c optional aic isa
|
||||
dev/atkbdc/atkbd.c optional atkbd atkbdc
|
||||
|
@ -131,7 +131,7 @@ amd64/pci/pci_bus.c optional pci
|
||||
amd64/pci/pci_cfgreg.c optional pci
|
||||
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
|
||||
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
|
||||
netsmbcrypto
|
||||
netsmb
|
||||
dev/acpica/acpi_if.m standard
|
||||
dev/arcmsr/arcmsr.c optional arcmsr pci
|
||||
dev/atkbdc/atkbd.c optional atkbd atkbdc
|
||||
|
@ -126,7 +126,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \
|
||||
dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
|
||||
compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
|
||||
no-implicit-rule
|
||||
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto
|
||||
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb
|
||||
crypto/via/padlock.c optional padlock
|
||||
dev/advansys/adv_isa.c optional adv isa
|
||||
dev/aic/aic_isa.c optional aic isa
|
||||
|
@ -44,7 +44,7 @@ contrib/ia64/libuwx/src/uwx_uinfo.c standard
|
||||
contrib/ia64/libuwx/src/uwx_utable.c standard
|
||||
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
|
||||
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
|
||||
netsmbcrypto
|
||||
netsmb
|
||||
dev/advansys/adv_isa.c optional adv isa
|
||||
dev/aic/aic_isa.c optional aic isa
|
||||
dev/atkbdc/atkbd.c optional atkbd atkbdc
|
||||
|
@ -82,7 +82,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \
|
||||
dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
|
||||
compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
|
||||
no-implicit-rule
|
||||
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto
|
||||
crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb
|
||||
dev/aic/aic_cbus.c optional aic isa
|
||||
dev/ar/if_ar.c optional ar
|
||||
dev/ar/if_ar_pci.c optional ar pci
|
||||
|
@ -71,7 +71,7 @@ powerpc/powerpc/db_hwwatch.c optional ddb
|
||||
powerpc/powerpc/db_trace.c optional ddb
|
||||
|
||||
crypto/blowfish/bf_enc.c optional ipsec ipsec_esp
|
||||
crypto/des/des_enc.c optional ipsec ipsec_esp | netsmbcrypto
|
||||
crypto/des/des_enc.c optional ipsec ipsec_esp | netsmb
|
||||
|
||||
dev/ofw/openfirm.c standard
|
||||
dev/ofw/ofw_bus_if.m standard
|
||||
|
@ -20,7 +20,7 @@ ukbdmap.h optional ukbd_dflt_keymap \
|
||||
#
|
||||
crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp
|
||||
crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \
|
||||
netsmbcrypto
|
||||
netsmb
|
||||
dev/atkbdc/atkbd.c optional atkbd atkbdc
|
||||
dev/atkbdc/atkbd_atkbdc.c optional atkbd atkbdc
|
||||
dev/atkbdc/atkbdc.c optional atkbdc
|
||||
|
@ -242,8 +242,7 @@ UFS_DIRHASH opt_ufs.h
|
||||
NFS_ROOT opt_nfsroot.h
|
||||
|
||||
# SMB/CIFS requester
|
||||
NETSMB opt_netsmb.h
|
||||
NETSMBCRYPTO opt_netsmb.h
|
||||
NETSMB opt_netsmb.h
|
||||
|
||||
# Experimental support for large MS-DOS filesystems; SEE WARNING IN "NOTES"!
|
||||
MSDOSFS_LARGE opt_msdosfs.h
|
||||
|
@ -19,16 +19,13 @@ SRCS= vnode_if.h \
|
||||
smbfs_vfsops.c smbfs_node.c smbfs_io.c smbfs_vnops.c \
|
||||
smbfs_subr.c smbfs_smb.c
|
||||
|
||||
NETSMBCRYPTO=
|
||||
|
||||
.if defined(NETSMBCRYPTO)
|
||||
# NETSMBCRYPTO
|
||||
SRCS+= des_ecb.c des_setkey.c
|
||||
.if ${MACHINE_ARCH} == "i386"
|
||||
SRCS+= des_enc.S
|
||||
.else
|
||||
SRCS+= des_enc.c
|
||||
.endif
|
||||
.endif
|
||||
|
||||
# Build with IPX support (1|0)
|
||||
SMB_IPX?= 0
|
||||
@ -52,12 +49,6 @@ opt_inet.h:
|
||||
opt_ipx.h:
|
||||
echo "#define IPX 1" > ${.TARGET}
|
||||
.endif
|
||||
|
||||
# XXX netsmb should be a separate module
|
||||
.if defined(NETSMBCRYPTO)
|
||||
opt_netsmb.h:
|
||||
echo "#define NETSMBCRYPTO 1" > ${.TARGET}
|
||||
.endif
|
||||
.endif
|
||||
|
||||
.include <bsd.kmod.mk>
|
||||
|
@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$");
|
||||
#include <netsmb/smb_rq.h>
|
||||
#include <netsmb/smb_dev.h>
|
||||
|
||||
#include "opt_netsmb.h"
|
||||
|
||||
#ifdef NETSMBCRYPTO
|
||||
|
||||
#include <crypto/des/des.h>
|
||||
|
||||
#include "opt_netsmb.h"
|
||||
|
||||
static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
|
||||
|
||||
|
||||
@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest)
|
||||
des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1);
|
||||
free(ksp, M_SMBTEMP);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
int
|
||||
smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
|
||||
{
|
||||
#ifdef NETSMBCRYPTO
|
||||
u_char *p, *P14, *S21;
|
||||
|
||||
p = malloc(14 + 21, M_SMBTEMP, M_WAITOK);
|
||||
@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
|
||||
smb_E(S21 + 14, C8, RN + 16);
|
||||
free(p, M_SMBTEMP);
|
||||
return 0;
|
||||
#else
|
||||
SMBERROR("password encryption is not available\n");
|
||||
bzero(RN, 24);
|
||||
return EAUTH;
|
||||
#endif
|
||||
}
|
||||
|
||||
int
|
||||
smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
|
||||
{
|
||||
#ifdef NETSMBCRYPTO
|
||||
u_char S21[21];
|
||||
u_int16_t *unipwd;
|
||||
MD4_CTX *ctxp;
|
||||
@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
|
||||
smb_E(S21 + 7, C8, RN + 8);
|
||||
smb_E(S21 + 14, C8, RN + 16);
|
||||
return 0;
|
||||
#else
|
||||
SMBERROR("password encryption is not available\n");
|
||||
bzero(RN, 24);
|
||||
return EAUTH;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
|
||||
int
|
||||
smb_calcmackey(struct smb_vc *vcp)
|
||||
{
|
||||
#ifdef NETSMBCRYPTO
|
||||
const char *pwd;
|
||||
u_int16_t *unipwd;
|
||||
int len;
|
||||
@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp)
|
||||
smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32);
|
||||
|
||||
return (0);
|
||||
#else
|
||||
panic("smb_calcmackey: encryption not available");
|
||||
return (0);
|
||||
#endif /* NETSMBCRYPTO */
|
||||
}
|
||||
|
||||
/*
|
||||
@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp)
|
||||
int
|
||||
smb_rq_sign(struct smb_rq *rqp)
|
||||
{
|
||||
#ifdef NETSMBCRYPTO
|
||||
struct smb_vc *vcp = rqp->sr_vc;
|
||||
struct mbchain *mbp;
|
||||
struct mbuf *mb;
|
||||
@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp)
|
||||
bcopy(digest, rqp->sr_rqsig, 8);
|
||||
|
||||
return (0);
|
||||
#else
|
||||
panic("smb_rq_sign: encryption not available");
|
||||
return (0);
|
||||
#endif /* NETSMBCRYPTO */
|
||||
}
|
||||
|
||||
/*
|
||||
@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp)
|
||||
int
|
||||
smb_rq_verify(struct smb_rq *rqp)
|
||||
{
|
||||
#ifdef NETSMBCRYPTO
|
||||
struct smb_vc *vcp = rqp->sr_vc;
|
||||
struct mdchain *mdp;
|
||||
u_char sigbuf[8];
|
||||
@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp)
|
||||
return (EAUTH);
|
||||
|
||||
return (0);
|
||||
#else
|
||||
panic("smb_rq_verify: encryption not available");
|
||||
return (0);
|
||||
#endif /* NETSMBCRYPTO */
|
||||
}
|
||||
|
@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
|
||||
vcp->vc_chlen = sblen;
|
||||
vcp->obj.co_flags |= SMBV_ENCRYPT;
|
||||
}
|
||||
#ifdef NETSMBCRYPTO
|
||||
if (sp->sv_sm & SMB_SM_SIGS_REQUIRE)
|
||||
vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
|
||||
#endif
|
||||
vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
|
||||
if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
|
||||
sp->sv_maxtx < 4096 &&
|
||||
|
Loading…
Reference in New Issue
Block a user