From 8d96e455313f137de3023d7c893b4b24975c47bb Mon Sep 17 00:00:00 2001
From: Yaroslav Tykhiy <ytykhiy@gmail.com>
Date: Sun, 5 Mar 2006 22:52:17 +0000
Subject: [PATCH] Retire NETSMBCRYPTO as a kernel option and make its
 functionality enabled by default in NETSMB and smbfs.ko.

With the most of modern SMB providers requiring encryption by
default, there is little sense left in keeping the crypto part
of NETSMB optional at the build time.

This will also return smbfs.ko to its former properties users
are rather accustomed to.

Discussed with:		freebsd-stable, re (scottl)
Not objected by:	bp, tjr (silence)
MFC after:		5 days
---
 UPDATING                   |  4 ++++
 sys/conf/NOTES             |  2 --
 sys/conf/files             |  4 ++--
 sys/conf/files.alpha       |  2 +-
 sys/conf/files.amd64       |  2 +-
 sys/conf/files.i386        |  2 +-
 sys/conf/files.ia64        |  2 +-
 sys/conf/files.pc98        |  2 +-
 sys/conf/files.powerpc     |  2 +-
 sys/conf/files.sparc64     |  2 +-
 sys/conf/options           |  3 +--
 sys/modules/smbfs/Makefile | 11 +----------
 sys/netsmb/smb_crypt.c     | 34 ++--------------------------------
 sys/netsmb/smb_smb.c       |  2 --
 14 files changed, 17 insertions(+), 57 deletions(-)

diff --git a/UPDATING b/UPDATING
index 014f74ba56df..f850a7663eec 100644
--- a/UPDATING
+++ b/UPDATING
@@ -21,6 +21,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 7.x IS SLOW:
 	developers choose to disable these features on build machines
 	to maximize performance.
 
+20060305:
+	The NETSMBCRYPTO kernel option has been retired because its
+	functionality is always included in NETSMB and smbfs.ko now.
+
 20060303:
 	The TDFX_LINUX kernel option was retired and replaced by the
 	tdfx_linux device.  The latter can be loaded as a kernel module.
diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index a6daab6fbe2f..12398cc92f86 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -489,9 +489,7 @@ options 	NETATALKDEBUG		#Appletalk debugging
 # SMB/CIFS requester
 # NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV
 # options.
-# NETSMBCRYPTO enables support for encrypted passwords.
 options 	NETSMB			#SMB/CIFS requester
-options 	NETSMBCRYPTO		#encrypted password support for SMB
 
 # mchain library. It can be either loaded as KLD or compiled into kernel
 options 	LIBMCHAIN
diff --git a/sys/conf/files b/sys/conf/files
index b46ff2816c1a..cc91a6ab5d37 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -334,8 +334,8 @@ contrib/pf/net/pf_osfp.c	optional pf \
 contrib/pf/netinet/in4_cksum.c	optional pf inet
 crypto/blowfish/bf_ecb.c	optional ipsec ipsec_esp
 crypto/blowfish/bf_skey.c	optional crypto | ipsec ipsec_esp
-crypto/des/des_ecb.c		optional crypto | ipsec ipsec_esp | netsmbcrypto
-crypto/des/des_setkey.c		optional crypto | ipsec ipsec_esp | netsmbcrypto
+crypto/des/des_ecb.c		optional crypto | ipsec ipsec_esp | netsmb
+crypto/des/des_setkey.c		optional crypto | ipsec ipsec_esp | netsmb
 crypto/rc4/rc4.c		optional netgraph_mppc_encryption
 crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \
 					 ipsec | random | wlan_ccmp
diff --git a/sys/conf/files.alpha b/sys/conf/files.alpha
index cef1c350e22d..46c4ce3fc5f4 100644
--- a/sys/conf/files.alpha
+++ b/sys/conf/files.alpha
@@ -146,7 +146,7 @@ compat/linux/linux_stats.c	optional	compat_linux
 compat/linux/linux_util.c	optional	compat_linux
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/advansys/adv_isa.c		optional	adv isa
 dev/aic/aic_isa.c		optional	aic isa
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64
index 403e5ee55c16..41c9c3379a5c 100644
--- a/sys/conf/files.amd64
+++ b/sys/conf/files.amd64
@@ -131,7 +131,7 @@ amd64/pci/pci_bus.c		optional	pci
 amd64/pci/pci_cfgreg.c		optional	pci
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/acpica/acpi_if.m		standard
 dev/arcmsr/arcmsr.c		optional	arcmsr pci
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
diff --git a/sys/conf/files.i386 b/sys/conf/files.i386
index e5d6b1a5da1d..71c9db186505 100644
--- a/sys/conf/files.i386
+++ b/sys/conf/files.i386
@@ -126,7 +126,7 @@ bf_enc.o			optional crypto | ipsec ipsec_esp	\
 	dependency	"$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
 	compile-with	"${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
 	no-implicit-rule
-crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmbcrypto
+crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmb
 crypto/via/padlock.c		optional padlock
 dev/advansys/adv_isa.c		optional adv isa
 dev/aic/aic_isa.c		optional aic isa
diff --git a/sys/conf/files.ia64 b/sys/conf/files.ia64
index 7495a6afa221..42285f9ad7db 100644
--- a/sys/conf/files.ia64
+++ b/sys/conf/files.ia64
@@ -44,7 +44,7 @@ contrib/ia64/libuwx/src/uwx_uinfo.c		standard
 contrib/ia64/libuwx/src/uwx_utable.c		standard
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/advansys/adv_isa.c		optional	adv isa
 dev/aic/aic_isa.c		optional	aic isa
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
diff --git a/sys/conf/files.pc98 b/sys/conf/files.pc98
index ea96e4560a93..4621cef32004 100644
--- a/sys/conf/files.pc98
+++ b/sys/conf/files.pc98
@@ -82,7 +82,7 @@ bf_enc.o			optional crypto | ipsec ipsec_esp	\
 	dependency	"$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \
 	compile-with	"${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \
 	no-implicit-rule
-crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmbcrypto
+crypto/des/arch/i386/des_enc.S	optional crypto | ipsec ipsec_esp | netsmb
 dev/aic/aic_cbus.c		optional aic isa
 dev/ar/if_ar.c			optional ar
 dev/ar/if_ar_pci.c		optional ar pci
diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc
index b10c32e1e45e..349468751a52 100644
--- a/sys/conf/files.powerpc
+++ b/sys/conf/files.powerpc
@@ -71,7 +71,7 @@ powerpc/powerpc/db_hwwatch.c	optional	ddb
 powerpc/powerpc/db_trace.c	optional	ddb
 
 crypto/blowfish/bf_enc.c	optional	ipsec ipsec_esp
-crypto/des/des_enc.c		optional	ipsec ipsec_esp | netsmbcrypto
+crypto/des/des_enc.c		optional	ipsec ipsec_esp | netsmb
 
 dev/ofw/openfirm.c		standard
 dev/ofw/ofw_bus_if.m		standard
diff --git a/sys/conf/files.sparc64 b/sys/conf/files.sparc64
index 5c82173f170c..8d4afabaf3ab 100644
--- a/sys/conf/files.sparc64
+++ b/sys/conf/files.sparc64
@@ -20,7 +20,7 @@ ukbdmap.h			optional	ukbd_dflt_keymap	\
 #
 crypto/blowfish/bf_enc.c	optional	crypto | ipsec ipsec_esp
 crypto/des/des_enc.c		optional	crypto | ipsec ipsec_esp | \
-						netsmbcrypto
+						netsmb
 dev/atkbdc/atkbd.c		optional	atkbd atkbdc
 dev/atkbdc/atkbd_atkbdc.c	optional	atkbd atkbdc
 dev/atkbdc/atkbdc.c		optional	atkbdc
diff --git a/sys/conf/options b/sys/conf/options
index 52c6ec8f5c1b..33b7c98d3364 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -242,8 +242,7 @@ UFS_DIRHASH	opt_ufs.h
 NFS_ROOT	opt_nfsroot.h
 
 # SMB/CIFS requester
-NETSMB			opt_netsmb.h
-NETSMBCRYPTO		opt_netsmb.h
+NETSMB		opt_netsmb.h
 
 # Experimental support for large MS-DOS filesystems; SEE WARNING IN "NOTES"!
 MSDOSFS_LARGE	opt_msdosfs.h
diff --git a/sys/modules/smbfs/Makefile b/sys/modules/smbfs/Makefile
index bc4316de4a4f..e8432e39297c 100644
--- a/sys/modules/smbfs/Makefile
+++ b/sys/modules/smbfs/Makefile
@@ -19,16 +19,13 @@ SRCS=	vnode_if.h \
 	smbfs_vfsops.c smbfs_node.c smbfs_io.c smbfs_vnops.c \
 	smbfs_subr.c smbfs_smb.c
 
-NETSMBCRYPTO=
-
-.if defined(NETSMBCRYPTO)
+# NETSMBCRYPTO
 SRCS+=	des_ecb.c des_setkey.c
 .if ${MACHINE_ARCH} == "i386"
 SRCS+=	des_enc.S
 .else
 SRCS+=	des_enc.c
 .endif
-.endif
 
 # Build with IPX support (1|0)
 SMB_IPX?=	0
@@ -52,12 +49,6 @@ opt_inet.h:
 opt_ipx.h:
 	echo "#define IPX 1" > ${.TARGET}
 .endif
-
-# XXX netsmb should be a separate module
-.if defined(NETSMBCRYPTO)
-opt_netsmb.h:
-	echo "#define NETSMBCRYPTO 1" > ${.TARGET}
-.endif
 .endif
 
 .include <bsd.kmod.mk>
diff --git a/sys/netsmb/smb_crypt.c b/sys/netsmb/smb_crypt.c
index e45c379ad746..928ba8ce4b86 100644
--- a/sys/netsmb/smb_crypt.c
+++ b/sys/netsmb/smb_crypt.c
@@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$");
 #include <netsmb/smb_rq.h>
 #include <netsmb/smb_dev.h>
 
-#include "opt_netsmb.h"
-
-#ifdef NETSMBCRYPTO
-
 #include <crypto/des/des.h>
 
+#include "opt_netsmb.h"
+
 static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
 
 
@@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest)
 	des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1);
 	free(ksp, M_SMBTEMP);
 }
-#endif
 
 
 int
 smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
 {
-#ifdef NETSMBCRYPTO
 	u_char *p, *P14, *S21;
 
 	p = malloc(14 + 21, M_SMBTEMP, M_WAITOK);
@@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN)
 	smb_E(S21 + 14, C8, RN + 16);
 	free(p, M_SMBTEMP);
 	return 0;
-#else
-	SMBERROR("password encryption is not available\n");
-	bzero(RN, 24);
-	return EAUTH;
-#endif
 }
 
 int
 smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
 {
-#ifdef NETSMBCRYPTO
 	u_char S21[21];
 	u_int16_t *unipwd;
 	MD4_CTX *ctxp;
@@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
 	smb_E(S21 + 7, C8, RN + 8);
 	smb_E(S21 + 14, C8, RN + 16);
 	return 0;
-#else
-	SMBERROR("password encryption is not available\n");
-	bzero(RN, 24);
-	return EAUTH;
-#endif
 }
 
 /*
@@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN)
 int
 smb_calcmackey(struct smb_vc *vcp)
 {
-#ifdef NETSMBCRYPTO
 	const char *pwd;
 	u_int16_t *unipwd;
 	int len;
@@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp)
 	smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32);
 
 	return (0);
-#else
-	panic("smb_calcmackey: encryption not available");
-	return (0);
-#endif	/* NETSMBCRYPTO */
 }
 
 /*
@@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp)
 int
 smb_rq_sign(struct smb_rq *rqp)
 {
-#ifdef NETSMBCRYPTO
 	struct smb_vc *vcp = rqp->sr_vc;
 	struct mbchain *mbp;
 	struct mbuf *mb;
@@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp)
 	bcopy(digest, rqp->sr_rqsig, 8);
 
 	return (0);
-#else
-	panic("smb_rq_sign: encryption not available");
-	return (0);
-#endif	/* NETSMBCRYPTO */
 }
 
 /*
@@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp)
 int
 smb_rq_verify(struct smb_rq *rqp)
 {
-#ifdef NETSMBCRYPTO
 	struct smb_vc *vcp = rqp->sr_vc;
 	struct mdchain *mdp;
 	u_char sigbuf[8];
@@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp)
 		return (EAUTH);
 
 	return (0);
-#else
-	panic("smb_rq_verify: encryption not available");
-	return (0);
-#endif	/* NETSMBCRYPTO */
 }
diff --git a/sys/netsmb/smb_smb.c b/sys/netsmb/smb_smb.c
index 953456e1c85f..6393a9f05565 100644
--- a/sys/netsmb/smb_smb.c
+++ b/sys/netsmb/smb_smb.c
@@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred)
 				vcp->vc_chlen = sblen;
 				vcp->obj.co_flags |= SMBV_ENCRYPT;
 			}
-#ifdef NETSMBCRYPTO
 			if (sp->sv_sm & SMB_SM_SIGS_REQUIRE)
 				vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE;
-#endif
 			vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES;
 			if (dp->d_id == SMB_DIALECT_NTLM0_12 &&
 			    sp->sv_maxtx < 4096 &&