diff --git a/UPDATING b/UPDATING index 014f74ba56df..f850a7663eec 100644 --- a/UPDATING +++ b/UPDATING @@ -21,6 +21,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 7.x IS SLOW: developers choose to disable these features on build machines to maximize performance. +20060305: + The NETSMBCRYPTO kernel option has been retired because its + functionality is always included in NETSMB and smbfs.ko now. + 20060303: The TDFX_LINUX kernel option was retired and replaced by the tdfx_linux device. The latter can be loaded as a kernel module. diff --git a/sys/conf/NOTES b/sys/conf/NOTES index a6daab6fbe2f..12398cc92f86 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -489,9 +489,7 @@ options NETATALKDEBUG #Appletalk debugging # SMB/CIFS requester # NETSMB enables support for SMB protocol, it requires LIBMCHAIN and LIBICONV # options. -# NETSMBCRYPTO enables support for encrypted passwords. options NETSMB #SMB/CIFS requester -options NETSMBCRYPTO #encrypted password support for SMB # mchain library. It can be either loaded as KLD or compiled into kernel options LIBMCHAIN diff --git a/sys/conf/files b/sys/conf/files index b46ff2816c1a..cc91a6ab5d37 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -334,8 +334,8 @@ contrib/pf/net/pf_osfp.c optional pf \ contrib/pf/netinet/in4_cksum.c optional pf inet crypto/blowfish/bf_ecb.c optional ipsec ipsec_esp crypto/blowfish/bf_skey.c optional crypto | ipsec ipsec_esp -crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmbcrypto -crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/des_ecb.c optional crypto | ipsec ipsec_esp | netsmb +crypto/des/des_setkey.c optional crypto | ipsec ipsec_esp | netsmb crypto/rc4/rc4.c optional netgraph_mppc_encryption crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \ ipsec | random | wlan_ccmp diff --git a/sys/conf/files.alpha b/sys/conf/files.alpha index cef1c350e22d..46c4ce3fc5f4 100644 --- a/sys/conf/files.alpha +++ b/sys/conf/files.alpha @@ -146,7 +146,7 @@ compat/linux/linux_stats.c optional compat_linux compat/linux/linux_util.c optional compat_linux crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64 index 403e5ee55c16..41c9c3379a5c 100644 --- a/sys/conf/files.amd64 +++ b/sys/conf/files.amd64 @@ -131,7 +131,7 @@ amd64/pci/pci_bus.c optional pci amd64/pci/pci_cfgreg.c optional pci crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/acpica/acpi_if.m standard dev/arcmsr/arcmsr.c optional arcmsr pci dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.i386 b/sys/conf/files.i386 index e5d6b1a5da1d..71c9db186505 100644 --- a/sys/conf/files.i386 +++ b/sys/conf/files.i386 @@ -126,7 +126,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \ dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \ compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \ no-implicit-rule -crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb crypto/via/padlock.c optional padlock dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa diff --git a/sys/conf/files.ia64 b/sys/conf/files.ia64 index 7495a6afa221..42285f9ad7db 100644 --- a/sys/conf/files.ia64 +++ b/sys/conf/files.ia64 @@ -44,7 +44,7 @@ contrib/ia64/libuwx/src/uwx_uinfo.c standard contrib/ia64/libuwx/src/uwx_utable.c standard crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/advansys/adv_isa.c optional adv isa dev/aic/aic_isa.c optional aic isa dev/atkbdc/atkbd.c optional atkbd atkbdc diff --git a/sys/conf/files.pc98 b/sys/conf/files.pc98 index ea96e4560a93..4621cef32004 100644 --- a/sys/conf/files.pc98 +++ b/sys/conf/files.pc98 @@ -82,7 +82,7 @@ bf_enc.o optional crypto | ipsec ipsec_esp \ dependency "$S/crypto/blowfish/arch/i386/bf_enc.S $S/crypto/blowfish/arch/i386/bf_enc_586.S $S/crypto/blowfish/arch/i386/bf_enc_686.S" \ compile-with "${CC} -c -I$S/crypto/blowfish/arch/i386 ${ASM_CFLAGS} ${WERROR} ${.IMPSRC}" \ no-implicit-rule -crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmbcrypto +crypto/des/arch/i386/des_enc.S optional crypto | ipsec ipsec_esp | netsmb dev/aic/aic_cbus.c optional aic isa dev/ar/if_ar.c optional ar dev/ar/if_ar_pci.c optional ar pci diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc index b10c32e1e45e..349468751a52 100644 --- a/sys/conf/files.powerpc +++ b/sys/conf/files.powerpc @@ -71,7 +71,7 @@ powerpc/powerpc/db_hwwatch.c optional ddb powerpc/powerpc/db_trace.c optional ddb crypto/blowfish/bf_enc.c optional ipsec ipsec_esp -crypto/des/des_enc.c optional ipsec ipsec_esp | netsmbcrypto +crypto/des/des_enc.c optional ipsec ipsec_esp | netsmb dev/ofw/openfirm.c standard dev/ofw/ofw_bus_if.m standard diff --git a/sys/conf/files.sparc64 b/sys/conf/files.sparc64 index 5c82173f170c..8d4afabaf3ab 100644 --- a/sys/conf/files.sparc64 +++ b/sys/conf/files.sparc64 @@ -20,7 +20,7 @@ ukbdmap.h optional ukbd_dflt_keymap \ # crypto/blowfish/bf_enc.c optional crypto | ipsec ipsec_esp crypto/des/des_enc.c optional crypto | ipsec ipsec_esp | \ - netsmbcrypto + netsmb dev/atkbdc/atkbd.c optional atkbd atkbdc dev/atkbdc/atkbd_atkbdc.c optional atkbd atkbdc dev/atkbdc/atkbdc.c optional atkbdc diff --git a/sys/conf/options b/sys/conf/options index 52c6ec8f5c1b..33b7c98d3364 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -242,8 +242,7 @@ UFS_DIRHASH opt_ufs.h NFS_ROOT opt_nfsroot.h # SMB/CIFS requester -NETSMB opt_netsmb.h -NETSMBCRYPTO opt_netsmb.h +NETSMB opt_netsmb.h # Experimental support for large MS-DOS filesystems; SEE WARNING IN "NOTES"! MSDOSFS_LARGE opt_msdosfs.h diff --git a/sys/modules/smbfs/Makefile b/sys/modules/smbfs/Makefile index bc4316de4a4f..e8432e39297c 100644 --- a/sys/modules/smbfs/Makefile +++ b/sys/modules/smbfs/Makefile @@ -19,16 +19,13 @@ SRCS= vnode_if.h \ smbfs_vfsops.c smbfs_node.c smbfs_io.c smbfs_vnops.c \ smbfs_subr.c smbfs_smb.c -NETSMBCRYPTO= - -.if defined(NETSMBCRYPTO) +# NETSMBCRYPTO SRCS+= des_ecb.c des_setkey.c .if ${MACHINE_ARCH} == "i386" SRCS+= des_enc.S .else SRCS+= des_enc.c .endif -.endif # Build with IPX support (1|0) SMB_IPX?= 0 @@ -52,12 +49,6 @@ opt_inet.h: opt_ipx.h: echo "#define IPX 1" > ${.TARGET} .endif - -# XXX netsmb should be a separate module -.if defined(NETSMBCRYPTO) -opt_netsmb.h: - echo "#define NETSMBCRYPTO 1" > ${.TARGET} -.endif .endif .include diff --git a/sys/netsmb/smb_crypt.c b/sys/netsmb/smb_crypt.c index e45c379ad746..928ba8ce4b86 100644 --- a/sys/netsmb/smb_crypt.c +++ b/sys/netsmb/smb_crypt.c @@ -59,12 +59,10 @@ __FBSDID("$FreeBSD$"); #include #include -#include "opt_netsmb.h" - -#ifdef NETSMBCRYPTO - #include +#include "opt_netsmb.h" + static u_char N8[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; @@ -87,13 +85,11 @@ smb_E(const u_char *key, u_char *data, u_char *dest) des_ecb_encrypt((des_cblock *)data, (des_cblock *)dest, *ksp, 1); free(ksp, M_SMBTEMP); } -#endif int smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char *p, *P14, *S21; p = malloc(14 + 21, M_SMBTEMP, M_WAITOK); @@ -112,17 +108,11 @@ smb_encrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 14, C8, RN + 16); free(p, M_SMBTEMP); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } int smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) { -#ifdef NETSMBCRYPTO u_char S21[21]; u_int16_t *unipwd; MD4_CTX *ctxp; @@ -146,11 +136,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) smb_E(S21 + 7, C8, RN + 8); smb_E(S21 + 14, C8, RN + 16); return 0; -#else - SMBERROR("password encryption is not available\n"); - bzero(RN, 24); - return EAUTH; -#endif } /* @@ -159,7 +144,6 @@ smb_ntencrypt(const u_char *apwd, u_char *C8, u_char *RN) int smb_calcmackey(struct smb_vc *vcp) { -#ifdef NETSMBCRYPTO const char *pwd; u_int16_t *unipwd; int len; @@ -210,10 +194,6 @@ smb_calcmackey(struct smb_vc *vcp) smb_E(S21 + 14, vcp->vc_ch, vcp->vc_mackey + 32); return (0); -#else - panic("smb_calcmackey: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -222,7 +202,6 @@ smb_calcmackey(struct smb_vc *vcp) int smb_rq_sign(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mbchain *mbp; struct mbuf *mb; @@ -278,10 +257,6 @@ smb_rq_sign(struct smb_rq *rqp) bcopy(digest, rqp->sr_rqsig, 8); return (0); -#else - panic("smb_rq_sign: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } /* @@ -290,7 +265,6 @@ smb_rq_sign(struct smb_rq *rqp) int smb_rq_verify(struct smb_rq *rqp) { -#ifdef NETSMBCRYPTO struct smb_vc *vcp = rqp->sr_vc; struct mdchain *mdp; u_char sigbuf[8]; @@ -332,8 +306,4 @@ smb_rq_verify(struct smb_rq *rqp) return (EAUTH); return (0); -#else - panic("smb_rq_verify: encryption not available"); - return (0); -#endif /* NETSMBCRYPTO */ } diff --git a/sys/netsmb/smb_smb.c b/sys/netsmb/smb_smb.c index 953456e1c85f..6393a9f05565 100644 --- a/sys/netsmb/smb_smb.c +++ b/sys/netsmb/smb_smb.c @@ -197,10 +197,8 @@ smb_smb_negotiate(struct smb_vc *vcp, struct smb_cred *scred) vcp->vc_chlen = sblen; vcp->obj.co_flags |= SMBV_ENCRYPT; } -#ifdef NETSMBCRYPTO if (sp->sv_sm & SMB_SM_SIGS_REQUIRE) vcp->vc_hflags2 |= SMB_FLAGS2_SECURITY_SIGNATURE; -#endif vcp->vc_hflags2 |= SMB_FLAGS2_KNOWS_LONG_NAMES; if (dp->d_id == SMB_DIALECT_NTLM0_12 && sp->sv_maxtx < 4096 &&