mirror of
https://github.com/torvalds/linux.git
synced 2025-12-07 20:06:24 +00:00
3a597e6e97
For the HMAC-MD5 computations in NTLMv2, use the HMAC-MD5 library
instead of a "hmac(md5)" crypto_shash. This is simpler and faster.
With the library there's no need to allocate memory, no need to handle
errors, and the HMAC-MD5 code is accessed directly without inefficient
indirect calls and other unnecessary API overhead.
To preserve the existing behavior of NTLMv2 support being disabled when
the kernel is booted with "fips=1", make ksmbd_auth_ntlmv2() check
fips_enabled itself. Previously it relied on the error from
crypto_alloc_shash("hmac(md5)") being bubbled up. I don't know for sure
that this is actually needed, but this preserves the existing behavior.
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
74 lines
2.0 KiB
Plaintext
74 lines
2.0 KiB
Plaintext
config SMB_SERVER
|
|
tristate "SMB3 server support"
|
|
depends on INET
|
|
depends on MULTIUSER
|
|
depends on FILE_LOCKING
|
|
select NLS
|
|
select NLS_UTF8
|
|
select NLS_UCS2_UTILS
|
|
select CRYPTO
|
|
select CRYPTO_ECB
|
|
select CRYPTO_LIB_ARC4
|
|
select CRYPTO_LIB_DES
|
|
select CRYPTO_LIB_MD5
|
|
select CRYPTO_LIB_SHA256
|
|
select CRYPTO_LIB_SHA512
|
|
select CRYPTO_CMAC
|
|
select CRYPTO_AEAD2
|
|
select CRYPTO_CCM
|
|
select CRYPTO_GCM
|
|
select ASN1
|
|
select OID_REGISTRY
|
|
select CRC32
|
|
default n
|
|
help
|
|
Choose Y here if you want to allow SMB3 compliant clients
|
|
to access files residing on this system using SMB3 protocol.
|
|
To compile the SMB3 server support as a module,
|
|
choose M here: the module will be called ksmbd.
|
|
|
|
You may choose to use a samba server instead, in which
|
|
case you can choose N here.
|
|
|
|
You also need to install user space programs which can be found
|
|
in ksmbd-tools, available from
|
|
https://github.com/cifsd-team/ksmbd-tools.
|
|
More detail about how to run the ksmbd kernel server is
|
|
available via the README file
|
|
(https://github.com/cifsd-team/ksmbd-tools/blob/master/README).
|
|
|
|
ksmbd kernel server includes support for auto-negotiation,
|
|
Secure negotiate, Pre-authentication integrity, oplock/lease,
|
|
compound requests, multi-credit, packet signing, RDMA(smbdirect),
|
|
smb3 encryption, copy-offload, secure per-user session
|
|
establishment via Kerberos or NTLMv2.
|
|
|
|
if SMB_SERVER
|
|
|
|
config SMB_SERVER_SMBDIRECT
|
|
bool "Support for SMB Direct protocol"
|
|
depends on SMB_SERVER=m && INFINIBAND && INFINIBAND_ADDR_TRANS || SMB_SERVER=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
|
|
select SG_POOL
|
|
default n
|
|
|
|
help
|
|
Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
|
|
|
|
SMB Direct allows transferring SMB packets over RDMA. If unsure,
|
|
say N.
|
|
|
|
endif
|
|
|
|
config SMB_SERVER_CHECK_CAP_NET_ADMIN
|
|
bool "Enable check network administration capability"
|
|
depends on SMB_SERVER
|
|
default y
|
|
|
|
help
|
|
Prevent unprivileged processes to start the ksmbd kernel server.
|
|
|
|
config SMB_SERVER_KERBEROS5
|
|
bool "Support for Kerberos 5"
|
|
depends on SMB_SERVER
|
|
default y
|