libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()

The cipher algorithm is already passed via
smb2_signing_key->chipher_algo_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index dd5784361d550f9c5054c8ee28a05fea2731e8a0..a4effb8b31e0c4e996914058c42d5cc27f832db8 100644 (file)
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -620,10 +620,10 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
 }
 
 NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
-                                 uint16_t cipher_id,
                                  struct iovec *vector,
                                  int count)
 {
+       uint16_t cipher_id;
        uint8_t *tf;
        size_t a_total;
        ssize_t m_total;
@@ -651,6 +651,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
                DBG_WARNING("No encryption key for SMB2 signing\n");
                return NT_STATUS_ACCESS_DENIED;
        }
+       cipher_id = encryption_key->cipher_algo_id;
 
        a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
 
@@ -826,10 +827,10 @@ out:
 }
 
 NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
-                                 uint16_t cipher_id,
                                  struct iovec *vector,
                                  int count)
 {
+       uint16_t cipher_id;
        uint8_t *tf;
        uint16_t flags;
        size_t a_total;
@@ -859,6 +860,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
                DBG_WARNING("No decryption key for SMB2 signing\n");
                return NT_STATUS_ACCESS_DENIED;
        }
+       cipher_id = decryption_key->cipher_algo_id;
 
        a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
 

diff --git a/libcli/smb/smb2_signing.h b/libcli/smb/smb2_signing.h
index 94d63c23042ab478b692f0efcaf6a42041068ee0..cf6fbe50db80ccc7ec2522ad7016d1b2fa5ba96f 100644 (file)
--- a/libcli/smb/smb2_signing.h
+++ b/libcli/smb/smb2_signing.h
@@ -91,11 +91,9 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
                             uint8_t *KO, size_t KO_len);
 
 NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
-                                 uint16_t cipher_id,
                                  struct iovec *vector,
                                  int count);
 NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
-                                 uint16_t cipher_id,
                                  struct iovec *vector,
                                  int count);
 

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index d188cc8a1b62d54ba955aa45f6dae18ebcddf3e8..01a8e921156ba28763add6ce5959f1c6e9aa940b 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -3390,7 +3390,6 @@ skip_credits:
                }
 
                status = smb2_signing_encrypt_pdu(encryption_key,
-                                       state->conn->smb2.server.cipher,
                                        &iov[tf_iov], num_iov - tf_iov);
                if (!NT_STATUS_IS_OK(status)) {
                        return status;
@@ -3578,7 +3577,6 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
                        tf_iov[1].iov_len = enc_len;
 
                        status = smb2_signing_decrypt_pdu(s->smb2->decryption_key,
-                                                         conn->smb2.server.cipher,
                                                          tf_iov, 2);
                        if (!NT_STATUS_IS_OK(status)) {
                                TALLOC_FREE(iov);

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 00597e56cf212290116552f62e70fb02c2c3ba24..90a0b4860fd6e8a442baf85d34d21102cea3caea 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -451,7 +451,6 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,
                        tf_iov[1].iov_len = enc_len;
 
                        status = smb2_signing_decrypt_pdu(s->global->decryption_key,
-                                                         xconn->smb2.server.cipher,
                                                          tf_iov, 2);
                        if (!NT_STATUS_IS_OK(status)) {
                                TALLOC_FREE(iov_alloc);
@@ -1931,7 +1930,6 @@ static NTSTATUS smb2_send_async_interim_response(const struct smbd_smb2_request
         */
        if (firsttf->iov_len == SMB2_TF_HDR_SIZE) {
                status = smb2_signing_encrypt_pdu(req->first_enc_key,
-                                       xconn->smb2.server.cipher,
                                        firsttf,
                                        nreq->out.vector_count - first_idx);
                if (!NT_STATUS_IS_OK(status)) {
@@ -2323,7 +2321,6 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
                struct smb2_signing_key *encryption_key = x->global->encryption_key;
 
                status = smb2_signing_encrypt_pdu(encryption_key,
-                                       xconn->smb2.server.cipher,
                                        &state->vector[1+SMBD_SMB2_TF_IOV_OFS],
                                        SMBD_SMB2_NUM_IOV_PER_REQ);
                if (!NT_STATUS_IS_OK(status)) {
@@ -3607,7 +3604,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
         */
        if (firsttf->iov_len == SMB2_TF_HDR_SIZE) {
                status = smb2_signing_encrypt_pdu(req->first_enc_key,
-                                       xconn->smb2.server.cipher,
                                        firsttf,
                                        req->out.vector_count - first_idx);
                if (!NT_STATUS_IS_OK(status)) {