libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()

The signing algorithm is already passed via
smb2_signing_key->sign_algo_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb/smb2_signing.c

@@ -411,7 +411,6 @@ static NTSTATUS smb2_signing_calc_signature(struct smb2_signing_key *signing_key
 }
 
 NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
-			       enum protocol_types protocol,
 			       struct iovec *vector,
 			       int count)
 {
@@ -452,11 +451,7 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
 
 	SIVAL(hdr, SMB2_HDR_FLAGS, IVAL(hdr, SMB2_HDR_FLAGS) | SMB2_HDR_FLAG_SIGNED);
 
-	if (protocol >= PROTOCOL_SMB2_24) {
-		sign_algo_id = SMB2_SIGNING_AES128_CMAC;
-	} else {
-		sign_algo_id = SMB2_SIGNING_HMAC_SHA256;
-	}
+	sign_algo_id = signing_key->sign_algo_id;
 
 	status = smb2_signing_calc_signature(signing_key,
 					     sign_algo_id,
@@ -478,7 +473,6 @@ NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
 }
 
 NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
-				enum protocol_types protocol,
 				const struct iovec *vector,
 				int count)
 {
@@ -518,11 +512,7 @@ NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
 
 	sig = hdr+SMB2_HDR_SIGNATURE;
 
-	if (protocol >= PROTOCOL_SMB2_24) {
-		sign_algo_id = SMB2_SIGNING_AES128_CMAC;
-	} else {
-		sign_algo_id = SMB2_SIGNING_HMAC_SHA256;
-	}
+	sign_algo_id = signing_key->sign_algo_id;
 
 	status = smb2_signing_calc_signature(signing_key,
 					     sign_algo_id,

libcli/smb/smb2_signing.h

@@ -78,12 +78,10 @@ NTSTATUS smb2_signing_key_cipher_create(TALLOC_CTX *mem_ctx,
 bool smb2_signing_key_valid(const struct smb2_signing_key *key);
 
 NTSTATUS smb2_signing_sign_pdu(struct smb2_signing_key *signing_key,
-			       enum protocol_types protocol,
 			       struct iovec *vector,
 			       int count);
 
 NTSTATUS smb2_signing_check_pdu(struct smb2_signing_key *signing_key,
-				enum protocol_types protocol,
 				const struct iovec *vector,
 				int count);
 

libcli/smb/smbXcli_base.c

@@ -3342,7 +3342,6 @@ skip_credits:
 			NTSTATUS status;
 
 			status = smb2_signing_sign_pdu(signing_key,
-						       state->session->conn->protocol,
 						       &iov[hdr_iov], num_iov - hdr_iov);
 			if (!NT_STATUS_IS_OK(status)) {
 				return status;
@@ -3936,7 +3935,6 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
 			NTSTATUS signing_status;
 
 			signing_status = smb2_signing_check_pdu(signing_key,
-								state->conn->protocol,
 								&cur[1], 3);
 			if (!NT_STATUS_IS_OK(signing_status)) {
 				/*
@@ -6161,7 +6159,6 @@ NTSTATUS smb2cli_session_set_session_key(struct smbXcli_session *session,
 
 	if (check_signature) {
 		status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
-						session->conn->protocol,
 						recv_iov, 3);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
@@ -6339,7 +6336,6 @@ NTSTATUS smb2cli_session_set_channel_key(struct smbXcli_session *session,
 	ZERO_STRUCT(channel_key);
 
 	status = smb2_signing_check_pdu(session->smb2_channel.signing_key,
-					session->conn->protocol,
 					recv_iov, 3);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;

source3/smbd/smb2_server.c

@@ -1939,7 +1939,6 @@ static NTSTATUS smb2_send_async_interim_response(const struct smbd_smb2_request
 		}
 	} else if (smb2_signing_key_valid(req->last_sign_key)) {
 		status = smb2_signing_sign_pdu(req->last_sign_key,
-					       xconn->protocol,
 					       outhdr_v,
 					       SMBD_SMB2_NUM_IOV_PER_REQ - 1);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -2338,7 +2337,6 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
 			smbd_smb2_signing_key(x, xconn);
 
 		status = smb2_signing_sign_pdu(signing_key,
-					xconn->protocol,
 					&state->vector[1+SMBD_SMB2_HDR_IOV_OFS],
 					SMBD_SMB2_NUM_IOV_PER_REQ - 1);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -3078,7 +3076,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 		}
 
 		status = smb2_signing_check_pdu(signing_key,
-						xconn->protocol,
 						SMBD_SMB2_IN_HDR_IOV(req),
 						SMBD_SMB2_NUM_IOV_PER_REQ - 1);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -3534,7 +3531,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
 		 * with the last signing key we remembered.
 		 */
 		status = smb2_signing_sign_pdu(req->last_sign_key,
-					       xconn->protocol,
 					       lasthdr,
 					       SMBD_SMB2_NUM_IOV_PER_REQ - 1);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -3623,7 +3619,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
 			smbd_smb2_signing_key(x, xconn);
 
 		status = smb2_signing_sign_pdu(signing_key,
-					       xconn->protocol,
 					       outhdr,
 					       SMBD_SMB2_NUM_IOV_PER_REQ - 1);
 		if (!NT_STATUS_IS_OK(status)) {