sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code

libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()

Browse Source 
The cipher algorithm is already passed via
smb2_signing_key->chipher_algo_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Stefan Metzmacher 2021-03-10 14:03:50 +01:00 committed by Jeremy Allison
parent 7c8707613e
commit f65e609fd1
4 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libcli/smb/smb2_signing.c
View File

@ -620,10 +620,10 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
} }
NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
uint16_t cipher_id,
struct iovec *vector, struct iovec *vector,
int count) int count)
{ {
uint16_t cipher_id;
uint8_t *tf; uint8_t *tf;
size_t a_total; size_t a_total;
ssize_t m_total; ssize_t m_total;
@ -651,6 +651,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
DBG_WARNING("No encryption key for SMB2 signing\n"); DBG_WARNING("No encryption key for SMB2 signing\n");
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
cipher_id = encryption_key->cipher_algo_id;
a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE; a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;
@ -826,10 +827,10 @@ out:
} }
NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
uint16_t cipher_id,
struct iovec *vector, struct iovec *vector,
int count) int count)
{ {
uint16_t cipher_id;
uint8_t *tf; uint8_t *tf;
uint16_t flags; uint16_t flags;
size_t a_total; size_t a_total;
@ -859,6 +860,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
DBG_WARNING("No decryption key for SMB2 signing\n"); DBG_WARNING("No decryption key for SMB2 signing\n");
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
cipher_id = decryption_key->cipher_algo_id;
a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE; a_total = SMB2_TF_HDR_SIZE - SMB2_TF_NONCE;

2
libcli/smb/smb2_signing.h
View File

@ -91,11 +91,9 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t KI_len,
uint8_t *KO, size_t KO_len); uint8_t *KO, size_t KO_len);
NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key, NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
uint16_t cipher_id,
struct iovec *vector, struct iovec *vector,
int count); int count);
NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key, NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
uint16_t cipher_id,
struct iovec *vector, struct iovec *vector,
int count); int count);

2
libcli/smb/smbXcli_base.c
View File

@ -3390,7 +3390,6 @@ skip_credits:
} }
status = smb2_signing_encrypt_pdu(encryption_key, status = smb2_signing_encrypt_pdu(encryption_key,
state->conn->smb2.server.cipher,
&iov[tf_iov], num_iov - tf_iov); &iov[tf_iov], num_iov - tf_iov);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
return status; return status;
@ -3578,7 +3577,6 @@ static NTSTATUS smb2cli_inbuf_parse_compound(struct smbXcli_conn *conn,
tf_iov[1].iov_len = enc_len; tf_iov[1].iov_len = enc_len;
status = smb2_signing_decrypt_pdu(s->smb2->decryption_key, status = smb2_signing_decrypt_pdu(s->smb2->decryption_key,
conn->smb2.server.cipher,
tf_iov, 2); tf_iov, 2);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(iov); TALLOC_FREE(iov);

4
source3/smbd/smb2_server.c
View File

@ -451,7 +451,6 @@ static NTSTATUS smbd_smb2_inbuf_parse_compound(struct smbXsrv_connection *xconn,
tf_iov[1].iov_len = enc_len; tf_iov[1].iov_len = enc_len;
status = smb2_signing_decrypt_pdu(s->global->decryption_key, status = smb2_signing_decrypt_pdu(s->global->decryption_key,
xconn->smb2.server.cipher,
tf_iov, 2); tf_iov, 2);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(iov_alloc); TALLOC_FREE(iov_alloc);
@ -1931,7 +1930,6 @@ static NTSTATUS smb2_send_async_interim_response(const struct smbd_smb2_request
*/ */
if (firsttf->iov_len == SMB2_TF_HDR_SIZE) { if (firsttf->iov_len == SMB2_TF_HDR_SIZE) {
status = smb2_signing_encrypt_pdu(req->first_enc_key, status = smb2_signing_encrypt_pdu(req->first_enc_key,
xconn->smb2.server.cipher,
firsttf, firsttf,
nreq->out.vector_count - first_idx); nreq->out.vector_count - first_idx);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
@ -2323,7 +2321,6 @@ static void smbd_smb2_request_pending_timer(struct tevent_context *ev,
struct smb2_signing_key *encryption_key = x->global->encryption_key; struct smb2_signing_key *encryption_key = x->global->encryption_key;
status = smb2_signing_encrypt_pdu(encryption_key, status = smb2_signing_encrypt_pdu(encryption_key,
xconn->smb2.server.cipher,
&state->vector[1+SMBD_SMB2_TF_IOV_OFS], &state->vector[1+SMBD_SMB2_TF_IOV_OFS],
SMBD_SMB2_NUM_IOV_PER_REQ); SMBD_SMB2_NUM_IOV_PER_REQ);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
@ -3607,7 +3604,6 @@ static NTSTATUS smbd_smb2_request_reply(struct smbd_smb2_request *req)
*/ */
if (firsttf->iov_len == SMB2_TF_HDR_SIZE) { if (firsttf->iov_len == SMB2_TF_HDR_SIZE) {
status = smb2_signing_encrypt_pdu(req->first_enc_key, status = smb2_signing_encrypt_pdu(req->first_enc_key,
xconn->smb2.server.cipher,
firsttf, firsttf,
req->out.vector_count - first_idx); req->out.vector_count - first_idx);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {