s3:smb2_negprot: remember xconn->smb2.server.cipher

For now we always use SMB2_ENCRYPTION_AES128_CCM or 0.
0 is the indication that we don't support encryption on the connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index d0015d5c458cc9f771bad2da65b9b73d0a249e3a..36e7f0f8061abf9e100c92c3233dc0f1d71b7923 100644 (file)
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -504,6 +504,7 @@ struct smbXsrv_connection {
                        uint32_t max_trans;
                        uint32_t max_read;
                        uint32_t max_write;
+                       uint16_t cipher;
                } server;
 
                struct smbd_smb2_request *requests;

diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 12ff7b4bc98260a58af9664d1279f97acf8ac1d8..6904972e2d23710af357e0a0fb3930ce3dceb50e 100644 (file)
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -276,6 +276,10 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
        max_read = MIN(max_limit, lp_smb2_max_read());
        max_write = MIN(max_limit, lp_smb2_max_write());
 
+       if (capabilities & SMB2_CAP_ENCRYPTION) {
+               xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
+       }
+
        security_offset = SMB2_HDR_BODY + 0x40;
 
 #if 1