smb2_negotiate: maintain xconn->smb2.server.sign_algo

This prepares the negotiation of signing algorithms in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index d1a2c6204bad12d2297465877e077fb2e868e2df..b3abedecacaf3dcf0f9e9124ca5f0896b044f2aa 100644 (file)
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -529,6 +529,7 @@ struct smbXsrv_connection {
                        uint32_t max_trans;
                        uint32_t max_read;
                        uint32_t max_write;
+                       uint16_t sign_algo;
                        uint16_t cipher;
                } server;
 

diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 0cd093d1eba3ff0ff50b1e9ee17963de0336fe7d..414965b75d18ee352f97171ce725ce763ad18ca3 100644 (file)
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -455,6 +455,12 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
                req->preauth = &req->xconn->smb2.preauth;
        }
 
+       if (protocol >= PROTOCOL_SMB2_24) {
+               xconn->smb2.server.sign_algo = SMB2_SIGNING_AES128_CMAC;
+       } else {
+               xconn->smb2.server.sign_algo = SMB2_SIGNING_HMAC_SHA256;
+       }
+
        if ((capabilities & SMB2_CAP_ENCRYPTION) && (in_cipher != NULL)) {
                size_t needed = 2;
                uint16_t cipher_count;