From 9da2f6727f28281abf83b1426857d5e19d7824ff Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 11 Nov 2020 13:18:24 +0100
Subject: [PATCH] smb2_negotiate: maintain xconn->smb2.server.sign_algo

This prepares the negotiation of signing algorithms in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source3/smbd/globals.h      | 1 +
 source3/smbd/smb2_negprot.c | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index d1a2c6204ba..b3abedecaca 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -529,6 +529,7 @@ struct smbXsrv_connection {
 			uint32_t max_trans;
 			uint32_t max_read;
 			uint32_t max_write;
+			uint16_t sign_algo;
 			uint16_t cipher;
 		} server;
 
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 0cd093d1eba..414965b75d1 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -455,6 +455,12 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 		req->preauth = &req->xconn->smb2.preauth;
 	}
 
+	if (protocol >= PROTOCOL_SMB2_24) {
+		xconn->smb2.server.sign_algo = SMB2_SIGNING_AES128_CMAC;
+	} else {
+		xconn->smb2.server.sign_algo = SMB2_SIGNING_HMAC_SHA256;
+	}
+
 	if ((capabilities & SMB2_CAP_ENCRYPTION) && (in_cipher != NULL)) {
 		size_t needed = 2;
 		uint16_t cipher_count;