SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless
'client smb3 encryption algorithms' allows them.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
xconn->smb2.server.cipher = SMB2_ENCRYPTION_AES128_CCM;
}
+ status = smb311_capabilities_check(&default_smb3_capabilities,
+ "smb2srv_negprot",
+ DBGLVL_NOTICE,
+ NT_STATUS_INVALID_PARAMETER,
+ "server",
+ protocol,
+ xconn->smb2.server.cipher);
+ if (!NT_STATUS_IS_OK(status)) {
+ return smbd_smb2_request_error(req, status);
+ }
+
if (protocol >= PROTOCOL_SMB3_00 &&
xconn->client->server_multi_channel_enabled)
{