From: Volker Lendecke <vl@samba.org>
Date: Thu, 21 Aug 2025 10:15:25 +0000 (+0200)
Subject: libsmb: Add "smb_encryption_over_quic" to smb311_capabilities
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f6292db0b359ee2a02bd54c404791a8f86c7ec8f;p=thirdparty%2Fsamba.git

libsmb: Add "smb_encryption_over_quic" to smb311_capabilities

Put here from the "client smb encryption over quic" settings

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/libcli/smb/smb2_negotiate_context.h b/libcli/smb/smb2_negotiate_context.h
index 645fb64a377..7c061e4457b 100644
--- a/libcli/smb/smb2_negotiate_context.h
+++ b/libcli/smb/smb2_negotiate_context.h
@@ -71,14 +71,17 @@ struct smb3_encryption_capabilities {
 struct smb311_capabilities {
 	struct smb3_signing_capabilities signing;
 	struct smb3_encryption_capabilities encryption;
+	bool smb_encryption_over_quic;
 };
 
 const char *smb3_signing_algorithm_name(uint16_t algo);
 const char *smb3_encryption_algorithm_name(uint16_t algo);
 
-struct smb311_capabilities smb311_capabilities_parse(const char *role,
-				const char * const *signing_algos,
-				const char * const *encryption_algos);
+struct smb311_capabilities smb311_capabilities_parse(
+	const char *role,
+	const char *const *signing_algos,
+	const char *const *encryption_algos,
+	bool smb_encryption_over_quic);
 
 NTSTATUS smb311_capabilities_check(const struct smb311_capabilities *c,
 				   const char *debug_prefix,
diff --git a/libcli/smb/util.c b/libcli/smb/util.c
index c42b21a6fb9..5e84e0c15c7 100644
--- a/libcli/smb/util.c
+++ b/libcli/smb/util.c
@@ -542,9 +542,11 @@ static int32_t parse_enum_val(const struct enum_list *e,
 	return ret;
 }
 
-struct smb311_capabilities smb311_capabilities_parse(const char *role,
-				const char * const *signing_algos,
-				const char * const *encryption_algos)
+struct smb311_capabilities smb311_capabilities_parse(
+	const char *role,
+	const char *const *signing_algos,
+	const char *const *encryption_algos,
+	bool smb_encryption_over_quic)
 {
 	struct smb311_capabilities c = {
 		.signing = {
@@ -553,6 +555,7 @@ struct smb311_capabilities smb311_capabilities_parse(const char *role,
 		.encryption = {
 			.num_algos = 0,
 		},
+		.smb_encryption_over_quic = smb_encryption_over_quic,
 	};
 	char sign_param[64] = { 0, };
 	char enc_param[64] = { 0, };
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 49cef9f8a49..40da6d227e5 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -78,9 +78,11 @@ struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
 	uint32_t smb1_capabilities = 0;
 	uint32_t smb2_capabilities = 0;
 	struct smb311_capabilities smb3_capabilities =
-		smb311_capabilities_parse("client",
+		smb311_capabilities_parse(
+			"client",
 			lp_client_smb3_signing_algorithms(),
-			lp_client_smb3_encryption_algorithms());
+			lp_client_smb3_encryption_algorithms(),
+			lp_client_smb_encryption_over_quic());
 	struct GUID client_guid;
 
 	if (!GUID_all_zero(&cli_state_client_guid)) {
diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index 7adf3ec1379..d8faec16d8c 100644
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -220,9 +220,11 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 	struct smb2_negotiate_context *in_transport_caps = NULL;
 	struct smb2_negotiate_contexts out_c = { .num_contexts = 0, };
 	const struct smb311_capabilities default_smb3_capabilities =
-		smb311_capabilities_parse("server",
+		smb311_capabilities_parse(
+			"server",
 			lp_server_smb3_signing_algorithms(),
-			lp_server_smb3_encryption_algorithms());
+			lp_server_smb3_encryption_algorithms(),
+			true);
 	DATA_BLOB out_negotiate_context_blob = data_blob_null;
 	uint32_t out_negotiate_context_offset = 0;
 	uint16_t out_negotiate_context_count = 0;
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index ad1da183f88..fc02a2f4714 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -61,9 +61,11 @@ void lpcfg_smbcli_options(struct loadparm_context *lp_ctx,
 		.max_credits = WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK,
 		.transports = smb_transports_parse("client smb transports",
 			lpcfg_client_smb_transports(lp_ctx)),
-		.smb3_capabilities = smb311_capabilities_parse("client",
+		.smb3_capabilities = smb311_capabilities_parse(
+			"client",
 			lpcfg_client_smb3_signing_algorithms(lp_ctx),
-			lpcfg_client_smb3_encryption_algorithms(lp_ctx)),
+			lpcfg_client_smb3_encryption_algorithms(lp_ctx),
+			lpcfg_client_smb_encryption_over_quic(lp_ctx)),
 	};
 }