The branch, master has been updated
via f0a90a1 libcli: SMB2: NetApps negotiate SMB3_11 but also set the
SMB2_CAP_ENCRYPTION flag.
from 1b6aa39 vfs_streams_xattr: Fix segfault when running with log level
10
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f0a90a1287a8f4c4114919a32afaff52e3c69a9b
Author: Jeremy Allison <[email protected]>
Date: Mon Sep 11 16:36:47 2017 -0700
libcli: SMB2: NetApps negotiate SMB3_11 but also set the
SMB2_CAP_ENCRYPTION flag.
This is a SHOULD not, not a MUST not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Steve French <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Thu Sep 14 14:48:20 CEST 2017 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
libcli/smb/smbXcli_base.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index d73949b..5493954 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4916,10 +4916,19 @@ static void smbXcli_negprot_smb2_done(struct tevent_req
*subreq)
return;
}
+ /*
+ * Here we are now at SMB3_11, so encryption should be
+ * negotiated via context, not capabilities.
+ */
+
if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) {
- tevent_req_nterror(req,
- NT_STATUS_INVALID_NETWORK_RESPONSE);
- return;
+ /*
+ * Server set SMB2_CAP_ENCRYPTION capability,
+ * but *SHOULD* not, not *MUST* not. Just mask it off.
+ * NetApp seems to do this:
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009
+ */
+ conn->smb2.server.capabilities &= ~SMB2_CAP_ENCRYPTION;
}
negotiate_context_offset = IVAL(body, 60);
--
Samba Shared Repository
