From 02b636c1310a934aeddf9c302aa95325c8dc4b1d Mon Sep 17 00:00:00 2001 From: Steve French Date: Mon, 11 Sep 2017 17:39:15 -0500 Subject: [PATCH] Connection to NetApp servers fails due to overly strict encryption flag check in SMB3.1.1 We can't connect to NetApp with Samba tools in 4.7 since we see that they return the CAP_ENCRYPTION on SMB3.1.1 (it is redundant to set it in 3.1.1 as a CAP since we have negotiate contexts, but it is not strictly illegal) Edgar's blog entry indicates that the CAP_ENCRYPTION is a "should not set" (not a "must not set") for 3.1.1 and the document implies that it is invalid but does not indicate whether it is mandatory. Remove the unneeded check for NetApp case. Signed-off-by: Steve French --- libcli/smb/smbXcli_base.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index d73949b..d409a8d 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -4916,12 +4916,6 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) return; } - if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) { - tevent_req_nterror(req, - NT_STATUS_INVALID_NETWORK_RESPONSE); - return; - } - negotiate_context_offset = IVAL(body, 60); if (negotiate_context_offset < security_offset) { tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); -- 2.7.4