diff options
| author | Stefan Metzmacher <metze@samba.org> | 2017-05-05 18:49:37 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2017-06-27 16:57:42 +0200 |
| commit | 295c9f7b322e6377d0df1b49cb26597d66e80eda (patch) | |
| tree | 59576ec9dd8a1186c020add230424ea11c301c1b | |
| parent | 94b9b6832c83137db10d04dbfec071a7df7b91c1 (diff) | |
| download | samba-295c9f7b322e6377d0df1b49cb26597d66e80eda.tar.gz | |
s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02"
A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).
Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.
We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
| -rw-r--r-- | selftest/knownfail.d/smb2_02-server-smb3-client | 3 | ||||
| -rw-r--r-- | source3/smbd/smb2_ioctl_network_fs.c | 17 |
2 files changed, 17 insertions, 3 deletions
diff --git a/selftest/knownfail.d/smb2_02-server-smb3-client b/selftest/knownfail.d/smb2_02-server-smb3-client deleted file mode 100644 index 68c800d0f13..00000000000 --- a/selftest/knownfail.d/smb2_02-server-smb3-client +++ /dev/null @@ -1,3 +0,0 @@ -^samba3.blackbox.smbclient_basic.SMB2_10.smbclient.*\(nt4_dc_schannel\) -^samba3.blackbox.smbclient_basic.SMB3_02.smbclient.*\(nt4_dc_schannel\) -^samba3.blackbox.smbclient_basic.SMB3_11.smbclient.*\(nt4_dc_schannel\) diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c index 7b496ef796f..016a0e4ee5e 100644 --- a/source3/smbd/smb2_ioctl_network_fs.c +++ b/source3/smbd/smb2_ioctl_network_fs.c @@ -580,6 +580,23 @@ static NTSTATUS fsctl_validate_neg_info(TALLOC_CTX *mem_ctx, NTSTATUS status; enum protocol_types protocol = PROTOCOL_NONE; + if (lp_server_max_protocol() <= PROTOCOL_SMB2_02) { + /* + * With SMB 2.02 we didn't get the + * capabitities, client guid, security mode + * and dialects the client would have offered. + * + * So we behave compatible with a true + * SMB 2.02 server and return NT_STATUS_FILE_CLOSED. + * + * As SMB >= 2.10 offers the two phase SMB2 Negotiate + * we keep supporting FSCTL_VALIDATE_NEGOTIATE_INFO + * starting with SMB 2.10, while Windows only supports + * it starting with SMB > 2.10. + */ + return NT_STATUS_FILE_CLOSED; + } + if (in_input->length < 0x18) { return NT_STATUS_INVALID_PARAMETER; } |