libcli: SMB2: NetApps negotiate SMB3_11 but also set the SMB2_CAP_ENCRYPTION flag.

This is a SHOULD not, not a MUST not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <sfrench@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 14 14:48:20 CEST 2017 on sn-devel-144

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index d73949b90d70a69fb101ddfe6e5647d70712fc4a..54939546d0e8f785708989a854ace14691f97f8f 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4916,10 +4916,19 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq)
                return;
        }
 
+       /*
+        * Here we are now at SMB3_11, so encryption should be
+        * negotiated via context, not capabilities.
+        */
+
        if (conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION) {
-               tevent_req_nterror(req,
-                               NT_STATUS_INVALID_NETWORK_RESPONSE);
-               return;
+               /*
+                * Server set SMB2_CAP_ENCRYPTION capability,
+                * but *SHOULD* not, not *MUST* not. Just mask it off.
+                * NetApp seems to do this:
+                * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009
+                */
+               conn->smb2.server.capabilities &= ~SMB2_CAP_ENCRYPTION;
        }
 
        negotiate_context_offset = IVAL(body, 60);