libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_...

This can be returned from NetApp Ontap 7.3.7 SMB server
implementations. Now we have ensured smb2_signing_check_pdu()
cannot return NT_STATUS_INVALID_PARAMETER on a signing error
it's safe to check this error code here. Windows 10
clients ignore this error from the NetApp.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0abb5ca6b96c843909dea56d5594e334547ae90f)

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 0115cbbec1854400e39ceb45161780b6b80d12b9..e71f82456b2ee2c2036fcd04fe5848dacccd30d9 100644 (file)
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -5424,6 +5424,18 @@ static void smb2cli_validate_negotiate_info_done(struct tevent_req *subreq)
                                    &state->out_input_buffer,
                                    &state->out_output_buffer);
        TALLOC_FREE(subreq);
+
+       /*
+        * This response must be signed correctly for
+        * these "normal" error codes to be processed.
+        * If the packet wasn't signed correctly we will get
+        * NT_STATUS_ACCESS_DENIED or NT_STATUS_HMAC_NOT_SUPPORTED,
+        * or NT_STATUS_INVALID_NETWORK_RESPONSE
+        * from smb2_signing_check_pdu().
+        *
+        * We must never ignore the above errors here.
+        */
+
        if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_CLOSED)) {
                /*
                 * The response was signed, but not supported
@@ -5469,6 +5481,19 @@ static void smb2cli_validate_negotiate_info_done(struct tevent_req *subreq)
                tevent_req_done(req);
                return;
        }
+       if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+               /*
+                * The response was signed, but not supported
+                *
+                * This might be returned by NetApp Ontap 7.3.7 SMB server
+                * implementations.
+                *
+                * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
+                *
+                */
+               tevent_req_done(req);
+               return;
+       }
        if (tevent_req_nterror(req, status)) {
                return;
        }