libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore BUFFER_TOO_SMALL

Windows doesn't complain about invalid av_pair blobs,
we need to do the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 468374699f7c02c1b29b7714fbf3906e384d42a8..ce7c32279b90d67b5e2f278d1cde86134c0302ad 100644 (file)
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -682,11 +682,27 @@ NTSTATUS NTLMv2_RESPONSE_verify_netlogon_creds(const char *account_name,
        if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
                NTSTATUS status;
                status = ndr_map_error2ntstatus(err);
-               DEBUG(2,("Failed to parse NTLMv2_RESPONSE "
-                        "length %u - %s - %s\n",
-                        (unsigned)response.length,
-                        ndr_map_error2string(err),
-                        nt_errstr(status)));
+               if (NT_STATUS_EQUAL(status, NT_STATUS_BUFFER_TOO_SMALL)) {
+                       /*
+                        * We are supposed to ignore invalid buffers,
+                        * see https://bugzilla.samba.org/show_bug.cgi?id=14932
+                        */
+                       status = NT_STATUS_OK;
+               }
+               DEBUG(2,("%s: Failed to parse NTLMv2_RESPONSE length=%u "
+                       "for user[%s\\%s] against SEC_CHAN(%u)[%s/%s] "
+                       "in workgroup[%s] - %s %s %s\n",
+                       __func__,
+                       (unsigned)response.length,
+                       account_domain,
+                       account_name,
+                       creds->secure_channel_type,
+                       creds->computer_name,
+                       creds->account_name,
+                       workgroup,
+                       ndr_map_error2string(err),
+                       NT_STATUS_IS_OK(status) ? "(ignoring) =>" : "=>",
+                       nt_errstr(status)));
                dump_data(2, response.data, response.length);
                TALLOC_FREE(frame);
                return status;

diff --git a/selftest/knownfail.d/rpc.schannel b/selftest/knownfail.d/rpc.schannel
deleted file mode 100644 (file)
index f0be92f..0000000
--- a/selftest/knownfail.d/rpc.schannel
+++ /dev/null
@@ -1,14 +0,0 @@
-^samba3.rpc.schannel.schannel.nt4_dc
-^samba3.rpc.schannel.schannel.ad_dc
-^samba4.rpc.schannel.on.ncalrpc.with.seal,padcheck.schannel.ad_dc_default:local
-^samba4.rpc.schannel.on.ncacn_np.with.seal,padcheck.schannel.ad_dc_default
-^samba4.rpc.schannel.on.ncacn_ip_tcp.with.seal,padcheck.schannel.ad_dc_default
-^samba4.rpc.schannel.on.ncalrpc.with.validate.schannel.ad_dc_default:local
-^samba4.rpc.schannel.on.ncacn_np.with.validate.schannel.ad_dc_default
-^samba4.rpc.schannel.on.ncacn_ip_tcp.with.validate.schannel.ad_dc_default
-^samba4.rpc.schannel.on.ncalrpc.with.bigendian.schannel.ad_dc_default:local
-^samba4.rpc.schannel.on.ncacn_np.with.bigendian.schannel.ad_dc_default
-^samba4.rpc.schannel.on.ncacn_ip_tcp.with.bigendian.schannel.ad_dc_default
-^samba4.rpc.schannel.with.seal,padcheck.schannel.ad_dc
-^samba4.rpc.schannel.with.validate.schannel.ad_dc
-^samba4.rpc.schannel.with.bigendian.schannel.ad_dc