> > -----Original Message----- > > From: linux-cifs-owner@xxxxxxxxxxxxxxx <linux-cifs-owner@xxxxxxxxxxxxxxx> > On > > Behalf Of Namjae Jeon > > Sent: Monday, January 21, 2019 4:47 PM > > To: smfrench@xxxxxxxxx; linux-cifs@xxxxxxxxxxxxxxx > > Cc: namjae.jeon@xxxxxxxxxxx; Namjae Jeon <linkinjeon@xxxxxxxxx> > > Subject: [PATCH] cifs: Accept validate negotiate if server return > > NT_STATUS_NOT_SUPPORTED > > > > Old windows version or Netapp SMB server will return > > NT_STATUS_NOT_SUPPORTED since they do not allow or implement > > FSCTL_VALIDATE_NEGOTIATE_INFO. The client should accept the response > > provided it's properly signed. > > The value of any error in the validate negotiate response is only important > if > it's STATUS_ACCESS DENIED. Any other signed error is acceptable, so your > test > shouldn't be so specific. > > The blog reference you point to is just a blog and it's almost 8 years old. > I recommend > you read the full spec: > > Sending validate negotiate (part of Tree Connect processing): > https://msdn.microsoft.com/en-us/library/cc246687.aspx > > Processing validate negotiate response: > https://msdn.microsoft.com/en-us/library/hh880630.aspx Okay, Thanks for sharing information. Acutally I had read it before. MS blog and samba confuse me, I wonder what is correct. I tested it with Windows 10 as well as samba client. They have been allowing connecting such servers which returning not support error about validate negotiate ioctl. > > Apparently this also applies to the libcli-smb2 component, based on the > Bugzilla? Yep, See --------------------------------->8------------------------------------------------------------- libcli/smb/smbXcli_base.c static void smb2cli_validate_negotiate_info_done(struct tevent_req *subreq) { ... if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { /* * The response was signed, but not supported * * This might be returned by older Windows versions or by * NetApp SMB server implementations. * * See * * https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/ * */ tevent_req_done(req); return; } if (tevent_req_nterror(req, status)) { return; } -------------------------------------------------------------------------------------------------------- Thanks! > > > > > > See > > https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure- > dialect-negotiation/ > > > > Samba client had already handled it. > > https://bugzilla.samba.org/attachment.cgi?id=13285&action=edit > > > > Signed-off-by: Namjae Jeon <linkinjeon@xxxxxxxxx> > > --- > > fs/cifs/smb2pdu.c | 10 ++++++++-- > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c > > index 0af87bd..c9e6def 100644 > > --- a/fs/cifs/smb2pdu.c > > +++ b/fs/cifs/smb2pdu.c > > @@ -986,8 +986,14 @@ int smb3_validate_negotiate(const unsigned int xid, > > struct cifs_tcon *tcon) > > rc = SMB2_ioctl(xid, tcon, NO_FILE_ID, NO_FILE_ID, > > FSCTL_VALIDATE_NEGOTIATE_INFO, true /* is_fsctl */, > > (char *)pneg_inbuf, inbuflen, (char **)&pneg_rsp, &rsplen); > > - > > - if (rc != 0) { > > + if (rc == -EOPNOTSUPP) { > > + /* > > + * Old Windows versions or Netapp SMB server can return > > + * not supported error. Client should accept it. > > + */ > > + cifs_dbg(VFS, "Accept validate negotiate: not supported > > error\n"); > > + return 0; > > + } else if (rc != 0) { > > cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc); > > rc = -EIO; > > goto out_free_inbuf; > > -- > > 2.7.0
