From 7733f98f69106a8efdceed9603174cf335db700c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 9 Mar 2021 17:03:27 +0100
Subject: [PATCH] smb2_sesssetup: a bind dialect mismatch should always result
 in INVALID_PARAMETER

The ACCESS_DENIED errors happened as we didn't expected to signing
algo is attached to the session key. So our client calculated the
wrong signature.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 selftest/knownfail.d/smb2.session |  1 -
 source3/smbd/smb2_sesssetup.c     | 32 +++++++------------------------
 2 files changed, 7 insertions(+), 26 deletions(-)

diff --git a/selftest/knownfail.d/smb2.session b/selftest/knownfail.d/smb2.session
index dbb380cc435..02ce9c07ba5 100644
--- a/selftest/knownfail.d/smb2.session
+++ b/selftest/knownfail.d/smb2.session
@@ -1,4 +1,3 @@
-^samba3.smb2.session.*.bind_negative_smb2to3
 ^samba3.smb2.session.*.bind_negative_smb3encGtoC
 ^samba3.smb2.session.*.bind_different_user.ad_dc
 ^samba3.smb2.session.*.bind_invalid_auth.ad_member_idmap_rid
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index f10d33a6955..c431c534b60 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -716,6 +716,13 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 			return tevent_req_post(req, ev);
 		}
 
+		if (smb2req->session->global->connection_dialect
+		    != smb2req->xconn->smb2.server.dialect)
+		{
+			tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+			return tevent_req_post(req, ev);
+		}
+
 		status = smbXsrv_session_find_channel(smb2req->session,
 						      smb2req->xconn,
 						      &c);
@@ -727,31 +734,6 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
 			return tevent_req_post(req, ev);
 		}
 
-		/*
-		 * OLD: 3.00 NEW 3.02 => INVALID_PARAMETER
-		 * OLD: 3.02 NEW 3.00 => INVALID_PARAMETER
-		 * OLD: 2.10 NEW 3.02 => ACCESS_DENIED
-		 * OLD: 3.02 NEW 2.10 => ACCESS_DENIED
-		 */
-		if (smb2req->session->global->connection_dialect
-		    < SMB2_DIALECT_REVISION_222)
-		{
-			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
-			return tevent_req_post(req, ev);
-		}
-		if (smb2req->xconn->smb2.server.dialect
-		    < SMB2_DIALECT_REVISION_222)
-		{
-			tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
-			return tevent_req_post(req, ev);
-		}
-		if (smb2req->session->global->connection_dialect
-		    != smb2req->xconn->smb2.server.dialect)
-		{
-			tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
-			return tevent_req_post(req, ev);
-		}
-
 		seclvl = security_session_user_level(
 				smb2req->session->global->auth_session_info,
 				NULL);
-- 
2.47.3