smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184

diff --git a/selftest/knownfail.d/smb2.session b/selftest/knownfail.d/smb2.session
deleted file mode 100644 (file)
index 35ef1d7..0000000
--- a/selftest/knownfail.d/smb2.session
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smb2.session.*.bind_negative_smb3encGtoC

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 38b0ccd4a72ffe427f990fbe82078453f65b147e..09c9924a53586a247f84203f668239b6784d59ab 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -723,6 +723,20 @@ static struct tevent_req *smbd_smb2_session_setup_send(TALLOC_CTX *mem_ctx,
                        return tevent_req_post(req, ev);
                }
 
+               if (smb2req->session->global->signing_algo
+                   != smb2req->xconn->smb2.server.sign_algo)
+               {
+                       tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                       return tevent_req_post(req, ev);
+               }
+
+               if (smb2req->session->global->encryption_cipher
+                   != smb2req->xconn->smb2.server.cipher)
+               {
+                       tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                       return tevent_req_post(req, ev);
+               }
+
                status = smbXsrv_session_find_channel(smb2req->session,
                                                      smb2req->xconn,
                                                      &c);