On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote: > diff --git a/source3/rpc_server/dcesrv_spnego.c > b/source3/rpc_server/dcesrv_spnego.c > index 4686534..fb758e3 100644 > --- a/source3/rpc_server/dcesrv_spnego.c > +++ b/source3/rpc_server/dcesrv_spnego.c > @@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX > *mem_ctx, > > ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in, > sp_ctx->oid_list, NULL, > &token_in); > - if (!ret) { > + if (!ret || sp_ctx->oid_list[0] == NULL) { > DEBUG(3, ("Invalid SPNEGO message\n")); > status = NT_STATUS_INVALID_PARAMETER; > goto done;
Jeremy, not sure this is right. In the dcerpc server I think w can easily cope with a missing OId by sending a packet with the OIDs we support instead. (I looked only at this diff though, so I am not 100% confident). Is the test supposed to get back an error ? Simo. -- Simo Sorce Samba Team GPL Compliance Officer <s...@samba.org> Principal Software Engineer at Red Hat, Inc. <s...@redhat.com>