On Fri, Sep 24, 2010 at 06:28:15AM -0400, simo wrote: > On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote: > > diff --git a/source3/rpc_server/dcesrv_spnego.c > > b/source3/rpc_server/dcesrv_spnego.c > > index 4686534..fb758e3 100644 > > --- a/source3/rpc_server/dcesrv_spnego.c > > +++ b/source3/rpc_server/dcesrv_spnego.c > > @@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX > > *mem_ctx, > > > > ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in, > > sp_ctx->oid_list, NULL, > > &token_in); > > - if (!ret) { > > + if (!ret || sp_ctx->oid_list[0] == NULL) { > > DEBUG(3, ("Invalid SPNEGO message\n")); > > status = NT_STATUS_INVALID_PARAMETER; > > goto done; > > Jeremy, not sure this is right. > In the dcerpc server I think w can easily cope with a missing OId by > sending a packet with the OIDs we support instead. > > (I looked only at this diff though, so I am not 100% confident). > > Is the test supposed to get back an error ?
Well it's not supposed to crash, which is what it did :-). Actually it didn't crash here, but in the sessionsetup code, but when I fixed that I fixed all places we use spnego_parse_negTokenInit(). In your new code here it wouldn't crash, but would fall back silently to NTLMSSP, but I decided that sending no OIDs was probably a client error, so telling them about it was the appropriate thing to do. Jeremy.