On Fri, 2010-09-24 at 08:58 -0700, Jeremy Allison wrote: > On Fri, Sep 24, 2010 at 06:28:15AM -0400, simo wrote: > > On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote: > > > diff --git a/source3/rpc_server/dcesrv_spnego.c > > > b/source3/rpc_server/dcesrv_spnego.c > > > index 4686534..fb758e3 100644 > > > --- a/source3/rpc_server/dcesrv_spnego.c > > > +++ b/source3/rpc_server/dcesrv_spnego.c > > > @@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX > > > *mem_ctx, > > > > > > ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in, > > > sp_ctx->oid_list, NULL, > > > &token_in); > > > - if (!ret) { > > > + if (!ret || sp_ctx->oid_list[0] == NULL) { > > > DEBUG(3, ("Invalid SPNEGO message\n")); > > > status = NT_STATUS_INVALID_PARAMETER; > > > goto done; > > > > Jeremy, not sure this is right. > > In the dcerpc server I think w can easily cope with a missing OId by > > sending a packet with the OIDs we support instead. > > > > (I looked only at this diff though, so I am not 100% confident). > > > > Is the test supposed to get back an error ? > > Well it's not supposed to crash, which is what it did :-). > > Actually it didn't crash here, but in the sessionsetup code, > but when I fixed that I fixed all places we use spnego_parse_negTokenInit(). > > In your new code here it wouldn't crash, but would fall back > silently to NTLMSSP, but I decided that sending no OIDs > was probably a client error, so telling them about it was > the appropriate thing to do.
Do you know how windows behaves against the same test ? Simo. -- Simo Sorce Samba Team GPL Compliance Officer <s...@samba.org> Principal Software Engineer at Red Hat, Inc. <s...@redhat.com>