[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Sep 24 09:58:21 MDT 2010


On Fri, Sep 24, 2010 at 06:28:15AM -0400, simo wrote:
> On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote:
> > diff --git a/source3/rpc_server/dcesrv_spnego.c
> > b/source3/rpc_server/dcesrv_spnego.c
> > index 4686534..fb758e3 100644
> > --- a/source3/rpc_server/dcesrv_spnego.c
> > +++ b/source3/rpc_server/dcesrv_spnego.c
> > @@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX
> > *mem_ctx,
> >  
> >         ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in,
> >                                         sp_ctx->oid_list, NULL,
> > &token_in);
> > -       if (!ret) {
> > +       if (!ret || sp_ctx->oid_list[0] == NULL) {
> >                 DEBUG(3, ("Invalid SPNEGO message\n"));
> >                 status = NT_STATUS_INVALID_PARAMETER;
> >                 goto done; 
> 
> Jeremy, not sure this is right.
> In the dcerpc server I think w can easily cope with a missing OId by
> sending a packet with the OIDs we support instead.
> 
> (I looked only at this diff though, so I am not 100% confident).
> 
> Is the test supposed to get back an error ?

Well it's not supposed to crash, which is what it did :-).

Actually it didn't crash here, but in the sessionsetup code,
but when I fixed that I fixed all places we use spnego_parse_negTokenInit().

In your new code here it wouldn't crash, but would fall back
silently to NTLMSSP, but I decided that sending no OIDs
was probably a client error, so telling them about it was
the appropriate thing to do.

Jeremy.


More information about the samba-technical mailing list