[SCM] Samba Shared Repository - branch master updated
simo
idra at samba.org
Fri Sep 24 10:36:37 MDT 2010
On Fri, 2010-09-24 at 08:58 -0700, Jeremy Allison wrote:
> On Fri, Sep 24, 2010 at 06:28:15AM -0400, simo wrote:
> > On Fri, 2010-09-24 at 06:44 +0200, Jeremy Allison wrote:
> > > diff --git a/source3/rpc_server/dcesrv_spnego.c
> > > b/source3/rpc_server/dcesrv_spnego.c
> > > index 4686534..fb758e3 100644
> > > --- a/source3/rpc_server/dcesrv_spnego.c
> > > +++ b/source3/rpc_server/dcesrv_spnego.c
> > > @@ -230,7 +230,7 @@ NTSTATUS spnego_server_auth_start(TALLOC_CTX
> > > *mem_ctx,
> > >
> > > ret = spnego_parse_negTokenInit(sp_ctx, *spnego_in,
> > > sp_ctx->oid_list, NULL,
> > > &token_in);
> > > - if (!ret) {
> > > + if (!ret || sp_ctx->oid_list[0] == NULL) {
> > > DEBUG(3, ("Invalid SPNEGO message\n"));
> > > status = NT_STATUS_INVALID_PARAMETER;
> > > goto done;
> >
> > Jeremy, not sure this is right.
> > In the dcerpc server I think w can easily cope with a missing OId by
> > sending a packet with the OIDs we support instead.
> >
> > (I looked only at this diff though, so I am not 100% confident).
> >
> > Is the test supposed to get back an error ?
>
> Well it's not supposed to crash, which is what it did :-).
>
> Actually it didn't crash here, but in the sessionsetup code,
> but when I fixed that I fixed all places we use spnego_parse_negTokenInit().
>
> In your new code here it wouldn't crash, but would fall back
> silently to NTLMSSP, but I decided that sending no OIDs
> was probably a client error, so telling them about it was
> the appropriate thing to do.
Do you know how windows behaves against the same test ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list