From 97545873ebc2daf9c3daee914a90687625a08225 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher <metze@samba.org> Date: Thu, 12 Nov 2020 16:41:05 +0100 Subject: [PATCH] dcesrv_core: a failure from gensec_update results in NAK_REASON_INVALID_CHECKSUM We already report that for gensec_start_mech_by_authtype() failures, but we also need to do that for any invalid authentication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> --- librpc/rpc/dcesrv_core.c | 2 +- selftest/knownfail.d/dcerpc-auth-pad | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c index a562adfd218..8029ed5e472 100644 --- a/librpc/rpc/dcesrv_core.c +++ b/librpc/rpc/dcesrv_core.c @@ -1362,7 +1362,7 @@ static void dcesrv_bind_done(struct tevent_req *subreq) status = dcesrv_auth_complete(call, status); if (!NT_STATUS_IS_OK(status)) { - status = dcesrv_bind_nak(call, 0); + status = dcesrv_bind_nak(call, DCERPC_BIND_NAK_REASON_INVALID_CHECKSUM); dcesrv_conn_auth_wait_finished(conn, status); return; } diff --git a/selftest/knownfail.d/dcerpc-auth-pad b/selftest/knownfail.d/dcerpc-auth-pad index 29a7fcc48fd..b7c23427e22 100644 --- a/selftest/knownfail.d/dcerpc-auth-pad +++ b/selftest/knownfail.d/dcerpc-auth-pad @@ -11,5 +11,3 @@ ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_auth_tail_pad_spnego_auth3 ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_schannel_invalid_alter_no_padding.*chgdcpass ^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_schannel_invalid_alter_tail_padding.*chgdcpass -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_schannel_invalid_bind_no_padding.*chgdcpass -^samba.tests.dcerpc.raw_protocol.samba.tests.dcerpc.raw_protocol.TestDCERPC_BIND.test_schannel_invalid_bind_tail_padding.*chgdcpass