auth/spnego: skip gensec_update_ev() if sub_sec_ready is already true in gensec_spneg...

This matches the flow already used in the client case.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 8248787169eac160aaad6e654141afb8c36dc498..f46d46dbb05d32a28db0ca4890db3cff24252c7d 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1213,15 +1213,19 @@ static NTSTATUS gensec_spnego_update_server(struct gensec_security *gensec_secur
                        goto server_response;
                }
 
-               nt_status = gensec_update_ev(spnego_state->sub_sec_security,
-                                            out_mem_ctx, ev,
-                                            spnego.negTokenTarg.responseToken,
-                                            &unwrapped_out);
-               if (NT_STATUS_IS_OK(nt_status)) {
-                       spnego_state->sub_sec_ready = true;
-               }
-               if (!NT_STATUS_IS_OK(nt_status)) {
-                       goto server_response;
+               if (!spnego_state->sub_sec_ready) {
+                       nt_status = gensec_update_ev(spnego_state->sub_sec_security,
+                                                    out_mem_ctx, ev,
+                                                    spnego.negTokenTarg.responseToken,
+                                                    &unwrapped_out);
+                       if (NT_STATUS_IS_OK(nt_status)) {
+                               spnego_state->sub_sec_ready = true;
+                       }
+                       if (!NT_STATUS_IS_OK(nt_status)) {
+                               goto server_response;
+                       }
+               } else {
+                       nt_status = NT_STATUS_OK;
                }
 
                have_sign = gensec_have_feature(spnego_state->sub_sec_security,