gss: fix gss_decapsulate_token() return codes

gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not
match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be
parsed for some other reason, rather than GSS_S_FAILURE in both cases

diff --git a/lib/gssapi/mech/gss_decapsulate_token.c b/lib/gssapi/mech/gss_decapsulate_token.c
index 3f2974e8ca5b78a65e3fa6fc9a23962e00204254..5d9eca0b14a46c85c7cf89637756c86701812c51 100644 (file)
--- a/lib/gssapi/mech/gss_decapsulate_token.c
+++ b/lib/gssapi/mech/gss_decapsulate_token.c
@@ -54,7 +54,7 @@ gss_decapsulate_token(gss_const_buffer_t input_token,
                                    &ct, NULL);
     if (ret) {
        der_free_oid(&o);
-       return GSS_S_FAILURE;
+       return GSS_S_DEFECTIVE_TOKEN;
     }
 
     if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) {
@@ -64,7 +64,7 @@ gss_decapsulate_token(gss_const_buffer_t input_token,
        der_free_oid(&ct.thisMech);
     } else {
        free_GSSAPIContextToken(&ct);
-       status = GSS_S_FAILURE;
+       status = GSS_S_BAD_MECH;
     }
     der_free_oid(&o);