auth/spnego: add an early return for a hard error in gensec_spnego_parse_negTokenInit()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 1e1fd873f699c99de32ec322cb99cd23b44e1daf..631e5b17413e8b53bd7a423d872bfd384fe4a7d2 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -320,6 +320,13 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
                        continue;
                }
 
+               if (GENSEC_UPDATE_IS_NTERROR(nt_status)) {
+                       DEBUG(1, ("SPNEGO(%s) NEG_TOKEN_INIT failed: %s\n",
+                                 spnego_state->sub_sec_security->ops->name,
+                                 nt_errstr(nt_status)));
+                       return nt_status;
+               }
+
                spnego_state->neg_oid = cur_sec->oid;
                break;
        }