As per Simo's comments in https://bugzilla.redhat.com/show_bug.cgi?id=
1279249
we need Samba to return the correct thing to the client when gss_accept_sec_context
returns a token along with an error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11592
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 12 01:44:08 CET 2015 on sn-devel-104
GSS_C_NO_BUFFER);
}
- status = NT_STATUS_LOGON_FAILURE;
- goto done;
+ /*
+ * If we got an output token, make Windows aware of it
+ * by telling it that more processing is needed
+ */
+ if (out_data.length > 0) {
+ status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ /* Fall through to handle the out token */
+ } else {
+ status = NT_STATUS_LOGON_FAILURE;
+ goto done;
+ }
}
/* we may be told to return nothing */