auth/spnego: do basic state_position checking in gensec_spnego_update_in()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 20:15:05 CEST 2017 on sn-devel-144

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index bb2aa70a4d8c290590204bb42dbc487aab07cfca..964f44f166250ccc4d564e863137c894a1212855 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -1383,14 +1383,9 @@ static struct tevent_req *gensec_spnego_update_send(TALLOC_CTX *mem_ctx,
                                                     &spnego_state->out_frag);
                break;
 
-       case SPNEGO_DONE:
-               /* We should not be called after we are 'done' */
-               tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
-               return tevent_req_post(req, ev);
-
        default:
-               tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
-               return tevent_req_post(req, ev);
+               smb_panic(__location__);
+               return NULL;
        }
 
        if (NT_STATUS_IS_OK(status)) {
@@ -1434,6 +1429,23 @@ static NTSTATUS gensec_spnego_update_in(struct gensec_security *gensec_security,
 
        *full_in = data_blob_null;
 
+       switch (spnego_state->state_position) {
+       case SPNEGO_FALLBACK:
+               *full_in = in;
+               spnego_state->in_needed = 0;
+               return NT_STATUS_OK;
+
+       case SPNEGO_CLIENT_START:
+       case SPNEGO_CLIENT_TARG:
+       case SPNEGO_SERVER_START:
+       case SPNEGO_SERVER_TARG:
+               break;
+
+       case SPNEGO_DONE:
+       default:
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
        if (spnego_state->in_needed == 0) {
                size_t size = 0;
                int ret;