auth/spnego: invert the fallback logic in gensec_spnego_client_negTokenInit()

We should do the return first, that will simplify further changes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index f8ab11493f91588d1754c1f042875b3cfca0be1a..f16b39a2c70ff6b63fda73bd2684e4eda09b5d6a 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -470,19 +470,18 @@ static NTSTATUS gensec_spnego_client_negTokenInit(struct gensec_security *gensec
                           spnego_state->sub_sec_security->ops->name,
                           principal, next, nt_errstr(status)));
 
-               if (allow_fallback && next != NULL) {
+               if (next == NULL) {
                        /*
-                        * Pretend we never started it.
+                        * A hard error without a possible fallback.
                         */
-                       gensec_spnego_update_sub_abort(spnego_state);
-                       continue;
+                       TALLOC_FREE(frame);
+                       return status;
                }
 
                /*
-                * Hard error.
+                * Pretend we never started it.
                 */
-               TALLOC_FREE(frame);
-               return status;
+               gensec_spnego_update_sub_abort(spnego_state);
        }
 
        DBG_WARNING("Could not find a suitable mechtype in NEG_TOKEN_INIT\n");