auth/spnego: generate a valid packet if gensec_spnego_client_negTokenTarg() gives...

If we wait for the mechListMIC from the server we should send a valid paket
instead of an empty blob.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 22abad342b1b0d42e9d5898a5263a90305292195..5eb75ad47aab2d528991969da765def95aed347f 100644 (file)
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -829,10 +829,6 @@ static NTSTATUS gensec_spnego_client_negTokenTarg(struct gensec_security *gensec
                spnego_state->needs_mic_sign = false;
        }
 
-       if (spnego_state->needs_mic_check) {
-               status = NT_STATUS_MORE_PROCESSING_REQUIRED;
-       }
-
  client_response:
        if (GENSEC_UPDATE_IS_NTERROR(status)) {
                DBG_WARNING("SPNEGO(%s) login failed: %s\n",
@@ -856,8 +852,10 @@ static NTSTATUS gensec_spnego_client_negTokenTarg(struct gensec_security *gensec
                        return NT_STATUS_INVALID_PARAMETER;
                }
 
-               spnego_state->state_position = SPNEGO_DONE;
-               return status;
+               if (!spnego_state->needs_mic_check) {
+                       spnego_state->state_position = SPNEGO_DONE;
+                       return NT_STATUS_OK;
+               }
        }
 
        /* compose reply */