From b713da052b69606c436ad5d8a4a095b8a3160e6d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 10 May 2017 17:12:14 +0200 Subject: [PATCH] auth/spnego: make sure a fatal error or the final success make the state as SPNEGO_DONE This means any further gensec_update() will fail with NT_STATUS_INVALID_PARAMETER. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/gensec/spnego.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index db791ce4ca8..aec4b5e47a7 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -1351,6 +1351,10 @@ static NTSTATUS gensec_spnego_update_out(struct gensec_security *gensec_security return spnego_state->out_status; } + /* + * We're completely done, further updates are not allowed. + */ + spnego_state->state_position = SPNEGO_DONE; return gensec_child_ready(gensec_security, spnego_state->sub_sec_security); } @@ -1424,6 +1428,10 @@ static NTSTATUS gensec_spnego_update_wrapper(struct gensec_security *gensec_secu } if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + /* + * A fatal error, further updates are not allowed. + */ + spnego_state->state_position = SPNEGO_DONE; return status; }