Make error reporting somewhat more correct for SPNEGO.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22569 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/gssapi/spnego/accept_sec_context.c

@@ -540,7 +540,7 @@ acceptor_start
 	    gss_cred_id_t *delegated_cred_handle
 	   )
 {
-    OM_uint32 ret, junk, minor;
+    OM_uint32 ret, junk;
     NegotiationToken nt;
     size_t nt_len;
     NegTokenInit *ni;
@@ -633,12 +633,12 @@ acceptor_start
 	    mech_cred = GSS_C_NO_CREDENTIAL;
 	
 	if (ctx->mech_src_name != GSS_C_NO_NAME)
-	    gss_release_name(&minor, &ctx->mech_src_name);
+	    gss_release_name(&junk, &ctx->mech_src_name);
 	
 	if (ctx->delegated_cred_id != GSS_C_NO_CREDENTIAL)
-	    _gss_spnego_release_cred(&minor, &ctx->delegated_cred_id);
+	    _gss_spnego_release_cred(&junk, &ctx->delegated_cred_id);
 	
-	ret = gss_accept_sec_context(&minor,
+	ret = gss_accept_sec_context(minor_status,
 				     &ctx->negotiated_ctx_id,
 				     mech_cred,
 				     mech_input_token,
@@ -656,7 +656,7 @@ acceptor_start
 		ctx->open = 1;
 
 	    if (mech_delegated_cred && delegated_cred_handle)
-		ret = _gss_spnego_alloc_cred(minor_status,
+		ret = _gss_spnego_alloc_cred(&junk,
 					     mech_delegated_cred,
 					     delegated_cred_handle);
 	    else
@@ -681,7 +681,9 @@ acceptor_start
      * If opportunistic token failed, lets try the other mechs.
      */
 
-    if (!first_ok) {
+    if (!first_ok && ni->mechToken != NULL) {
+
+	preferred_mech_type = GSS_C_NO_OID;
 
 	/* Call glue layer to find first mech we support */
 	for (i = 1; i < ni->mechTypes.len; ++i) {
@@ -695,7 +697,7 @@ acceptor_start
 	if (preferred_mech_type == GSS_C_NO_OID) {
 	    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 	    free_NegotiationToken(&nt);
-	    return GSS_S_BAD_MECH;
+	    return ret;
 	}
 
 	ctx->preferred_mech_type = preferred_mech_type;
@@ -717,7 +719,7 @@ acceptor_start
     
 out:
     if (mech_output_token.value != NULL)
-	gss_release_buffer(&minor, &mech_output_token);
+	gss_release_buffer(&junk, &mech_output_token);
     if (mech_buf.value != NULL) {
 	free(mech_buf.value);
 	mech_buf.value = NULL;
@@ -754,7 +756,7 @@ out:
  	return ret;
     }
 
-    _gss_spnego_internal_delete_sec_context(&minor, context_handle,
+    _gss_spnego_internal_delete_sec_context(&junk, context_handle,
 					    GSS_C_NO_BUFFER);
     
     return ret;