From bf14eb29dfb967b75385d261918f92f88a99fc3d Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 27 Dec 2019 20:31:45 +1100
Subject: [PATCH] gss: NTLM nsi_probe returns a krb5, not gss error

The nsi_probe() error code was treated as a GSS error code, rather than a krb5
error. Return a GSS error code, setting the krb5 error in minor_status.
---
 lib/gssapi/ntlm/acquire_cred.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/gssapi/ntlm/acquire_cred.c b/lib/gssapi/ntlm/acquire_cred.c
index f4e571e2e..79836d581 100644
--- a/lib/gssapi/ntlm/acquire_cred.c
+++ b/lib/gssapi/ntlm/acquire_cred.c
@@ -57,20 +57,23 @@ _gss_ntlm_acquire_cred_from(OM_uint32            *min_stat,
 	*time_rec = GSS_C_INDEFINITE;
 
     if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
+	int ret;
 
 	maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
 	if (maj_stat != GSS_S_COMPLETE)
 	    return maj_stat;
 
         domain = name != NULL ? name->domain : NULL;
-	maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
+	ret = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
 	{
 	    gss_ctx_id_t context = (gss_ctx_id_t)ctx;
 	    OM_uint32 junk;
 	    _gss_ntlm_delete_sec_context(&junk, &context, NULL);
 	}
-	if (maj_stat)
-	    return maj_stat;
+	if (ret) {
+	    *min_stat = ret;
+	    return GSS_S_NO_CRED;
+	}
     }
     if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) {
 	ntlm_cred cred;