From c3baddf271b9d09819aff4ce05314f940c6f1e4d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 25 Nov 2013 14:08:38 +1300
Subject: [PATCH] auth: Pass though error from GENSEC sub-mechanism

This allows wrong-password or account-locked-out errors to be passed
though from Kerberos (gssapi).

Andrew Bartlett

Change-Id: I4bc11a1ad98dfbcc5a4ad9101cd843a7a59f0b59
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 auth/gensec/spnego.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 7e9dcaee70c..20cacdb9b45 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -705,7 +705,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
 	spnego_state->sub_sec_security = NULL;
 
 	DEBUG(1, ("Failed to setup SPNEGO negTokenInit request: %s\n", nt_errstr(nt_status)));
-	return NT_STATUS_INVALID_PARAMETER;
+	return nt_status;
 }
 
 
-- 
2.11.4.GIT