1 files changed, 10 insertions, 8 deletions
diff --git a/auth2-gss.c b/auth2-gss.c
index 1f12bb113..d6446c0cf 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -54,7 +54,7 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);
 static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh);
 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
-/* 
+/*
 * The 'gssapi_keyex' userauth mechanism.
 */
 static int
@@ -62,7 +62,7 @@ userauth_gsskeyex(struct ssh *ssh)
 {
        Authctxt *authctxt = ssh->authctxt;
        int r, authenticated = 0;
-        struct sshbuf *b;
+        struct sshbuf *b = NULL;
        gss_buffer_desc mic, gssbuf;
        u_char *p;
        size_t len;
@@ -70,8 +70,10 @@ userauth_gsskeyex(struct ssh *ssh)
        if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
            (r = sshpkt_get_end(ssh)) != 0)
                fatal("%s: %s", __func__, ssh_err(r));
        if ((b = sshbuf_new()) == NULL)
                fatal("%s: sshbuf_new failed", __func__);
        mic.value = p;
        mic.length = len;
@@ -83,11 +85,11 @@ userauth_gsskeyex(struct ssh *ssh)
        gssbuf.length = sshbuf_len(b);
        /* gss_kex_context is NULL with privsep, so we can't check it here */
-        if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, 
+        if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,
            &gssbuf, &mic))))
                authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
-                    authctxt->pw));
+                    authctxt->pw, 1));
-        
        sshbuf_free(b);
        free(mic.value);
@@ -301,7 +303,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
                fatal("%s: %s", __func__, ssh_err(r));
        authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
-            authctxt->pw));
+            authctxt->pw, 1));
        if ((!use_privsep || mm_is_monitor()) &&
            (displayname = ssh_gssapi_displayname()) != NULL)
@@ -347,8 +349,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
        gssbuf.length = sshbuf_len(b);
        if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
-                authenticated = 
+                authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
-                    PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw));
+                    authctxt->pw, 0));
        else
                logit("GSSAPI MIC check failed");

diff --git a/auth2-gss.c b/auth2-gss.c index 1f12bb113..d6446c0cf 100644 --- a/auth2-gss.c +++ b/auth2-gss.c
@@ -54,7 +54,7 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);
54	static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh);	54	static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh);
55	static int input_gssapi_errtok(int, u_int32_t, struct ssh *);	55	static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
56		56
57	/*	57	/*
58	* The 'gssapi_keyex' userauth mechanism.	58	* The 'gssapi_keyex' userauth mechanism.
59	*/	59	*/
60	static int	60	static int
@@ -62,7 +62,7 @@ userauth_gsskeyex(struct ssh *ssh)
62	{	62	{
63	Authctxt *authctxt = ssh->authctxt;	63	Authctxt *authctxt = ssh->authctxt;
64	int r, authenticated = 0;	64	int r, authenticated = 0;
65	struct sshbuf *b;	65	struct sshbuf *b = NULL;
66	gss_buffer_desc mic, gssbuf;	66	gss_buffer_desc mic, gssbuf;
67	u_char *p;	67	u_char *p;
68	size_t len;	68	size_t len;
@@ -70,8 +70,10 @@ userauth_gsskeyex(struct ssh *ssh)
70	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 \|\|	70	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 \|\|
71	(r = sshpkt_get_end(ssh)) != 0)	71	(r = sshpkt_get_end(ssh)) != 0)
72	fatal("%s: %s", __func__, ssh_err(r));	72	fatal("%s: %s", __func__, ssh_err(r));
		73
73	if ((b = sshbuf_new()) == NULL)	74	if ((b = sshbuf_new()) == NULL)
74	fatal("%s: sshbuf_new failed", __func__);	75	fatal("%s: sshbuf_new failed", __func__);
		76
75	mic.value = p;	77	mic.value = p;
76	mic.length = len;	78	mic.length = len;
77		79
@@ -83,11 +85,11 @@ userauth_gsskeyex(struct ssh *ssh)
83	gssbuf.length = sshbuf_len(b);	85	gssbuf.length = sshbuf_len(b);
84		86
85	/* gss_kex_context is NULL with privsep, so we can't check it here */	87	/* gss_kex_context is NULL with privsep, so we can't check it here */
86	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,	88	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,
87	&gssbuf, &mic))))	89	&gssbuf, &mic))))
88	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,	90	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
89	authctxt->pw));	91	authctxt->pw, 1));
90		92
91	sshbuf_free(b);	93	sshbuf_free(b);
92	free(mic.value);	94	free(mic.value);
93		95
@@ -301,7 +303,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
301	fatal("%s: %s", __func__, ssh_err(r));	303	fatal("%s: %s", __func__, ssh_err(r));
302		304
303	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,	305	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
304	authctxt->pw));	306	authctxt->pw, 1));
305		307
306	if ((!use_privsep \|\| mm_is_monitor()) &&	308	if ((!use_privsep \|\| mm_is_monitor()) &&
307	(displayname = ssh_gssapi_displayname()) != NULL)	309	(displayname = ssh_gssapi_displayname()) != NULL)
@@ -347,8 +349,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
347	gssbuf.length = sshbuf_len(b);	349	gssbuf.length = sshbuf_len(b);
348		350
349	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))	351	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
350	authenticated =	352	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
351	PRIVSEP(ssh_gssapi_userok(authctxt->user, authctxt->pw));	353	authctxt->pw, 0));
352	else	354	else
353	logit("GSSAPI MIC check failed");	355	logit("GSSAPI MIC check failed");
354		356