X-Git-Url: http://www.project-moonshot.org/gitweb/?p=openssh.git;a=blobdiff_plain;f=gss-serv.c;h=2a6bfbfb7bf0de491e0b584e4bdd49616ac712c6;hp=bb7743de3eb6d62b595e76fd8378ed326166d73a;hb=afca9d259be1d594e282f9a80714e4be12fea16e;hpb=991c385d7c6b1c8592b4057bf2e0708ddf9854e9

diff --git a/gss-serv.c b/gss-serv.c
index bb7743d..2a6bfbf 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -166,7 +166,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
 
 	if (ctx->client_creds)
 		debug("Received some client credentials");
-	else
+	else if (ctx->major == GSS_S_COMPLETE)
 		debug("Got no client credentials");
 
 	status = ctx->major;
@@ -335,19 +335,18 @@ ssh_gssapi_userok(char *user, struct passwd *pw)
 		debug("No suitable client data");
 		return 0;
 	}
-	if (!gss_userok(gssapi_client.name, user)) {
+
+	userok = gss_userok(gssapi_client.name, user);
+	if (userok) {
+		gssapi_client.used = 1;
+		gssapi_client.store.owner = pw;
+	} else {
 		/* Destroy delegated credentials if userok fails */
 		gss_release_buffer(&lmin, &gssapi_client.displayname);
 		gss_release_buffer(&lmin, &gssapi_client.exportedname);
 		gss_release_name(&lmin, &gssapi_client.name);
 		gss_release_cred(&lmin, &gssapi_client.creds);
 		memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
-		return 0;
-	}
-
-	if (userok) {
-		gssapi_client.used = 1;
-		gssapi_client.store.owner = pw;
 	}
 
 	return (userok);