Don't check for the qop value at MIC verification

author: Sebastian Deiss <sdeiss@haw-landshut.de> 2014-06-11 12:22:45 +0200
committer: Anselm Kruis <a.kruis@science-computing.de> 2014-07-14 11:46:28 +0200
commit: de0d52851a9dc5b3b53fd52298f29c3d79db6910 (patch)
tree: 2b1eb187319933d84b844d0685c344f5559e9be1
parent: f17c2afbe0a98d5c2b80e5f16dbf47b9eb7370d0 (diff)
2 files changed, 13 insertions, 11 deletions
diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py
index cb06da2d..a77ace1b 100644
--- a/paramiko/auth_handler.py
+++ b/paramiko/auth_handler.py
@@ -515,9 +515,9 @@ class AuthHandler (object):
                     break
             mic_token = m.get_string()
             try:
-                retval = sshgss.ssh_check_mic(mic_token,
-                                              self.transport.session_id,
-                                              username)
+                sshgss.ssh_check_mic(mic_token,
+                                     self.transport.session_id,
+                                     username)
             except Exception:
                 result = AUTH_FAILED
                 self._send_auth_result(username, method, result)
@@ -541,9 +541,9 @@ class AuthHandler (object):
                 result = AUTH_FAILED
                 self._send_auth_result(username, method, result)
             try:
-                retval = sshgss.ssh_check_mic(mic_token,
-                                              self.transport.session_id,
-                                              self.auth_username)
+                sshgss.ssh_check_mic(mic_token,
+                                     self.transport.session_id,
+                                     self.auth_username)
             except Exception:
                 result = AUTH_FAILED
                 self._send_auth_result(username, method, result)
diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py
index 58a64a56..03c5dcc0 100644
--- a/paramiko/ssh_gss.py
+++ b/paramiko/ssh_gss.py
@@ -384,14 +384,16 @@ class _SSH_GSSAPI(_SSH_GSSAuth):
                                         self._username,
                                         self._service,
                                         self._auth_method)
-            mic_status = self._gss_srv_ctxt.verify_mic(mic_field,
-                                                       mic_token)
+            try:
+                self._gss_srv_ctxt.verify_mic(mic_field,
+                                              mic_token)
+            except gssapi.BadSignature:
+                raise Exception("GSS-API MIC check failed.")
         else:
             # for key exchange with gssapi-keyex
             # client mode
-            mic_status = self._gss_ctxt.verify_mic(self._session_id,
-                                                   mic_token)
-        return mic_status
+            self._gss_ctxt.verify_mic(self._session_id,
+                                      mic_token)
 
     @property
     def credentials_delegated(self):
author	Sebastian Deiss <sdeiss@haw-landshut.de>	2014-06-11 12:22:45 +0200
committer	Anselm Kruis <a.kruis@science-computing.de>	2014-07-14 11:46:28 +0200
commit	de0d52851a9dc5b3b53fd52298f29c3d79db6910 (patch)
tree	2b1eb187319933d84b844d0685c344f5559e9be1
parent	f17c2afbe0a98d5c2b80e5f16dbf47b9eb7370d0 (diff)