Transport gssapi-keyex: set the gss_kex_used flag late

Set the flag gss_kex_used only after a gssapi-keyex has been successfully completed. This change prevents a wrong value in case of exceptions during the gssapi-keyex handshake.
author: Anselm Kruis <a.kruis@science-computing.de> 2017-08-01 15:45:32 +0200
committer: Anselm Kruis <a.kruis@science-computing.de> 2017-08-04 19:40:53 +0200
commit: a859ddabc1f83ed95516812e18e68ed392ca7a71 (patch)
tree: 190bca6fb33f4417176cad22ded31f2a398c7f24
parent: f1c677d0abeeb27971465b3affed11e70299515d (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/paramiko/kex_gss.py b/paramiko/kex_gss.py
index 3406babb..04906abd 100644
--- a/paramiko/kex_gss.py
+++ b/paramiko/kex_gss.py
@@ -83,7 +83,6 @@ class KexGSSGroup1(object):
         """
         Start the GSS-API / SSPI Authenticated Diffie-Hellman Key Exchange.
         """
-        self.transport.gss_kex_used = True
         self._generate_x()
         if self.transport.server_mode:
             # compute f = g^x mod p, but don't send it yet
@@ -216,6 +215,7 @@ class KexGSSGroup1(object):
         else:
             self.kexgss.ssh_check_mic(mic_token,
                                       self.transport.session_id)
+        self.transport.gss_kex_used = True
         self.transport._activate_outbound()
 
     def _parse_kexgss_init(self, m):
@@ -258,6 +258,7 @@ class KexGSSGroup1(object):
             else:
                 m.add_boolean(False)
             self.transport._send_message(m)
+            self.transport.gss_kex_used = True
             self.transport._activate_outbound()
         else:
             m.add_byte(c_MSG_KEXGSS_CONTINUE)
@@ -325,7 +326,6 @@ class KexGSSGex(object):
         """
         Start the GSS-API / SSPI Authenticated Diffie-Hellman Group Exchange
         """
-        self.transport.gss_kex_used = True
         if self.transport.server_mode:
             self.transport._expect_packet(MSG_KEXGSS_GROUPREQ)
             return
@@ -501,6 +501,7 @@ class KexGSSGex(object):
             else:
                 m.add_boolean(False)
             self.transport._send_message(m)
+            self.transport.gss_kex_used = True
             self.transport._activate_outbound()
         else:
             m.add_byte(c_MSG_KEXGSS_CONTINUE)
@@ -587,6 +588,7 @@ class KexGSSGex(object):
         else:
             self.kexgss.ssh_check_mic(mic_token,
                                       self.transport.session_id)
+        self.transport.gss_kex_used = True
         self.transport._activate_outbound()
 
     def _parse_kexgss_error(self, m):
diff --git a/paramiko/transport.py b/paramiko/transport.py
index bab23fa1..ffcf6f05 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -1992,6 +1992,7 @@ class Transport(threading.Thread, ClosingContextManager):
             self.clear_to_send.clear()
         finally:
             self.clear_to_send_lock.release()
+        self.gss_kex_used = False
         self.in_kex = True
         if self.server_mode:
             mp_required_prefix = 'diffie-hellman-group-exchange-sha'
author	Anselm Kruis <a.kruis@science-computing.de>	2017-08-01 15:45:32 +0200
committer	Anselm Kruis <a.kruis@science-computing.de>	2017-08-04 19:40:53 +0200
commit	a859ddabc1f83ed95516812e18e68ed392ca7a71 (patch)
tree	190bca6fb33f4417176cad22ded31f2a398c7f24
parent	f1c677d0abeeb27971465b3affed11e70299515d (diff)