From f17c2afbe0a98d5c2b80e5f16dbf47b9eb7370d0 Mon Sep 17 00:00:00 2001
From: Sebastian Deiss <sdeiss@haw-landshut.de>
Date: Wed, 11 Jun 2014 12:19:55 +0200
Subject: Use python-gssapi 0.6.1

---
 README | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README b/README
index 94aa3a9c..ceb3598a 100644
--- a/README
+++ b/README
@@ -79,7 +79,7 @@ If you want paramiko to do kerberos authentication or key exchange using GSS-API
 need the following python packages:
 
 - pyasn1 0.1.7 or better
-- python-gssapi 0.4.0 or better (Unix)
+- python-gssapi 0.6.1 or better (Unix)
 - pywin32 2.1.8 or better (Windows)
 
 So you have to install pyasn1 and python-gssapi on Unix or pywin32 on Windows.
-- 
cgit v1.2.3


From de0d52851a9dc5b3b53fd52298f29c3d79db6910 Mon Sep 17 00:00:00 2001
From: Sebastian Deiss <sdeiss@haw-landshut.de>
Date: Wed, 11 Jun 2014 12:22:45 +0200
Subject: Don't check for the qop value at MIC verification

---
 paramiko/auth_handler.py | 12 ++++++------
 paramiko/ssh_gss.py      | 12 +++++++-----
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py
index cb06da2d..a77ace1b 100644
--- a/paramiko/auth_handler.py
+++ b/paramiko/auth_handler.py
@@ -515,9 +515,9 @@ class AuthHandler (object):
                     break
             mic_token = m.get_string()
             try:
-                retval = sshgss.ssh_check_mic(mic_token,
-                                              self.transport.session_id,
-                                              username)
+                sshgss.ssh_check_mic(mic_token,
+                                     self.transport.session_id,
+                                     username)
             except Exception:
                 result = AUTH_FAILED
                 self._send_auth_result(username, method, result)
@@ -541,9 +541,9 @@ class AuthHandler (object):
                 result = AUTH_FAILED
                 self._send_auth_result(username, method, result)
             try:
-                retval = sshgss.ssh_check_mic(mic_token,
-                                              self.transport.session_id,
-                                              self.auth_username)
+                sshgss.ssh_check_mic(mic_token,
+                                     self.transport.session_id,
+                                     self.auth_username)
             except Exception:
                 result = AUTH_FAILED
                 self._send_auth_result(username, method, result)
diff --git a/paramiko/ssh_gss.py b/paramiko/ssh_gss.py
index 58a64a56..03c5dcc0 100644
--- a/paramiko/ssh_gss.py
+++ b/paramiko/ssh_gss.py
@@ -384,14 +384,16 @@ class _SSH_GSSAPI(_SSH_GSSAuth):
                                         self._username,
                                         self._service,
                                         self._auth_method)
-            mic_status = self._gss_srv_ctxt.verify_mic(mic_field,
-                                                       mic_token)
+            try:
+                self._gss_srv_ctxt.verify_mic(mic_field,
+                                              mic_token)
+            except gssapi.BadSignature:
+                raise Exception("GSS-API MIC check failed.")
         else:
             # for key exchange with gssapi-keyex
             # client mode
-            mic_status = self._gss_ctxt.verify_mic(self._session_id,
-                                                   mic_token)
-        return mic_status
+            self._gss_ctxt.verify_mic(self._session_id,
+                                      mic_token)
 
     @property
     def credentials_delegated(self):
-- 
cgit v1.2.3