nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 09:12:24 +00:00
Code Issues Projects Releases Wiki Activity

Reduce verbosity of 'GSS init sec context failed' message.

Browse Source 
Now we don't generate that message as a side effect of the periodic
check for new GSS credentials; we only generate it as part of the much
larger slew of messages that happen during a rekey.
This commit is contained in:
Simon Tatham 2018-05-01 18:54:04 +01:00
parent 839ed84e59
commit 0beb8b37a1
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ssh.c
View File

@ -746,7 +746,7 @@ static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
static void ssh2_timer(void *ctx, unsigned long now); static void ssh2_timer(void *ctx, unsigned long now);
static int ssh2_timer_update(Ssh ssh, unsigned long rekey_time); static int ssh2_timer_update(Ssh ssh, unsigned long rekey_time);
#ifndef NO_GSSAPI #ifndef NO_GSSAPI
static void ssh2_gss_update(Ssh ssh); static void ssh2_gss_update(Ssh ssh, int definitely_rekeying);
static struct Packet *ssh2_gss_authpacket(Ssh ssh, Ssh_gss_ctx gss_ctx, static struct Packet *ssh2_gss_authpacket(Ssh ssh, Ssh_gss_ctx gss_ctx,
const char *authtype); const char *authtype);
#endif #endif
@ -6609,7 +6609,7 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
* state is "fresh". * state is "fresh".
*/ */
if (!vin || strcmp(vin, GSS_UPDATE_REKEY_REASON) != 0) if (!vin || strcmp(vin, GSS_UPDATE_REKEY_REASON) != 0)
ssh2_gss_update(ssh); ssh2_gss_update(ssh, TRUE);
/* Do GSSAPI KEX when capable */ /* Do GSSAPI KEX when capable */
s->can_gssapi_keyex = ssh->gss_status & GSS_KEX_CAPABLE; s->can_gssapi_keyex = ssh->gss_status & GSS_KEX_CAPABLE;
@ -11888,7 +11888,7 @@ static struct Packet *ssh2_gss_authpacket(Ssh ssh, Ssh_gss_ctx gss_ctx,
* we use the expiration of a newly obtained context as a proxy for the * we use the expiration of a newly obtained context as a proxy for the
* expiration of the TGT. * expiration of the TGT.
*/ */
static void ssh2_gss_update(Ssh ssh) static void ssh2_gss_update(Ssh ssh, int definitely_rekeying)
{ {
int gss_stat; int gss_stat;
time_t gss_cred_expiry; time_t gss_cred_expiry;
@ -11954,8 +11954,17 @@ static void ssh2_gss_update(Ssh ssh)
if (gss_stat != SSH_GSS_OK && if (gss_stat != SSH_GSS_OK &&
gss_stat != SSH_GSS_S_CONTINUE_NEEDED) { gss_stat != SSH_GSS_S_CONTINUE_NEEDED) {
logeventf(ssh, "GSSAPI init sec context failed;" /*
" won't use GSS key exchange"); * No point in verbosely interrupting the user to tell them we
* couldn't get GSS credentials, if this was only a check
* between key exchanges to see if fresh ones were available.
* When we do do a rekey, this message (if displayed) will
* appear among the standard rekey blurb, but when we're not,
* it shouldn't pop up all the time regardless.
*/
if (definitely_rekeying)
logeventf(ssh, "No GSSAPI security context available");
return; return;
} }
@ -12079,7 +12088,7 @@ static void ssh2_timer(void *ctx, unsigned long now)
* this is unsafe. * this is unsafe.
*/ */
if (conf_get_int(ssh->conf, CONF_gssapirekey)) { if (conf_get_int(ssh->conf, CONF_gssapirekey)) {
ssh2_gss_update(ssh); ssh2_gss_update(ssh, FALSE);
if ((ssh->gss_status & GSS_KEX_CAPABLE) != 0 && if ((ssh->gss_status & GSS_KEX_CAPABLE) != 0 &&
(ssh->gss_status & GSS_CTXT_MAYFAIL) == 0 && (ssh->gss_status & GSS_CTXT_MAYFAIL) == 0 &&
(ssh->gss_status & (GSS_CRED_UPDATED|GSS_CTXT_EXPIRES)) != 0) { (ssh->gss_status & (GSS_CRED_UPDATED|GSS_CTXT_EXPIRES)) != 0) {