Don't try to load GSSAPI libs unless we'll use them.

A user reports that in a particular situation one of the calls to
LoadLibrary from wingss.c has unwanted side effects, and points out
that this happens even when the saved session has GSSAPI disabled. So
I've evaluated as much as possible of the condition under which we
check the results of GSS library loading, and deferred the library
loading itself until after that condition says we even care about the
results.

diff --git a/ssh.c b/ssh.c
index b654eb17e7d8c4bbd086461e40d8980779c8f39f..c945724df3f34a0023fcd4cf8098403f01a8cc7b 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -9358,11 +9358,20 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
                s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
                    in_commasep_string("keyboard-interactive", methods, methlen);
 #ifndef NO_GSSAPI
-               if (!ssh->gsslibs)
-                   ssh->gsslibs = ssh_gss_setup(ssh->conf);
-               s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
-                   in_commasep_string("gssapi-with-mic", methods, methlen) &&
-                   ssh->gsslibs->nlibraries > 0;
+                if (conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
+                   in_commasep_string("gssapi-with-mic", methods, methlen)) {
+                    /* Try loading the GSS libraries and see if we
+                     * have any. */
+                    if (!ssh->gsslibs)
+                        ssh->gsslibs = ssh_gss_setup(ssh->conf);
+                    s->can_gssapi = (ssh->gsslibs->nlibraries > 0);
+                } else {
+                    /* No point in even bothering to try to load the
+                     * GSS libraries, if the user configuration and
+                     * server aren't both prepared to attempt GSSAPI
+                     * auth in the first place. */
+                    s->can_gssapi = FALSE;
+                }
 #endif
            }