u_int len;
char *doid = NULL;
+ /* authctxt->valid may be 0 if we haven't yet determined
+ username from gssapi context. */
+
if (authctxt->user == NULL)
return (0);
packet_check_eom();
- if (authctxt->valid && strcmp(authctxt->user, "") != 0) {
+ /* user should be set if valid but we double-check here */
+ if (authctxt->valid && authctxt->user && authctxt->user[0]) {
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
} else {
authenticated = 0;
gssbuf.length = buffer_len(&b);
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
- if (authctxt->valid && strcmp(authctxt->user, "") != 0) {
+ if (authctxt->valid && authctxt->user && authctxt->user[0]) {
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
} else {
authenticated = 0;