From c7af8ecb766d3c34455eed93eef08ce88284097c Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Aug 03 2023 09:06:10 +0000
Subject: Minor optimization of ssh_krb5_kuserok


Resolves: rhbz#2112501

---

diff --git a/openssh-6.6p1-kuserok.patch b/openssh-6.6p1-kuserok.patch
index f3231f9..eaf4453 100644
--- a/openssh-6.6p1-kuserok.patch
+++ b/openssh-6.6p1-kuserok.patch
@@ -155,8 +155,8 @@ diff -up openssh-7.4p1/gss-serv-krb5.c.kuserok openssh-7.4p1/gss-serv-krb5.c
  	 * because if they are on a krb5-protected filesystem, user credentials
  	 * to access these files aren't available yet. */
 -	if (krb5_kuserok(krb_context, princ, name) && k5login_exists) {
-+	if (ssh_krb5_kuserok(krb_context, princ, name, k5login_exists)
-+			&& k5login_exists) {
++	if (k5login_exists &&
++	    ssh_krb5_kuserok(krb_context, princ, name, k5login_exists)) {
  		retval = 1;
  		logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
  		    name, (char *)client->displayname.value);
diff --git a/openssh.spec b/openssh.spec
index 251afbb..35999cb 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -745,6 +745,7 @@ test -f %{sysconfig_anaconda} && \
 - Split including crypto-policies to a separate config (rhbz#1970566)
 - Disable forking of ssh-agent on startup (rhbz#2148555)
 - Remove sshd.socket unit (rhbz#2025716)
+- Minor optimization of ssh_krb5_kuserok (rhbz#2112501)
 
 * Tue Aug 01 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.3p1-7
 - Relax checks of OpenSSL version