Pass username through in GSSAPI connections
Fix bug in GSSAPI auth where the username was not being negotiated. Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/541 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Tested-by: Frank Lenormand <lenormf@gmail.com> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
		 Robbie Harwood
					Robbie Harwood
				
			
				
					committed by
					
						 Nicolas Sebrecht
						Nicolas Sebrecht
					
				
			
			
				
	
			
			
			 Nicolas Sebrecht
						Nicolas Sebrecht
					
				
			
						parent
						
							fc61c6fd30
						
					
				
				
					commit
					17cfb63db6
				
			| @@ -280,7 +280,18 @@ class IMAPServer(object): | ||||
|             # we'd be ready since krb5 always requests integrity and | ||||
|             # confidentiality support. | ||||
|             response = self.gss_vc.unwrap(token) | ||||
|             response = self.gss_vc.wrap(response.message, response.encrypted) | ||||
|  | ||||
|             # This is a behavior we got from pykerberos.  First byte is one, | ||||
|             # first four bytes are preserved (pykerberos calls this a length). | ||||
|             # Any additional bytes are username. | ||||
|             reply = [] | ||||
|             reply[0:4] = response.message[0:4] | ||||
|             reply[0] = '\x01' | ||||
|             if self.username: | ||||
|                 reply[5:] = self.username | ||||
|             reply = ''.join(reply) | ||||
|  | ||||
|             response = self.gss_vc.wrap(reply, response.encrypted) | ||||
|             return response.message if response.message else "" | ||||
|         except gssapi.exceptions.GSSError as err: | ||||
|             # GSSAPI errored out on us; respond with None to cancel the | ||||
|   | ||||
		Reference in New Issue
	
	Block a user