Pass username through in GSSAPI connections
Fix bug in GSSAPI auth where the username was not being negotiated. Github-ref: https://github.com/OfflineIMAP/offlineimap/issues/541 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Tested-by: Frank Lenormand <lenormf@gmail.com> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
parent
fc61c6fd30
commit
17cfb63db6
@ -280,7 +280,18 @@ class IMAPServer(object):
|
|||||||
# we'd be ready since krb5 always requests integrity and
|
# we'd be ready since krb5 always requests integrity and
|
||||||
# confidentiality support.
|
# confidentiality support.
|
||||||
response = self.gss_vc.unwrap(token)
|
response = self.gss_vc.unwrap(token)
|
||||||
response = self.gss_vc.wrap(response.message, response.encrypted)
|
|
||||||
|
# This is a behavior we got from pykerberos. First byte is one,
|
||||||
|
# first four bytes are preserved (pykerberos calls this a length).
|
||||||
|
# Any additional bytes are username.
|
||||||
|
reply = []
|
||||||
|
reply[0:4] = response.message[0:4]
|
||||||
|
reply[0] = '\x01'
|
||||||
|
if self.username:
|
||||||
|
reply[5:] = self.username
|
||||||
|
reply = ''.join(reply)
|
||||||
|
|
||||||
|
response = self.gss_vc.wrap(reply, response.encrypted)
|
||||||
return response.message if response.message else ""
|
return response.message if response.message else ""
|
||||||
except gssapi.exceptions.GSSError as err:
|
except gssapi.exceptions.GSSError as err:
|
||||||
# GSSAPI errored out on us; respond with None to cancel the
|
# GSSAPI errored out on us; respond with None to cancel the
|
||||||
|
Loading…
Reference in New Issue
Block a user