Fix gssapi with multiple connections

Fix a gssapi issue where threads beyond the first would not be able to authenticate against the imap server. This is done by using the connection lock around the gssapi authentication code and resetting (and releasing) the kerberos state after success so that subsequent connections may make use of kerberos. Signed-off-by: Scott Henson <sjh@foolishpride.org> Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2011-06-02 17:04:52 -04:00 · 2011-06-02 17:04:52 -04:00 · 41fad17125
commit 41fad17125
parent 962a36e14f
1 changed files with 5 additions and 0 deletions
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@ -219,6 +219,7 @@ class IMAPServer:
                    try:
                        # Try GSSAPI and continue if it fails
                        if 'AUTH=GSSAPI' in imapobj.capabilities and have_gss:
+                            self.connectionlock.acquire()
                            self.ui.debug('imap',
                                'Attempting GSSAPI authentication')
                            try:
@ -229,8 +230,12 @@ class IMAPServer:
                                    'GSSAPI Authentication failed')
                            else:
                                self.gssapi = True
+                                kerberos.authGSSClientClean(self.gss_vc)
+                                self.gss_vc = None
+                                self.gss_step = self.GSS_STATE_STEP
                                #if we do self.password = None then the next attempt cannot try...
                                #self.password = None
+                            self.connectionlock.release()

                        if not self.gssapi:
                            if 'AUTH=CRAM-MD5' in imapobj.capabilities: