Fix gssapi with multiple connections
Fix a gssapi issue where threads beyond the first would not be able to authenticate against the imap server. This is done by using the connection lock around the gssapi authentication code and resetting (and releasing) the kerberos state after success so that subsequent connections may make use of kerberos. Signed-off-by: Scott Henson <sjh@foolishpride.org> Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
parent
962a36e14f
commit
41fad17125
@ -219,6 +219,7 @@ class IMAPServer:
|
|||||||
try:
|
try:
|
||||||
# Try GSSAPI and continue if it fails
|
# Try GSSAPI and continue if it fails
|
||||||
if 'AUTH=GSSAPI' in imapobj.capabilities and have_gss:
|
if 'AUTH=GSSAPI' in imapobj.capabilities and have_gss:
|
||||||
|
self.connectionlock.acquire()
|
||||||
self.ui.debug('imap',
|
self.ui.debug('imap',
|
||||||
'Attempting GSSAPI authentication')
|
'Attempting GSSAPI authentication')
|
||||||
try:
|
try:
|
||||||
@ -229,8 +230,12 @@ class IMAPServer:
|
|||||||
'GSSAPI Authentication failed')
|
'GSSAPI Authentication failed')
|
||||||
else:
|
else:
|
||||||
self.gssapi = True
|
self.gssapi = True
|
||||||
|
kerberos.authGSSClientClean(self.gss_vc)
|
||||||
|
self.gss_vc = None
|
||||||
|
self.gss_step = self.GSS_STATE_STEP
|
||||||
#if we do self.password = None then the next attempt cannot try...
|
#if we do self.password = None then the next attempt cannot try...
|
||||||
#self.password = None
|
#self.password = None
|
||||||
|
self.connectionlock.release()
|
||||||
|
|
||||||
if not self.gssapi:
|
if not self.gssapi:
|
||||||
if 'AUTH=CRAM-MD5' in imapobj.capabilities:
|
if 'AUTH=CRAM-MD5' in imapobj.capabilities:
|
||||||
|
Loading…
Reference in New Issue
Block a user