Fix gssapi with multiple connections

Fix a gssapi issue where threads beyond the first would not
 be able to authenticate against the imap server. This is
 done by using the connection lock around the gssapi
 authentication code and resetting (and releasing) the
 kerberos state after success so that subsequent connections
 may make use of kerberos.

Signed-off-by: Scott Henson <sjh@foolishpride.org>
Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
This commit is contained in:
Scott Henson 2011-06-02 17:04:52 -04:00 committed by Nicolas Sebrecht
parent 962a36e14f
commit 41fad17125

View File

@ -219,6 +219,7 @@ class IMAPServer:
try: try:
# Try GSSAPI and continue if it fails # Try GSSAPI and continue if it fails
if 'AUTH=GSSAPI' in imapobj.capabilities and have_gss: if 'AUTH=GSSAPI' in imapobj.capabilities and have_gss:
self.connectionlock.acquire()
self.ui.debug('imap', self.ui.debug('imap',
'Attempting GSSAPI authentication') 'Attempting GSSAPI authentication')
try: try:
@ -229,8 +230,12 @@ class IMAPServer:
'GSSAPI Authentication failed') 'GSSAPI Authentication failed')
else: else:
self.gssapi = True self.gssapi = True
kerberos.authGSSClientClean(self.gss_vc)
self.gss_vc = None
self.gss_step = self.GSS_STATE_STEP
#if we do self.password = None then the next attempt cannot try... #if we do self.password = None then the next attempt cannot try...
#self.password = None #self.password = None
self.connectionlock.release()
if not self.gssapi: if not self.gssapi:
if 'AUTH=CRAM-MD5' in imapobj.capabilities: if 'AUTH=CRAM-MD5' in imapobj.capabilities: