PIM
/
offlineimap
mirror of https://github.com/OfflineIMAP/offlineimap.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Pass username through in GSSAPI connections 

Fix bug in GSSAPI auth where the username was not being negotiated.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
Robbie Harwood 2018-06-06 15:39:14 -04:00
parent 88197a7e90
commit c30a5935aa
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
offlineimap/imapserver.py
View File

@ -280,7 +280,18 @@ class IMAPServer(object):
# we'd be ready since krb5 always requests integrity and
# confidentiality support.
response = self.gss_vc.unwrap(token)
response = self.gss_vc.wrap(response.message, response.encrypted)
# This is a behavior we got from pykerberos. First byte is one,
# first four bytes are preserved (pykerberos calls this a length).
# Any additional bytes are username.
reply = []
reply[0:4] = response.message[0:4]
reply[0] = '\x01'
if self.username:
reply[5:] = self.username
reply = ''.join(reply)
response = self.gss_vc.wrap(reply, response.encrypted)
return response.message if response.message else ""
except gssapi.exceptions.GSSError as err:
# GSSAPI errored out on us; respond with None to cancel the