Control: tags -1 patch
Hi Eric,
Could you please try the attached patch? The file that needs to be
changed is `/usr/share/offlineimap/offlineimap/imapserver.py`.
Thanks,
--
Ilias
>From c30a5935aa5a61e0b586dd02d58613f02c3270cd Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharw...@redhat.com>
Date: Wed, 6 Jun 2018 15:39:14 -0400
Subject: [PATCH] Pass username through in GSSAPI connections
Fix bug in GSSAPI auth where the username was not being negotiated.
Signed-off-by: Robbie Harwood <rharw...@redhat.com>
---
offlineimap/imapserver.py | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py
index 95c4d662..407886e1 100644
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@@ -280,7 +280,18 @@ def __gsshandler(self, token):
# we'd be ready since krb5 always requests integrity and
# confidentiality support.
response = self.gss_vc.unwrap(token)
- response = self.gss_vc.wrap(response.message, response.encrypted)
+
+ # This is a behavior we got from pykerberos. First byte is one,
+ # first four bytes are preserved (pykerberos calls this a length).
+ # Any additional bytes are username.
+ reply = []
+ reply[0:4] = response.message[0:4]
+ reply[0] = '\x01'
+ if self.username:
+ reply[5:] = self.username
+ reply = ''.join(reply)
+
+ response = self.gss_vc.wrap(reply, response.encrypted)
return response.message if response.message else ""
except gssapi.exceptions.GSSError as err:
# GSSAPI errored out on us; respond with None to cancel the
