Control: tags -1 patch Hi Eric,
Could you please try the attached patch? The file that needs to be changed is `/usr/share/offlineimap/offlineimap/imapserver.py`. Thanks, -- Ilias
>From c30a5935aa5a61e0b586dd02d58613f02c3270cd Mon Sep 17 00:00:00 2001 From: Robbie Harwood <[email protected]> Date: Wed, 6 Jun 2018 15:39:14 -0400 Subject: [PATCH] Pass username through in GSSAPI connections Fix bug in GSSAPI auth where the username was not being negotiated. Signed-off-by: Robbie Harwood <[email protected]> --- offlineimap/imapserver.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py index 95c4d662..407886e1 100644 --- a/offlineimap/imapserver.py +++ b/offlineimap/imapserver.py @@ -280,7 +280,18 @@ def __gsshandler(self, token): # we'd be ready since krb5 always requests integrity and # confidentiality support. response = self.gss_vc.unwrap(token) - response = self.gss_vc.wrap(response.message, response.encrypted) + + # This is a behavior we got from pykerberos. First byte is one, + # first four bytes are preserved (pykerberos calls this a length). + # Any additional bytes are username. + reply = [] + reply[0:4] = response.message[0:4] + reply[0] = '\x01' + if self.username: + reply[5:] = self.username + reply = ''.join(reply) + + response = self.gss_vc.wrap(reply, response.encrypted) return response.message if response.message else "" except gssapi.exceptions.GSSError as err: # GSSAPI errored out on us; respond with None to cancel the
