[libsoup] Bug 703186 - fallback from automatic NTLM auth not working

From: David Woodhouse <dwmw2 src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsoup] Bug 703186 - fallback from automatic NTLM auth not working
Date: Fri, 13 Sep 2013 13:53:25 +0000 (UTC)

commit 2b9345730cd95ea9efb4e1b78d40574f6c316f96
Author: David Woodhouse <David Woodhouse intel com>
Date:   Thu Jun 27 22:57:09 2013 +0100

    Bug 703186 - fallback from automatic NTLM auth not working
    
    There were two issues. Firstly, when the automatic NTLM authentication
    failed we were setting conn->state to SOUP_NTLM_FAILED. So although we
    would emit the 'authenticate' signal and obtain a password, we'd never
    actually *try* it. We have the SOUP_NTLM_SSO_FAILED state for this, which
    makes it work.
    
    Secondly, the resulting 'authenticate' signal we being emitted with the
    'retrying' property set, even when it was the first time we actually asked
    for a password. This was confusing Evolution (bug 703181 comments 1-3).
    
    Fix the latter problem by making soup_auth_ntlm_is_connection_ready()
    return TRUE when the state is SOUP_NTLM_SSO_FAILED. That makes
    auth_got_headers() do the right thing, and Evolution is happy again.
    
    With this fixed, Evolution will now automatically try to connect to an
    Exchange server using automatic NTLM authentication, and will fall back
    to asking for a password only if it actually needs to.

 libsoup/soup-auth-ntlm.c |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index cff469f..19be692 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -298,8 +298,6 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
                return FALSE;
 
        if (conn->state > SOUP_NTLM_SENT_REQUEST) {
-               conn->state = SOUP_NTLM_FAILED;
-
                if (priv->password_state == SOUP_NTLM_PASSWORD_ACCEPTED) {
                        /* We know our password is correct, so a 401
                         * means "permission denied". Since the conn
@@ -307,11 +305,17 @@ soup_auth_ntlm_update_connection (SoupConnectionAuth *auth, SoupMessage *msg,
                         * is_ready() for this message, so this will
                         * cause a "retrying" authenticate signal.
                         */
+                       conn->state = SOUP_NTLM_FAILED;
                        return TRUE;
                }
 
-               /* Otherwise, we just have a bad password. */
-               priv->password_state = SOUP_NTLM_PASSWORD_REJECTED;
+               if (priv->sso_available) {
+                       conn->state = SOUP_NTLM_SSO_FAILED;
+                       priv->password_state = SOUP_NTLM_PASSWORD_NONE;
+               } else {
+                       conn->state = SOUP_NTLM_FAILED;
+                       priv->password_state = SOUP_NTLM_PASSWORD_REJECTED;
+               }
                return TRUE;
        }
 
@@ -433,7 +437,7 @@ soup_auth_ntlm_is_connection_ready (SoupConnectionAuth *auth,
        if (priv->password_state == SOUP_NTLM_PASSWORD_PROVIDED)
                return TRUE;
 
-       return conn->state != SOUP_NTLM_FAILED && conn->state != SOUP_NTLM_SSO_FAILED;
+       return conn->state != SOUP_NTLM_FAILED;
 }
 
 static void

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]