[evolution-ews/evolution-ews-3-12] Bug 703181 - Work around libsoup's failure to recover from NTLM auth failure

[David Woodhouse <dwmw2 src gnome org>]

commit c75a7a818e4448277932d69ee41cd1ad629f7207
Author: David Woodhouse <David Woodhouse intel com>
Date:   Tue Jul 22 16:13:38 2014 +0100

    Bug 703181 - Work around libsoup's failure to recover from NTLM auth failure
    
    Left to its own devices, libsoup will end up with NTLM authentication
    permanently in SOUP_NTLM_FAILED state, even if we give it a new password.
    
    Even without winbind/ntlm_auth in the picture, this was a problem. If a
    user mistyped their password once, it wouldn't be accepted on the second
    attempt even if they did get it right.
    
    With automatic NTLM authentication being attempted, this failed state was
    happening even more frequently. Hence the reversion of commit addcca8 when
    it was noticed (see bug 703181 comments 20-21).
    
    Proper fixes are going into libsoup, of course, but this serves to work
    around it for now by cancelling the message when we can't authenticate.
    
    (cherry picked from commit ba4f47aa266d5e36ad0077d575524330c8038402)

 src/server/e-ews-connection.c   |   16 ++++++++++++++--
 src/server/e-ews-notification.c |   15 ++++++++++++++-
 2 files changed, 28 insertions(+), 3 deletions(-)
---
diff --git a/src/server/e-ews-connection.c b/src/server/e-ews-connection.c
index 352855a..eedb5dd 100644
--- a/src/server/e-ews-connection.c
+++ b/src/server/e-ews-connection.c
@@ -1898,9 +1898,21 @@ ews_connection_authenticate (SoupSession *sess,
        user = camel_network_settings_dup_user (network_settings);
 
        password = e_ews_connection_dup_password (cnc);
-
-       if (password != NULL)
+       if (password != NULL) {
                soup_auth_authenticate (auth, user, password);
+       } else {
+               /* The NTLM implementation in libsoup doesn't cope very well
+                * with recovering from authentication failures (bug 703181).
+                * So cancel the message now while it's in-flight, and we'll
+                * get a shiny new connection for the next attempt. */
+               const char *scheme = soup_auth_get_scheme_name (auth);
+
+               if (!g_ascii_strcasecmp(scheme, "NTLM")) {
+                       soup_session_cancel_message(cnc->priv->soup_session,
+                                                   msg,
+                                                   SOUP_STATUS_UNAUTHORIZED);
+               }
+       }
 
        g_free (password);
        g_free (user);
diff --git a/src/server/e-ews-notification.c b/src/server/e-ews-notification.c
index d984d72..df6c43a 100644
--- a/src/server/e-ews-notification.c
+++ b/src/server/e-ews-notification.c
@@ -87,8 +87,21 @@ ews_notification_authenticate (SoupSession *session,
 
        password = e_ews_connection_dup_password (connection);
 
-       if (password != NULL)
+       if (password != NULL) {
                soup_auth_authenticate (auth, user, password);
+       } else {
+               /* The NTLM implementation in libsoup doesn't cope very well
+                * with recovering from authentication failures (bug 703181).
+                * So cancel the message now while it's in-flight, and we'll
+                * get a shiny new connection for the next attempt. */
+               const char *scheme = soup_auth_get_scheme_name (auth);
+
+               if (!g_ascii_strcasecmp(scheme, "NTLM")) {
+                       soup_session_cancel_message(notification->priv->soup_session,
+                                                   message,
+                                                   SOUP_STATUS_UNAUTHORIZED);
+               }
+       }
 
        g_free (password);
        g_free (user);