[evolution-ews] Leave Basic auth enabled when NTLM is configured

From: David Woodhouse <dwmw2 src gnome org>
To: commits-list gnome org
Cc:
Subject: [evolution-ews] Leave Basic auth enabled when NTLM is configured
Date: Thu, 24 Jul 2014 11:06:19 +0000 (UTC)

commit 2b586f551585e9db47ed6e8787892b5630b1c22e
Author: David Woodhouse <David Woodhouse intel com>
Date:   Thu Jul 24 11:58:39 2014 +0100

    Leave Basic auth enabled when NTLM is configured
    
    It turns out people were using the fallback from NTLM to Basic when the
    default configuration has NTLM enabled.
    
    It breaks our GSSAPI hacks though, so still disable it in that case.

 src/server/e-ews-connection.c   |    8 ++++++--
 src/server/e-ews-notification.c |    8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)
---
diff --git a/src/server/e-ews-connection.c b/src/server/e-ews-connection.c
index c41d91d..96757c5 100644
--- a/src/server/e-ews-connection.c
+++ b/src/server/e-ews-connection.c
@@ -1661,10 +1661,14 @@ ews_connection_constructor (GType gtype, guint n_properties,
        g_object_get (G_OBJECT (ews_settings), "auth-mechanism", &auth_mech,
                      NULL);
 
-       if (g_strcmp0 (auth_mech, "Basic") != 0)
+       /* We need to disable Basic auth to avoid it getting in the way of
+        * our GSSAPI hacks. But leave it enabled in the case where NTLM is
+        * enabled, which is the default configuration. It's a useful fallback
+        * which people may be relying on. */
+       if (g_strcmp0 (auth_mech, "GSSAPI") == 0)
                soup_session_remove_feature_by_type (cnc->priv->soup_session,
                                                     SOUP_TYPE_AUTH_BASIC);
-       if (!auth_mech) /* NTLM */
+       else if (g_strcmp0 (auth_mech, "PLAIN") != 0) /* NTLM */
                soup_session_add_feature_by_type (cnc->priv->soup_session,
                                                  SOUP_TYPE_AUTH_NTLM);
        g_free (auth_mech);
diff --git a/src/server/e-ews-notification.c b/src/server/e-ews-notification.c
index 0915b50..b4d0696 100644
--- a/src/server/e-ews-notification.c
+++ b/src/server/e-ews-notification.c
@@ -235,10 +235,14 @@ ews_notification_constructor (GType gtype, guint n_properties,
        g_object_get (G_OBJECT (ews_settings), "auth-mechanism", &auth_mech,
                      NULL);
 
-       if (g_strcmp0 (auth_mech, "Basic") != 0)
+       /* We need to disable Basic auth to avoid it getting in the way of
+        * our GSSAPI hacks. But leave it enabled in the case where NTLM is
+        * enabled, which is the default configuration. It's a useful fallback
+        * which people may be relying on. */
+       if (g_strcmp0 (auth_mech, "GSSAPI") == 0)
                soup_session_remove_feature_by_type (priv->soup_session,
                                                     SOUP_TYPE_AUTH_BASIC);
-       if (!auth_mech) /* NTLM */
+       else if (g_strcmp0 (auth_mech, "PLAIN") != 0) /* NTLM */
                soup_session_add_feature_by_type (priv->soup_session,
                                                  SOUP_TYPE_AUTH_NTLM);
        g_free (auth_mech);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]