[evolution-ews] Ask for password after NTLM/SSO authentication failure



commit 3aaf1b644ff7188962e883f40564d362f853b570
Author: Milan Crha <mcrha redhat com>
Date:   Wed Apr 20 22:38:21 2016 +0200

    Ask for password after NTLM/SSO authentication failure
    
    Similar to libsoup, also evolution-ews checks /usr/bin/ntlm_auth
    whether a password is required, while this test "fails" and it
    looks like the password is never needed. Even the connection fails
    later, the code didn't try to ask for the password, but it should.

 src/addressbook/e-book-backend-ews.c               |    7 +++++++
 src/calendar/e-cal-backend-ews.c                   |    5 +++++
 src/collection/e-ews-backend.c                     |    5 +++++
 src/configuration/e-ews-config-utils.c             |   10 ++++++++--
 src/configuration/e-mail-config-ews-autodiscover.c |   12 ++++++++++--
 src/server/e-ews-connection-utils.c                |   10 ++++++++++
 src/server/e-ews-connection-utils.h                |    2 ++
 7 files changed, 47 insertions(+), 4 deletions(-)
---
diff --git a/src/addressbook/e-book-backend-ews.c b/src/addressbook/e-book-backend-ews.c
index 7a635ee..61880d8 100644
--- a/src/addressbook/e-book-backend-ews.c
+++ b/src/addressbook/e-book-backend-ews.c
@@ -4202,6 +4202,13 @@ e_book_backend_ews_authenticate_sync (EBackend *backend,
        } else {
                ews_backend->priv->is_writable = FALSE;
                e_backend_set_online (backend, FALSE);
+
+               if (e_ews_connection_utils_get_without_password (ews_settings) &&
+                          result == E_SOURCE_AUTHENTICATION_REJECTED &&
+                          !e_named_parameters_exists (credentials, E_SOURCE_CREDENTIAL_PASSWORD)) {
+                       e_ews_connection_utils_force_off_ntlm_auth_check ();
+                       result = E_SOURCE_AUTHENTICATION_REQUIRED;
+               }
        }
 
        e_book_backend_set_writable (E_BOOK_BACKEND (backend), ews_backend->priv->is_writable);
diff --git a/src/calendar/e-cal-backend-ews.c b/src/calendar/e-cal-backend-ews.c
index c46dfcd..02ba9cc 100644
--- a/src/calendar/e-cal-backend-ews.c
+++ b/src/calendar/e-cal-backend-ews.c
@@ -4414,6 +4414,11 @@ e_cal_backend_ews_authenticate_sync (EBackend *backend,
 
                ews_start_sync (cal_backend);
                cbews_listen_notifications_cb (cal_backend, NULL, ews_settings);
+       } else if (e_ews_connection_utils_get_without_password (ews_settings) &&
+                  result == E_SOURCE_AUTHENTICATION_REJECTED &&
+                  !e_named_parameters_exists (credentials, E_SOURCE_CREDENTIAL_PASSWORD)) {
+               e_ews_connection_utils_force_off_ntlm_auth_check ();
+               result = E_SOURCE_AUTHENTICATION_REQUIRED;
        }
 
        g_object_unref (connection);
diff --git a/src/collection/e-ews-backend.c b/src/collection/e-ews-backend.c
index d09acd9..07ab145 100644
--- a/src/collection/e-ews-backend.c
+++ b/src/collection/e-ews-backend.c
@@ -1045,6 +1045,11 @@ ews_backend_authenticate_sync (EBackend *backend,
                e_collection_backend_authenticate_children (E_COLLECTION_BACKEND (backend), credentials);
 
                e_ews_backend_sync_folders (ews_backend, NULL, ews_backend_folders_synced_cb, NULL);
+       } else if (e_ews_connection_utils_get_without_password (ews_settings) &&
+                  result == E_SOURCE_AUTHENTICATION_REJECTED &&
+                  !e_named_parameters_exists (credentials, E_SOURCE_CREDENTIAL_PASSWORD)) {
+               e_ews_connection_utils_force_off_ntlm_auth_check ();
+               result = E_SOURCE_AUTHENTICATION_REQUIRED;
        }
 
        return result;
diff --git a/src/configuration/e-ews-config-utils.c b/src/configuration/e-ews-config-utils.c
index c6bcc7e..604a9be 100644
--- a/src/configuration/e-ews-config-utils.c
+++ b/src/configuration/e-ews-config-utils.c
@@ -383,12 +383,18 @@ e_ews_config_utils_open_connection_for (ESource *source,
 
                        if (result != E_SOURCE_AUTHENTICATION_ACCEPTED) {
                                g_clear_object (&conn);
-                               break;
+                               if (result != E_SOURCE_AUTHENTICATION_REJECTED || local_error)
+                                       break;
                        }
-               } else {
+               }
+
+               if (!conn) {
                        EShell *shell;
                        TryCredentialsData data;
 
+                       e_ews_connection_utils_force_off_ntlm_auth_check ();
+                       g_clear_error (&local_error);
+
                        shell = e_shell_get_default ();
 
                        data.ews_settings = g_object_ref (ews_settings);
diff --git a/src/configuration/e-mail-config-ews-autodiscover.c 
b/src/configuration/e-mail-config-ews-autodiscover.c
index f32db35..ef9d8ab 100644
--- a/src/configuration/e-mail-config-ews-autodiscover.c
+++ b/src/configuration/e-mail-config-ews-autodiscover.c
@@ -169,13 +169,21 @@ mail_config_ews_autodiscover_run_thread (GTask *task,
        gboolean success = FALSE;
 
        if (!g_cancellable_set_error_if_cancelled (cancellable, &local_error) && !local_error) {
-               if (e_ews_connection_utils_get_without_password (async_context->ews_settings)) {
+               gboolean without_password;
+
+               without_password = e_ews_connection_utils_get_without_password (async_context->ews_settings);
+               if (without_password) {
                        success = e_ews_autodiscover_ws_url_sync (
                                async_context->ews_settings, async_context->email_address, "",
                                cancellable, &local_error);
-               } else {
+               }
+
+               if (!without_password || g_error_matches (local_error, SOUP_HTTP_ERROR, 
SOUP_STATUS_UNAUTHORIZED)) {
                        EShell *shell;
 
+                       e_ews_connection_utils_force_off_ntlm_auth_check ();
+                       g_clear_error (&local_error);
+
                        shell = e_shell_get_default ();
 
                        success = e_credentials_prompter_loop_prompt_sync (e_shell_get_credentials_prompter 
(shell),
diff --git a/src/server/e-ews-connection-utils.c b/src/server/e-ews-connection-utils.c
index 7bff7b7..a9180b9 100644
--- a/src/server/e-ews-connection-utils.c
+++ b/src/server/e-ews-connection-utils.c
@@ -67,6 +67,8 @@ e_ews_connection_utils_check_element (const gchar *function_name,
        return TRUE;
 }
 
+static gboolean force_off_ntlm_auth_check = FALSE;
+
 static gboolean
 ews_connect_check_ntlm_available (void)
 {
@@ -80,6 +82,9 @@ ews_connect_check_ntlm_available (void)
        gchar *command;
        gint ret;
 
+       if (force_off_ntlm_auth_check)
+               return FALSE;
+
        /* We are attempting to predict what libsoup will do. */
        helper = g_getenv ("SOUP_NTLM_AUTH_DEBUG");
        if (!helper)
@@ -145,6 +150,11 @@ ews_connect_check_ntlm_available (void)
 #endif
 }
 
+void
+e_ews_connection_utils_force_off_ntlm_auth_check (void)
+{
+       force_off_ntlm_auth_check = TRUE;
+}
 
 /* Should we bother to attempt a connection without a password? Remember,
  * this is *purely* an optimisation to avoid that extra round-trip if we
diff --git a/src/server/e-ews-connection-utils.h b/src/server/e-ews-connection-utils.h
index 3de7d13..71ad8d3 100644
--- a/src/server/e-ews-connection-utils.h
+++ b/src/server/e-ews-connection-utils.h
@@ -32,6 +32,8 @@ gboolean      e_ews_connection_utils_check_element    (const gchar *function_name,
                                                         const gchar *element_name,
                                                         const gchar *expected_name);
 
+void           e_ews_connection_utils_force_off_ntlm_auth_check
+                                                       (void);
 gboolean       e_ews_connection_utils_get_without_password
                                                        (CamelEwsSettings *ews_settings);
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]