Re: [evolution-patches] Patch to fix bug #69611 Connector LDAP authtication using username domain

[John Morris <john austin homelinux net>]

oops,  Forgot set preformat mode. My patch got line-wrapped.  Here's another try.

--- ximian-connector-2.0.2/lib/e2k-global-catalog.c	2004-11-30 17:41:40.000000000 -0600
+++ ximian-connector-2.0.2-fix/lib/e2k-global-catalog.c	2004-11-30 17:41:02.000000000 -0600
@@ -242,6 +242,9 @@
 	char *nonce, *default_domain;
 	GByteArray *ba;
 	struct berval ldap_buf;
+	gchar **splitdomain;
+	char *nt_name;
+	char *nt_domain;
 
 	/* Create and send NTLM request */
 	ba = xntlm_negotiate ();
@@ -255,6 +258,20 @@
 		return ldap_error;
 	}
 
+	/* If user had to enter user domain instead of domain\user as username,
+	 * extract user and domain so authentication will work.
+	 */
+	if (g_strrstr (gc->priv->user, "@")) {
+		splitdomain = g_strsplit (gc->priv->user, "@", 2);
+		nt_name = g_strdup (splitdomain[0]);
+		nt_domain = g_strdup (splitdomain[1]);
+		g_strfreev (splitdomain);
+	}
+	else {
+		nt_name = g_strdup (gc->priv->user);
+		nt_domain = gc->priv->nt_domain ? g_strdup (gc->priv->nt_domain) : default_domain;
+	}
+
 	/* Extract challenge */
 	ldap_error = gc_ldap_result (ldap, op, msgid, &msg);
 	if (ldap_error != LDAP_SUCCESS) {
@@ -279,8 +296,11 @@
 	ber_memfree (ldap_buf.bv_val);
 
 	/* Create and send response */
-	ba = xntlm_authenticate (nonce, gc->priv->nt_domain ? gc->priv->nt_domain : default_domain,
-				 gc->priv->user, gc->priv->password, NULL);
+	ba = xntlm_authenticate (nonce, nt_domain, nt_name, gc->priv->password, NULL);
+	if (nt_domain != default_domain) {
+		g_free (nt_domain);
+	}
+	g_free (nt_name);
 	ldap_buf.bv_len = ba->len;
 	ldap_buf.bv_val = ba->data;
 	ldap_error = ldap_ntlm_bind (ldap, "NTLM", LDAP_AUTH_NTLM_RESPONSE,
@@ -316,17 +336,35 @@
 	int ldap_error;
 #ifndef HAVE_LDAP_NTLM_BIND
 	char *nt_name;
+	char *nt_domain;
+	gchar **splitdomain;
 #endif
 
 	/* authenticate */
 #ifdef HAVE_LDAP_NTLM_BIND
 	ldap_error = ntlm_bind (gc, op, ldap);
 #else
-	nt_name = gc->priv->nt_domain ?
-		g_strdup_printf ("%s\\%s", gc->priv->nt_domain, gc->priv->user) :
-		g_strdup (gc->priv->user);
+
+	/* If user had to enter user domain instead of domain\user as username,
+	 * extract user and domain so authentication will work.
+	 */
+	if (g_strrstr (gc->priv->user, "@")) {
+		splitdomain = g_strsplit (gc->priv->user, "@", 2);
+		nt_name = g_strdup (splitdomain[0]);
+		nt_domain = g_strdup (splitdomain[1]);
+		g_strfreev (splitdomain);
+	}
+	else {
+		nt_name = g_strdup (gc->priv->user);
+		nt_domain = g_strdup (gc->priv->nt_domain);
+	}
+
+	nt_name = nt_domain ?
+		g_strdup_printf ("%s\\%s", nt_domain, nt_name) :
+		g_strdup (nt_name);
 	ldap_error = ldap_simple_bind_s (ldap, nt_name, gc->priv->password);
 	g_free (nt_name);
+	g_free (nt_domain);
 #endif
 	if (ldap_error != LDAP_SUCCESS)
 		g_warning ("LDAP authentication failed (0x%02x)", ldap_error);


On Tue, 2004-11-30 at 18:20 -0600, John Morris wrote:
> I've tested with NTLM-compiled connector on exchange 2003 server at
> work.
> 
> This is my first patch submission so if I screw something up, please
> forgive :)
> 
> John Morris
> john austin homelinux net