Re: [evolution-patches] Patch to fix bug #69611 Connector LDAP authtication using username domain

[Jeffrey Stedfast <fejj ximian com>]

it's better to attach the patch and check off the "Show inline" checkbox

that said, I'm not an addressbook dev so I can't review this.

Jeff

On Tue, 2004-11-30 at 22:46, John Morris wrote:
> oops,  Forgot set preformat mode. My patch got line-wrapped.  Here's another try.
> 
> --- ximian-connector-2.0.2/lib/e2k-global-catalog.c	2004-11-30 17:41:40.000000000 -0600
> +++ ximian-connector-2.0.2-fix/lib/e2k-global-catalog.c	2004-11-30 17:41:02.000000000 -0600
> @@ -242,6 +242,9 @@
>  	char *nonce, *default_domain;
>  	GByteArray *ba;
>  	struct berval ldap_buf;
> +	gchar **splitdomain;
> +	char *nt_name;
> +	char *nt_domain;
>  
>  	/* Create and send NTLM request */
>  	ba = xntlm_negotiate ();
> @@ -255,6 +258,20 @@
>  		return ldap_error;
>  	}
>  
> +	/* If user had to enter user domain instead of domain\user as username,
> +	 * extract user and domain so authentication will work.
> +	 */
> +	if (g_strrstr (gc->priv->user, "@")) {
> +		splitdomain = g_strsplit (gc->priv->user, "@", 2);
> +		nt_name = g_strdup (splitdomain[0]);
> +		nt_domain = g_strdup (splitdomain[1]);
> +		g_strfreev (splitdomain);
> +	}
> +	else {
> +		nt_name = g_strdup (gc->priv->user);
> +		nt_domain = gc->priv->nt_domain ? g_strdup (gc->priv->nt_domain) : default_domain;
> +	}
> +
>  	/* Extract challenge */
>  	ldap_error = gc_ldap_result (ldap, op, msgid, &msg);
>  	if (ldap_error != LDAP_SUCCESS) {
> @@ -279,8 +296,11 @@
>  	ber_memfree (ldap_buf.bv_val);
>  
>  	/* Create and send response */
> -	ba = xntlm_authenticate (nonce, gc->priv->nt_domain ? gc->priv->nt_domain : default_domain,
> -				 gc->priv->user, gc->priv->password, NULL);
> +	ba = xntlm_authenticate (nonce, nt_domain, nt_name, gc->priv->password, NULL);
> +	if (nt_domain != default_domain) {
> +		g_free (nt_domain);
> +	}
> +	g_free (nt_name);
>  	ldap_buf.bv_len = ba->len;
>  	ldap_buf.bv_val = ba->data;
>  	ldap_error = ldap_ntlm_bind (ldap, "NTLM", LDAP_AUTH_NTLM_RESPONSE,
> @@ -316,17 +336,35 @@
>  	int ldap_error;
>  #ifndef HAVE_LDAP_NTLM_BIND
>  	char *nt_name;
> +	char *nt_domain;
> +	gchar **splitdomain;
>  #endif
>  
>  	/* authenticate */
>  #ifdef HAVE_LDAP_NTLM_BIND
>  	ldap_error = ntlm_bind (gc, op, ldap);
>  #else
> -	nt_name = gc->priv->nt_domain ?
> -		g_strdup_printf ("%s\\%s", gc->priv->nt_domain, gc->priv->user) :
> -		g_strdup (gc->priv->user);
> +
> +	/* If user had to enter user domain instead of domain\user as username,
> +	 * extract user and domain so authentication will work.
> +	 */
> +	if (g_strrstr (gc->priv->user, "@")) {
> +		splitdomain = g_strsplit (gc->priv->user, "@", 2);
> +		nt_name = g_strdup (splitdomain[0]);
> +		nt_domain = g_strdup (splitdomain[1]);
> +		g_strfreev (splitdomain);
> +	}
> +	else {
> +		nt_name = g_strdup (gc->priv->user);
> +		nt_domain = g_strdup (gc->priv->nt_domain);
> +	}
> +
> +	nt_name = nt_domain ?
> +		g_strdup_printf ("%s\\%s", nt_domain, nt_name) :
> +		g_strdup (nt_name);
>  	ldap_error = ldap_simple_bind_s (ldap, nt_name, gc->priv->password);
>  	g_free (nt_name);
> +	g_free (nt_domain);
>  #endif
>  	if (ldap_error != LDAP_SUCCESS)
>  		g_warning ("LDAP authentication failed (0x%02x)", ldap_error);
> 
> 
> On Tue, 2004-11-30 at 18:20 -0600, John Morris wrote:
> > I've tested with NTLM-compiled connector on exchange 2003 server at
> > work.
> > 
> > This is my first patch submission so if I screw something up, please
> > forgive :)
> > 
> > John Morris
> > john austin homelinux net
> 
> _______________________________________________
> evolution-patches mailing list
> evolution-patches lists ximian com
> http://lists.ximian.com/mailman/listinfo/evolution-patches
>