Bjørn Lie 2016-04-22 17:35:23 +00:00 committed by Git OBS Bridge
parent 0c305ec300
commit e960a5f429
3 changed files with 182 additions and 0 deletions

View File

@ -0,0 +1,173 @@
From 47d23285f08ceb47a092ba6ff1816a4a3f3ac508 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Wed, 20 Apr 2016 22:38:21 +0200
Subject: Ask for password after NTLM/SSO authentication failure
Similar to libsoup, also evolution-ews checks /usr/bin/ntlm_auth
whether a password is required, while this test "fails" and it
looks like the password is never needed. Even the connection fails
later, the code didn't try to ask for the password, but it should.
---
src/addressbook/e-book-backend-ews.c | 7 +++++++
src/calendar/e-cal-backend-ews.c | 5 +++++
src/collection/e-ews-backend.c | 5 +++++
src/configuration/e-ews-config-utils.c | 10 ++++++++--
src/configuration/e-mail-config-ews-autodiscover.c | 12 ++++++++++--
src/server/e-ews-connection-utils.c | 10 ++++++++++
src/server/e-ews-connection-utils.h | 2 ++
7 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/src/addressbook/e-book-backend-ews.c b/src/addressbook/e-book-backend-ews.c
index 7a635ee..61880d8 100644
--- a/src/addressbook/e-book-backend-ews.c
+++ b/src/addressbook/e-book-backend-ews.c
@@ -4202,6 +4202,13 @@ e_book_backend_ews_authenticate_sync (EBackend *backend,
} else {
ews_backend->priv->is_writable = FALSE;
e_backend_set_online (backend, FALSE);
+
+ if (e_ews_connection_utils_get_without_password (ews_settings) &&
+ result == E_SOURCE_AUTHENTICATION_REJECTED &&
+ !e_named_parameters_exists (credentials, E_SOURCE_CREDENTIAL_PASSWORD)) {
+ e_ews_connection_utils_force_off_ntlm_auth_check ();
+ result = E_SOURCE_AUTHENTICATION_REQUIRED;
+ }
}
e_book_backend_set_writable (E_BOOK_BACKEND (backend), ews_backend->priv->is_writable);
diff --git a/src/calendar/e-cal-backend-ews.c b/src/calendar/e-cal-backend-ews.c
index c46dfcd..02ba9cc 100644
--- a/src/calendar/e-cal-backend-ews.c
+++ b/src/calendar/e-cal-backend-ews.c
@@ -4414,6 +4414,11 @@ e_cal_backend_ews_authenticate_sync (EBackend *backend,
ews_start_sync (cal_backend);
cbews_listen_notifications_cb (cal_backend, NULL, ews_settings);
+ } else if (e_ews_connection_utils_get_without_password (ews_settings) &&
+ result == E_SOURCE_AUTHENTICATION_REJECTED &&
+ !e_named_parameters_exists (credentials, E_SOURCE_CREDENTIAL_PASSWORD)) {
+ e_ews_connection_utils_force_off_ntlm_auth_check ();
+ result = E_SOURCE_AUTHENTICATION_REQUIRED;
}
g_object_unref (connection);
diff --git a/src/collection/e-ews-backend.c b/src/collection/e-ews-backend.c
index d09acd9..07ab145 100644
--- a/src/collection/e-ews-backend.c
+++ b/src/collection/e-ews-backend.c
@@ -1045,6 +1045,11 @@ ews_backend_authenticate_sync (EBackend *backend,
e_collection_backend_authenticate_children (E_COLLECTION_BACKEND (backend), credentials);
e_ews_backend_sync_folders (ews_backend, NULL, ews_backend_folders_synced_cb, NULL);
+ } else if (e_ews_connection_utils_get_without_password (ews_settings) &&
+ result == E_SOURCE_AUTHENTICATION_REJECTED &&
+ !e_named_parameters_exists (credentials, E_SOURCE_CREDENTIAL_PASSWORD)) {
+ e_ews_connection_utils_force_off_ntlm_auth_check ();
+ result = E_SOURCE_AUTHENTICATION_REQUIRED;
}
return result;
diff --git a/src/configuration/e-ews-config-utils.c b/src/configuration/e-ews-config-utils.c
index c6bcc7e..604a9be 100644
--- a/src/configuration/e-ews-config-utils.c
+++ b/src/configuration/e-ews-config-utils.c
@@ -383,12 +383,18 @@ e_ews_config_utils_open_connection_for (ESource *source,
if (result != E_SOURCE_AUTHENTICATION_ACCEPTED) {
g_clear_object (&conn);
- break;
+ if (result != E_SOURCE_AUTHENTICATION_REJECTED || local_error)
+ break;
}
- } else {
+ }
+
+ if (!conn) {
EShell *shell;
TryCredentialsData data;
+ e_ews_connection_utils_force_off_ntlm_auth_check ();
+ g_clear_error (&local_error);
+
shell = e_shell_get_default ();
data.ews_settings = g_object_ref (ews_settings);
diff --git a/src/configuration/e-mail-config-ews-autodiscover.c b/src/configuration/e-mail-config-ews-autodiscover.c
index f32db35..ef9d8ab 100644
--- a/src/configuration/e-mail-config-ews-autodiscover.c
+++ b/src/configuration/e-mail-config-ews-autodiscover.c
@@ -169,13 +169,21 @@ mail_config_ews_autodiscover_run_thread (GTask *task,
gboolean success = FALSE;
if (!g_cancellable_set_error_if_cancelled (cancellable, &local_error) && !local_error) {
- if (e_ews_connection_utils_get_without_password (async_context->ews_settings)) {
+ gboolean without_password;
+
+ without_password = e_ews_connection_utils_get_without_password (async_context->ews_settings);
+ if (without_password) {
success = e_ews_autodiscover_ws_url_sync (
async_context->ews_settings, async_context->email_address, "",
cancellable, &local_error);
- } else {
+ }
+
+ if (!without_password || g_error_matches (local_error, SOUP_HTTP_ERROR, SOUP_STATUS_UNAUTHORIZED)) {
EShell *shell;
+ e_ews_connection_utils_force_off_ntlm_auth_check ();
+ g_clear_error (&local_error);
+
shell = e_shell_get_default ();
success = e_credentials_prompter_loop_prompt_sync (e_shell_get_credentials_prompter (shell),
diff --git a/src/server/e-ews-connection-utils.c b/src/server/e-ews-connection-utils.c
index 7bff7b7..a9180b9 100644
--- a/src/server/e-ews-connection-utils.c
+++ b/src/server/e-ews-connection-utils.c
@@ -67,6 +67,8 @@ e_ews_connection_utils_check_element (const gchar *function_name,
return TRUE;
}
+static gboolean force_off_ntlm_auth_check = FALSE;
+
static gboolean
ews_connect_check_ntlm_available (void)
{
@@ -80,6 +82,9 @@ ews_connect_check_ntlm_available (void)
gchar *command;
gint ret;
+ if (force_off_ntlm_auth_check)
+ return FALSE;
+
/* We are attempting to predict what libsoup will do. */
helper = g_getenv ("SOUP_NTLM_AUTH_DEBUG");
if (!helper)
@@ -145,6 +150,11 @@ ews_connect_check_ntlm_available (void)
#endif
}
+void
+e_ews_connection_utils_force_off_ntlm_auth_check (void)
+{
+ force_off_ntlm_auth_check = TRUE;
+}
/* Should we bother to attempt a connection without a password? Remember,
* this is *purely* an optimisation to avoid that extra round-trip if we
diff --git a/src/server/e-ews-connection-utils.h b/src/server/e-ews-connection-utils.h
index 3de7d13..71ad8d3 100644
--- a/src/server/e-ews-connection-utils.h
+++ b/src/server/e-ews-connection-utils.h
@@ -32,6 +32,8 @@ gboolean e_ews_connection_utils_check_element (const gchar *function_name,
const gchar *element_name,
const gchar *expected_name);
+void e_ews_connection_utils_force_off_ntlm_auth_check
+ (void);
gboolean e_ews_connection_utils_get_without_password
(CamelEwsSettings *ews_settings);
--
cgit v0.12

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Apr 22 17:22:16 UTC 2016 - zaitor@opensuse.org
- Add evolution-ews-ntlm-auth-test-failure.patch: Fix NTLM auth
failure with latest samba. Fixes boo#976110, bgo#765106.
-------------------------------------------------------------------
Mon Apr 11 18:30:13 UTC 2016 - zaitor@opensuse.org

View File

@ -26,6 +26,8 @@ License: LGPL-2.1
Group: Productivity/Networking/Email/Clients
Url: http://projects.gnome.org/evolution/
Source: http://download.gnome.org/sources/evolution-ews/3.20/%{name}-%{version}.tar.xz
# PATCH-FIX-UPSTREAM evolution-ews-ntlm-auth-test-failure.patch boo#976110 bgo#765106 zaitor@opensuse.org -- Fix NTLM auth failure with latest samba
Patch0: evolution-ews-ntlm-auth-test-failure.patch
BuildRequires: fdupes
BuildRequires: intltool
BuildRequires: translation-update-upstream
@ -86,6 +88,7 @@ later).
%lang_package
%prep
%setup -q
%patch0 -p1
translation-update-upstream
%build