I'm working on single-sign-on support for NTLM, where we don't actually *know* the password, but just delegate the whole challenge/response thing to a helper program.
That helper program is /usr/bin/ntlm_auth; the only current implementation is the Samba one which works when you've logged into the system using your Windows password and pam_winbind, but we're working on a less baroque version that works {like,with} gnome-keyring, and there's a simple hack at http://david.woodhou.se/ntlm_auth_v2.c for testing. So I need a way to indicate that the authentication mechanism should be tried once *without* a password, and then if that fails we should try providing a password. Thus the patch below. Anyone got a better suggestion for how to handle it? A patch to actually use this facility in the NTLM authenticator will follow, of course... One alternative approach might be to to stop letting the authenticators look at service->url->passwd, and instead have an 'authenticate' signal on the CamelSasl object, much the same way as libsoup does it. But then I think we'd still have to have the users know somehow if that authenticate signal had been called on the first attempt, to know when to set the CAMEL_SESSION_PASSWORD_REPROMPT flag, etc. I suspect it would be a lot of extra work for something that doesn't really end up looking any prettier by the time it's working. Hence the 'try_empty_password' flag, which is relatively simple. Comments? commit b1787a5f85cdc1e46fb6ccf0c57134fc34f4e12e Author: David Woodhouse <david.woodho...@intel.com> Date: Fri Apr 1 23:25:05 2011 +0100 Add 'try_empty_password' flag to CamelServiceAuthType NTLM will be use this, to support single-sign-on using /usr/bin/ntlm_auth diff --git a/camel/camel-sasl-anonymous.c b/camel/camel-sasl-anonymous.c index dbbb500..850b1ea 100644 --- a/camel/camel-sasl-anonymous.c +++ b/camel/camel-sasl-anonymous.c @@ -37,6 +37,7 @@ CamelServiceAuthType camel_sasl_anonymous_authtype = { N_("This option will connect to the server using an anonymous login."), "ANONYMOUS", + FALSE, FALSE }; diff --git a/camel/camel-sasl-cram-md5.c b/camel/camel-sasl-cram-md5.c index ae4bb16..54f9daa 100644 --- a/camel/camel-sasl-cram-md5.c +++ b/camel/camel-sasl-cram-md5.c @@ -48,6 +48,7 @@ CamelServiceAuthType camel_sasl_cram_md5_authtype = { "secure CRAM-MD5 password, if the server supports it."), "CRAM-MD5", + FALSE, TRUE }; diff --git a/camel/camel-sasl-digest-md5.c b/camel/camel-sasl-digest-md5.c index ae12f7b..384f216 100644 --- a/camel/camel-sasl-digest-md5.c +++ b/camel/camel-sasl-digest-md5.c @@ -61,6 +61,7 @@ CamelServiceAuthType camel_sasl_digest_md5_authtype = { "secure DIGEST-MD5 password, if the server supports it."), "DIGEST-MD5", + FALSE, TRUE }; diff --git a/camel/camel-sasl-gssapi.c b/camel/camel-sasl-gssapi.c index 61b3404..832c128 100644 --- a/camel/camel-sasl-gssapi.c +++ b/camel/camel-sasl-gssapi.c @@ -93,6 +93,7 @@ CamelServiceAuthType camel_sasl_gssapi_authtype = { "Kerberos 5 authentication."), "GSSAPI", + FALSE, FALSE }; diff --git a/camel/camel-sasl-login.c b/camel/camel-sasl-login.c index de3aba4..465a8f7 100644 --- a/camel/camel-sasl-login.c +++ b/camel/camel-sasl-login.c @@ -42,6 +42,7 @@ CamelServiceAuthType camel_sasl_login_authtype = { "simple password."), "LOGIN", + FALSE, TRUE }; diff --git a/camel/camel-sasl-ntlm.c b/camel/camel-sasl-ntlm.c index 6d2313a..a285214 100644 --- a/camel/camel-sasl-ntlm.c +++ b/camel/camel-sasl-ntlm.c @@ -44,6 +44,7 @@ CamelServiceAuthType camel_sasl_ntlm_authtype = { "NTLM / Secure Password Authentication."), "NTLM", + FALSE, TRUE }; diff --git a/camel/camel-sasl-plain.c b/camel/camel-sasl-plain.c index e27a6b9..5b1845d 100644 --- a/camel/camel-sasl-plain.c +++ b/camel/camel-sasl-plain.c @@ -46,6 +46,7 @@ CamelServiceAuthType camel_sasl_plain_authtype = { "simple password."), "PLAIN", + FALSE, TRUE }; diff --git a/camel/camel-sasl-popb4smtp.c b/camel/camel-sasl-popb4smtp.c index 043291b..00ef7ff 100644 --- a/camel/camel-sasl-popb4smtp.c +++ b/camel/camel-sasl-popb4smtp.c @@ -49,6 +49,7 @@ CamelServiceAuthType camel_sasl_popb4smtp_authtype = { "POPB4SMTP", FALSE, + FALSE, }; /* last time the pop was accessed (through the auth method anyway), *time_t */ diff --git a/camel/camel-service.h b/camel/camel-service.h index d1efa89..35cf1a9 100644 --- a/camel/camel-service.h +++ b/camel/camel-service.h @@ -137,6 +137,7 @@ typedef struct { const gchar *description; const gchar *authproto; + gboolean try_empty_password; gboolean need_password; /* needs a password to authenticate */ } CamelServiceAuthType; diff --git a/camel/providers/imap/camel-imap-store.c b/camel/providers/imap/camel-imap-store.c index d241ee5..83188db 100644 --- a/camel/providers/imap/camel-imap-store.c +++ b/camel/providers/imap/camel-imap-store.c @@ -1143,9 +1143,9 @@ imap_auth_loop (CamelService *service, GError **error) return FALSE; } - if (!authtype->need_password) { + if (!authtype->need_password || authtype->try_empty_password) { authenticated = try_auth (store, authtype->authproto, error); - if (!authenticated) + if (!authtype->try_empty_password && !authenticated) return FALSE; } } diff --git a/camel/providers/imapx/camel-imapx-server.c b/camel/providers/imapx/camel-imapx-server.c index 179252d..78ea5a9 100644 --- a/camel/providers/imapx/camel-imapx-server.c +++ b/camel/providers/imapx/camel-imapx-server.c @@ -2968,9 +2968,14 @@ imapx_reconnect (CamelIMAPXServer *is, GError **error) gboolean authenticated = FALSE; CamelServiceAuthType *authtype = NULL; guint32 prompt_flags = CAMEL_SESSION_PASSWORD_SECRET; + gboolean need_password = TRUE; while (!authenticated) { - if (errbuf) { + if (authtype && authtype->try_empty_password && !need_password) { + need_password = TRUE; + g_free (errbuf); + errbuf = NULL; + } else if (errbuf) { /* We need to un-cache the password before prompting again */ prompt_flags |= CAMEL_SESSION_PASSWORD_REPROMPT; g_free (service->url->passwd); @@ -3004,9 +3009,12 @@ imapx_reconnect (CamelIMAPXServer *is, GError **error) service->url->authmech); goto exception; } + + if (authtype->try_empty_password || !authtype->need_password) + need_password = FALSE; } - if (service->url->passwd == NULL && (!authtype || authtype->need_password)) { + if (need_password && service->url->passwd == NULL) { gchar *base_prompt; gchar *full_prompt; diff --git a/camel/providers/smtp/camel-smtp-transport.c b/camel/providers/smtp/camel-smtp-transport.c index 9f927ee..9d49ae9 100644 --- a/camel/providers/smtp/camel-smtp-transport.c +++ b/camel/providers/smtp/camel-smtp-transport.c @@ -465,12 +465,12 @@ smtp_connect (CamelService *service, GError **error) return FALSE; } - if (!authtype->need_password) { + if (!authtype->need_password || authtype->try_empty_password) { /* authentication mechanism doesn't need a password, so if it fails there's nothing we can do */ authenticated = smtp_auth ( transport, authtype->authproto, error); - if (!authenticated) { + if (!authtype->try_empty_password && !authenticated) { camel_service_disconnect (service, TRUE, NULL); return FALSE; } -- dwmw2 _______________________________________________ evolution-hackers mailing list evolution-hackers@gnome.org To change your list options or unsubscribe, visit ... http://mail.gnome.org/mailman/listinfo/evolution-hackers