GNOME Bugzilla – Bug 700522
User is asked for password, which isn't needed and is then ignored.
Last modified: 2013-07-15 09:04:43 UTC
NTLM authentication just started failing for me on Fedora 19 with Evolution-EWS, although I have no idea what's changed; it was working earlier today and I don't think I've updated any relevant packages. I see an HTTP request with an NTLM type1 request, which elicits a 401 Unauthorised response, with the type2 challenge as expected. And then instead of responding with the type3 response to complete authentication, I get the following: (evolution:16633): libsoup-CRITICAL **: soup_message_headers_append: assertion `strpbrk (value, "\r\n") == NULL' failed ... followed by resending the request *without* any 'Authorization: NTLM' header. (gdb) bt
+ Trace 231959
msg=msg@entry=0x7fffb400d050 [ESoapMessage], auth=auth@entry=0x1564de0 [SoupAuthNTLM]) at soup-message.c:1211 1211 soup_message_headers_replace (msg->request_headers, (gdb) p token $8 = 0x7fff940b3500 "NTLM est:\n 0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx\nnthash:\n 0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx\nnt_resp:\n 0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx\nKK TlRMTVNTUAADAAAAGAAYAFIAAAAYABgAagAAAAMAAwBAAAAACAAIAEMAAAAHAAcASw", 'A' <repeats 14 times>, "ggEIAEdFUmR3b29kaG91VU5LTk9XTg", 'A' <repeats 31 times>, "EjB+NT75uOCql+nkBRjht/BPePwtALHCQ=="
might be useful to see if valgrind notices anyone misbehaving?
Aha, this is my fault. I had rebuilt my local ntlm_auth "helper", which is supposed to be part of Samba/winbind but in my case is just http://david.woodhou.se/ntlm_auth_v2.c — and I had left some stray debugging output in it. I forgot I'd done that. Partly because I was still being *asked* for my bloody password even though it was being handled automatically. WTF?
Changing title; let's forget my own stupidity and make it about that bug :) Not sure if this is a libsoup issue; perhaps more likely to be evolution-ews?
(perhaps libsoup could be more robust if the ntlm_auth helper misbehaves too, and silently fall back to behaving as if it weren't there?)
ntlm-test is supposed to verify that "authenticated" never gets emitted if you're using ntlm_auth. It might be missing some case though.
More likely that the Evolution-EWS side is *assuming* that a password is required and asking for it in advance, even though it doesn't need it. I *thought* we'd fixed the various ESource APIs not to do that, and to only request passwords when they were actually needed. Maybe not though. One for mbarnes, methinks...
*** This bug has been marked as a duplicate of bug 703181 ***