Review Request 126990: Try NTLMv2 authentication if the server denies NTLMv1
David Faure
faure at kde.org
Fri Feb 5 08:36:28 UTC 2016
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126990/#review92074
-----------------------------------------------------------
autotests/http/httpauthenticationtest.cpp (line 73)
<https://git.reviewboard.kde.org/r/126990/#comment62811>
What if key.size() > 64? (this goes out of bounds, then). Or is this always ensured by the caller?
(I would add a Q_ASSERT then).
autotests/http/httpauthenticationtest.cpp (line 84)
<https://git.reviewboard.kde.org/r/126990/#comment62812>
If opad was a QByteArray from the start, this copying wouldn't be needed (you could just append to opad instead in the next line)
autotests/http/httpauthenticationtest.cpp (line 93)
<https://git.reviewboard.kde.org/r/126990/#comment62813>
Maybe this can be optimized on little endian platforms? Not sure if it's worth having two code paths though; depends on the typical string length I guess.
Something like
#if Q_BYTE_ORDER == Q_LITTLE_ENDIAN
memcpy(unicode.data(), target.unicode(), target.length() * 2);
#else
// current code
#endif
- David Faure
On Feb. 4, 2016, 3:50 p.m., Krzysztof Nowicki wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126990/
> -----------------------------------------------------------
>
> (Updated Feb. 4, 2016, 3:50 p.m.)
>
>
> Review request for KDE Frameworks and Dawit Alemayehu.
>
>
> Repository: kio
>
>
> Description
> -------
>
> Some IIS servers seem to be configured to reject NTLMv1 authentication by refusing to reply to a NTLM stage 1 if the NTLMv2 flag is not set. If such a thing happens try to send another stage 1 message with the NTLMv2 flag set and if the server accepts this continue with NTLMv2.
>
> This also fixes invese logic when determining if the authentication needs a password (it needs it during stage 3 response and not stage 1).
>
> As a bonus this includes a test case for verifying NTLMv2 authentication and a fix for one of the existing test cases which contained wrong expected data (the expected response was generated without use of username and password due to the inverse logic bug above).
>
>
> Diffs
> -----
>
> autotests/http/httpauthenticationtest.h 35b822a
> autotests/http/httpauthenticationtest.cpp 719f7a9
> src/ioslaves/http/httpauthentication.h a74565e
> src/ioslaves/http/httpauthentication.cpp dcc86c2
>
> Diff: https://git.reviewboard.kde.org/r/126990/diff/
>
>
> Testing
> -------
>
> Tested on an IIS 7.5 server with NTLMv1 blacklisted. Additionally executed automatic tests without regressions.
>
>
> Thanks,
>
> Krzysztof Nowicki
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160205/12a622d2/attachment.html>
More information about the Kde-frameworks-devel
mailing list