Review Request 126990: Try NTLMv2 authentication if the server denies NTLMv1

Krzysztof Nowicki krissn at op.pl
Sat Feb 6 12:33:27 UTC 2016 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126990/
-----------------------------------------------------------

(Updated Feb. 6, 2016, 12:33 p.m.)


Status
------

This change has been marked as submitted.


Review request for KDE Frameworks and Dawit Alemayehu.


Changes
-------

Submitted with commit 2f89429149ff4c8be7467e3b6cf64d7b9b9842cc by Krzysztof Nowicki to branch master.


Repository: kio


Description
-------

Some IIS servers seem to be configured to reject NTLMv1 authentication by refusing to reply to a NTLM stage 1 if the NTLMv2 flag is not set. If such a thing happens try to send another stage 1 message with the NTLMv2 flag set and if the server accepts this continue with NTLMv2.

This also fixes invese logic when determining if the authentication needs a password (it needs it during stage 3 response and not stage 1).
    
As a bonus this includes a test case for verifying NTLMv2 authentication and a fix for one of the existing test cases which contained wrong expected data (the expected response was generated without use of username and password due to the inverse logic bug above).


Diffs
-----

  autotests/http/httpauthenticationtest.h 35b822a0d400959d97e11473d48bc94352e8e5b3 
  autotests/http/httpauthenticationtest.cpp 719f7a9856194003cfba52848e0a6c5ea6324531 
  src/ioslaves/http/httpauthentication.h a74565e253ad489fed6c82116c72244386ebaaf2 
  src/ioslaves/http/httpauthentication.cpp dcc86c276fa4422fb08904b5cf6d3d2db6bb4c0d 
  src/kntlm/kntlm.cpp ed6f3881f3dfd0b78069368db22f7cd865261738 

Diff: https://git.reviewboard.kde.org/r/126990/diff/


Testing
-------

Tested on an IIS 7.5 server with NTLMv1 blacklisted. Additionally executed automatic tests without regressions.


Thanks,

Krzysztof Nowicki

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160206/08691e59/attachment.html>

More information about the Kde-frameworks-devel mailing list