Review Request 126991: Try multiple authentication methods in case of failures

Andreas Hartmetz ahartmetz at gmail.com
Sun Feb 21 18:07:35 UTC 2016


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126991/#review92617
-----------------------------------------------------------



m_triedPasswords doesn't really tell the truth if the application didn't supply a password, right? It is not really a number of tried passwords, it is the state of a little state machine. In such cases, it is better to make it an enum: enum TriedCredentials { NoCredentials = 0, JobCredentials, CachedCredentials, UserInputCredentials };
... where the distinction of Cached and UserInput is currently unnecessary but more consistent, a nice piece of self-documentation and might be helpful in the future.
(Note: "credentials" is better than "passwords" because it's a combination of username and password and i some special cases something different, like with NTLM and Kerberos)
Additionally, it looks like m_triedPasswords will carry over failed attempts from proxy authentication to web server authentication if both happen in the same KIO get() job [which may produce several HTTP GETs]. I'm not completely sure though because it's been a while since I worked on that code. Did you consider the problem?


src/ioslaves/http/http.cpp (line 5445)
<https://git.reviewboard.kde.org/r/126991/#comment63136>

    } else {



src/ioslaves/http/http.cpp (line 5476)
<https://git.reviewboard.kde.org/r/126991/#comment63135>

    Please break this line, it's extremely long with the addition.


- Andreas Hartmetz


On Feb. 9, 2016, 9:53 p.m., Krzysztof Nowicki wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126991/
> -----------------------------------------------------------
> 
> (Updated Feb. 9, 2016, 9:53 p.m.)
> 
> 
> Review request for KDE Frameworks and Dawit Alemayehu.
> 
> 
> Repository: kio
> 
> 
> Description
> -------
> 
> When authenticating agains a server offering multiple authentication methods make sure to attempt other methods in case the best one fails.
>     
> This also fixes a connection close issue in the middle of an NTLM authentication dialog due to clearing the password.
> 
> 
> Diffs
> -----
> 
>   src/ioslaves/http/http.h 621b2c7a957b9bc9cc14ff13ed3c3a72dec38190 
>   src/ioslaves/http/http.cpp e1013c8705e6588729d61ed45c43dc564415c41e 
> 
> Diff: https://git.reviewboard.kde.org/r/126991/diff/
> 
> 
> Testing
> -------
> 
> I have performed testing on an IIS 7.5 server which offered 3 authentication options: Negotiate, NTLM and Basic. Since I have Kerberos configured the original code would only try Negotiate and because it failed it would retry it endlessly. With this patch authentication correctly falls back to NTLM or Basic (if NTLM fails too).
> 
> 
> Thanks,
> 
> Krzysztof Nowicki
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160221/165a7d27/attachment-0001.html>


More information about the Kde-frameworks-devel mailing list