Review Request 126991: Try multiple authentication methods in case of failures

Krzysztof Nowicki krissn at op.pl
Sun Feb 21 20:15:16 UTC 2016



> On Feb. 21, 2016, 7:07 p.m., Andreas Hartmetz wrote:
> > m_triedPasswords doesn't really tell the truth if the application didn't supply a password, right? It is not really a number of tried passwords, it is the state of a little state machine. In such cases, it is better to make it an enum: enum TriedCredentials { NoCredentials = 0, JobCredentials, CachedCredentials, UserInputCredentials };
> > ... where the distinction of Cached and UserInput is currently unnecessary but more consistent, a nice piece of self-documentation and might be helpful in the future.
> > (Note: "credentials" is better than "passwords" because it's a combination of username and password and i some special cases something different, like with NTLM and Kerberos)
> > Additionally, it looks like m_triedPasswords will carry over failed attempts from proxy authentication to web server authentication if both happen in the same KIO get() job [which may produce several HTTP GETs]. I'm not completely sure though because it's been a while since I worked on that code. Did you consider the problem?

You're right in both cases (field naming & proxy auth). Thanks for spotting this. I'll update the patch to fix the issues you've indicated.


- Krzysztof


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126991/#review92617
-----------------------------------------------------------


On Feb. 9, 2016, 10:53 p.m., Krzysztof Nowicki wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126991/
> -----------------------------------------------------------
> 
> (Updated Feb. 9, 2016, 10:53 p.m.)
> 
> 
> Review request for KDE Frameworks and Dawit Alemayehu.
> 
> 
> Repository: kio
> 
> 
> Description
> -------
> 
> When authenticating agains a server offering multiple authentication methods make sure to attempt other methods in case the best one fails.
>     
> This also fixes a connection close issue in the middle of an NTLM authentication dialog due to clearing the password.
> 
> 
> Diffs
> -----
> 
>   src/ioslaves/http/http.h 621b2c7a957b9bc9cc14ff13ed3c3a72dec38190 
>   src/ioslaves/http/http.cpp e1013c8705e6588729d61ed45c43dc564415c41e 
> 
> Diff: https://git.reviewboard.kde.org/r/126991/diff/
> 
> 
> Testing
> -------
> 
> I have performed testing on an IIS 7.5 server which offered 3 authentication options: Negotiate, NTLM and Basic. Since I have Kerberos configured the original code would only try Negotiate and because it failed it would retry it endlessly. With this patch authentication correctly falls back to NTLM or Basic (if NTLM fails too).
> 
> 
> Thanks,
> 
> Krzysztof Nowicki
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20160221/89854f09/attachment.html>


More information about the Kde-frameworks-devel mailing list