----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126990/#review92074 -----------------------------------------------------------
autotests/http/httpauthenticationtest.cpp (line 73) <https://git.reviewboard.kde.org/r/126990/#comment62811> What if key.size() > 64? (this goes out of bounds, then). Or is this always ensured by the caller? (I would add a Q_ASSERT then). autotests/http/httpauthenticationtest.cpp (line 84) <https://git.reviewboard.kde.org/r/126990/#comment62812> If opad was a QByteArray from the start, this copying wouldn't be needed (you could just append to opad instead in the next line) autotests/http/httpauthenticationtest.cpp (line 93) <https://git.reviewboard.kde.org/r/126990/#comment62813> Maybe this can be optimized on little endian platforms? Not sure if it's worth having two code paths though; depends on the typical string length I guess. Something like #if Q_BYTE_ORDER == Q_LITTLE_ENDIAN memcpy(unicode.data(), target.unicode(), target.length() * 2); #else // current code #endif - David Faure On Feb. 4, 2016, 3:50 p.m., Krzysztof Nowicki wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/126990/ > ----------------------------------------------------------- > > (Updated Feb. 4, 2016, 3:50 p.m.) > > > Review request for KDE Frameworks and Dawit Alemayehu. > > > Repository: kio > > > Description > ------- > > Some IIS servers seem to be configured to reject NTLMv1 authentication by > refusing to reply to a NTLM stage 1 if the NTLMv2 flag is not set. If such a > thing happens try to send another stage 1 message with the NTLMv2 flag set > and if the server accepts this continue with NTLMv2. > > This also fixes invese logic when determining if the authentication needs a > password (it needs it during stage 3 response and not stage 1). > > As a bonus this includes a test case for verifying NTLMv2 authentication and > a fix for one of the existing test cases which contained wrong expected data > (the expected response was generated without use of username and password due > to the inverse logic bug above). > > > Diffs > ----- > > autotests/http/httpauthenticationtest.h 35b822a > autotests/http/httpauthenticationtest.cpp 719f7a9 > src/ioslaves/http/httpauthentication.h a74565e > src/ioslaves/http/httpauthentication.cpp dcc86c2 > > Diff: https://git.reviewboard.kde.org/r/126990/diff/ > > > Testing > ------- > > Tested on an IIS 7.5 server with NTLMv1 blacklisted. Additionally executed > automatic tests without regressions. > > > Thanks, > > Krzysztof Nowicki > >
_______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
