fix: default to NTLM v2 in the network service for POSIX platforms (#…

…23935) * fix: default to NTLM v2 in the network service for POSIX platforms * chore: update patch
electron · Jun 3, 2020 · 669fd2b · 669fd2b
1 parent 91dfa1e
commit 669fd2b
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 2 deletions.
diff --git a/docs/api/chrome-command-line-switches.md b/docs/api/chrome-command-line-switches.md
@@ -28,6 +28,10 @@ Disables the disk cache for HTTP requests.
 
 Disable HTTP/2 and SPDY/3.1 protocols.
 
+### --disable-ntlm-v2
+
+Disables NTLM v2 for posix platforms, no effect elsewhere.
+
 ## --lang
 
 Set a custom locale.

diff --git a/patches/chromium/.patches b/patches/chromium/.patches
@@ -123,3 +123,4 @@ cherry-pick-7101418f85a0.patch
 cherry-pick-86c02c5dcd37.patch
 fix_hunspell_crash.patch
 introduce_a_mutex_for_the_rendering_loop_in_baseaudiocontext.patch
+fix_default_to_ntlm_v2_in_network_service.patch
diff --git a/patches/chromium/fix_default_to_ntlm_v2_in_network_service.patch b/patches/chromium/fix_default_to_ntlm_v2_in_network_service.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: deepak1556 <hop2deep@gmail.com>
+Date: Mon, 1 Jun 2020 20:36:16 +0000
+Subject: fix: default to NTLM v2 in network service for POSIX platforms
+
+NTLM always defaults to NTLM v2 at the //net layer for quite
+sometime now https://crbug.com/22532.
+
+Change-Id: I4ea2dedc10c63a7c4e00101c0acc6d8a713c5054
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2222116
+Auto-Submit: Deepak Mohan <hop2deep@gmail.com>
+Reviewed-by: Tom Sepez <tsepez@chromium.org>
+Commit-Queue: Tom Sepez <tsepez@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#773809}
+
+diff --git a/services/network/public/mojom/network_service.mojom b/services/network/public/mojom/network_service.mojom
+index eae5e85eac3a0b946c413bb0b65510a95faba3b8..d63a9a325d3c5d51470d33dd30934ea14a169b0b 100644
+--- a/services/network/public/mojom/network_service.mojom
++++ b/services/network/public/mojom/network_service.mojom
+@@ -112,7 +112,7 @@ struct HttpAuthDynamicParams {
+   bool enable_negotiate_port = true;
+
+   // Whether NTLM V2 is enabled on POSIX platforms. No effect elsewhere.
+-  bool ntlm_v2_enabled = false;
++  bool ntlm_v2_enabled = true;
+
+   // The AccountManager AccountManagerget.AccountsByTypeAndFeatures on Android
+   // when using Negotiate authentication.
diff --git a/shell/browser/api/atom_api_session.cc b/shell/browser/api/atom_api_session.cc
@@ -482,12 +482,14 @@ v8::Local<v8::Promise> Session::ClearAuthCache() {
 }
 
 void Session::AllowNTLMCredentialsForDomains(const std::string& domains) {
+  auto* command_line = base::CommandLine::ForCurrentProcess();
   network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
       network::mojom::HttpAuthDynamicParams::New();
   auth_dynamic_params->server_allowlist = domains;
   auth_dynamic_params->enable_negotiate_port =
-      base::CommandLine::ForCurrentProcess()->HasSwitch(
-          electron::switches::kEnableAuthNegotiatePort);
+      command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
+  auth_dynamic_params->ntlm_v2_enabled =
+      !command_line->HasSwitch(electron::switches::kDisableNTLMv2);
   content::GetNetworkService()->ConfigureHttpAuthPrefs(
       std::move(auth_dynamic_params));
 }

diff --git a/shell/browser/net/system_network_context_manager.cc b/shell/browser/net/system_network_context_manager.cc
@@ -52,6 +52,8 @@ network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams() {
       electron::switches::kAuthNegotiateDelegateWhitelist);
   auth_dynamic_params->enable_negotiate_port =
       command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
+  auth_dynamic_params->ntlm_v2_enabled =
+      !command_line->HasSwitch(electron::switches::kDisableNTLMv2);
 
   return auth_dynamic_params;
 }

diff --git a/shell/common/options_switches.cc b/shell/common/options_switches.cc
@@ -271,6 +271,9 @@ const char kAuthNegotiateDelegateWhitelist[] =
 // If set, include the port in generated Kerberos SPNs.
 const char kEnableAuthNegotiatePort[] = "enable-auth-negotiate-port";
 
+// If set, NTLM v2 is disabled for POSIX platforms.
+const char kDisableNTLMv2[] = "disable-ntlm-v2";
+
 }  // namespace switches
 
 }  // namespace electron
diff --git a/shell/common/options_switches.h b/shell/common/options_switches.h
@@ -130,6 +130,7 @@ extern const char kIgnoreConnectionsLimit[];
 extern const char kAuthServerWhitelist[];
 extern const char kAuthNegotiateDelegateWhitelist[];
 extern const char kEnableAuthNegotiatePort[];
+extern const char kDisableNTLMv2[];
 
 }  // namespace switches