Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: default to NTLM v2 in the network service for POSIX platforms #23933

Merged
merged 2 commits into from
Jun 3, 2020
Merged

fix: default to NTLM v2 in the network service for POSIX platforms #23933

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7e6ad37
fix: default to NTLM v2 in the network service for POSIX platforms
deepak1556 Jun 2, 2020
93882fd
chore: update patch
deepak1556 Jun 3, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/api/command-line-switches.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ Disables the disk cache for HTTP requests.

Disable HTTP/2 and SPDY/3.1 protocols.

### --disable-ntlm-v2

Disables NTLM v2 for posix platforms, no effect elsewhere.

## --lang

Set a custom locale.
Expand Down
1 change: 1 addition & 0 deletions patches/chromium/.patches
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,3 +104,4 @@ fix_hunspell_crash.patch
avoid_nullptr_dereference_in_rtcpeerconnectionhandler.patch
reland_onstate_handler_is_allowed_to_close_a_peerconnection.patch
fix_swap_global_proxies_before_initializing_the_windows_proxies.patch
fix_default_to_ntlm_v2_in_network_service.patch
28 changes: 28 additions & 0 deletions patches/chromium/fix_default_to_ntlm_v2_in_network_service.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: deepak1556 <hop2deep@gmail.com>
Date: Mon, 1 Jun 2020 20:36:16 +0000
Subject: fix: default to NTLM v2 in network service for POSIX platforms

NTLM always defaults to NTLM v2 at the //net layer for quite
sometime now https://crbug.com/22532.

Change-Id: I4ea2dedc10c63a7c4e00101c0acc6d8a713c5054
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2222116
Auto-Submit: Deepak Mohan <hop2deep@gmail.com>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#773809}

diff --git a/services/network/public/mojom/network_service.mojom b/services/network/public/mojom/network_service.mojom
index 1cafd4440108ccb8fe7f4f7c3d43a661dd626f15..8fdb75f76f5d9f207265c316e03818f36bcafbaa 100644
--- a/services/network/public/mojom/network_service.mojom
+++ b/services/network/public/mojom/network_service.mojom
@@ -113,7 +113,7 @@ struct HttpAuthDynamicParams {
bool enable_negotiate_port = true;

// Whether NTLM V2 is enabled on POSIX platforms. No effect elsewhere.
- bool ntlm_v2_enabled = false;
+ bool ntlm_v2_enabled = true;

// The AccountManager AccountManagerget.AccountsByTypeAndFeatures on Android
// when using Negotiate authentication.
6 changes: 4 additions & 2 deletions shell/browser/api/electron_api_session.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -548,12 +548,14 @@ v8::Local<v8::Promise> Session::ClearAuthCache() {
}

void Session::AllowNTLMCredentialsForDomains(const std::string& domains) {
auto* command_line = base::CommandLine::ForCurrentProcess();
network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
network::mojom::HttpAuthDynamicParams::New();
auth_dynamic_params->server_allowlist = domains;
auth_dynamic_params->enable_negotiate_port =
base::CommandLine::ForCurrentProcess()->HasSwitch(
electron::switches::kEnableAuthNegotiatePort);
command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
auth_dynamic_params->ntlm_v2_enabled =
!command_line->HasSwitch(electron::switches::kDisableNTLMv2);
content::GetNetworkService()->ConfigureHttpAuthPrefs(
std::move(auth_dynamic_params));
}
Expand Down
2 changes: 2 additions & 0 deletions shell/browser/net/system_network_context_manager.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams() {
electron::switches::kAuthNegotiateDelegateWhitelist);
auth_dynamic_params->enable_negotiate_port =
command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
auth_dynamic_params->ntlm_v2_enabled =
!command_line->HasSwitch(electron::switches::kDisableNTLMv2);

return auth_dynamic_params;
}
Expand Down
3 changes: 3 additions & 0 deletions shell/common/options_switches.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,9 @@ const char kAuthNegotiateDelegateWhitelist[] =
// If set, include the port in generated Kerberos SPNs.
const char kEnableAuthNegotiatePort[] = "enable-auth-negotiate-port";

// If set, NTLM v2 is disabled for POSIX platforms.
const char kDisableNTLMv2[] = "disable-ntlm-v2";

#if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER)
const char kEnableSpellcheck[] = "enable-spellcheck";
#endif
Expand Down
1 change: 1 addition & 0 deletions shell/common/options_switches.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ extern const char kIgnoreConnectionsLimit[];
extern const char kAuthServerWhitelist[];
extern const char kAuthNegotiateDelegateWhitelist[];
extern const char kEnableAuthNegotiatePort[];
extern const char kDisableNTLMv2[];

#if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER)
extern const char kEnableSpellcheck[];
Expand Down