8000 fix: default to NTLM v2 in the network service for POSIX platforms by trop[bot] · Pull Request #23916 · electron/electron · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: default to NTLM v2 in the network service for POSIX platforms #23916

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 3, 2020
Merged

fix: default to NTLM v2 in the network service for POSIX platforms #23916

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f754dc9
fix: default to NTLM v2 in the network service
deepak1556 May 29, 2020
05f107c
chore: update patch details
deepak1556 Jun 2, 2020
2250591
update patches
Jun 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/api/command-line-switches.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ for integrated authentication. Without `*` prefix the URL has to match exactly.
A comma-separated list of servers for which delegation of user credentials is required.
Without `*` prefix the URL has to match exactly.

### --disable-ntlm-v2

Disables NTLM v2 for posix platforms, no effect elsewhere.

### --disable-http-cache

Disables the disk cache for HTTP requests.
Expand Down
1 change: 1 addition & 0 deletions patches/chromium/.patches
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,4 @@ breakpad_allow_getting_string_values_for_crash_keys.patch
crash_allow_disabling_compression_on_linux.patch
fix_hunspell_crash.patch
fix_swap_global_proxies_before_initializing_the_windows_proxies.patch
fix_default_to_ntlm_v2_in_network_service.patch
20 changes: 20 additions & 0 deletions patches/chromium/fix_default_to_ntlm_v2_in_network_service.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: deepak1556 <hop2deep@gmail.com>
Date: Fri, 29 May 2020 02:12:56 -0700
Subject: fix: default to NTLM v2 in network service

Backports https://chromium-review.googlesource.com/c/chromium/src/+/2222116

diff --git a/services/network/public/mojom/network_service.mojom b/services/network/public/mojom/network_service.mojom
index 8e61b7e6eb887668e2d7b692f07b4f57623e061f..3bc90dddcfb2d1aac5ddf6a0019a37531191f79f 100644
--- a/services/network/public/mojom/network_service.mojom
+++ b/services/network/public/mojom/network_service.mojom
@@ -152,7 +152,7 @@ struct HttpAuthDynamicParams {
bool enable_negotiate_port = true;

// Whether NTLM V2 is enabled on POSIX platforms. No effect elsewhere.
- bool ntlm_v2_enabled = false;
+ bool ntlm_v2_enabled = true;

// The AccountManager AccountManagerget.AccountsByTypeAndFeatures on Android
// when using Negotiate authentication.
6 changes: 4 additions & 2 deletions shell/browser/api/electron_api_session.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -576,12 +576,14 @@ v8::Local<v8::Promise> Session::ClearAuthCache() {
}

void Session::AllowNTLMCredentialsForDomains(const std::string& domains) {
auto* command_line = base::CommandLine::ForCurrentProcess();
network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
network::mojom::HttpAuthDynamicParams::New();
auth_dynamic_params->server_allowlist = domains;
auth_dynamic_params->enable_negotiate_port =
base::CommandLine::ForCurrentProcess()->HasSwitch(
electron::switches::kEnableAuthNegotiatePort);
command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
auth_dynamic_params->ntlm_v2_enabled =
!command_line->HasSwitch(electron::switches::kDisableNTLMv2);
content::GetNetworkService()->ConfigureHttpAuthPrefs(
std::move(auth_dynamic_params));
}
Expand Down
2 changes: 2 additions & 0 deletions shell/browser/net/system_network_context_manager.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams() {
electron::switches::kAuthNegotiateDelegateWhitelist);
auth_dynamic_params->enable_negotiate_port =
command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
auth_dynamic_params->ntlm_v2_enabled =
!command_line->HasSwitch(electron::switches::kDisableNTLMv2);

return auth_dynamic_params;
}
Expand Down
3 changes: 3 additions & 0 deletions shell/common/options_switches.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,9 @@ const char kAuthNegotiateDelegateWhitelist[] =
// If set, include the port in generated Kerberos SPNs.
const char kEnableAuthNegotiatePort[] = "enable-auth-negotiate-port";

// If set, NTLM v2 is disabled for POSIX platforms.
const char kDisableNTLMv2[] = "disable-ntlm-v2";

#if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER)
const char kEnableSpellcheck[] = "enable-spellcheck";
#endif
Expand Down
1 change: 1 addition & 0 deletions shell/common/options_switches.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ extern const char kIgnoreConnectionsLimit[];
extern const char kAuthServerWhitelist[];
extern const char kAuthNegotiateDelegateWhitelist[];
extern const char kEnableAuthNegotiatePort[];
extern const char kDisableNTLMv2[];

#if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER)
extern const char kEnableSpellcheck[];
Expand Down
0