mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: default to NTLM v2 in the network service for POSIX platforms (#23846)

Browse source 
* fix: default to NTLM v2 in the network service

* chore: update patch details
This commit is contained in:
Robo 2020-06-02 12:58:00 -07:00 committed by GitHub
parent c36981da8b
commit 512e1541c6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 35 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/api/command-line-switches.md
View file

@ -36,6 +36,10 @@ for integrated authentication. Without `*` prefix the URL has to match exactly.
A comma-separated list of servers for which delegation of user credentials is required. A comma-separated list of servers for which delegation of user credentials is required.
Without `*` prefix the URL has to match exactly. Without `*` prefix the URL has to match exactly.
### --disable-ntlm-v2
Disables NTLM v2 for posix platforms, no effect elsewhere.
### --disable-http-cache ### --disable-http-cache
Disables the disk cache for HTTP requests. Disables the disk cache for HTTP requests.

1
patches/chromium/.patches
View file

@ -98,3 +98,4 @@ allow_setting_secondary_label_via_simplemenumodel.patch
disable_unnecessary_ischromefirstrun_check.patch disable_unnecessary_ischromefirstrun_check.patch
disable_dcheck_that_fails_with_software_compositing.patch disable_dcheck_that_fails_with_software_compositing.patch
fix_swap_global_proxies_before_initializing_the_windows_proxies.patch fix_swap_global_proxies_before_initializing_the_windows_proxies.patch
fix_default_to_ntlm_v2_in_network_service.patch

20
patches/chromium/fix_default_to_ntlm_v2_in_network_service.patch Normal file
View file

@ -0,0 +1,20 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: deepak1556 <hop2deep@gmail.com>
Date: Fri, 29 May 2020 02:12:56 -0700
Subject: fix: default to NTLM v2 in network service
Backports https://chromium-review.googlesource.com/c/chromium/src/+/2222116
diff --git a/services/network/public/mojom/network_service.mojom b/services/network/public/mojom/network_service.mojom
index 565d98ad87ca9c8f2fc5325ad25cbf18f500f36e..072d24087e1f1bed867788c068b651658ad6ce4e 100644
--- a/services/network/public/mojom/network_service.mojom
+++ b/services/network/public/mojom/network_service.mojom
@@ -152,7 +152,7 @@ struct HttpAuthDynamicParams {
bool enable_negotiate_port = true;
// Whether NTLM V2 is enabled on POSIX platforms. No effect elsewhere.
- bool ntlm_v2_enabled = false;
+ bool ntlm_v2_enabled = true;
// The AccountManager AccountManagerget.AccountsByTypeAndFeatures on Android
// when using Negotiate authentication.

6
shell/browser/api/electron_api_session.cc
View file

@ -576,12 +576,14 @@ v8::Local<v8::Promise> Session::ClearAuthCache() {
} }
void Session::AllowNTLMCredentialsForDomains(const std::string& domains) { void Session::AllowNTLMCredentialsForDomains(const std::string& domains) {
auto* command_line = base::CommandLine::ForCurrentProcess();
network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params = network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
network::mojom::HttpAuthDynamicParams::New(); network::mojom::HttpAuthDynamicParams::New();
auth_dynamic_params->server_allowlist = domains; auth_dynamic_params->server_allowlist = domains;
auth_dynamic_params->enable_negotiate_port = auth_dynamic_params->enable_negotiate_port =
base::CommandLine::ForCurrentProcess()->HasSwitch( command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
electron::switches::kEnableAuthNegotiatePort); auth_dynamic_params->ntlm_v2_enabled =
!command_line->HasSwitch(electron::switches::kDisableNTLMv2);
content::GetNetworkService()->ConfigureHttpAuthPrefs( content::GetNetworkService()->ConfigureHttpAuthPrefs(
std::move(auth_dynamic_params)); std::move(auth_dynamic_params));
} }

2
shell/browser/net/system_network_context_manager.cc
View file

@ -53,6 +53,8 @@ network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams() {
electron::switches::kAuthNegotiateDelegateWhitelist); electron::switches::kAuthNegotiateDelegateWhitelist);
auth_dynamic_params->enable_negotiate_port = auth_dynamic_params->enable_negotiate_port =
command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort); command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
auth_dynamic_params->ntlm_v2_enabled =
!command_line->HasSwitch(electron::switches::kDisableNTLMv2);
return auth_dynamic_params; return auth_dynamic_params;
} }

3
shell/common/options_switches.cc
View file

@ -278,6 +278,9 @@ const char kAuthNegotiateDelegateWhitelist[] =
// If set, include the port in generated Kerberos SPNs. // If set, include the port in generated Kerberos SPNs.
const char kEnableAuthNegotiatePort[] = "enable-auth-negotiate-port"; const char kEnableAuthNegotiatePort[] = "enable-auth-negotiate-port";
// If set, NTLM v2 is disabled for POSIX platforms.
const char kDisableNTLMv2[] = "disable-ntlm-v2";
#if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER) #if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER)
const char kEnableSpellcheck[] = "enable-spellcheck"; const char kEnableSpellcheck[] = "enable-spellcheck";
#endif #endif

1
shell/common/options_switches.h
View file

@ -140,6 +140,7 @@ extern const char kIgnoreConnectionsLimit[];
extern const char kAuthServerWhitelist[]; extern const char kAuthServerWhitelist[];
extern const char kAuthNegotiateDelegateWhitelist[]; extern const char kAuthNegotiateDelegateWhitelist[];
extern const char kEnableAuthNegotiatePort[]; extern const char kEnableAuthNegotiatePort[];
extern const char kDisableNTLMv2[];
#if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER) #if BUILDFLAG(ENABLE_BUILTIN_SPELLCHECKER)
extern const char kEnableSpellcheck[]; extern const char kEnableSpellcheck[];