Use flags comparable to those used by IE 9. Test on all settings of the LAN Manager Authentication Security Level policy. Part of HTTPCLIENT-1268.

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1425330 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Karl Wright 2012-12-22 18:26:38 +00:00
parent 41e08bfa52
commit 9c0a28cd6c
1 changed files with 27 additions and 24 deletions

View File

@ -33,6 +33,7 @@ import java.util.Locale;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Mac;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.apache.http.util.EncodingUtils; import org.apache.http.util.EncodingUtils;
@ -966,7 +967,7 @@ final class NTLMEngineImpl implements NTLMEngine {
String getResponse() { String getResponse() {
// Now, build the message. Calculate its length first, including // Now, build the message. Calculate its length first, including
// signature or type. // signature or type.
int finalLength = 32 + 8 + hostBytes.length + domainBytes.length; int finalLength = 32 + 8 /*+ hostBytes.length + domainBytes.length */;
// Set up the response. This will initialize the signature, message // Set up the response. This will initialize the signature, message
// type, and flags. // type, and flags.
@ -974,11 +975,11 @@ final class NTLMEngineImpl implements NTLMEngine {
// Flags. These are the complete set of flags we support. // Flags. These are the complete set of flags we support.
addULong( addULong(
FLAG_WORKSTATION_PRESENT | //FLAG_WORKSTATION_PRESENT |
FLAG_DOMAIN_PRESENT | //FLAG_DOMAIN_PRESENT |
// Required flags // Required flags
//FLAG_REQUEST_LAN_MANAGER_KEY | FLAG_REQUEST_LAN_MANAGER_KEY |
FLAG_REQUEST_NTLMv1 | FLAG_REQUEST_NTLMv1 |
FLAG_REQUEST_NTLM2_SESSION | FLAG_REQUEST_NTLM2_SESSION |
@ -986,28 +987,27 @@ final class NTLMEngineImpl implements NTLMEngine {
FLAG_REQUEST_VERSION | FLAG_REQUEST_VERSION |
// Recommended privacy settings // Recommended privacy settings
//FLAG_REQUEST_ALWAYS_SIGN | FLAG_REQUEST_ALWAYS_SIGN |
//FLAG_REQUEST_SEAL | //FLAG_REQUEST_SEAL |
//FLAG_REQUEST_SIGN | FLAG_REQUEST_SIGN |
// These must be set according to documentation, based on use of SEAL above // These must be set according to documentation, based on use of SEAL above
//FLAG_REQUEST_128BIT_KEY_EXCH | FLAG_REQUEST_128BIT_KEY_EXCH |
//FLAG_REQUEST_56BIT_ENCRYPTION | FLAG_REQUEST_56BIT_ENCRYPTION |
//FLAG_REQUEST_EXPLICIT_KEY_EXCH | FLAG_REQUEST_EXPLICIT_KEY_EXCH |
FLAG_REQUEST_UNICODE_ENCODING | FLAG_REQUEST_UNICODE_ENCODING);
FLAG_REQUEST_TARGET);
// Domain length (two times). // Domain length (two times).
addUShort(domainBytes.length); addUShort(/*domainBytes.length*/0);
addUShort(domainBytes.length); addUShort(/*domainBytes.length*/0);
// Domain offset. // Domain offset.
addULong(hostBytes.length + 32 + 8); addULong(/*hostBytes.length +*/ 32 + 8);
// Host length (two times). // Host length (two times).
addUShort(hostBytes.length); addUShort(/*hostBytes.length*/0);
addUShort(hostBytes.length); addUShort(/*hostBytes.length*/0);
// Host offset (always 32 + 8). // Host offset (always 32 + 8).
addULong(32 + 8); addULong(32 + 8);
@ -1017,14 +1017,14 @@ final class NTLMEngineImpl implements NTLMEngine {
// Build // Build
addULong(2600); addULong(2600);
// NTLM revision // NTLM revision
addUShort(15); addUShort(0x0f00);
// Host (workstation) String. // Host (workstation) String.
addBytes(hostBytes); //addBytes(hostBytes);
// Domain String. // Domain String.
addBytes(domainBytes); //addBytes(domainBytes);
return super.getResponse(); return super.getResponse();
@ -1149,7 +1149,9 @@ final class NTLMEngineImpl implements NTLMEngine {
// seems warranted. // seems warranted.
byte[] userSessionKey; byte[] userSessionKey;
try { try {
if (((type2Flags & FLAG_REQUEST_NTLM2_SESSION) == 0) && // This conditional may not work on Windows Server 2008 R2 and above, where it has not yet
// been tested
if (((type2Flags & FLAG_TARGETINFO_PRESENT) != 0) &&
targetInformation != null && target != null) { targetInformation != null && target != null) {
// NTLMv2 // NTLMv2
ntResp = gen.getNTLMv2Response(); ntResp = gen.getNTLMv2Response();
@ -1299,8 +1301,9 @@ final class NTLMEngineImpl implements NTLMEngine {
(type2Flags & FLAG_REQUEST_56BIT_ENCRYPTION) | (type2Flags & FLAG_REQUEST_56BIT_ENCRYPTION) |
(type2Flags & FLAG_REQUEST_EXPLICIT_KEY_EXCH) | (type2Flags & FLAG_REQUEST_EXPLICIT_KEY_EXCH) |
FLAG_REQUEST_UNICODE_ENCODING | (type2Flags & FLAG_TARGETINFO_PRESENT) |
FLAG_REQUEST_TARGET (type2Flags & FLAG_REQUEST_UNICODE_ENCODING) |
(type2Flags & FLAG_REQUEST_TARGET)
); );
// Version // Version
@ -1308,7 +1311,7 @@ final class NTLMEngineImpl implements NTLMEngine {
// Build // Build
addULong(2600); addULong(2600);
// NTLM revision // NTLM revision
addUShort(15); addUShort(0x0f00);
// Add the actual data // Add the actual data
addBytes(lmResp); addBytes(lmResp);
@ -1388,7 +1391,7 @@ final class NTLMEngineImpl implements NTLMEngine {
int transferAmt = input.length - inputIndex; int transferAmt = input.length - inputIndex;
System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt); System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt);
count += transferAmt; count += transferAmt;
//curBufferPos += transferAmt; curBufferPos += transferAmt;
} }
} }