Use flags comparable to those used by IE 9. Test on all settings of the LAN Manager Authentication Security Level policy. Part of HTTPCLIENT-1268.
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1425330 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
41e08bfa52
commit
9c0a28cd6c
|
@ -33,6 +33,7 @@ import java.util.Locale;
|
||||||
|
|
||||||
import javax.crypto.Cipher;
|
import javax.crypto.Cipher;
|
||||||
import javax.crypto.spec.SecretKeySpec;
|
import javax.crypto.spec.SecretKeySpec;
|
||||||
|
import javax.crypto.Mac;
|
||||||
|
|
||||||
import org.apache.commons.codec.binary.Base64;
|
import org.apache.commons.codec.binary.Base64;
|
||||||
import org.apache.http.util.EncodingUtils;
|
import org.apache.http.util.EncodingUtils;
|
||||||
|
@ -966,7 +967,7 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
String getResponse() {
|
String getResponse() {
|
||||||
// Now, build the message. Calculate its length first, including
|
// Now, build the message. Calculate its length first, including
|
||||||
// signature or type.
|
// signature or type.
|
||||||
int finalLength = 32 + 8 + hostBytes.length + domainBytes.length;
|
int finalLength = 32 + 8 /*+ hostBytes.length + domainBytes.length */;
|
||||||
|
|
||||||
// Set up the response. This will initialize the signature, message
|
// Set up the response. This will initialize the signature, message
|
||||||
// type, and flags.
|
// type, and flags.
|
||||||
|
@ -974,11 +975,11 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
|
|
||||||
// Flags. These are the complete set of flags we support.
|
// Flags. These are the complete set of flags we support.
|
||||||
addULong(
|
addULong(
|
||||||
FLAG_WORKSTATION_PRESENT |
|
//FLAG_WORKSTATION_PRESENT |
|
||||||
FLAG_DOMAIN_PRESENT |
|
//FLAG_DOMAIN_PRESENT |
|
||||||
|
|
||||||
// Required flags
|
// Required flags
|
||||||
//FLAG_REQUEST_LAN_MANAGER_KEY |
|
FLAG_REQUEST_LAN_MANAGER_KEY |
|
||||||
FLAG_REQUEST_NTLMv1 |
|
FLAG_REQUEST_NTLMv1 |
|
||||||
FLAG_REQUEST_NTLM2_SESSION |
|
FLAG_REQUEST_NTLM2_SESSION |
|
||||||
|
|
||||||
|
@ -986,28 +987,27 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
FLAG_REQUEST_VERSION |
|
FLAG_REQUEST_VERSION |
|
||||||
|
|
||||||
// Recommended privacy settings
|
// Recommended privacy settings
|
||||||
//FLAG_REQUEST_ALWAYS_SIGN |
|
FLAG_REQUEST_ALWAYS_SIGN |
|
||||||
//FLAG_REQUEST_SEAL |
|
//FLAG_REQUEST_SEAL |
|
||||||
//FLAG_REQUEST_SIGN |
|
FLAG_REQUEST_SIGN |
|
||||||
|
|
||||||
// These must be set according to documentation, based on use of SEAL above
|
// These must be set according to documentation, based on use of SEAL above
|
||||||
//FLAG_REQUEST_128BIT_KEY_EXCH |
|
FLAG_REQUEST_128BIT_KEY_EXCH |
|
||||||
//FLAG_REQUEST_56BIT_ENCRYPTION |
|
FLAG_REQUEST_56BIT_ENCRYPTION |
|
||||||
//FLAG_REQUEST_EXPLICIT_KEY_EXCH |
|
FLAG_REQUEST_EXPLICIT_KEY_EXCH |
|
||||||
|
|
||||||
FLAG_REQUEST_UNICODE_ENCODING |
|
FLAG_REQUEST_UNICODE_ENCODING);
|
||||||
FLAG_REQUEST_TARGET);
|
|
||||||
|
|
||||||
// Domain length (two times).
|
// Domain length (two times).
|
||||||
addUShort(domainBytes.length);
|
addUShort(/*domainBytes.length*/0);
|
||||||
addUShort(domainBytes.length);
|
addUShort(/*domainBytes.length*/0);
|
||||||
|
|
||||||
// Domain offset.
|
// Domain offset.
|
||||||
addULong(hostBytes.length + 32 + 8);
|
addULong(/*hostBytes.length +*/ 32 + 8);
|
||||||
|
|
||||||
// Host length (two times).
|
// Host length (two times).
|
||||||
addUShort(hostBytes.length);
|
addUShort(/*hostBytes.length*/0);
|
||||||
addUShort(hostBytes.length);
|
addUShort(/*hostBytes.length*/0);
|
||||||
|
|
||||||
// Host offset (always 32 + 8).
|
// Host offset (always 32 + 8).
|
||||||
addULong(32 + 8);
|
addULong(32 + 8);
|
||||||
|
@ -1017,14 +1017,14 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
// Build
|
// Build
|
||||||
addULong(2600);
|
addULong(2600);
|
||||||
// NTLM revision
|
// NTLM revision
|
||||||
addUShort(15);
|
addUShort(0x0f00);
|
||||||
|
|
||||||
|
|
||||||
// Host (workstation) String.
|
// Host (workstation) String.
|
||||||
addBytes(hostBytes);
|
//addBytes(hostBytes);
|
||||||
|
|
||||||
// Domain String.
|
// Domain String.
|
||||||
addBytes(domainBytes);
|
//addBytes(domainBytes);
|
||||||
|
|
||||||
|
|
||||||
return super.getResponse();
|
return super.getResponse();
|
||||||
|
@ -1149,7 +1149,9 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
// seems warranted.
|
// seems warranted.
|
||||||
byte[] userSessionKey;
|
byte[] userSessionKey;
|
||||||
try {
|
try {
|
||||||
if (((type2Flags & FLAG_REQUEST_NTLM2_SESSION) == 0) &&
|
// This conditional may not work on Windows Server 2008 R2 and above, where it has not yet
|
||||||
|
// been tested
|
||||||
|
if (((type2Flags & FLAG_TARGETINFO_PRESENT) != 0) &&
|
||||||
targetInformation != null && target != null) {
|
targetInformation != null && target != null) {
|
||||||
// NTLMv2
|
// NTLMv2
|
||||||
ntResp = gen.getNTLMv2Response();
|
ntResp = gen.getNTLMv2Response();
|
||||||
|
@ -1299,8 +1301,9 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
(type2Flags & FLAG_REQUEST_56BIT_ENCRYPTION) |
|
(type2Flags & FLAG_REQUEST_56BIT_ENCRYPTION) |
|
||||||
(type2Flags & FLAG_REQUEST_EXPLICIT_KEY_EXCH) |
|
(type2Flags & FLAG_REQUEST_EXPLICIT_KEY_EXCH) |
|
||||||
|
|
||||||
FLAG_REQUEST_UNICODE_ENCODING |
|
(type2Flags & FLAG_TARGETINFO_PRESENT) |
|
||||||
FLAG_REQUEST_TARGET
|
(type2Flags & FLAG_REQUEST_UNICODE_ENCODING) |
|
||||||
|
(type2Flags & FLAG_REQUEST_TARGET)
|
||||||
);
|
);
|
||||||
|
|
||||||
// Version
|
// Version
|
||||||
|
@ -1308,7 +1311,7 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
// Build
|
// Build
|
||||||
addULong(2600);
|
addULong(2600);
|
||||||
// NTLM revision
|
// NTLM revision
|
||||||
addUShort(15);
|
addUShort(0x0f00);
|
||||||
|
|
||||||
// Add the actual data
|
// Add the actual data
|
||||||
addBytes(lmResp);
|
addBytes(lmResp);
|
||||||
|
@ -1388,7 +1391,7 @@ final class NTLMEngineImpl implements NTLMEngine {
|
||||||
int transferAmt = input.length - inputIndex;
|
int transferAmt = input.length - inputIndex;
|
||||||
System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt);
|
System.arraycopy(input, inputIndex, dataBuffer, curBufferPos, transferAmt);
|
||||||
count += transferAmt;
|
count += transferAmt;
|
||||||
//curBufferPos += transferAmt;
|
curBufferPos += transferAmt;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue