fix: default to NTLM v2 in the network service for POSIX platforms (#23935)

* fix: default to NTLM v2 in the network service for POSIX platforms

* chore: update patch

docs/api/chrome-command-line-switches.md

@@ -28,6 +28,10 @@ Disables the disk cache for HTTP requests.
 
 Disable HTTP/2 and SPDY/3.1 protocols.
 
+### --disable-ntlm-v2
+
+Disables NTLM v2 for posix platforms, no effect elsewhere.
+
 ## --lang
 
 Set a custom locale.

patches/chromium/.patches

@@ -123,3 +123,4 @@ cherry-pick-7101418f85a0.patch
 cherry-pick-86c02c5dcd37.patch
 fix_hunspell_crash.patch
 introduce_a_mutex_for_the_rendering_loop_in_baseaudiocontext.patch
+fix_default_to_ntlm_v2_in_network_service.patch

patches/chromium/fix_default_to_ntlm_v2_in_network_service.patch

@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: deepak1556 <[email protected]>
+Date: Mon, 1 Jun 2020 20:36:16 +0000
+Subject: fix: default to NTLM v2 in network service for POSIX platforms
+
+NTLM always defaults to NTLM v2 at the //net layer for quite
+sometime now https://crbug.com/22532.
+
+Change-Id: I4ea2dedc10c63a7c4e00101c0acc6d8a713c5054
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2222116
+Auto-Submit: Deepak Mohan <[email protected]>
+Reviewed-by: Tom Sepez <[email protected]>
+Commit-Queue: Tom Sepez <[email protected]>
+Cr-Commit-Position: refs/heads/master@{#773809}
+
+diff --git a/services/network/public/mojom/network_service.mojom b/services/network/public/mojom/network_service.mojom
+index eae5e85eac3a0b946c413bb0b65510a95faba3b8..d63a9a325d3c5d51470d33dd30934ea14a169b0b 100644
+--- a/services/network/public/mojom/network_service.mojom
++++ b/services/network/public/mojom/network_service.mojom
+@@ -112,7 +112,7 @@ struct HttpAuthDynamicParams {
+   bool enable_negotiate_port = true;
+ 
+   // Whether NTLM V2 is enabled on POSIX platforms. No effect elsewhere.
+-  bool ntlm_v2_enabled = false;
++  bool ntlm_v2_enabled = true;
+ 
+   // The AccountManager AccountManagerget.AccountsByTypeAndFeatures on Android
+   // when using Negotiate authentication.

shell/browser/api/atom_api_session.cc

@@ -482,12 +482,14 @@ v8::Local<v8::Promise> Session::ClearAuthCache() {
 }
 
 void Session::AllowNTLMCredentialsForDomains(const std::string& domains) {
+  auto* command_line = base::CommandLine::ForCurrentProcess();
   network::mojom::HttpAuthDynamicParamsPtr auth_dynamic_params =
       network::mojom::HttpAuthDynamicParams::New();
   auth_dynamic_params->server_allowlist = domains;
   auth_dynamic_params->enable_negotiate_port =
-      base::CommandLine::ForCurrentProcess()->HasSwitch(
-          electron::switches::kEnableAuthNegotiatePort);
+      command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
+  auth_dynamic_params->ntlm_v2_enabled =
+      !command_line->HasSwitch(electron::switches::kDisableNTLMv2);
   content::GetNetworkService()->ConfigureHttpAuthPrefs(
       std::move(auth_dynamic_params));
 }

shell/browser/net/system_network_context_manager.cc

@@ -52,6 +52,8 @@ network::mojom::HttpAuthDynamicParamsPtr CreateHttpAuthDynamicParams() {
       electron::switches::kAuthNegotiateDelegateWhitelist);
   auth_dynamic_params->enable_negotiate_port =
       command_line->HasSwitch(electron::switches::kEnableAuthNegotiatePort);
+  auth_dynamic_params->ntlm_v2_enabled =
+      !command_line->HasSwitch(electron::switches::kDisableNTLMv2);
 
   return auth_dynamic_params;
 }

shell/common/options_switches.cc

@@ -271,6 +271,9 @@ const char kAuthNegotiateDelegateWhitelist[] =
 // If set, include the port in generated Kerberos SPNs.
 const char kEnableAuthNegotiatePort[] = "enable-auth-negotiate-port";
 
+// If set, NTLM v2 is disabled for POSIX platforms.
+const char kDisableNTLMv2[] = "disable-ntlm-v2";
+
 }  // namespace switches
 
 }  // namespace electron

shell/common/options_switches.h

@@ -130,6 +130,7 @@ extern const char kIgnoreConnectionsLimit[];
 extern const char kAuthServerWhitelist[];
 extern const char kAuthNegotiateDelegateWhitelist[];
 extern const char kEnableAuthNegotiatePort[];
+extern const char kDisableNTLMv2[];
 
 }  // namespace switches