From d9f5200fb852ae9dbe89bbc511960bfd51ecd091 Mon Sep 17 00:00:00 2001
From: Peter Hartmann <phartmann@blackberry.com>
Date: Fri, 7 Mar 2014 14:49:34 +0100
Subject: network: add support for NTLM Session Security

tested manually with internal proxy.

Patch-by: Jonathan Lauvernier <Jonathan.Lauvernier@gmail.com>

Change-Id: Ief5b4579b3444ce70eb99637edf771d37d3971fb
Reviewed-by: Peter Hartmann <phartmann@blackberry.com>
---
 src/network/kernel/qauthenticator.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/network/kernel/qauthenticator.cpp b/src/network/kernel/qauthenticator.cpp
index edbbbf5a75..f7b956651f 100644
--- a/src/network/kernel/qauthenticator.cpp
+++ b/src/network/kernel/qauthenticator.cpp
@@ -981,7 +981,7 @@ public:
     QNtlmPhase1Block() {
         qstrncpy(magic, "NTLMSSP", 8);
         type = 1;
-        flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_REQUEST_TARGET;
+        flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_NTLM2;
     }
 
     // extracted
@@ -1423,9 +1423,16 @@ static QByteArray qNtlmPhase3(QAuthenticatorPrivate *ctx, const QByteArray& phas
     ds.setByteOrder(QDataStream::LittleEndian);
     QNtlmPhase3Block pb;
 
+    // set NTLMv2
+    if (ch.flags & NTLMSSP_NEGOTIATE_NTLM2)
+        pb.flags |= NTLMSSP_NEGOTIATE_NTLM2;
+
+    // set Always Sign
+    if (ch.flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+        pb.flags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+
     bool unicode = ch.flags & NTLMSSP_NEGOTIATE_UNICODE;
 
-    pb.flags = NTLMSSP_NEGOTIATE_NTLM;
     if (unicode)
         pb.flags |= NTLMSSP_NEGOTIATE_UNICODE;
     else
-- 
cgit v1.2.3