--- a/jdk/src/share/classes/com/sun/security/ntlm/Server.java Tue Jul 08 12:38:47 2014 -0700
+++ b/jdk/src/share/classes/com/sun/security/ntlm/Server.java Wed Jul 09 15:10:42 2014 +0800
@@ -1,3 +1,4 @@
+
/*
* Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
@@ -92,7 +93,9 @@
debug("NTLM Server: Type 1 received\n");
if (type1 != null) debug(type1);
Writer p = new Writer(2, 32);
- int flags = 0x80205;
+ // Negotiate NTLM2 Key, Target Type Domain,
+ // Negotiate NTLM, Request Target, Negotiate unicode
+ int flags = 0x90205;
p.writeSecurityBuffer(12, domain, true);
p.writeInt(20, flags);
p.writeBytes(24, nonce);
@@ -127,8 +130,9 @@
"Wrong domain: " + incomingDomain +
" vs " + domain); // Needed?
}*/
+
boolean verified = false;
- char[] password = getPassword(domain, username);
+ char[] password = getPassword(incomingDomain, username);
if (password == null) {
throw new NTLMException(NTLMException.USER_UNKNOWN,
"Unknown user");
@@ -179,6 +183,8 @@
}
}
if (incomingNTLM.length > 0) {
+ // We didn't sent alist in type2(), so there
+ // is nothing to check here.
byte[] clientBlob = Arrays.copyOfRange(
incomingNTLM, 16, incomingNTLM.length);
byte[] ntlmresponse = calcV2(nthash,