mirror of
https://github.com/louislam/uptime-kuma.git
synced 2024-11-21 10:48:58 +01:00
Update dependencies and embed axios-ntlm 1.3.0 into the project (#4877)
This commit is contained in:
parent
dc15443716
commit
83969d2112
@ -1,7 +1,7 @@
|
|||||||
module.exports = {
|
module.exports = {
|
||||||
ignorePatterns: [
|
ignorePatterns: [
|
||||||
"test/*.js",
|
"test/*.js",
|
||||||
"server/modules/apicache/*",
|
"server/modules/*",
|
||||||
"src/util.js"
|
"src/util.js"
|
||||||
],
|
],
|
||||||
root: true,
|
root: true,
|
||||||
|
5065
package-lock.json
generated
5065
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -79,7 +79,6 @@
|
|||||||
"@vvo/tzdb": "^6.125.0",
|
"@vvo/tzdb": "^6.125.0",
|
||||||
"args-parser": "~1.3.0",
|
"args-parser": "~1.3.0",
|
||||||
"axios": "~0.28.1",
|
"axios": "~0.28.1",
|
||||||
"axios-ntlm": "1.3.0",
|
|
||||||
"badge-maker": "~3.3.1",
|
"badge-maker": "~3.3.1",
|
||||||
"bcryptjs": "~2.4.3",
|
"bcryptjs": "~2.4.3",
|
||||||
"chardet": "~1.4.0",
|
"chardet": "~1.4.0",
|
||||||
@ -91,6 +90,7 @@
|
|||||||
"compression": "~1.7.4",
|
"compression": "~1.7.4",
|
||||||
"croner": "~6.0.5",
|
"croner": "~6.0.5",
|
||||||
"dayjs": "~1.11.5",
|
"dayjs": "~1.11.5",
|
||||||
|
"dev-null": "^0.1.1",
|
||||||
"dotenv": "~16.0.3",
|
"dotenv": "~16.0.3",
|
||||||
"express": "~4.19.2",
|
"express": "~4.19.2",
|
||||||
"express-basic-auth": "~1.2.1",
|
"express-basic-auth": "~1.2.1",
|
||||||
@ -115,7 +115,7 @@
|
|||||||
"mitt": "~3.0.1",
|
"mitt": "~3.0.1",
|
||||||
"mongodb": "~4.17.1",
|
"mongodb": "~4.17.1",
|
||||||
"mqtt": "~4.3.7",
|
"mqtt": "~4.3.7",
|
||||||
"mssql": "~8.1.4",
|
"mssql": "~11.0.0",
|
||||||
"mysql2": "~3.9.6",
|
"mysql2": "~3.9.6",
|
||||||
"nanoid": "~3.3.4",
|
"nanoid": "~3.3.4",
|
||||||
"node-cloudflared-tunnel": "~1.0.9",
|
"node-cloudflared-tunnel": "~1.0.9",
|
||||||
@ -136,8 +136,8 @@
|
|||||||
"redbean-node": "~0.3.0",
|
"redbean-node": "~0.3.0",
|
||||||
"redis": "~4.5.1",
|
"redis": "~4.5.1",
|
||||||
"semver": "~7.5.4",
|
"semver": "~7.5.4",
|
||||||
"socket.io": "~4.6.1",
|
"socket.io": "~4.7.5",
|
||||||
"socket.io-client": "~4.6.1",
|
"socket.io-client": "~4.7.5",
|
||||||
"socks-proxy-agent": "6.1.1",
|
"socks-proxy-agent": "6.1.1",
|
||||||
"sqlite3": "~5.1.7",
|
"sqlite3": "~5.1.7",
|
||||||
"tar": "~6.2.1",
|
"tar": "~6.2.1",
|
||||||
|
21
server/modules/axios-ntlm/LICENSE
Normal file
21
server/modules/axios-ntlm/LICENSE
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2021 CatButtes
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
77
server/modules/axios-ntlm/lib/flags.js
Normal file
77
server/modules/axios-ntlm/lib/flags.js
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
'use strict';
|
||||||
|
// Original file https://raw.githubusercontent.com/elasticio/node-ntlm-client/master/lib/flags.js
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_UNICODE = 1 << 0;
|
||||||
|
/* Indicates that Unicode strings are supported for use in security buffer
|
||||||
|
data. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_OEM = 1 << 1;
|
||||||
|
/* Indicates that OEM strings are supported for use in security buffer data. */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_TARGET = 1 << 2;
|
||||||
|
/* Requests that the server's authentication realm be included in the Type 2
|
||||||
|
message. */
|
||||||
|
/* unknown (1<<3) */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_SIGN = 1 << 4;
|
||||||
|
/* Specifies that authenticated communication between the client and server
|
||||||
|
should carry a digital signature (message integrity). */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_SEAL = 1 << 5;
|
||||||
|
/* Specifies that authenticated communication between the client and server
|
||||||
|
should be encrypted (message confidentiality). */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE = 1 << 6;
|
||||||
|
/* Indicates that datagram authentication is being used. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_LM_KEY = 1 << 7;
|
||||||
|
/* Indicates that the LAN Manager session key should be used for signing and
|
||||||
|
sealing authenticated communications. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_NETWARE = 1 << 8;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_NTLM_KEY = 1 << 9;
|
||||||
|
/* Indicates that NTLM authentication is being used. */
|
||||||
|
/* unknown (1<<10) */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_ANONYMOUS = 1 << 11;
|
||||||
|
/* Sent by the client in the Type 3 message to indicate that an anonymous
|
||||||
|
context has been established. This also affects the response fields. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED = 1 << 12;
|
||||||
|
/* Sent by the client in the Type 1 message to indicate that a desired
|
||||||
|
authentication realm is included in the message. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 1 << 13;
|
||||||
|
/* Sent by the client in the Type 1 message to indicate that the client
|
||||||
|
workstation's name is included in the message. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_LOCAL_CALL = 1 << 14;
|
||||||
|
/* Sent by the server to indicate that the server and client are on the same
|
||||||
|
machine. Implies that the client may use a pre-established local security
|
||||||
|
context rather than responding to the challenge. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_ALWAYS_SIGN = 1 << 15;
|
||||||
|
/* Indicates that authenticated communication between the client and server
|
||||||
|
should be signed with a "dummy" signature. */
|
||||||
|
module.exports.NTLMFLAG_TARGET_TYPE_DOMAIN = 1 << 16;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that the target
|
||||||
|
authentication realm is a domain. */
|
||||||
|
module.exports.NTLMFLAG_TARGET_TYPE_SERVER = 1 << 17;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that the target
|
||||||
|
authentication realm is a server. */
|
||||||
|
module.exports.NTLMFLAG_TARGET_TYPE_SHARE = 1 << 18;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that the target
|
||||||
|
authentication realm is a share. Presumably, this is for share-level
|
||||||
|
authentication. Usage is unclear. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_NTLM2_KEY = 1 << 19;
|
||||||
|
/* Indicates that the NTLM2 signing and sealing scheme should be used for
|
||||||
|
protecting authenticated communications. */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_INIT_RESPONSE = 1 << 20;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_ACCEPT_RESPONSE = 1 << 21;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_NONNT_SESSION_KEY = 1 << 22;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_TARGET_INFO = 1 << 23;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that it is including a
|
||||||
|
Target Information block in the message. */
|
||||||
|
/* unknown (1<24) */
|
||||||
|
/* unknown (1<25) */
|
||||||
|
/* unknown (1<26) */
|
||||||
|
/* unknown (1<27) */
|
||||||
|
/* unknown (1<28) */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_128 = 1 << 29;
|
||||||
|
/* Indicates that 128-bit encryption is supported. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_KEY_EXCHANGE = 1 << 30;
|
||||||
|
/* Indicates that the client will provide an encrypted master key in
|
||||||
|
the "Session Key" field of the Type 3 message. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_56 = 1 << 31;
|
||||||
|
//# sourceMappingURL=flags.js.map
|
122
server/modules/axios-ntlm/lib/hash.js
Normal file
122
server/modules/axios-ntlm/lib/hash.js
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
'use strict';
|
||||||
|
// Original source at https://github.com/elasticio/node-ntlm-client/blob/master/lib/hash.js
|
||||||
|
var crypto = require('crypto');
|
||||||
|
function createLMResponse(challenge, lmhash) {
|
||||||
|
var buf = new Buffer.alloc(24), pwBuffer = new Buffer.alloc(21).fill(0);
|
||||||
|
lmhash.copy(pwBuffer);
|
||||||
|
calculateDES(pwBuffer.slice(0, 7), challenge).copy(buf);
|
||||||
|
calculateDES(pwBuffer.slice(7, 14), challenge).copy(buf, 8);
|
||||||
|
calculateDES(pwBuffer.slice(14), challenge).copy(buf, 16);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createLMHash(password) {
|
||||||
|
var buf = new Buffer.alloc(16), pwBuffer = new Buffer.alloc(14), magicKey = new Buffer.from('KGS!@#$%', 'ascii');
|
||||||
|
if (password.length > 14) {
|
||||||
|
buf.fill(0);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
pwBuffer.fill(0);
|
||||||
|
pwBuffer.write(password.toUpperCase(), 0, 'ascii');
|
||||||
|
return Buffer.concat([
|
||||||
|
calculateDES(pwBuffer.slice(0, 7), magicKey),
|
||||||
|
calculateDES(pwBuffer.slice(7), magicKey)
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
function calculateDES(key, message) {
|
||||||
|
var desKey = new Buffer.alloc(8);
|
||||||
|
desKey[0] = key[0] & 0xFE;
|
||||||
|
desKey[1] = ((key[0] << 7) & 0xFF) | (key[1] >> 1);
|
||||||
|
desKey[2] = ((key[1] << 6) & 0xFF) | (key[2] >> 2);
|
||||||
|
desKey[3] = ((key[2] << 5) & 0xFF) | (key[3] >> 3);
|
||||||
|
desKey[4] = ((key[3] << 4) & 0xFF) | (key[4] >> 4);
|
||||||
|
desKey[5] = ((key[4] << 3) & 0xFF) | (key[5] >> 5);
|
||||||
|
desKey[6] = ((key[5] << 2) & 0xFF) | (key[6] >> 6);
|
||||||
|
desKey[7] = (key[6] << 1) & 0xFF;
|
||||||
|
for (var i = 0; i < 8; i++) {
|
||||||
|
var parity = 0;
|
||||||
|
for (var j = 1; j < 8; j++) {
|
||||||
|
parity += (desKey[i] >> j) % 2;
|
||||||
|
}
|
||||||
|
desKey[i] |= (parity % 2) === 0 ? 1 : 0;
|
||||||
|
}
|
||||||
|
var des = crypto.createCipheriv('DES-ECB', desKey, '');
|
||||||
|
return des.update(message);
|
||||||
|
}
|
||||||
|
function createNTLMResponse(challenge, ntlmhash) {
|
||||||
|
var buf = new Buffer.alloc(24), ntlmBuffer = new Buffer.alloc(21).fill(0);
|
||||||
|
ntlmhash.copy(ntlmBuffer);
|
||||||
|
calculateDES(ntlmBuffer.slice(0, 7), challenge).copy(buf);
|
||||||
|
calculateDES(ntlmBuffer.slice(7, 14), challenge).copy(buf, 8);
|
||||||
|
calculateDES(ntlmBuffer.slice(14), challenge).copy(buf, 16);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createNTLMHash(password) {
|
||||||
|
var md4sum = crypto.createHash('md4');
|
||||||
|
md4sum.update(new Buffer.from(password, 'ucs2'));
|
||||||
|
return md4sum.digest();
|
||||||
|
}
|
||||||
|
function createNTLMv2Hash(ntlmhash, username, authTargetName) {
|
||||||
|
var hmac = crypto.createHmac('md5', ntlmhash);
|
||||||
|
hmac.update(new Buffer.from(username.toUpperCase() + authTargetName, 'ucs2'));
|
||||||
|
return hmac.digest();
|
||||||
|
}
|
||||||
|
function createLMv2Response(type2message, username, ntlmhash, nonce, targetName) {
|
||||||
|
var buf = new Buffer.alloc(24), ntlm2hash = createNTLMv2Hash(ntlmhash, username, targetName), hmac = crypto.createHmac('md5', ntlm2hash);
|
||||||
|
//server challenge
|
||||||
|
type2message.challenge.copy(buf, 8);
|
||||||
|
//client nonce
|
||||||
|
buf.write(nonce || createPseudoRandomValue(16), 16, 'hex');
|
||||||
|
//create hash
|
||||||
|
hmac.update(buf.slice(8));
|
||||||
|
var hashedBuffer = hmac.digest();
|
||||||
|
hashedBuffer.copy(buf);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createNTLMv2Response(type2message, username, ntlmhash, nonce, targetName) {
|
||||||
|
var buf = new Buffer.alloc(48 + type2message.targetInfo.buffer.length), ntlm2hash = createNTLMv2Hash(ntlmhash, username, targetName), hmac = crypto.createHmac('md5', ntlm2hash);
|
||||||
|
//the first 8 bytes are spare to store the hashed value before the blob
|
||||||
|
//server challenge
|
||||||
|
type2message.challenge.copy(buf, 8);
|
||||||
|
//blob signature
|
||||||
|
buf.writeUInt32BE(0x01010000, 16);
|
||||||
|
//reserved
|
||||||
|
buf.writeUInt32LE(0, 20);
|
||||||
|
//timestamp
|
||||||
|
//TODO: we are loosing precision here since js is not able to handle those large integers
|
||||||
|
// maybe think about a different solution here
|
||||||
|
// 11644473600000 = diff between 1970 and 1601
|
||||||
|
var timestamp = ((Date.now() + 11644473600000) * 10000).toString(16);
|
||||||
|
var timestampLow = Number('0x' + timestamp.substring(Math.max(0, timestamp.length - 8)));
|
||||||
|
var timestampHigh = Number('0x' + timestamp.substring(0, Math.max(0, timestamp.length - 8)));
|
||||||
|
buf.writeUInt32LE(timestampLow, 24, false);
|
||||||
|
buf.writeUInt32LE(timestampHigh, 28, false);
|
||||||
|
//random client nonce
|
||||||
|
buf.write(nonce || createPseudoRandomValue(16), 32, 'hex');
|
||||||
|
//zero
|
||||||
|
buf.writeUInt32LE(0, 40);
|
||||||
|
//complete target information block from type 2 message
|
||||||
|
type2message.targetInfo.buffer.copy(buf, 44);
|
||||||
|
//zero
|
||||||
|
buf.writeUInt32LE(0, 44 + type2message.targetInfo.buffer.length);
|
||||||
|
hmac.update(buf.slice(8));
|
||||||
|
var hashedBuffer = hmac.digest();
|
||||||
|
hashedBuffer.copy(buf);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createPseudoRandomValue(length) {
|
||||||
|
var str = '';
|
||||||
|
while (str.length < length) {
|
||||||
|
str += Math.floor(Math.random() * 16).toString(16);
|
||||||
|
}
|
||||||
|
return str;
|
||||||
|
}
|
||||||
|
module.exports = {
|
||||||
|
createLMHash: createLMHash,
|
||||||
|
createNTLMHash: createNTLMHash,
|
||||||
|
createLMResponse: createLMResponse,
|
||||||
|
createNTLMResponse: createNTLMResponse,
|
||||||
|
createLMv2Response: createLMv2Response,
|
||||||
|
createNTLMv2Response: createNTLMv2Response,
|
||||||
|
createPseudoRandomValue: createPseudoRandomValue
|
||||||
|
};
|
||||||
|
//# sourceMappingURL=hash.js.map
|
220
server/modules/axios-ntlm/lib/ntlm.js
Normal file
220
server/modules/axios-ntlm/lib/ntlm.js
Normal file
@ -0,0 +1,220 @@
|
|||||||
|
'use strict';
|
||||||
|
// Original file https://raw.githubusercontent.com/elasticio/node-ntlm-client/master/lib/ntlm.js
|
||||||
|
var os = require('os'), flags = require('./flags'), hash = require('./hash');
|
||||||
|
var NTLMSIGNATURE = "NTLMSSP\0";
|
||||||
|
function createType1Message(workstation, target) {
|
||||||
|
var dataPos = 32, pos = 0, buf = new Buffer.alloc(1024);
|
||||||
|
workstation = workstation === undefined ? os.hostname() : workstation;
|
||||||
|
target = target === undefined ? '' : target;
|
||||||
|
//signature
|
||||||
|
buf.write(NTLMSIGNATURE, pos, NTLMSIGNATURE.length, 'ascii');
|
||||||
|
pos += NTLMSIGNATURE.length;
|
||||||
|
//message type
|
||||||
|
buf.writeUInt32LE(1, pos);
|
||||||
|
pos += 4;
|
||||||
|
//flags
|
||||||
|
buf.writeUInt32LE(flags.NTLMFLAG_NEGOTIATE_OEM |
|
||||||
|
flags.NTLMFLAG_REQUEST_TARGET |
|
||||||
|
flags.NTLMFLAG_NEGOTIATE_NTLM_KEY |
|
||||||
|
flags.NTLMFLAG_NEGOTIATE_NTLM2_KEY |
|
||||||
|
flags.NTLMFLAG_NEGOTIATE_ALWAYS_SIGN, pos);
|
||||||
|
pos += 4;
|
||||||
|
//domain security buffer
|
||||||
|
buf.writeUInt16LE(target.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt16LE(target.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt32LE(target.length === 0 ? 0 : dataPos, pos);
|
||||||
|
pos += 4;
|
||||||
|
if (target.length > 0) {
|
||||||
|
dataPos += buf.write(target, dataPos, 'ascii');
|
||||||
|
}
|
||||||
|
//workstation security buffer
|
||||||
|
buf.writeUInt16LE(workstation.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt16LE(workstation.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt32LE(workstation.length === 0 ? 0 : dataPos, pos);
|
||||||
|
pos += 4;
|
||||||
|
if (workstation.length > 0) {
|
||||||
|
dataPos += buf.write(workstation, dataPos, 'ascii');
|
||||||
|
}
|
||||||
|
return 'NTLM ' + buf.toString('base64', 0, dataPos);
|
||||||
|
}
|
||||||
|
function decodeType2Message(str) {
|
||||||
|
if (str === undefined) {
|
||||||
|
throw new Error('Invalid argument');
|
||||||
|
}
|
||||||
|
//convenience
|
||||||
|
if (Object.prototype.toString.call(str) !== '[object String]') {
|
||||||
|
if (str.hasOwnProperty('headers') && str.headers.hasOwnProperty('www-authenticate')) {
|
||||||
|
str = str.headers['www-authenticate'];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
throw new Error('Invalid argument');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
var ntlmMatch = /^NTLM ([^,\s]+)/.exec(str);
|
||||||
|
if (ntlmMatch) {
|
||||||
|
str = ntlmMatch[1];
|
||||||
|
}
|
||||||
|
var buf = new Buffer.from(str, 'base64'), obj = {};
|
||||||
|
//check signature
|
||||||
|
if (buf.toString('ascii', 0, NTLMSIGNATURE.length) !== NTLMSIGNATURE) {
|
||||||
|
throw new Error('Invalid message signature: ' + str);
|
||||||
|
}
|
||||||
|
//check message type
|
||||||
|
if (buf.readUInt32LE(NTLMSIGNATURE.length) !== 2) {
|
||||||
|
throw new Error('Invalid message type (no type 2)');
|
||||||
|
}
|
||||||
|
//read flags
|
||||||
|
obj.flags = buf.readUInt32LE(20);
|
||||||
|
obj.encoding = (obj.flags & flags.NTLMFLAG_NEGOTIATE_OEM) ? 'ascii' : 'ucs2';
|
||||||
|
obj.version = (obj.flags & flags.NTLMFLAG_NEGOTIATE_NTLM2_KEY) ? 2 : 1;
|
||||||
|
obj.challenge = buf.slice(24, 32);
|
||||||
|
//read target name
|
||||||
|
obj.targetName = (function () {
|
||||||
|
var length = buf.readUInt16LE(12);
|
||||||
|
//skipping allocated space
|
||||||
|
var offset = buf.readUInt32LE(16);
|
||||||
|
if (length === 0) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
if ((offset + length) > buf.length || offset < 32) {
|
||||||
|
throw new Error('Bad type 2 message');
|
||||||
|
}
|
||||||
|
return buf.toString(obj.encoding, offset, offset + length);
|
||||||
|
})();
|
||||||
|
//read target info
|
||||||
|
if (obj.flags & flags.NTLMFLAG_NEGOTIATE_TARGET_INFO) {
|
||||||
|
obj.targetInfo = (function () {
|
||||||
|
var info = {};
|
||||||
|
var length = buf.readUInt16LE(40);
|
||||||
|
//skipping allocated space
|
||||||
|
var offset = buf.readUInt32LE(44);
|
||||||
|
var targetInfoBuffer = new Buffer.alloc(length);
|
||||||
|
buf.copy(targetInfoBuffer, 0, offset, offset + length);
|
||||||
|
if (length === 0) {
|
||||||
|
return info;
|
||||||
|
}
|
||||||
|
if ((offset + length) > buf.length || offset < 32) {
|
||||||
|
throw new Error('Bad type 2 message');
|
||||||
|
}
|
||||||
|
var pos = offset;
|
||||||
|
while (pos < (offset + length)) {
|
||||||
|
var blockType = buf.readUInt16LE(pos);
|
||||||
|
pos += 2;
|
||||||
|
var blockLength = buf.readUInt16LE(pos);
|
||||||
|
pos += 2;
|
||||||
|
if (blockType === 0) {
|
||||||
|
//reached the terminator subblock
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
var blockTypeStr = void 0;
|
||||||
|
switch (blockType) {
|
||||||
|
case 1:
|
||||||
|
blockTypeStr = 'SERVER';
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
blockTypeStr = 'DOMAIN';
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
blockTypeStr = 'FQDN';
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
blockTypeStr = 'DNS';
|
||||||
|
break;
|
||||||
|
case 5:
|
||||||
|
blockTypeStr = 'PARENT_DNS';
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
blockTypeStr = '';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (blockTypeStr) {
|
||||||
|
info[blockTypeStr] = buf.toString('ucs2', pos, pos + blockLength);
|
||||||
|
}
|
||||||
|
pos += blockLength;
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
parsed: info,
|
||||||
|
buffer: targetInfoBuffer
|
||||||
|
};
|
||||||
|
})();
|
||||||
|
}
|
||||||
|
return obj;
|
||||||
|
}
|
||||||
|
function createType3Message(type2Message, username, password, workstation, target) {
|
||||||
|
var dataPos = 52, buf = new Buffer.alloc(1024);
|
||||||
|
if (workstation === undefined) {
|
||||||
|
workstation = os.hostname();
|
||||||
|
}
|
||||||
|
if (target === undefined) {
|
||||||
|
target = type2Message.targetName;
|
||||||
|
}
|
||||||
|
//signature
|
||||||
|
buf.write(NTLMSIGNATURE, 0, NTLMSIGNATURE.length, 'ascii');
|
||||||
|
//message type
|
||||||
|
buf.writeUInt32LE(3, 8);
|
||||||
|
if (type2Message.version === 2) {
|
||||||
|
dataPos = 64;
|
||||||
|
var ntlmHash = hash.createNTLMHash(password), nonce = hash.createPseudoRandomValue(16), lmv2 = hash.createLMv2Response(type2Message, username, ntlmHash, nonce, target), ntlmv2 = hash.createNTLMv2Response(type2Message, username, ntlmHash, nonce, target);
|
||||||
|
//lmv2 security buffer
|
||||||
|
buf.writeUInt16LE(lmv2.length, 12);
|
||||||
|
buf.writeUInt16LE(lmv2.length, 14);
|
||||||
|
buf.writeUInt32LE(dataPos, 16);
|
||||||
|
lmv2.copy(buf, dataPos);
|
||||||
|
dataPos += lmv2.length;
|
||||||
|
//ntlmv2 security buffer
|
||||||
|
buf.writeUInt16LE(ntlmv2.length, 20);
|
||||||
|
buf.writeUInt16LE(ntlmv2.length, 22);
|
||||||
|
buf.writeUInt32LE(dataPos, 24);
|
||||||
|
ntlmv2.copy(buf, dataPos);
|
||||||
|
dataPos += ntlmv2.length;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
var lmHash = hash.createLMHash(password), ntlmHash = hash.createNTLMHash(password), lm = hash.createLMResponse(type2Message.challenge, lmHash), ntlm = hash.createNTLMResponse(type2Message.challenge, ntlmHash);
|
||||||
|
//lm security buffer
|
||||||
|
buf.writeUInt16LE(lm.length, 12);
|
||||||
|
buf.writeUInt16LE(lm.length, 14);
|
||||||
|
buf.writeUInt32LE(dataPos, 16);
|
||||||
|
lm.copy(buf, dataPos);
|
||||||
|
dataPos += lm.length;
|
||||||
|
//ntlm security buffer
|
||||||
|
buf.writeUInt16LE(ntlm.length, 20);
|
||||||
|
buf.writeUInt16LE(ntlm.length, 22);
|
||||||
|
buf.writeUInt32LE(dataPos, 24);
|
||||||
|
ntlm.copy(buf, dataPos);
|
||||||
|
dataPos += ntlm.length;
|
||||||
|
}
|
||||||
|
//target name security buffer
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? target.length : target.length * 2, 28);
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? target.length : target.length * 2, 30);
|
||||||
|
buf.writeUInt32LE(dataPos, 32);
|
||||||
|
dataPos += buf.write(target, dataPos, type2Message.encoding);
|
||||||
|
//user name security buffer
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? username.length : username.length * 2, 36);
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? username.length : username.length * 2, 38);
|
||||||
|
buf.writeUInt32LE(dataPos, 40);
|
||||||
|
dataPos += buf.write(username, dataPos, type2Message.encoding);
|
||||||
|
//workstation name security buffer
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? workstation.length : workstation.length * 2, 44);
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? workstation.length : workstation.length * 2, 46);
|
||||||
|
buf.writeUInt32LE(dataPos, 48);
|
||||||
|
dataPos += buf.write(workstation, dataPos, type2Message.encoding);
|
||||||
|
if (type2Message.version === 2) {
|
||||||
|
//session key security buffer
|
||||||
|
buf.writeUInt16LE(0, 52);
|
||||||
|
buf.writeUInt16LE(0, 54);
|
||||||
|
buf.writeUInt32LE(0, 56);
|
||||||
|
//flags
|
||||||
|
buf.writeUInt32LE(type2Message.flags, 60);
|
||||||
|
}
|
||||||
|
return 'NTLM ' + buf.toString('base64', 0, dataPos);
|
||||||
|
}
|
||||||
|
module.exports = {
|
||||||
|
createType1Message: createType1Message,
|
||||||
|
decodeType2Message: decodeType2Message,
|
||||||
|
createType3Message: createType3Message
|
||||||
|
};
|
||||||
|
//# sourceMappingURL=ntlm.js.map
|
127
server/modules/axios-ntlm/lib/ntlmClient.js
Normal file
127
server/modules/axios-ntlm/lib/ntlmClient.js
Normal file
@ -0,0 +1,127 @@
|
|||||||
|
"use strict";
|
||||||
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||||
|
if (k2 === undefined) k2 = k;
|
||||||
|
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
|
||||||
|
}) : (function(o, m, k, k2) {
|
||||||
|
if (k2 === undefined) k2 = k;
|
||||||
|
o[k2] = m[k];
|
||||||
|
}));
|
||||||
|
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||||
|
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||||
|
}) : function(o, v) {
|
||||||
|
o["default"] = v;
|
||||||
|
});
|
||||||
|
var __importStar = (this && this.__importStar) || function (mod) {
|
||||||
|
if (mod && mod.__esModule) return mod;
|
||||||
|
var result = {};
|
||||||
|
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
||||||
|
__setModuleDefault(result, mod);
|
||||||
|
return result;
|
||||||
|
};
|
||||||
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||||
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||||
|
return new (P || (P = Promise))(function (resolve, reject) {
|
||||||
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||||
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||||
|
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||||
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||||
|
});
|
||||||
|
};
|
||||||
|
var __generator = (this && this.__generator) || function (thisArg, body) {
|
||||||
|
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
||||||
|
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
||||||
|
function verb(n) { return function (v) { return step([n, v]); }; }
|
||||||
|
function step(op) {
|
||||||
|
if (f) throw new TypeError("Generator is already executing.");
|
||||||
|
while (_) try {
|
||||||
|
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
||||||
|
if (y = 0, t) op = [op[0] & 2, t.value];
|
||||||
|
switch (op[0]) {
|
||||||
|
case 0: case 1: t = op; break;
|
||||||
|
case 4: _.label++; return { value: op[1], done: false };
|
||||||
|
case 5: _.label++; y = op[1]; op = [0]; continue;
|
||||||
|
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
||||||
|
default:
|
||||||
|
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
||||||
|
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
||||||
|
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
||||||
|
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
||||||
|
if (t[2]) _.ops.pop();
|
||||||
|
_.trys.pop(); continue;
|
||||||
|
}
|
||||||
|
op = body.call(thisArg, _);
|
||||||
|
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
||||||
|
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
||||||
|
}
|
||||||
|
};
|
||||||
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||||
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||||
|
};
|
||||||
|
Object.defineProperty(exports, "__esModule", { value: true });
|
||||||
|
exports.NtlmClient = void 0;
|
||||||
|
var axios_1 = __importDefault(require("axios"));
|
||||||
|
var ntlm = __importStar(require("./ntlm"));
|
||||||
|
var https = __importStar(require("https"));
|
||||||
|
var http = __importStar(require("http"));
|
||||||
|
var dev_null_1 = __importDefault(require("dev-null"));
|
||||||
|
/**
|
||||||
|
* @param credentials An NtlmCredentials object containing the username and password
|
||||||
|
* @param AxiosConfig The Axios config for the instance you wish to create
|
||||||
|
*
|
||||||
|
* @returns This function returns an axios instance configured to use the provided credentials
|
||||||
|
*/
|
||||||
|
function NtlmClient(credentials, AxiosConfig) {
|
||||||
|
var _this = this;
|
||||||
|
var config = AxiosConfig !== null && AxiosConfig !== void 0 ? AxiosConfig : {};
|
||||||
|
if (!config.httpAgent) {
|
||||||
|
config.httpAgent = new http.Agent({ keepAlive: true });
|
||||||
|
}
|
||||||
|
if (!config.httpsAgent) {
|
||||||
|
config.httpsAgent = new https.Agent({ keepAlive: true });
|
||||||
|
}
|
||||||
|
var client = axios_1.default.create(config);
|
||||||
|
client.interceptors.response.use(function (response) {
|
||||||
|
return response;
|
||||||
|
}, function (err) { return __awaiter(_this, void 0, void 0, function () {
|
||||||
|
var error, t1Msg, t2Msg, t3Msg, stream_1;
|
||||||
|
var _a;
|
||||||
|
return __generator(this, function (_b) {
|
||||||
|
switch (_b.label) {
|
||||||
|
case 0:
|
||||||
|
error = err.response;
|
||||||
|
if (!(error && error.status === 401
|
||||||
|
&& error.headers['www-authenticate']
|
||||||
|
&& error.headers['www-authenticate'].includes('NTLM'))) return [3 /*break*/, 3];
|
||||||
|
// This length check is a hack because SharePoint is awkward and will
|
||||||
|
// include the Negotiate option when responding with the T2 message
|
||||||
|
// There is nore we could do to ensure we are processing correctly,
|
||||||
|
// but this is the easiest option for now
|
||||||
|
if (error.headers['www-authenticate'].length < 50) {
|
||||||
|
t1Msg = ntlm.createType1Message(credentials.workstation, credentials.domain);
|
||||||
|
error.config.headers["Authorization"] = t1Msg;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
t2Msg = ntlm.decodeType2Message((error.headers['www-authenticate'].match(/^NTLM\s+(.+?)(,|\s+|$)/) || [])[1]);
|
||||||
|
t3Msg = ntlm.createType3Message(t2Msg, credentials.username, credentials.password, credentials.workstation, credentials.domain);
|
||||||
|
error.config.headers["X-retry"] = "false";
|
||||||
|
error.config.headers["Authorization"] = t3Msg;
|
||||||
|
}
|
||||||
|
if (!(error.config.responseType === "stream")) return [3 /*break*/, 2];
|
||||||
|
stream_1 = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data;
|
||||||
|
if (!(stream_1 && !stream_1.readableEnded)) return [3 /*break*/, 2];
|
||||||
|
return [4 /*yield*/, new Promise(function (resolve) {
|
||||||
|
stream_1.pipe((0, dev_null_1.default)());
|
||||||
|
stream_1.once('close', resolve);
|
||||||
|
})];
|
||||||
|
case 1:
|
||||||
|
_b.sent();
|
||||||
|
_b.label = 2;
|
||||||
|
case 2: return [2 /*return*/, client(error.config)];
|
||||||
|
case 3: throw err;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}); });
|
||||||
|
return client;
|
||||||
|
}
|
||||||
|
exports.NtlmClient = NtlmClient;
|
||||||
|
//# sourceMappingURL=ntlmClient.js.map
|
@ -11,7 +11,7 @@ const mssql = require("mssql");
|
|||||||
const { Client } = require("pg");
|
const { Client } = require("pg");
|
||||||
const postgresConParse = require("pg-connection-string").parse;
|
const postgresConParse = require("pg-connection-string").parse;
|
||||||
const mysql = require("mysql2");
|
const mysql = require("mysql2");
|
||||||
const { NtlmClient } = require("axios-ntlm");
|
const { NtlmClient } = require("./modules/axios-ntlm/lib/ntlmClient.js");
|
||||||
const { Settings } = require("./settings");
|
const { Settings } = require("./settings");
|
||||||
const grpc = require("@grpc/grpc-js");
|
const grpc = require("@grpc/grpc-js");
|
||||||
const protojs = require("protobufjs");
|
const protojs = require("protobufjs");
|
||||||
|
Loading…
Reference in New Issue
Block a user