diff options
| author | Daniel Baumann <daniel@debian.org> | 2024-11-26 09:28:28 +0100 |
|---|---|---|
| committer | Daniel Baumann <daniel@debian.org> | 2024-11-26 12:25:58 +0100 |
| commit | a1882b67c41fe9901a0cd8059b5cc78a5beadec0 (patch) | |
| tree | 2a24507c67aa99a15416707b2f7e645142230ed8 /server/modules/axios-ntlm | |
| parent | Initial commit. (diff) | |
| download | uptime-kuma-a1882b67c41fe9901a0cd8059b5cc78a5beadec0.tar.xz uptime-kuma-a1882b67c41fe9901a0cd8059b5cc78a5beadec0.zip | |
Adding upstream version 2.0.0~beta.0+dfsg.upstream/2.0.0_beta.0+dfsgupstream
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to 'server/modules/axios-ntlm')
| -rw-r--r-- | server/modules/axios-ntlm/LICENSE | 21 | ||||
| -rw-r--r-- | server/modules/axios-ntlm/lib/flags.js | 77 | ||||
| -rw-r--r-- | server/modules/axios-ntlm/lib/hash.js | 122 | ||||
| -rw-r--r-- | server/modules/axios-ntlm/lib/ntlm.js | 220 | ||||
| -rw-r--r-- | server/modules/axios-ntlm/lib/ntlmClient.js | 127 |
5 files changed, 567 insertions, 0 deletions
diff --git a/server/modules/axios-ntlm/LICENSE b/server/modules/axios-ntlm/LICENSE new file mode 100644 index 0000000..1744ee4 --- /dev/null +++ b/server/modules/axios-ntlm/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 CatButtes + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/server/modules/axios-ntlm/lib/flags.js b/server/modules/axios-ntlm/lib/flags.js new file mode 100644 index 0000000..c16028c --- /dev/null +++ b/server/modules/axios-ntlm/lib/flags.js @@ -0,0 +1,77 @@ +'use strict'; +// Original file https://raw.githubusercontent.com/elasticio/node-ntlm-client/master/lib/flags.js +module.exports.NTLMFLAG_NEGOTIATE_UNICODE = 1 << 0; +/* Indicates that Unicode strings are supported for use in security buffer + data. */ +module.exports.NTLMFLAG_NEGOTIATE_OEM = 1 << 1; +/* Indicates that OEM strings are supported for use in security buffer data. */ +module.exports.NTLMFLAG_REQUEST_TARGET = 1 << 2; +/* Requests that the server's authentication realm be included in the Type 2 + message. */ +/* unknown (1<<3) */ +module.exports.NTLMFLAG_NEGOTIATE_SIGN = 1 << 4; +/* Specifies that authenticated communication between the client and server + should carry a digital signature (message integrity). */ +module.exports.NTLMFLAG_NEGOTIATE_SEAL = 1 << 5; +/* Specifies that authenticated communication between the client and server + should be encrypted (message confidentiality). */ +module.exports.NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE = 1 << 6; +/* Indicates that datagram authentication is being used. */ +module.exports.NTLMFLAG_NEGOTIATE_LM_KEY = 1 << 7; +/* Indicates that the LAN Manager session key should be used for signing and + sealing authenticated communications. */ +module.exports.NTLMFLAG_NEGOTIATE_NETWARE = 1 << 8; +/* unknown purpose */ +module.exports.NTLMFLAG_NEGOTIATE_NTLM_KEY = 1 << 9; +/* Indicates that NTLM authentication is being used. */ +/* unknown (1<<10) */ +module.exports.NTLMFLAG_NEGOTIATE_ANONYMOUS = 1 << 11; +/* Sent by the client in the Type 3 message to indicate that an anonymous + context has been established. This also affects the response fields. */ +module.exports.NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED = 1 << 12; +/* Sent by the client in the Type 1 message to indicate that a desired + authentication realm is included in the message. */ +module.exports.NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 1 << 13; +/* Sent by the client in the Type 1 message to indicate that the client + workstation's name is included in the message. */ +module.exports.NTLMFLAG_NEGOTIATE_LOCAL_CALL = 1 << 14; +/* Sent by the server to indicate that the server and client are on the same + machine. Implies that the client may use a pre-established local security + context rather than responding to the challenge. */ +module.exports.NTLMFLAG_NEGOTIATE_ALWAYS_SIGN = 1 << 15; +/* Indicates that authenticated communication between the client and server + should be signed with a "dummy" signature. */ +module.exports.NTLMFLAG_TARGET_TYPE_DOMAIN = 1 << 16; +/* Sent by the server in the Type 2 message to indicate that the target + authentication realm is a domain. */ +module.exports.NTLMFLAG_TARGET_TYPE_SERVER = 1 << 17; +/* Sent by the server in the Type 2 message to indicate that the target + authentication realm is a server. */ +module.exports.NTLMFLAG_TARGET_TYPE_SHARE = 1 << 18; +/* Sent by the server in the Type 2 message to indicate that the target + authentication realm is a share. Presumably, this is for share-level + authentication. Usage is unclear. */ +module.exports.NTLMFLAG_NEGOTIATE_NTLM2_KEY = 1 << 19; +/* Indicates that the NTLM2 signing and sealing scheme should be used for + protecting authenticated communications. */ +module.exports.NTLMFLAG_REQUEST_INIT_RESPONSE = 1 << 20; +/* unknown purpose */ +module.exports.NTLMFLAG_REQUEST_ACCEPT_RESPONSE = 1 << 21; +/* unknown purpose */ +module.exports.NTLMFLAG_REQUEST_NONNT_SESSION_KEY = 1 << 22; +/* unknown purpose */ +module.exports.NTLMFLAG_NEGOTIATE_TARGET_INFO = 1 << 23; +/* Sent by the server in the Type 2 message to indicate that it is including a + Target Information block in the message. */ +/* unknown (1<24) */ +/* unknown (1<25) */ +/* unknown (1<26) */ +/* unknown (1<27) */ +/* unknown (1<28) */ +module.exports.NTLMFLAG_NEGOTIATE_128 = 1 << 29; +/* Indicates that 128-bit encryption is supported. */ +module.exports.NTLMFLAG_NEGOTIATE_KEY_EXCHANGE = 1 << 30; +/* Indicates that the client will provide an encrypted master key in + the "Session Key" field of the Type 3 message. */ +module.exports.NTLMFLAG_NEGOTIATE_56 = 1 << 31; +//# sourceMappingURL=flags.js.map
\ No newline at end of file diff --git a/server/modules/axios-ntlm/lib/hash.js b/server/modules/axios-ntlm/lib/hash.js new file mode 100644 index 0000000..4e5aa26 --- /dev/null +++ b/server/modules/axios-ntlm/lib/hash.js @@ -0,0 +1,122 @@ +'use strict'; +// Original source at https://github.com/elasticio/node-ntlm-client/blob/master/lib/hash.js +var crypto = require('crypto'); +function createLMResponse(challenge, lmhash) { + var buf = new Buffer.alloc(24), pwBuffer = new Buffer.alloc(21).fill(0); + lmhash.copy(pwBuffer); + calculateDES(pwBuffer.slice(0, 7), challenge).copy(buf); + calculateDES(pwBuffer.slice(7, 14), challenge).copy(buf, 8); + calculateDES(pwBuffer.slice(14), challenge).copy(buf, 16); + return buf; +} +function createLMHash(password) { + var buf = new Buffer.alloc(16), pwBuffer = new Buffer.alloc(14), magicKey = new Buffer.from('KGS!@#$%', 'ascii'); + if (password.length > 14) { + buf.fill(0); + return buf; + } + pwBuffer.fill(0); + pwBuffer.write(password.toUpperCase(), 0, 'ascii'); + return Buffer.concat([ + calculateDES(pwBuffer.slice(0, 7), magicKey), + calculateDES(pwBuffer.slice(7), magicKey) + ]); +} +function calculateDES(key, message) { + var desKey = new Buffer.alloc(8); + desKey[0] = key[0] & 0xFE; + desKey[1] = ((key[0] << 7) & 0xFF) | (key[1] >> 1); + desKey[2] = ((key[1] << 6) & 0xFF) | (key[2] >> 2); + desKey[3] = ((key[2] << 5) & 0xFF) | (key[3] >> 3); + desKey[4] = ((key[3] << 4) & 0xFF) | (key[4] >> 4); + desKey[5] = ((key[4] << 3) & 0xFF) | (key[5] >> 5); + desKey[6] = ((key[5] << 2) & 0xFF) | (key[6] >> 6); + desKey[7] = (key[6] << 1) & 0xFF; + for (var i = 0; i < 8; i++) { + var parity = 0; + for (var j = 1; j < 8; j++) { + parity += (desKey[i] >> j) % 2; + } + desKey[i] |= (parity % 2) === 0 ? 1 : 0; + } + var des = crypto.createCipheriv('DES-ECB', desKey, ''); + return des.update(message); +} +function createNTLMResponse(challenge, ntlmhash) { + var buf = new Buffer.alloc(24), ntlmBuffer = new Buffer.alloc(21).fill(0); + ntlmhash.copy(ntlmBuffer); + calculateDES(ntlmBuffer.slice(0, 7), challenge).copy(buf); + calculateDES(ntlmBuffer.slice(7, 14), challenge).copy(buf, 8); + calculateDES(ntlmBuffer.slice(14), challenge).copy(buf, 16); + return buf; +} +function createNTLMHash(password) { + var md4sum = crypto.createHash('md4'); + md4sum.update(new Buffer.from(password, 'ucs2')); + return md4sum.digest(); +} +function createNTLMv2Hash(ntlmhash, username, authTargetName) { + var hmac = crypto.createHmac('md5', ntlmhash); + hmac.update(new Buffer.from(username.toUpperCase() + authTargetName, 'ucs2')); + return hmac.digest(); +} +function createLMv2Response(type2message, username, ntlmhash, nonce, targetName) { + var buf = new Buffer.alloc(24), ntlm2hash = createNTLMv2Hash(ntlmhash, username, targetName), hmac = crypto.createHmac('md5', ntlm2hash); + //server challenge + type2message.challenge.copy(buf, 8); + //client nonce + buf.write(nonce || createPseudoRandomValue(16), 16, 'hex'); + //create hash + hmac.update(buf.slice(8)); + var hashedBuffer = hmac.digest(); + hashedBuffer.copy(buf); + return buf; +} +function createNTLMv2Response(type2message, username, ntlmhash, nonce, targetName) { + var buf = new Buffer.alloc(48 + type2message.targetInfo.buffer.length), ntlm2hash = createNTLMv2Hash(ntlmhash, username, targetName), hmac = crypto.createHmac('md5', ntlm2hash); + //the first 8 bytes are spare to store the hashed value before the blob + //server challenge + type2message.challenge.copy(buf, 8); + //blob signature + buf.writeUInt32BE(0x01010000, 16); + //reserved + buf.writeUInt32LE(0, 20); + //timestamp + //TODO: we are loosing precision here since js is not able to handle those large integers + // maybe think about a different solution here + // 11644473600000 = diff between 1970 and 1601 + var timestamp = ((Date.now() + 11644473600000) * 10000).toString(16); + var timestampLow = Number('0x' + timestamp.substring(Math.max(0, timestamp.length - 8))); + var timestampHigh = Number('0x' + timestamp.substring(0, Math.max(0, timestamp.length - 8))); + buf.writeUInt32LE(timestampLow, 24, false); + buf.writeUInt32LE(timestampHigh, 28, false); + //random client nonce + buf.write(nonce || createPseudoRandomValue(16), 32, 'hex'); + //zero + buf.writeUInt32LE(0, 40); + //complete target information block from type 2 message + type2message.targetInfo.buffer.copy(buf, 44); + //zero + buf.writeUInt32LE(0, 44 + type2message.targetInfo.buffer.length); + hmac.update(buf.slice(8)); + var hashedBuffer = hmac.digest(); + hashedBuffer.copy(buf); + return buf; +} +function createPseudoRandomValue(length) { + var str = ''; + while (str.length < length) { + str += Math.floor(Math.random() * 16).toString(16); + } + return str; +} +module.exports = { + createLMHash: createLMHash, + createNTLMHash: createNTLMHash, + createLMResponse: createLMResponse, + createNTLMResponse: createNTLMResponse, + createLMv2Response: createLMv2Response, + createNTLMv2Response: createNTLMv2Response, + createPseudoRandomValue: createPseudoRandomValue +}; +//# sourceMappingURL=hash.js.map
\ No newline at end of file diff --git a/server/modules/axios-ntlm/lib/ntlm.js b/server/modules/axios-ntlm/lib/ntlm.js new file mode 100644 index 0000000..54490c0 --- /dev/null +++ b/server/modules/axios-ntlm/lib/ntlm.js @@ -0,0 +1,220 @@ +'use strict'; +// Original file https://raw.githubusercontent.com/elasticio/node-ntlm-client/master/lib/ntlm.js +var os = require('os'), flags = require('./flags'), hash = require('./hash'); +var NTLMSIGNATURE = "NTLMSSP\0"; +function createType1Message(workstation, target) { + var dataPos = 32, pos = 0, buf = new Buffer.alloc(1024); + workstation = workstation === undefined ? os.hostname() : workstation; + target = target === undefined ? '' : target; + //signature + buf.write(NTLMSIGNATURE, pos, NTLMSIGNATURE.length, 'ascii'); + pos += NTLMSIGNATURE.length; + //message type + buf.writeUInt32LE(1, pos); + pos += 4; + //flags + buf.writeUInt32LE(flags.NTLMFLAG_NEGOTIATE_OEM | + flags.NTLMFLAG_REQUEST_TARGET | + flags.NTLMFLAG_NEGOTIATE_NTLM_KEY | + flags.NTLMFLAG_NEGOTIATE_NTLM2_KEY | + flags.NTLMFLAG_NEGOTIATE_ALWAYS_SIGN, pos); + pos += 4; + //domain security buffer + buf.writeUInt16LE(target.length, pos); + pos += 2; + buf.writeUInt16LE(target.length, pos); + pos += 2; + buf.writeUInt32LE(target.length === 0 ? 0 : dataPos, pos); + pos += 4; + if (target.length > 0) { + dataPos += buf.write(target, dataPos, 'ascii'); + } + //workstation security buffer + buf.writeUInt16LE(workstation.length, pos); + pos += 2; + buf.writeUInt16LE(workstation.length, pos); + pos += 2; + buf.writeUInt32LE(workstation.length === 0 ? 0 : dataPos, pos); + pos += 4; + if (workstation.length > 0) { + dataPos += buf.write(workstation, dataPos, 'ascii'); + } + return 'NTLM ' + buf.toString('base64', 0, dataPos); +} +function decodeType2Message(str) { + if (str === undefined) { + throw new Error('Invalid argument'); + } + //convenience + if (Object.prototype.toString.call(str) !== '[object String]') { + if (str.hasOwnProperty('headers') && str.headers.hasOwnProperty('www-authenticate')) { + str = str.headers['www-authenticate']; + } + else { + throw new Error('Invalid argument'); + } + } + var ntlmMatch = /^NTLM ([^,\s]+)/.exec(str); + if (ntlmMatch) { + str = ntlmMatch[1]; + } + var buf = new Buffer.from(str, 'base64'), obj = {}; + //check signature + if (buf.toString('ascii', 0, NTLMSIGNATURE.length) !== NTLMSIGNATURE) { + throw new Error('Invalid message signature: ' + str); + } + //check message type + if (buf.readUInt32LE(NTLMSIGNATURE.length) !== 2) { + throw new Error('Invalid message type (no type 2)'); + } + //read flags + obj.flags = buf.readUInt32LE(20); + obj.encoding = (obj.flags & flags.NTLMFLAG_NEGOTIATE_OEM) ? 'ascii' : 'ucs2'; + obj.version = (obj.flags & flags.NTLMFLAG_NEGOTIATE_NTLM2_KEY) ? 2 : 1; + obj.challenge = buf.slice(24, 32); + //read target name + obj.targetName = (function () { + var length = buf.readUInt16LE(12); + //skipping allocated space + var offset = buf.readUInt32LE(16); + if (length === 0) { + return ''; + } + if ((offset + length) > buf.length || offset < 32) { + throw new Error('Bad type 2 message'); + } + return buf.toString(obj.encoding, offset, offset + length); + })(); + //read target info + if (obj.flags & flags.NTLMFLAG_NEGOTIATE_TARGET_INFO) { + obj.targetInfo = (function () { + var info = {}; + var length = buf.readUInt16LE(40); + //skipping allocated space + var offset = buf.readUInt32LE(44); + var targetInfoBuffer = new Buffer.alloc(length); + buf.copy(targetInfoBuffer, 0, offset, offset + length); + if (length === 0) { + return info; + } + if ((offset + length) > buf.length || offset < 32) { + throw new Error('Bad type 2 message'); + } + var pos = offset; + while (pos < (offset + length)) { + var blockType = buf.readUInt16LE(pos); + pos += 2; + var blockLength = buf.readUInt16LE(pos); + pos += 2; + if (blockType === 0) { + //reached the terminator subblock + break; + } + var blockTypeStr = void 0; + switch (blockType) { + case 1: + blockTypeStr = 'SERVER'; + break; + case 2: + blockTypeStr = 'DOMAIN'; + break; + case 3: + blockTypeStr = 'FQDN'; + break; + case 4: + blockTypeStr = 'DNS'; + break; + case 5: + blockTypeStr = 'PARENT_DNS'; + break; + default: + blockTypeStr = ''; + break; + } + if (blockTypeStr) { + info[blockTypeStr] = buf.toString('ucs2', pos, pos + blockLength); + } + pos += blockLength; + } + return { + parsed: info, + buffer: targetInfoBuffer + }; + })(); + } + return obj; +} +function createType3Message(type2Message, username, password, workstation, target) { + var dataPos = 52, buf = new Buffer.alloc(1024); + if (workstation === undefined) { + workstation = os.hostname(); + } + if (target === undefined) { + target = type2Message.targetName; + } + //signature + buf.write(NTLMSIGNATURE, 0, NTLMSIGNATURE.length, 'ascii'); + //message type + buf.writeUInt32LE(3, 8); + if (type2Message.version === 2) { + dataPos = 64; + var ntlmHash = hash.createNTLMHash(password), nonce = hash.createPseudoRandomValue(16), lmv2 = hash.createLMv2Response(type2Message, username, ntlmHash, nonce, target), ntlmv2 = hash.createNTLMv2Response(type2Message, username, ntlmHash, nonce, target); + //lmv2 security buffer + buf.writeUInt16LE(lmv2.length, 12); + buf.writeUInt16LE(lmv2.length, 14); + buf.writeUInt32LE(dataPos, 16); + lmv2.copy(buf, dataPos); + dataPos += lmv2.length; + //ntlmv2 security buffer + buf.writeUInt16LE(ntlmv2.length, 20); + buf.writeUInt16LE(ntlmv2.length, 22); + buf.writeUInt32LE(dataPos, 24); + ntlmv2.copy(buf, dataPos); + dataPos += ntlmv2.length; + } + else { + var lmHash = hash.createLMHash(password), ntlmHash = hash.createNTLMHash(password), lm = hash.createLMResponse(type2Message.challenge, lmHash), ntlm = hash.createNTLMResponse(type2Message.challenge, ntlmHash); + //lm security buffer + buf.writeUInt16LE(lm.length, 12); + buf.writeUInt16LE(lm.length, 14); + buf.writeUInt32LE(dataPos, 16); + lm.copy(buf, dataPos); + dataPos += lm.length; + //ntlm security buffer + buf.writeUInt16LE(ntlm.length, 20); + buf.writeUInt16LE(ntlm.length, 22); + buf.writeUInt32LE(dataPos, 24); + ntlm.copy(buf, dataPos); + dataPos += ntlm.length; + } + //target name security buffer + buf.writeUInt16LE(type2Message.encoding === 'ascii' ? target.length : target.length * 2, 28); + buf.writeUInt16LE(type2Message.encoding === 'ascii' ? target.length : target.length * 2, 30); + buf.writeUInt32LE(dataPos, 32); + dataPos += buf.write(target, dataPos, type2Message.encoding); + //user name security buffer + buf.writeUInt16LE(type2Message.encoding === 'ascii' ? username.length : username.length * 2, 36); + buf.writeUInt16LE(type2Message.encoding === 'ascii' ? username.length : username.length * 2, 38); + buf.writeUInt32LE(dataPos, 40); + dataPos += buf.write(username, dataPos, type2Message.encoding); + //workstation name security buffer + buf.writeUInt16LE(type2Message.encoding === 'ascii' ? workstation.length : workstation.length * 2, 44); + buf.writeUInt16LE(type2Message.encoding === 'ascii' ? workstation.length : workstation.length * 2, 46); + buf.writeUInt32LE(dataPos, 48); + dataPos += buf.write(workstation, dataPos, type2Message.encoding); + if (type2Message.version === 2) { + //session key security buffer + buf.writeUInt16LE(0, 52); + buf.writeUInt16LE(0, 54); + buf.writeUInt32LE(0, 56); + //flags + buf.writeUInt32LE(type2Message.flags, 60); + } + return 'NTLM ' + buf.toString('base64', 0, dataPos); +} +module.exports = { + createType1Message: createType1Message, + decodeType2Message: decodeType2Message, + createType3Message: createType3Message +}; +//# sourceMappingURL=ntlm.js.map
\ No newline at end of file diff --git a/server/modules/axios-ntlm/lib/ntlmClient.js b/server/modules/axios-ntlm/lib/ntlmClient.js new file mode 100644 index 0000000..682de5f --- /dev/null +++ b/server/modules/axios-ntlm/lib/ntlmClient.js @@ -0,0 +1,127 @@ +"use strict"; +var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); +}) : (function(o, m, k, k2) { + if (k2 === undefined) k2 = k; + o[k2] = m[k]; +})); +var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { + Object.defineProperty(o, "default", { enumerable: true, value: v }); +}) : function(o, v) { + o["default"] = v; +}); +var __importStar = (this && this.__importStar) || function (mod) { + if (mod && mod.__esModule) return mod; + var result = {}; + if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); + __setModuleDefault(result, mod); + return result; +}; +var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { + function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } + return new (P || (P = Promise))(function (resolve, reject) { + function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } + function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } + function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } + step((generator = generator.apply(thisArg, _arguments || [])).next()); + }); +}; +var __generator = (this && this.__generator) || function (thisArg, body) { + var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g; + return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; + function verb(n) { return function (v) { return step([n, v]); }; } + function step(op) { + if (f) throw new TypeError("Generator is already executing."); + while (_) try { + if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; + if (y = 0, t) op = [op[0] & 2, t.value]; + switch (op[0]) { + case 0: case 1: t = op; break; + case 4: _.label++; return { value: op[1], done: false }; + case 5: _.label++; y = op[1]; op = [0]; continue; + case 7: op = _.ops.pop(); _.trys.pop(); continue; + default: + if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } + if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } + if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } + if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } + if (t[2]) _.ops.pop(); + _.trys.pop(); continue; + } + op = body.call(thisArg, _); + } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } + if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; + } +}; +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.NtlmClient = void 0; +var axios_1 = __importDefault(require("axios")); +var ntlm = __importStar(require("./ntlm")); +var https = __importStar(require("https")); +var http = __importStar(require("http")); +var dev_null_1 = __importDefault(require("dev-null")); +/** +* @param credentials An NtlmCredentials object containing the username and password +* @param AxiosConfig The Axios config for the instance you wish to create +* +* @returns This function returns an axios instance configured to use the provided credentials +*/ +function NtlmClient(credentials, AxiosConfig) { + var _this = this; + var config = AxiosConfig !== null && AxiosConfig !== void 0 ? AxiosConfig : {}; + if (!config.httpAgent) { + config.httpAgent = new http.Agent({ keepAlive: true }); + } + if (!config.httpsAgent) { + config.httpsAgent = new https.Agent({ keepAlive: true }); + } + var client = axios_1.default.create(config); + client.interceptors.response.use(function (response) { + return response; + }, function (err) { return __awaiter(_this, void 0, void 0, function () { + var error, t1Msg, t2Msg, t3Msg, stream_1; + var _a; + return __generator(this, function (_b) { + switch (_b.label) { + case 0: + error = err.response; + if (!(error && error.status === 401 + && error.headers['www-authenticate'] + && error.headers['www-authenticate'].includes('NTLM'))) return [3 /*break*/, 3]; + // This length check is a hack because SharePoint is awkward and will + // include the Negotiate option when responding with the T2 message + // There is nore we could do to ensure we are processing correctly, + // but this is the easiest option for now + if (error.headers['www-authenticate'].length < 50) { + t1Msg = ntlm.createType1Message(credentials.workstation, credentials.domain); + error.config.headers["Authorization"] = t1Msg; + } + else { + t2Msg = ntlm.decodeType2Message((error.headers['www-authenticate'].match(/^NTLM\s+(.+?)(,|\s+|$)/) || [])[1]); + t3Msg = ntlm.createType3Message(t2Msg, credentials.username, credentials.password, credentials.workstation, credentials.domain); + error.config.headers["X-retry"] = "false"; + error.config.headers["Authorization"] = t3Msg; + } + if (!(error.config.responseType === "stream")) return [3 /*break*/, 2]; + stream_1 = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data; + if (!(stream_1 && !stream_1.readableEnded)) return [3 /*break*/, 2]; + return [4 /*yield*/, new Promise(function (resolve) { + stream_1.pipe((0, dev_null_1.default)()); + stream_1.once('close', resolve); + })]; + case 1: + _b.sent(); + _b.label = 2; + case 2: return [2 /*return*/, client(error.config)]; + case 3: throw err; + } + }); + }); }); + return client; +} +exports.NtlmClient = NtlmClient; +//# sourceMappingURL=ntlmClient.js.map
\ No newline at end of file |