commit
71f9384c09
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,21 @@
|
|||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2021 CatButtes
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
@ -0,0 +1,77 @@
|
|||||||
|
'use strict';
|
||||||
|
// Original file https://raw.githubusercontent.com/elasticio/node-ntlm-client/master/lib/flags.js
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_UNICODE = 1 << 0;
|
||||||
|
/* Indicates that Unicode strings are supported for use in security buffer
|
||||||
|
data. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_OEM = 1 << 1;
|
||||||
|
/* Indicates that OEM strings are supported for use in security buffer data. */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_TARGET = 1 << 2;
|
||||||
|
/* Requests that the server's authentication realm be included in the Type 2
|
||||||
|
message. */
|
||||||
|
/* unknown (1<<3) */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_SIGN = 1 << 4;
|
||||||
|
/* Specifies that authenticated communication between the client and server
|
||||||
|
should carry a digital signature (message integrity). */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_SEAL = 1 << 5;
|
||||||
|
/* Specifies that authenticated communication between the client and server
|
||||||
|
should be encrypted (message confidentiality). */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE = 1 << 6;
|
||||||
|
/* Indicates that datagram authentication is being used. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_LM_KEY = 1 << 7;
|
||||||
|
/* Indicates that the LAN Manager session key should be used for signing and
|
||||||
|
sealing authenticated communications. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_NETWARE = 1 << 8;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_NTLM_KEY = 1 << 9;
|
||||||
|
/* Indicates that NTLM authentication is being used. */
|
||||||
|
/* unknown (1<<10) */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_ANONYMOUS = 1 << 11;
|
||||||
|
/* Sent by the client in the Type 3 message to indicate that an anonymous
|
||||||
|
context has been established. This also affects the response fields. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED = 1 << 12;
|
||||||
|
/* Sent by the client in the Type 1 message to indicate that a desired
|
||||||
|
authentication realm is included in the message. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 1 << 13;
|
||||||
|
/* Sent by the client in the Type 1 message to indicate that the client
|
||||||
|
workstation's name is included in the message. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_LOCAL_CALL = 1 << 14;
|
||||||
|
/* Sent by the server to indicate that the server and client are on the same
|
||||||
|
machine. Implies that the client may use a pre-established local security
|
||||||
|
context rather than responding to the challenge. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_ALWAYS_SIGN = 1 << 15;
|
||||||
|
/* Indicates that authenticated communication between the client and server
|
||||||
|
should be signed with a "dummy" signature. */
|
||||||
|
module.exports.NTLMFLAG_TARGET_TYPE_DOMAIN = 1 << 16;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that the target
|
||||||
|
authentication realm is a domain. */
|
||||||
|
module.exports.NTLMFLAG_TARGET_TYPE_SERVER = 1 << 17;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that the target
|
||||||
|
authentication realm is a server. */
|
||||||
|
module.exports.NTLMFLAG_TARGET_TYPE_SHARE = 1 << 18;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that the target
|
||||||
|
authentication realm is a share. Presumably, this is for share-level
|
||||||
|
authentication. Usage is unclear. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_NTLM2_KEY = 1 << 19;
|
||||||
|
/* Indicates that the NTLM2 signing and sealing scheme should be used for
|
||||||
|
protecting authenticated communications. */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_INIT_RESPONSE = 1 << 20;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_ACCEPT_RESPONSE = 1 << 21;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_REQUEST_NONNT_SESSION_KEY = 1 << 22;
|
||||||
|
/* unknown purpose */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_TARGET_INFO = 1 << 23;
|
||||||
|
/* Sent by the server in the Type 2 message to indicate that it is including a
|
||||||
|
Target Information block in the message. */
|
||||||
|
/* unknown (1<24) */
|
||||||
|
/* unknown (1<25) */
|
||||||
|
/* unknown (1<26) */
|
||||||
|
/* unknown (1<27) */
|
||||||
|
/* unknown (1<28) */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_128 = 1 << 29;
|
||||||
|
/* Indicates that 128-bit encryption is supported. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_KEY_EXCHANGE = 1 << 30;
|
||||||
|
/* Indicates that the client will provide an encrypted master key in
|
||||||
|
the "Session Key" field of the Type 3 message. */
|
||||||
|
module.exports.NTLMFLAG_NEGOTIATE_56 = 1 << 31;
|
||||||
|
//# sourceMappingURL=flags.js.map
|
@ -0,0 +1,122 @@
|
|||||||
|
'use strict';
|
||||||
|
// Original source at https://github.com/elasticio/node-ntlm-client/blob/master/lib/hash.js
|
||||||
|
var crypto = require('crypto');
|
||||||
|
function createLMResponse(challenge, lmhash) {
|
||||||
|
var buf = new Buffer.alloc(24), pwBuffer = new Buffer.alloc(21).fill(0);
|
||||||
|
lmhash.copy(pwBuffer);
|
||||||
|
calculateDES(pwBuffer.slice(0, 7), challenge).copy(buf);
|
||||||
|
calculateDES(pwBuffer.slice(7, 14), challenge).copy(buf, 8);
|
||||||
|
calculateDES(pwBuffer.slice(14), challenge).copy(buf, 16);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createLMHash(password) {
|
||||||
|
var buf = new Buffer.alloc(16), pwBuffer = new Buffer.alloc(14), magicKey = new Buffer.from('KGS!@#$%', 'ascii');
|
||||||
|
if (password.length > 14) {
|
||||||
|
buf.fill(0);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
pwBuffer.fill(0);
|
||||||
|
pwBuffer.write(password.toUpperCase(), 0, 'ascii');
|
||||||
|
return Buffer.concat([
|
||||||
|
calculateDES(pwBuffer.slice(0, 7), magicKey),
|
||||||
|
calculateDES(pwBuffer.slice(7), magicKey)
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
function calculateDES(key, message) {
|
||||||
|
var desKey = new Buffer.alloc(8);
|
||||||
|
desKey[0] = key[0] & 0xFE;
|
||||||
|
desKey[1] = ((key[0] << 7) & 0xFF) | (key[1] >> 1);
|
||||||
|
desKey[2] = ((key[1] << 6) & 0xFF) | (key[2] >> 2);
|
||||||
|
desKey[3] = ((key[2] << 5) & 0xFF) | (key[3] >> 3);
|
||||||
|
desKey[4] = ((key[3] << 4) & 0xFF) | (key[4] >> 4);
|
||||||
|
desKey[5] = ((key[4] << 3) & 0xFF) | (key[5] >> 5);
|
||||||
|
desKey[6] = ((key[5] << 2) & 0xFF) | (key[6] >> 6);
|
||||||
|
desKey[7] = (key[6] << 1) & 0xFF;
|
||||||
|
for (var i = 0; i < 8; i++) {
|
||||||
|
var parity = 0;
|
||||||
|
for (var j = 1; j < 8; j++) {
|
||||||
|
parity += (desKey[i] >> j) % 2;
|
||||||
|
}
|
||||||
|
desKey[i] |= (parity % 2) === 0 ? 1 : 0;
|
||||||
|
}
|
||||||
|
var des = crypto.createCipheriv('DES-ECB', desKey, '');
|
||||||
|
return des.update(message);
|
||||||
|
}
|
||||||
|
function createNTLMResponse(challenge, ntlmhash) {
|
||||||
|
var buf = new Buffer.alloc(24), ntlmBuffer = new Buffer.alloc(21).fill(0);
|
||||||
|
ntlmhash.copy(ntlmBuffer);
|
||||||
|
calculateDES(ntlmBuffer.slice(0, 7), challenge).copy(buf);
|
||||||
|
calculateDES(ntlmBuffer.slice(7, 14), challenge).copy(buf, 8);
|
||||||
|
calculateDES(ntlmBuffer.slice(14), challenge).copy(buf, 16);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createNTLMHash(password) {
|
||||||
|
var md4sum = crypto.createHash('md4');
|
||||||
|
md4sum.update(new Buffer.from(password, 'ucs2'));
|
||||||
|
return md4sum.digest();
|
||||||
|
}
|
||||||
|
function createNTLMv2Hash(ntlmhash, username, authTargetName) {
|
||||||
|
var hmac = crypto.createHmac('md5', ntlmhash);
|
||||||
|
hmac.update(new Buffer.from(username.toUpperCase() + authTargetName, 'ucs2'));
|
||||||
|
return hmac.digest();
|
||||||
|
}
|
||||||
|
function createLMv2Response(type2message, username, ntlmhash, nonce, targetName) {
|
||||||
|
var buf = new Buffer.alloc(24), ntlm2hash = createNTLMv2Hash(ntlmhash, username, targetName), hmac = crypto.createHmac('md5', ntlm2hash);
|
||||||
|
//server challenge
|
||||||
|
type2message.challenge.copy(buf, 8);
|
||||||
|
//client nonce
|
||||||
|
buf.write(nonce || createPseudoRandomValue(16), 16, 'hex');
|
||||||
|
//create hash
|
||||||
|
hmac.update(buf.slice(8));
|
||||||
|
var hashedBuffer = hmac.digest();
|
||||||
|
hashedBuffer.copy(buf);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createNTLMv2Response(type2message, username, ntlmhash, nonce, targetName) {
|
||||||
|
var buf = new Buffer.alloc(48 + type2message.targetInfo.buffer.length), ntlm2hash = createNTLMv2Hash(ntlmhash, username, targetName), hmac = crypto.createHmac('md5', ntlm2hash);
|
||||||
|
//the first 8 bytes are spare to store the hashed value before the blob
|
||||||
|
//server challenge
|
||||||
|
type2message.challenge.copy(buf, 8);
|
||||||
|
//blob signature
|
||||||
|
buf.writeUInt32BE(0x01010000, 16);
|
||||||
|
//reserved
|
||||||
|
buf.writeUInt32LE(0, 20);
|
||||||
|
//timestamp
|
||||||
|
//TODO: we are loosing precision here since js is not able to handle those large integers
|
||||||
|
// maybe think about a different solution here
|
||||||
|
// 11644473600000 = diff between 1970 and 1601
|
||||||
|
var timestamp = ((Date.now() + 11644473600000) * 10000).toString(16);
|
||||||
|
var timestampLow = Number('0x' + timestamp.substring(Math.max(0, timestamp.length - 8)));
|
||||||
|
var timestampHigh = Number('0x' + timestamp.substring(0, Math.max(0, timestamp.length - 8)));
|
||||||
|
buf.writeUInt32LE(timestampLow, 24, false);
|
||||||
|
buf.writeUInt32LE(timestampHigh, 28, false);
|
||||||
|
//random client nonce
|
||||||
|
buf.write(nonce || createPseudoRandomValue(16), 32, 'hex');
|
||||||
|
//zero
|
||||||
|
buf.writeUInt32LE(0, 40);
|
||||||
|
//complete target information block from type 2 message
|
||||||
|
type2message.targetInfo.buffer.copy(buf, 44);
|
||||||
|
//zero
|
||||||
|
buf.writeUInt32LE(0, 44 + type2message.targetInfo.buffer.length);
|
||||||
|
hmac.update(buf.slice(8));
|
||||||
|
var hashedBuffer = hmac.digest();
|
||||||
|
hashedBuffer.copy(buf);
|
||||||
|
return buf;
|
||||||
|
}
|
||||||
|
function createPseudoRandomValue(length) {
|
||||||
|
var str = '';
|
||||||
|
while (str.length < length) {
|
||||||
|
str += Math.floor(Math.random() * 16).toString(16);
|
||||||
|
}
|
||||||
|
return str;
|
||||||
|
}
|
||||||
|
module.exports = {
|
||||||
|
createLMHash: createLMHash,
|
||||||
|
createNTLMHash: createNTLMHash,
|
||||||
|
createLMResponse: createLMResponse,
|
||||||
|
createNTLMResponse: createNTLMResponse,
|
||||||
|
createLMv2Response: createLMv2Response,
|
||||||
|
createNTLMv2Response: createNTLMv2Response,
|
||||||
|
createPseudoRandomValue: createPseudoRandomValue
|
||||||
|
};
|
||||||
|
//# sourceMappingURL=hash.js.map
|
@ -0,0 +1,220 @@
|
|||||||
|
'use strict';
|
||||||
|
// Original file https://raw.githubusercontent.com/elasticio/node-ntlm-client/master/lib/ntlm.js
|
||||||
|
var os = require('os'), flags = require('./flags'), hash = require('./hash');
|
||||||
|
var NTLMSIGNATURE = "NTLMSSP\0";
|
||||||
|
function createType1Message(workstation, target) {
|
||||||
|
var dataPos = 32, pos = 0, buf = new Buffer.alloc(1024);
|
||||||
|
workstation = workstation === undefined ? os.hostname() : workstation;
|
||||||
|
target = target === undefined ? '' : target;
|
||||||
|
//signature
|
||||||
|
buf.write(NTLMSIGNATURE, pos, NTLMSIGNATURE.length, 'ascii');
|
||||||
|
pos += NTLMSIGNATURE.length;
|
||||||
|
//message type
|
||||||
|
buf.writeUInt32LE(1, pos);
|
||||||
|
pos += 4;
|
||||||
|
//flags
|
||||||
|
buf.writeUInt32LE(flags.NTLMFLAG_NEGOTIATE_OEM |
|
||||||
|
flags.NTLMFLAG_REQUEST_TARGET |
|
||||||
|
flags.NTLMFLAG_NEGOTIATE_NTLM_KEY |
|
||||||
|
flags.NTLMFLAG_NEGOTIATE_NTLM2_KEY |
|
||||||
|
flags.NTLMFLAG_NEGOTIATE_ALWAYS_SIGN, pos);
|
||||||
|
pos += 4;
|
||||||
|
//domain security buffer
|
||||||
|
buf.writeUInt16LE(target.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt16LE(target.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt32LE(target.length === 0 ? 0 : dataPos, pos);
|
||||||
|
pos += 4;
|
||||||
|
if (target.length > 0) {
|
||||||
|
dataPos += buf.write(target, dataPos, 'ascii');
|
||||||
|
}
|
||||||
|
//workstation security buffer
|
||||||
|
buf.writeUInt16LE(workstation.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt16LE(workstation.length, pos);
|
||||||
|
pos += 2;
|
||||||
|
buf.writeUInt32LE(workstation.length === 0 ? 0 : dataPos, pos);
|
||||||
|
pos += 4;
|
||||||
|
if (workstation.length > 0) {
|
||||||
|
dataPos += buf.write(workstation, dataPos, 'ascii');
|
||||||
|
}
|
||||||
|
return 'NTLM ' + buf.toString('base64', 0, dataPos);
|
||||||
|
}
|
||||||
|
function decodeType2Message(str) {
|
||||||
|
if (str === undefined) {
|
||||||
|
throw new Error('Invalid argument');
|
||||||
|
}
|
||||||
|
//convenience
|
||||||
|
if (Object.prototype.toString.call(str) !== '[object String]') {
|
||||||
|
if (str.hasOwnProperty('headers') && str.headers.hasOwnProperty('www-authenticate')) {
|
||||||
|
str = str.headers['www-authenticate'];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
throw new Error('Invalid argument');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
var ntlmMatch = /^NTLM ([^,\s]+)/.exec(str);
|
||||||
|
if (ntlmMatch) {
|
||||||
|
str = ntlmMatch[1];
|
||||||
|
}
|
||||||
|
var buf = new Buffer.from(str, 'base64'), obj = {};
|
||||||
|
//check signature
|
||||||
|
if (buf.toString('ascii', 0, NTLMSIGNATURE.length) !== NTLMSIGNATURE) {
|
||||||
|
throw new Error('Invalid message signature: ' + str);
|
||||||
|
}
|
||||||
|
//check message type
|
||||||
|
if (buf.readUInt32LE(NTLMSIGNATURE.length) !== 2) {
|
||||||
|
throw new Error('Invalid message type (no type 2)');
|
||||||
|
}
|
||||||
|
//read flags
|
||||||
|
obj.flags = buf.readUInt32LE(20);
|
||||||
|
obj.encoding = (obj.flags & flags.NTLMFLAG_NEGOTIATE_OEM) ? 'ascii' : 'ucs2';
|
||||||
|
obj.version = (obj.flags & flags.NTLMFLAG_NEGOTIATE_NTLM2_KEY) ? 2 : 1;
|
||||||
|
obj.challenge = buf.slice(24, 32);
|
||||||
|
//read target name
|
||||||
|
obj.targetName = (function () {
|
||||||
|
var length = buf.readUInt16LE(12);
|
||||||
|
//skipping allocated space
|
||||||
|
var offset = buf.readUInt32LE(16);
|
||||||
|
if (length === 0) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
if ((offset + length) > buf.length || offset < 32) {
|
||||||
|
throw new Error('Bad type 2 message');
|
||||||
|
}
|
||||||
|
return buf.toString(obj.encoding, offset, offset + length);
|
||||||
|
})();
|
||||||
|
//read target info
|
||||||
|
if (obj.flags & flags.NTLMFLAG_NEGOTIATE_TARGET_INFO) {
|
||||||
|
obj.targetInfo = (function () {
|
||||||
|
var info = {};
|
||||||
|
var length = buf.readUInt16LE(40);
|
||||||
|
//skipping allocated space
|
||||||
|
var offset = buf.readUInt32LE(44);
|
||||||
|
var targetInfoBuffer = new Buffer.alloc(length);
|
||||||
|
buf.copy(targetInfoBuffer, 0, offset, offset + length);
|
||||||
|
if (length === 0) {
|
||||||
|
return info;
|
||||||
|
}
|
||||||
|
if ((offset + length) > buf.length || offset < 32) {
|
||||||
|
throw new Error('Bad type 2 message');
|
||||||
|
}
|
||||||
|
var pos = offset;
|
||||||
|
while (pos < (offset + length)) {
|
||||||
|
var blockType = buf.readUInt16LE(pos);
|
||||||
|
pos += 2;
|
||||||
|
var blockLength = buf.readUInt16LE(pos);
|
||||||
|
pos += 2;
|
||||||
|
if (blockType === 0) {
|
||||||
|
//reached the terminator subblock
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
var blockTypeStr = void 0;
|
||||||
|
switch (blockType) {
|
||||||
|
case 1:
|
||||||
|
blockTypeStr = 'SERVER';
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
blockTypeStr = 'DOMAIN';
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
blockTypeStr = 'FQDN';
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
blockTypeStr = 'DNS';
|
||||||
|
break;
|
||||||
|
case 5:
|
||||||
|
blockTypeStr = 'PARENT_DNS';
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
blockTypeStr = '';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (blockTypeStr) {
|
||||||
|
info[blockTypeStr] = buf.toString('ucs2', pos, pos + blockLength);
|
||||||
|
}
|
||||||
|
pos += blockLength;
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
parsed: info,
|
||||||
|
buffer: targetInfoBuffer
|
||||||
|
};
|
||||||
|
})();
|
||||||
|
}
|
||||||
|
return obj;
|
||||||
|
}
|
||||||
|
function createType3Message(type2Message, username, password, workstation, target) {
|
||||||
|
var dataPos = 52, buf = new Buffer.alloc(1024);
|
||||||
|
if (workstation === undefined) {
|
||||||
|
workstation = os.hostname();
|
||||||
|
}
|
||||||
|
if (target === undefined) {
|
||||||
|
target = type2Message.targetName;
|
||||||
|
}
|
||||||
|
//signature
|
||||||
|
buf.write(NTLMSIGNATURE, 0, NTLMSIGNATURE.length, 'ascii');
|
||||||
|
//message type
|
||||||
|
buf.writeUInt32LE(3, 8);
|
||||||
|
if (type2Message.version === 2) {
|
||||||
|
dataPos = 64;
|
||||||
|
var ntlmHash = hash.createNTLMHash(password), nonce = hash.createPseudoRandomValue(16), lmv2 = hash.createLMv2Response(type2Message, username, ntlmHash, nonce, target), ntlmv2 = hash.createNTLMv2Response(type2Message, username, ntlmHash, nonce, target);
|
||||||
|
//lmv2 security buffer
|
||||||
|
buf.writeUInt16LE(lmv2.length, 12);
|
||||||
|
buf.writeUInt16LE(lmv2.length, 14);
|
||||||
|
buf.writeUInt32LE(dataPos, 16);
|
||||||
|
lmv2.copy(buf, dataPos);
|
||||||
|
dataPos += lmv2.length;
|
||||||
|
//ntlmv2 security buffer
|
||||||
|
buf.writeUInt16LE(ntlmv2.length, 20);
|
||||||
|
buf.writeUInt16LE(ntlmv2.length, 22);
|
||||||
|
buf.writeUInt32LE(dataPos, 24);
|
||||||
|
ntlmv2.copy(buf, dataPos);
|
||||||
|
dataPos += ntlmv2.length;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
var lmHash = hash.createLMHash(password), ntlmHash = hash.createNTLMHash(password), lm = hash.createLMResponse(type2Message.challenge, lmHash), ntlm = hash.createNTLMResponse(type2Message.challenge, ntlmHash);
|
||||||
|
//lm security buffer
|
||||||
|
buf.writeUInt16LE(lm.length, 12);
|
||||||
|
buf.writeUInt16LE(lm.length, 14);
|
||||||
|
buf.writeUInt32LE(dataPos, 16);
|
||||||
|
lm.copy(buf, dataPos);
|
||||||
|
dataPos += lm.length;
|
||||||
|
//ntlm security buffer
|
||||||
|
buf.writeUInt16LE(ntlm.length, 20);
|
||||||
|
buf.writeUInt16LE(ntlm.length, 22);
|
||||||
|
buf.writeUInt32LE(dataPos, 24);
|
||||||
|
ntlm.copy(buf, dataPos);
|
||||||
|
dataPos += ntlm.length;
|
||||||
|
}
|
||||||
|
//target name security buffer
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? target.length : target.length * 2, 28);
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? target.length : target.length * 2, 30);
|
||||||
|
buf.writeUInt32LE(dataPos, 32);
|
||||||
|
dataPos += buf.write(target, dataPos, type2Message.encoding);
|
||||||
|
//user name security buffer
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? username.length : username.length * 2, 36);
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? username.length : username.length * 2, 38);
|
||||||
|
buf.writeUInt32LE(dataPos, 40);
|
||||||
|
dataPos += buf.write(username, dataPos, type2Message.encoding);
|
||||||
|
//workstation name security buffer
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? workstation.length : workstation.length * 2, 44);
|
||||||
|
buf.writeUInt16LE(type2Message.encoding === 'ascii' ? workstation.length : workstation.length * 2, 46);
|
||||||
|
buf.writeUInt32LE(dataPos, 48);
|
||||||
|
dataPos += buf.write(workstation, dataPos, type2Message.encoding);
|
||||||
|
if (type2Message.version === 2) {
|
||||||
|
//session key security buffer
|
||||||
|
buf.writeUInt16LE(0, 52);
|
||||||
|
buf.writeUInt16LE(0, 54);
|
||||||
|
buf.writeUInt32LE(0, 56);
|
||||||
|
//flags
|
||||||
|
buf.writeUInt32LE(type2Message.flags, 60);
|
||||||
|
}
|
||||||
|
return 'NTLM ' + buf.toString('base64', 0, dataPos);
|
||||||
|
}
|
||||||
|
module.exports = {
|
||||||
|
createType1Message: createType1Message,
|
||||||
|
decodeType2Message: decodeType2Message,
|
||||||
|
createType3Message: createType3Message
|
||||||
|
};
|
||||||
|
//# sourceMappingURL=ntlm.js.map
|
@ -0,0 +1,127 @@
|
|||||||
|
"use strict";
|
||||||
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||||
|
if (k2 === undefined) k2 = k;
|
||||||
|
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
|
||||||
|
}) : (function(o, m, k, k2) {
|
||||||
|
if (k2 === undefined) k2 = k;
|
||||||
|
o[k2] = m[k];
|
||||||
|
}));
|
||||||
|
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||||
|
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||||
|
}) : function(o, v) {
|
||||||
|
o["default"] = v;
|
||||||
|
});
|
||||||
|
var __importStar = (this && this.__importStar) || function (mod) {
|
||||||
|
if (mod && mod.__esModule) return mod;
|
||||||
|
var result = {};
|
||||||
|
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
||||||
|
__setModuleDefault(result, mod);
|
||||||
|
return result;
|
||||||
|
};
|
||||||
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||||
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||||
|
return new (P || (P = Promise))(function (resolve, reject) {
|
||||||
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||||
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||||
|
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||||
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||||
|
});
|
||||||
|
};
|
||||||
|
var __generator = (this && this.__generator) || function (thisArg, body) {
|
||||||
|
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
||||||
|
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
||||||
|
function verb(n) { return function (v) { return step([n, v]); }; }
|
||||||
|
function step(op) {
|
||||||
|
if (f) throw new TypeError("Generator is already executing.");
|
||||||
|
while (_) try {
|
||||||
|
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
||||||
|
if (y = 0, t) op = [op[0] & 2, t.value];
|
||||||
|
switch (op[0]) {
|
||||||
|
case 0: case 1: t = op; break;
|
||||||
|
case 4: _.label++; return { value: op[1], done: false };
|
||||||
|
case 5: _.label++; y = op[1]; op = [0]; continue;
|
||||||
|
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
||||||
|
default:
|
||||||
|
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
||||||
|
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
||||||
|
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
||||||
|
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
||||||
|
if (t[2]) _.ops.pop();
|
||||||
|
_.trys.pop(); continue;
|
||||||
|
}
|
||||||
|
op = body.call(thisArg, _);
|
||||||
|
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
||||||
|
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
||||||
|
}
|
||||||
|
};
|
||||||
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||||
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||||
|
};
|
||||||
|
Object.defineProperty(exports, "__esModule", { value: true });
|
||||||
|
exports.NtlmClient = void 0;
|
||||||
|
var axios_1 = __importDefault(require("axios"));
|
||||||
|
var ntlm = __importStar(require("./ntlm"));
|
||||||
|
var https = __importStar(require("https"));
|
||||||
|
var http = __importStar(require("http"));
|
||||||
|
var dev_null_1 = __importDefault(require("dev-null"));
|
||||||
|
/**
|
||||||
|
* @param credentials An NtlmCredentials object containing the username and password
|
||||||
|
* @param AxiosConfig The Axios config for the instance you wish to create
|
||||||
|
*
|
||||||
|
* @returns This function returns an axios instance configured to use the provided credentials
|
||||||
|
*/
|
||||||
|
function NtlmClient(credentials, AxiosConfig) {
|
||||||
|
var _this = this;
|
||||||
|
var config = AxiosConfig !== null && AxiosConfig !== void 0 ? AxiosConfig : {};
|
||||||
|
if (!config.httpAgent) {
|
||||||
|
config.httpAgent = new http.Agent({ keepAlive: true });
|
||||||
|
}
|
||||||
|
if (!config.httpsAgent) {
|
||||||
|
config.httpsAgent = new https.Agent({ keepAlive: true });
|
||||||
|
}
|
||||||
|
var client = axios_1.default.create(config);
|
||||||
|
client.interceptors.response.use(function (response) {
|
||||||
|
return response;
|
||||||
|
}, function (err) { return __awaiter(_this, void 0, void 0, function () {
|
||||||
|
var error, t1Msg, t2Msg, t3Msg, stream_1;
|
||||||
|
var _a;
|
||||||
|
return __generator(this, function (_b) {
|
||||||
|
switch (_b.label) {
|
||||||
|
case 0:
|
||||||
|
error = err.response;
|
||||||
|
if (!(error && error.status === 401
|
||||||
|
&& error.headers['www-authenticate']
|
||||||
|
&& error.headers['www-authenticate'].includes('NTLM'))) return [3 /*break*/, 3];
|
||||||
|
// This length check is a hack because SharePoint is awkward and will
|
||||||
|
// include the Negotiate option when responding with the T2 message
|
||||||
|
// There is nore we could do to ensure we are processing correctly,
|
||||||
|
// but this is the easiest option for now
|
||||||
|
if (error.headers['www-authenticate'].length < 50) {
|
||||||
|
t1Msg = ntlm.createType1Message(credentials.workstation, credentials.domain);
|
||||||
|
error.config.headers["Authorization"] = t1Msg;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
t2Msg = ntlm.decodeType2Message((error.headers['www-authenticate'].match(/^NTLM\s+(.+?)(,|\s+|$)/) || [])[1]);
|
||||||
|
t3Msg = ntlm.createType3Message(t2Msg, credentials.username, credentials.password, credentials.workstation, credentials.domain);
|
||||||
|
error.config.headers["X-retry"] = "false";
|
||||||
|
error.config.headers["Authorization"] = t3Msg;
|
||||||
|
}
|
||||||
|
if (!(error.config.responseType === "stream")) return [3 /*break*/, 2];
|
||||||
|
stream_1 = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data;
|
||||||
|
if (!(stream_1 && !stream_1.readableEnded)) return [3 /*break*/, 2];
|
||||||
|
return [4 /*yield*/, new Promise(function (resolve) {
|
||||||
|
stream_1.pipe((0, dev_null_1.default)());
|
||||||
|
stream_1.once('close', resolve);
|
||||||
|
})];
|
||||||
|
case 1:
|
||||||
|
_b.sent();
|
||||||
|
_b.label = 2;
|
||||||
|
case 2: return [2 /*return*/, client(error.config)];
|
||||||
|
case 3: throw err;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}); });
|
||||||
|
return client;
|
||||||
|
}
|
||||||
|
exports.NtlmClient = NtlmClient;
|
||||||
|
//# sourceMappingURL=ntlmClient.js.map
|
@ -0,0 +1,77 @@
|
|||||||
|
const NotificationProvider = require("./notification-provider");
|
||||||
|
const axios = require("axios");
|
||||||
|
|
||||||
|
class Threema extends NotificationProvider {
|
||||||
|
name = "threema";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritdoc
|
||||||
|
*/
|
||||||
|
async send(notification, msg, monitorJSON = null, heartbeatJSON = null) {
|
||||||
|
const url = "https://msgapi.threema.ch/send_simple";
|
||||||
|
|
||||||
|
const config = {
|
||||||
|
headers: {
|
||||||
|
"Accept": "*/*",
|
||||||
|
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8"
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
const data = {
|
||||||
|
from: notification.threemaSenderIdentity,
|
||||||
|
secret: notification.threemaSecret,
|
||||||
|
text: msg
|
||||||
|
};
|
||||||
|
|
||||||
|
switch (notification.threemaRecipientType) {
|
||||||
|
case "identity":
|
||||||
|
data.to = notification.threemaRecipient;
|
||||||
|
break;
|
||||||
|
case "phone":
|
||||||
|
data.phone = notification.threemaRecipient;
|
||||||
|
break;
|
||||||
|
case "email":
|
||||||
|
data.email = notification.threemaRecipient;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw new Error(`Unsupported recipient type: ${notification.threemaRecipientType}`);
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
await axios.post(url, new URLSearchParams(data), config);
|
||||||
|
return "Threema notification sent successfully.";
|
||||||
|
} catch (error) {
|
||||||
|
const errorMessage = this.handleApiError(error);
|
||||||
|
this.throwGeneralAxiosError(errorMessage);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle Threema API errors
|
||||||
|
* @param {any} error The error to handle
|
||||||
|
* @returns {string} Additional error context
|
||||||
|
*/
|
||||||
|
handleApiError(error) {
|
||||||
|
if (!error.response) {
|
||||||
|
return error.message;
|
||||||
|
}
|
||||||
|
switch (error.response.status) {
|
||||||
|
case 400:
|
||||||
|
return "Invalid recipient identity or account not set up for basic mode (400).";
|
||||||
|
case 401:
|
||||||
|
return "Incorrect API identity or secret (401).";
|
||||||
|
case 402:
|
||||||
|
return "No credits remaining (402).";
|
||||||
|
case 404:
|
||||||
|
return "Recipient not found (404).";
|
||||||
|
case 413:
|
||||||
|
return "Message is too long (413).";
|
||||||
|
case 500:
|
||||||
|
return "Temporary internal server error (500).";
|
||||||
|
default:
|
||||||
|
return error.message;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = Threema;
|
@ -0,0 +1,87 @@
|
|||||||
|
<template>
|
||||||
|
<div class="mb-3">
|
||||||
|
<label class="form-label" for="threema-recipient">{{ $t("threemaRecipientType") }}</label>
|
||||||
|
<select
|
||||||
|
id="threema-recipient" v-model="$parent.notification.threemaRecipientType" required
|
||||||
|
class="form-select"
|
||||||
|
>
|
||||||
|
<option value="identity">{{ $t("threemaRecipientTypeIdentity") }}</option>
|
||||||
|
<option value="phone">{{ $t("threemaRecipientTypePhone") }}</option>
|
||||||
|
<option value="email">{{ $t("threemaRecipientTypeEmail") }}</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
<div v-if="$parent.notification.threemaRecipientType === 'identity'" class="mb-3">
|
||||||
|
<label class="form-label" for="threema-recipient">{{ $t("threemaRecipient") }} {{ $t("threemaRecipientTypeIdentity") }}</label>
|
||||||
|
<input
|
||||||
|
id="threema-recipient"
|
||||||
|
v-model="$parent.notification.threemaRecipient"
|
||||||
|
class="form-control"
|
||||||
|
minlength="8"
|
||||||
|
maxlength="8"
|
||||||
|
pattern="[A-Z0-9]{8}"
|
||||||
|
required
|
||||||
|
type="text"
|
||||||
|
>
|
||||||
|
<div class="form-text">
|
||||||
|
<p>{{ $t("threemaRecipientTypeIdentityFormat") }}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div v-else-if="$parent.notification.threemaRecipientType === 'phone'" class="mb-3">
|
||||||
|
<label class="form-label" for="threema-recipient">{{ $t("threemaRecipient") }} {{ $t("threemaRecipientTypePhone") }}</label>
|
||||||
|
<input
|
||||||
|
id="threema-recipient"
|
||||||
|
v-model="$parent.notification.threemaRecipient"
|
||||||
|
class="form-control"
|
||||||
|
maxlength="15"
|
||||||
|
pattern="\d{1,15}"
|
||||||
|
required
|
||||||
|
type="text"
|
||||||
|
>
|
||||||
|
<div class="form-text">
|
||||||
|
<p>{{ $t("threemaRecipientTypePhoneFormat") }}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div v-else-if="$parent.notification.threemaRecipientType === 'email'" class="mb-3">
|
||||||
|
<label class="form-label" for="threema-recipient">{{ $t("threemaRecipient") }} {{ $t("threemaRecipientTypeEmail") }}</label>
|
||||||
|
<input
|
||||||
|
id="threema-recipient"
|
||||||
|
v-model="$parent.notification.threemaRecipient"
|
||||||
|
class="form-control"
|
||||||
|
maxlength="254"
|
||||||
|
required
|
||||||
|
type="email"
|
||||||
|
>
|
||||||
|
</div>
|
||||||
|
<div class="mb-3">
|
||||||
|
<label class="form-label" for="threema-sender">{{ $t("threemaSenderIdentity") }}</label>
|
||||||
|
<input
|
||||||
|
id="threema-sender"
|
||||||
|
v-model="$parent.notification.threemaSenderIdentity"
|
||||||
|
class="form-control"
|
||||||
|
minlength="8"
|
||||||
|
maxlength="8"
|
||||||
|
pattern="^\*[A-Z0-9]{7}$"
|
||||||
|
required
|
||||||
|
type="text"
|
||||||
|
>
|
||||||
|
<div class="form-text">
|
||||||
|
<p>{{ $t("threemaSenderIdentityFormat") }}</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="mb-3">
|
||||||
|
<label class="form-label" for="threema-secret">{{ $t("threemaApiAuthenticationSecret") }}</label>
|
||||||
|
<HiddenInput
|
||||||
|
id="threema-secret" v-model="$parent.notification.threemaSecret" required
|
||||||
|
autocomplete="false"
|
||||||
|
></HiddenInput>
|
||||||
|
</div>
|
||||||
|
<i18n-t class="form-text" keypath="wayToGetThreemaGateway" tag="div">
|
||||||
|
<a href="https://threema.ch/en/gateway" target="_blank">{{ $t("here") }}</a>
|
||||||
|
</i18n-t>
|
||||||
|
<i18n-t class="form-text" keypath="threemaBasicModeInfo" tag="div">
|
||||||
|
<a href="https://gateway.threema.ch/en/developer/api" target="_blank">{{ $t("here") }}</a>
|
||||||
|
</i18n-t>
|
||||||
|
</template>
|
||||||
|
<script lang="ts" setup>
|
||||||
|
import HiddenInput from "../HiddenInput.vue";
|
||||||
|
</script>
|
Loading…
Reference in new issue