ya-express-ntlm
Version:
116 lines • 4.53 kB
JavaScript
;
// noinspection ExceptionCaughtLocallyJS
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.LDAPContext = void 0;
const af_color_1 = require("af-color");
const ASN1 = __importStar(require("./ASN1"));
const utils_1 = require("./utils");
const debug_1 = require("../debug");
const LDAP_RESULT_CODE = {
SUCCESS: 0,
SASL_BIND_IN_PROGRESS: 14,
};
const RES_CODES = {
0: 'success',
1: 'operationsError',
2: 'protocolError',
3: 'timeLimitExceeded',
4: 'sizeLimitExceeded',
5: 'compareFalse',
6: 'compareTrue',
7: 'authMethodNotSupported',
8: 'strongerAuthRequired',
10: 'referral',
11: 'adminLimitExceeded',
12: 'unavailableCriticalExtension',
13: 'confidentialityRequired',
14: 'saslBindInProgress',
16: 'noSuchAttribute',
17: 'undefinedAttributeType',
18: 'inappropriateMatching',
19: 'constraintViolation',
20: 'attributeOrValueExists',
21: 'invalidAttributeSyntax',
32: 'noSuchObject',
33: 'aliasProblem',
34: 'invalidDNSyntax',
36: 'aliasDereferencingProblem',
48: 'inappropriateAuthentication',
49: 'invalidCredentials',
50: 'insufficientAccessRights',
51: 'busy',
52: 'unavailable',
53: 'unwillingToPerform',
54: 'loopDetect',
64: 'namingViolation',
65: 'objectClassViolation',
66: 'notAllowedOnNonLeaf',
67: 'notAllowedOnRDN',
68: 'entryAlreadyExists',
69: 'objectClassModsProhibited',
71: 'affectsMultipleDSAs',
80: 'other',
};
const getResCodeName = (resultCode) => {
const resCodeName = RES_CODES[resultCode];
return resCodeName == null ? String(resultCode) : resCodeName;
};
class LDAPContext {
constructor() {
this.messageID = 0;
}
makeSessionSetupREQ(ntlmToken, messageID) {
const authentication = ASN1.makeTLV(0xA3, (0, utils_1.concatBuffer)(ASN1.makeOctStr('GSS-SPNEGO'), ASN1.makeOctStr(ntlmToken)));
const bindRequest = ASN1.makeTLV(0x60, (0, utils_1.concatBuffer)(ASN1.makeINT(3), ASN1.makeOctStr(''), authentication));
this.messageID++;
return ASN1.makeSEQ((0, utils_1.concatBuffer)(ASN1.makeINT(messageID), bindRequest));
}
parseSessionSetupRESP(response) {
const data = ASN1.parseSEQ(response);
const [messageID, data2] = ASN1.parseINT2(data);
const pfx = `messageID: ${af_color_1.lBlue}${messageID}${af_color_1.g}: `;
if (messageID !== this.messageID) {
throw new Error(`Unexpected MessageID: ${messageID} instead of ${this.messageID}`);
}
const [data3, _controls] = ASN1.parseTLV2(0x61, data2);
const [resultCode, data4] = ASN1.parseENUM2(data3);
if (resultCode === LDAP_RESULT_CODE.SUCCESS) {
(0, debug_1.debugNtlmContext)(`${pfx}resultCode: SUCCESS`);
return { isOk: true };
}
if (resultCode !== LDAP_RESULT_CODE.SASL_BIND_IN_PROGRESS) {
(0, debug_1.debugNtlmContext)(`${pfx}resultCode: ${getResCodeName(resultCode)}`);
return { isOk: false };
}
const [_matchedDN, data5] = ASN1.parseOctStr2(data4);
const [_diagnosticMessage, data6] = ASN1.parseOctStr2(data5);
const serverSaslCreds = ASN1.parseTLV(0x87, data6);
(0, debug_1.debugNtlmContext)(`${pfx}serverSaslCreds: ${serverSaslCreds.toString('utf8')}`);
return { isOk: true, serverSaslCreds };
}
}
exports.LDAPContext = LDAPContext;
//# sourceMappingURL=LDAPContext.js.map