httpntlm - npm Package Compare versions
Comparing version 1.7.7 to 1.8.0
59
ntlm.js
@@ -185,4 +185,13 @@ /** | ||
| if(isNegotiateExtendedSecurity){ | ||
| /* | ||
| * NTLMv2 extended security is enabled. While this technically can mean NTLMv2 extended security with NTLMv1 protocol, | ||
| * servers that support extended security likely also support NTLMv2, so use NTLMv2. | ||
| * This is also how curl implements NTLMv2 "detection". | ||
| * By using NTLMv2, this supports communication with servers that forbid the use of NTLMv1 (e.g. via windows policies) | ||
| * | ||
| * However, the target info is needed to construct the NTLMv2 response so if it can't be negotiated, | ||
| * fall back to NTLMv1 with NTLMv2 extended security. | ||
| */ | ||
| var pwhash = (nt_password!=null)?nt_password:create_NT_hashed_password_v1(password); | ||
| var clientChallenge = ""; | ||
| var clientChallenge = ""; | ||
| for(var i=0; i < 8; i++){ | ||
@@ -192,3 +201,5 @@ clientChallenge += String.fromCharCode( Math.floor(Math.random()*256) ); | ||
| var clientChallengeBytes = new Buffer(clientChallenge, 'ascii'); | ||
| var challenges = ntlm2sr_calc_resp(pwhash, nonce, clientChallengeBytes); | ||
| var challenges = msg2.targetInfo | ||
| ? calc_ntlmv2_resp(pwhash, username, domainName, msg2.targetInfo, nonce, clientChallengeBytes) | ||
| : ntlm2sr_calc_resp(pwhash, nonce, clientChallengeBytes); | ||
| lmChallengeResponse = challenges.lmChallengeResponse; | ||
@@ -384,2 +395,8 @@ ntChallengeResponse = challenges.ntChallengeResponse; | ||
| function hmac_md5(key, data){ | ||
| var hmac = crypto.createHmac('md5', key); | ||
| hmac.update(data); | ||
| return hmac.digest(); | ||
| } | ||
| function ntlm2sr_calc_resp(responseKeyNT, serverChallenge, clientChallenge){ | ||
@@ -403,2 +420,40 @@ // padding with zeros to make the hash 16 bytes longer | ||
| function calc_ntlmv2_resp(pwhash, username, domain, targetInfo, serverChallenge, clientChallenge){ | ||
| var responseKeyNTLM = NTOWFv2(pwhash, username, domain); | ||
| var lmV2ChallengeResponse = Buffer.concat([ | ||
| hmac_md5(responseKeyNTLM, Buffer.concat([serverChallenge, clientChallenge])), | ||
| clientChallenge | ||
| ]); | ||
| // 11644473600000 = diff between 1970 and 1601 | ||
| var now = Date.now(); | ||
| var timestamp = ((BigInt(now) + 11644473600000n) * 10000n); | ||
| var timestampBuffer = Buffer.alloc(8); | ||
| timestampBuffer.writeBigUInt64LE(timestamp); | ||
| var zero32Bit = Buffer.alloc(4, 0) | ||
| var temp = Buffer.concat([ | ||
| // Version | ||
| Buffer.from([0x01, 0x01, 0x00, 0x00]), | ||
| zero32Bit, | ||
| timestampBuffer, | ||
| clientChallenge, | ||
| zero32Bit, | ||
| targetInfo, | ||
| zero32Bit | ||
| ]); | ||
| var proofString = hmac_md5(responseKeyNTLM, Buffer.concat([serverChallenge, temp])); | ||
| var ntV2ChallengeResponse = Buffer.concat([proofString, temp]); | ||
| return { | ||
| lmChallengeResponse: lmV2ChallengeResponse, | ||
| ntChallengeResponse: ntV2ChallengeResponse | ||
| }; | ||
| } | ||
| function NTOWFv2(pwhash, user, domain){ | ||
| return hmac_md5(pwhash, new Buffer(user.toUpperCase() + domain, 'utf16le')); | ||
| } | ||
| exports.createType1Message = createType1Message; | ||
@@ -405,0 +460,0 @@ exports.parseType2Message = parseType2Message; |
| { | ||
| "name": "httpntlm", | ||
| "description": "httpntlm is a Node.js library to do HTTP NTLM authentication", | ||
| "version": "1.7.7", | ||
| "version": "1.8.0", | ||
| "dependencies": { | ||
@@ -13,2 +13,8 @@ "httpreq": ">=0.4.22", | ||
| }, | ||
| "contributors": [ | ||
| { | ||
| "name": "Martin Andreas Ullrich", | ||
| "url": "https://github.com/dasMulli" | ||
| } | ||
| ], | ||
| "bugs": { | ||
@@ -33,3 +39,13 @@ "url": "https://github.com/SamDecrock/node-http-ntlm/issues" | ||
| "jshint": "jshint *.js" | ||
| } | ||
| } | ||
| }, | ||
| "funding": [ | ||
| { | ||
| "type": "paypal", | ||
| "url": "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LPYD83FGC7XPW" | ||
| }, | ||
| { | ||
| "type": "buymeacoffee", | ||
| "url": "https://www.buymeacoffee.com/samdecrock" | ||
| } | ||
| ] | ||
| } |
@@ -5,4 +5,12 @@ # httpntlm | ||
| It's a port from the Python libary [python-ntml](https://code.google.com/p/python-ntlm/) | ||
| It's a port from the Python libary [python-ntml](https://code.google.com/p/python-ntlm/) with added NTLMv2 support. | ||
| ## Donate | ||
| [](https://www.buymeacoffee.com/samdecrock) | ||
| [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LPYD83FGC7XPW) | ||
| ## Install | ||
@@ -96,5 +104,9 @@ | ||
| ## NTLMv2 | ||
| When NTLMv2 extended security and target information can be negotiated with the server, this library assumes | ||
| the server supports NTLMv2 and creates responses according to the NTLMv2 specification (the actually supported | ||
| NTLM version cannot be negotiated). | ||
| Otherwise, NTLMv1 or NTLMv1 with NTLMv2 extended security will be used. | ||
| ## Advanced | ||
@@ -183,9 +195,3 @@ | ||
| ## Donate | ||
| If you like this module or you want me to update it faster, feel free to donate. It helps increasing my dedication to fixing bugs :-) | ||
| [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LPYD83FGC7XPW) | ||
| ## License (MIT) | ||
@@ -192,0 +198,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by9.97%
29399
- Lines of code
- increased by11.48%
466
- Number of lines in readme file
- increased by2.87%
215
No dependency changes