Comparing version 1.7.7 to 1.8.0
59
ntlm.js
@@ -185,4 +185,13 @@ /** | ||
if(isNegotiateExtendedSecurity){ | ||
/* | ||
* NTLMv2 extended security is enabled. While this technically can mean NTLMv2 extended security with NTLMv1 protocol, | ||
* servers that support extended security likely also support NTLMv2, so use NTLMv2. | ||
* This is also how curl implements NTLMv2 "detection". | ||
* By using NTLMv2, this supports communication with servers that forbid the use of NTLMv1 (e.g. via windows policies) | ||
* | ||
* However, the target info is needed to construct the NTLMv2 response so if it can't be negotiated, | ||
* fall back to NTLMv1 with NTLMv2 extended security. | ||
*/ | ||
var pwhash = (nt_password!=null)?nt_password:create_NT_hashed_password_v1(password); | ||
var clientChallenge = ""; | ||
var clientChallenge = ""; | ||
for(var i=0; i < 8; i++){ | ||
@@ -192,3 +201,5 @@ clientChallenge += String.fromCharCode( Math.floor(Math.random()*256) ); | ||
var clientChallengeBytes = new Buffer(clientChallenge, 'ascii'); | ||
var challenges = ntlm2sr_calc_resp(pwhash, nonce, clientChallengeBytes); | ||
var challenges = msg2.targetInfo | ||
? calc_ntlmv2_resp(pwhash, username, domainName, msg2.targetInfo, nonce, clientChallengeBytes) | ||
: ntlm2sr_calc_resp(pwhash, nonce, clientChallengeBytes); | ||
lmChallengeResponse = challenges.lmChallengeResponse; | ||
@@ -384,2 +395,8 @@ ntChallengeResponse = challenges.ntChallengeResponse; | ||
function hmac_md5(key, data){ | ||
var hmac = crypto.createHmac('md5', key); | ||
hmac.update(data); | ||
return hmac.digest(); | ||
} | ||
function ntlm2sr_calc_resp(responseKeyNT, serverChallenge, clientChallenge){ | ||
@@ -403,2 +420,40 @@ // padding with zeros to make the hash 16 bytes longer | ||
function calc_ntlmv2_resp(pwhash, username, domain, targetInfo, serverChallenge, clientChallenge){ | ||
var responseKeyNTLM = NTOWFv2(pwhash, username, domain); | ||
var lmV2ChallengeResponse = Buffer.concat([ | ||
hmac_md5(responseKeyNTLM, Buffer.concat([serverChallenge, clientChallenge])), | ||
clientChallenge | ||
]); | ||
// 11644473600000 = diff between 1970 and 1601 | ||
var now = Date.now(); | ||
var timestamp = ((BigInt(now) + 11644473600000n) * 10000n); | ||
var timestampBuffer = Buffer.alloc(8); | ||
timestampBuffer.writeBigUInt64LE(timestamp); | ||
var zero32Bit = Buffer.alloc(4, 0) | ||
var temp = Buffer.concat([ | ||
// Version | ||
Buffer.from([0x01, 0x01, 0x00, 0x00]), | ||
zero32Bit, | ||
timestampBuffer, | ||
clientChallenge, | ||
zero32Bit, | ||
targetInfo, | ||
zero32Bit | ||
]); | ||
var proofString = hmac_md5(responseKeyNTLM, Buffer.concat([serverChallenge, temp])); | ||
var ntV2ChallengeResponse = Buffer.concat([proofString, temp]); | ||
return { | ||
lmChallengeResponse: lmV2ChallengeResponse, | ||
ntChallengeResponse: ntV2ChallengeResponse | ||
}; | ||
} | ||
function NTOWFv2(pwhash, user, domain){ | ||
return hmac_md5(pwhash, new Buffer(user.toUpperCase() + domain, 'utf16le')); | ||
} | ||
exports.createType1Message = createType1Message; | ||
@@ -405,0 +460,0 @@ exports.parseType2Message = parseType2Message; |
{ | ||
"name": "httpntlm", | ||
"description": "httpntlm is a Node.js library to do HTTP NTLM authentication", | ||
"version": "1.7.7", | ||
"version": "1.8.0", | ||
"dependencies": { | ||
@@ -13,2 +13,8 @@ "httpreq": ">=0.4.22", | ||
}, | ||
"contributors": [ | ||
{ | ||
"name": "Martin Andreas Ullrich", | ||
"url": "https://github.com/dasMulli" | ||
} | ||
], | ||
"bugs": { | ||
@@ -33,3 +39,13 @@ "url": "https://github.com/SamDecrock/node-http-ntlm/issues" | ||
"jshint": "jshint *.js" | ||
} | ||
} | ||
}, | ||
"funding": [ | ||
{ | ||
"type": "paypal", | ||
"url": "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LPYD83FGC7XPW" | ||
}, | ||
{ | ||
"type": "buymeacoffee", | ||
"url": "https://www.buymeacoffee.com/samdecrock" | ||
} | ||
] | ||
} |
@@ -5,4 +5,12 @@ # httpntlm | ||
It's a port from the Python libary [python-ntml](https://code.google.com/p/python-ntlm/) | ||
It's a port from the Python libary [python-ntml](https://code.google.com/p/python-ntlm/) with added NTLMv2 support. | ||
## Donate | ||
[!["Buy Me A Coffee"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/samdecrock) | ||
[![](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LPYD83FGC7XPW) | ||
## Install | ||
@@ -96,5 +104,9 @@ | ||
## NTLMv2 | ||
When NTLMv2 extended security and target information can be negotiated with the server, this library assumes | ||
the server supports NTLMv2 and creates responses according to the NTLMv2 specification (the actually supported | ||
NTLM version cannot be negotiated). | ||
Otherwise, NTLMv1 or NTLMv1 with NTLMv2 extended security will be used. | ||
## Advanced | ||
@@ -183,9 +195,3 @@ | ||
## Donate | ||
If you like this module or you want me to update it faster, feel free to donate. It helps increasing my dedication to fixing bugs :-) | ||
[![](https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LPYD83FGC7XPW) | ||
## License (MIT) | ||
@@ -192,0 +198,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
29399
466
215