Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

tedious

Package Overview
Dependencies
Maintainers
4
Versions
227
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

tedious - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

lib/ntlm-payload.js

112

lib/connection.js
// Generated by CoffeeScript 1.7.1
var Connection, ConnectionError, DEFAULT_CANCEL_TIMEOUT, DEFAULT_CLIENT_REQUEST_TIMEOUT, DEFAULT_CONNECT_TIMEOUT, DEFAULT_PACKET_SIZE, DEFAULT_PORT, DEFAULT_TDS_VERSION, DEFAULT_TEXTSIZE, Debug, EventEmitter, ISOLATION_LEVEL, KEEP_ALIVE_INITIAL_DELAY, Login7Payload, MessageIO, PreloginPayload, Request, RequestError, RpcRequestPayload, Socket, SqlBatchPayload, TYPE, TokenStreamParser, Transaction, crypto, instanceLookup, tls, _ref,
var Connection, ConnectionError, DEFAULT_CANCEL_TIMEOUT, DEFAULT_CLIENT_REQUEST_TIMEOUT, DEFAULT_CONNECT_TIMEOUT, DEFAULT_PACKET_SIZE, DEFAULT_PORT, DEFAULT_TDS_VERSION, DEFAULT_TEXTSIZE, Debug, EventEmitter, ISOLATION_LEVEL, KEEP_ALIVE_INITIAL_DELAY, Login7Payload, MessageIO, NTLMResponsePayload, PreloginPayload, Request, RequestError, RpcRequestPayload, Socket, SqlBatchPayload, TYPE, TokenStreamParser, Transaction, crypto, instanceLookup, tls, _ref,
__bind = function(fn, me){ return function(){ return fn.apply(me, arguments); }; },

@@ -22,2 +22,4 @@ __hasProp = {}.hasOwnProperty,

NTLMResponsePayload = require('./ntlm-payload');
Request = require('./request');

@@ -103,3 +105,7 @@

this.sendLogin7Packet();
return this.transitionTo(this.STATE.SENT_LOGIN7_WITH_STANDARD_LOGIN);
if (this.config.domain) {
return this.transitionTo(this.STATE.SENT_LOGIN7_WITH_NTLM);
} else {
return this.transitionTo(this.STATE.SENT_LOGIN7_WITH_STANDARD_LOGIN);
}
},

@@ -161,2 +167,49 @@ tls: function() {

},
SENT_LOGIN7_WITH_NTLM: {
name: 'SentLogin7WithNTLMLogin',
events: {
socketError: function(error) {
return this.transitionTo(this.STATE.FINAL);
},
connectTimeout: function() {
return this.transitionTo(this.STATE.FINAL);
},
data: function(data) {
return this.sendDataToTokenStreamParser(data);
},
receivedChallenge: function() {
this.sendNTLMResponsePacket();
return this.transitionTo(this.STATE.SENT_NTLM_RESPONSE);
},
loginFailed: function() {
return this.transitionTo(this.STATE.FINAL);
},
message: function() {
return this.processLogin7NTLMResponse();
}
}
},
SENT_NTLM_RESPONSE: {
name: 'SentNTLMResponse',
events: {
socketError: function(error) {
return this.transitionTo(this.STATE.FINAL);
},
connectTimeout: function() {
return this.transitionTo(this.STATE.FINAL);
},
data: function(data) {
return this.sendDataToTokenStreamParser(data);
},
loggedIn: function() {
return this.transitionTo(this.STATE.LOGGED_IN_SENDING_INITIAL_SQL);
},
loginFailed: function() {
return this.transitionTo(this.STATE.FINAL);
},
message: function() {
return this.processLogin7NTLMAck();
}
}
},
LOGGED_IN_SENDING_INITIAL_SQL: {

@@ -335,2 +388,10 @@ name: 'LoggedInSendingInitialSql',

})(this));
this.tokenStreamParser.on('sspichallenge', (function(_this) {
return function(token) {
if (token.ntlmpacket) {
_this.ntlmpacket = token.ntlmpacket;
}
return _this.emit('sspichallenge', token);
};
})(this));
this.tokenStreamParser.on('errorMessage', (function(_this) {

@@ -674,2 +735,3 @@ return function(token) {

loginData = {
domain: this.config.domain,
userName: this.config.userName,

@@ -689,2 +751,22 @@ password: this.config.password,

Connection.prototype.sendNTLMResponsePacket = function() {
var payload, responseData;
responseData = {
domain: this.config.domain,
userName: this.config.userName,
password: this.config.password,
database: this.config.options.database,
appName: this.config.options.appName,
packetSize: this.config.options.packetSize,
tdsVersion: this.config.options.tdsVersion,
ntlmpacket: this.ntlmpacket,
additional: this.additional
};
payload = new NTLMResponsePayload(responseData);
this.messageIo.sendMessage(TYPE.NTLMAUTH_PKT, payload.data);
return this.debug.payload(function() {
return payload.toString(' ');
});
};
Connection.prototype.initiateTlsSslHandshake = function() {

@@ -745,2 +827,28 @@ var credentials, _base;

Connection.prototype.processLogin7NTLMResponse = function() {
if (this.ntlmpacket) {
return this.dispatchEvent('receivedChallenge');
} else {
if (this.loginError) {
this.emit('connect', this.loginError);
} else {
this.emit('connect', ConnectionError('Login failed.', 'ELOGIN'));
}
return this.dispatchEvent('loginFailed');
}
};
Connection.prototype.processLogin7NTLMAck = function() {
if (this.loggedIn) {
return this.dispatchEvent('loggedIn');
} else {
if (this.loginError) {
this.emit('connect', this.loginError);
} else {
this.emit('connect', ConnectionError('Login failed.', 'ELOGIN'));
}
return this.dispatchEvent('loginFailed');
}
};
Connection.prototype.execSqlBatch = function(request) {

@@ -747,0 +855,0 @@ return this.makeRequest(request, TYPE.SQL_BATCH, new SqlBatchPayload(request.sqlTextOrProcedure, this.currentTransactionDescriptor(), this.config.options));

// Generated by CoffeeScript 1.7.1
var FLAGS_1, FLAGS_2, FLAGS_3, Login7Payload, TYPE_FLAGS, WritableTrackingBuffer, libraryName, os, sprintf, versions;
var FLAGS_1, FLAGS_2, FLAGS_3, Login7Payload, NTLMFlags, TYPE_FLAGS, WritableTrackingBuffer, libraryName, os, sprintf, versions;

@@ -65,3 +65,38 @@ WritableTrackingBuffer = require('./tracking-buffer/writable-tracking-buffer');

NTLMFlags = {
NTLM_NegotiateUnicode: 0x00000001,
NTLM_NegotiateOEM: 0x00000002,
NTLM_RequestTarget: 0x00000004,
NTLM_Unknown9: 0x00000008,
NTLM_NegotiateSign: 0x00000010,
NTLM_NegotiateSeal: 0x00000020,
NTLM_NegotiateDatagram: 0x00000040,
NTLM_NegotiateLanManagerKey: 0x00000080,
NTLM_Unknown8: 0x00000100,
NTLM_NegotiateNTLM: 0x00000200,
NTLM_NegotiateNTOnly: 0x00000400,
NTLM_Anonymous: 0x00000800,
NTLM_NegotiateOemDomainSupplied: 0x00001000,
NTLM_NegotiateOemWorkstationSupplied: 0x00002000,
NTLM_Unknown6: 0x00004000,
NTLM_NegotiateAlwaysSign: 0x00008000,
NTLM_TargetTypeDomain: 0x00010000,
NTLM_TargetTypeServer: 0x00020000,
NTLM_TargetTypeShare: 0x00040000,
NTLM_NegotiateExtendedSecurity: 0x00080000,
NTLM_NegotiateIdentify: 0x00100000,
NTLM_Unknown5: 0x00200000,
NTLM_RequestNonNTSessionKey: 0x00400000,
NTLM_NegotiateTargetInfo: 0x00800000,
NTLM_Unknown4: 0x01000000,
NTLM_NegotiateVersion: 0x02000000,
NTLM_Unknown3: 0x04000000,
NTLM_Unknown2: 0x08000000,
NTLM_Unknown1: 0x10000000,
NTLM_Negotiate128: 0x20000000,
NTLM_NegotiateKeyExchange: 0x40000000,
NTLM_Negotiate56: 0x80000000
};
/*

@@ -96,3 +131,8 @@ s2.2.6.3

this.flags1 = FLAGS_1.ENDIAN_LITTLE | FLAGS_1.CHARSET_ASCII | FLAGS_1.FLOAT_IEEE_754 | FLAGS_1.BCD_DUMPLOAD_OFF | FLAGS_1.USE_DB_OFF | FLAGS_1.INIT_DB_WARN | FLAGS_1.SET_LANG_WARN_ON;
this.flags2 = FLAGS_2.INIT_LANG_WARN | FLAGS_2.ODBC_OFF | FLAGS_2.USER_NORMAL | FLAGS_2.INTEGRATED_SECURITY_OFF;
this.flags2 = FLAGS_2.INIT_LANG_WARN | FLAGS_2.ODBC_OFF | FLAGS_2.USER_NORMAL;
if (this.loginData.domain) {
this.flags2 |= FLAGS_2.INTEGRATED_SECURITY_ON;
} else {
this.flags2 |= FLAGS_2.INTEGRATED_SECURITY_OFF;
}
this.flags3 = FLAGS_3.CHANGE_PASSWORD_NO | FLAGS_3.UNKNOWN_COLLATION_HANDLING;

@@ -131,4 +171,6 @@ this.typeFlags = TYPE_FLAGS.SQL_DFLT | TYPE_FLAGS.OLEDB_OFF;

this.clientId = new Buffer([1, 2, 3, 4, 5, 6]);
this.sspi = '';
this.sspiLong = 0;
if (!this.loginData.domain) {
this.sspi = '';
this.sspiLong = 0;
}
this.attachDbFile = '';

@@ -146,3 +188,12 @@ this.changePassword = '';

variableData.offsetsAndLengths.writeBuffer(this.clientId);
this.addVariableDataString(variableData, this.sspi);
if (this.loginData.domain) {
this.ntlmPacket = this.createNTLMRequest(this.loginData);
this.sspiLong = this.ntlmPacket.length;
variableData.offsetsAndLengths.writeUInt16LE(variableData.offset);
variableData.offsetsAndLengths.writeUInt16LE(this.ntlmPacket.length);
variableData.data.writeBuffer(this.ntlmPacket);
variableData.offset += this.ntlmPacket.length;
} else {
this.addVariableDataString(variableData, this.sspi);
}
this.addVariableDataString(variableData, this.attachDbFile);

@@ -171,2 +222,27 @@ if (this.loginData.tdsVersion > '7_1') {

Login7Payload.prototype.createNTLMRequest = function(options) {
var BODY_LENGTH, buffer, bufferLength, domain, protocol, type1flags;
domain = escape(options.domain.toUpperCase());
protocol = 'NTLMSSP\u0000';
BODY_LENGTH = 40;
type1flags = this.getNTLMFlags();
bufferLength = BODY_LENGTH + domain.length;
buffer = new WritableTrackingBuffer(bufferLength);
buffer.writeString(protocol, 'utf8');
buffer.writeUInt32LE(1);
buffer.writeUInt32LE(type1flags);
buffer.writeUInt16LE(domain.length);
buffer.writeUInt16LE(domain.length);
buffer.writeUInt32LE(BODY_LENGTH);
buffer.writeUInt8(5);
buffer.writeUInt8(0);
buffer.writeUInt16LE(2195);
buffer.writeUInt8(0);
buffer.writeUInt8(0);
buffer.writeUInt8(0);
buffer.writeUInt8(15);
buffer.writeString(domain, 'ascii');
return buffer.data;
};
Login7Payload.prototype.createPasswordBuffer = function() {

@@ -187,2 +263,6 @@ var b, byte, highNibble, lowNibble, password, _i, _ref;

Login7Payload.prototype.getNTLMFlags = function() {
return NTLMFlags.NTLM_NegotiateUnicode + NTLMFlags.NTLM_NegotiateOEM + NTLMFlags.NTLM_RequestTarget + NTLMFlags.NTLM_NegotiateNTLM + NTLMFlags.NTLM_NegotiateOemDomainSupplied + NTLMFlags.NTLM_NegotiateAlwaysSign + NTLMFlags.NTLM_NegotiateVersion + NTLMFlags.NTLM_Negotiate128 + NTLMFlags.NTLM_Negotiate56;
};
Login7Payload.prototype.toString = function(indent) {

@@ -189,0 +269,0 @@ indent || (indent = '');

@@ -17,2 +17,3 @@ // Generated by CoffeeScript 1.7.1

LOGIN7: 0x10,
NTLMAUTH_PKT: 0x11,
PRELOGIN: 0x12

@@ -19,0 +20,0 @@ };

@@ -40,3 +40,5 @@ // Generated by CoffeeScript 1.7.1

tokenParsers[TYPE.SSPI] = require('./sspi-token-parser');
/*

@@ -43,0 +45,0 @@ Buffers are thrown at the parser (by calling addBuffer).

@@ -31,2 +31,10 @@ // Generated by CoffeeScript 1.7.1

WritableTrackingBuffer.prototype.copyFrom = function(buffer) {
var length;
length = buffer.length;
this.makeRoomFor(length);
buffer.copy(this.buffer, this.position);
return this.position += length;
};
WritableTrackingBuffer.prototype.makeRoomFor = function(requiredLength) {

@@ -33,0 +41,0 @@ if (this.buffer.length - this.position < requiredLength) {

3

package.json

@@ -29,3 +29,3 @@ {

],
"version": "1.0.0",
"version": "1.1.0",
"main": "./lib/tedious.js",

@@ -40,2 +40,3 @@ "repository": {

"dependencies": {
"big-number": "0.3.0",
"iconv-lite": "0.4.2",

@@ -42,0 +43,0 @@ "sprintf": "0.1.1"

@@ -7,3 +7,3 @@ # Tedious (node implementation of TDS)

See the [changelog](https://github.com/pekim/tedious/blob/master/History.md) for version history.
See the [changelog](http://pekim.github.io/tedious/changelog.html) for version history.

@@ -13,4 +13,4 @@ ### Supported TDS versions

- TDS 7.4 (SQL Server 2012/2014)
- TDS 7.3.A (SQL Server 2008 R2)
- TDS 7.3.B (SQL Server 2008)
- TDS 7.3.B (SQL Server 2008 R2)
- TDS 7.3.A (SQL Server 2008)
- TDS 7.2 (SQL Server 2005)

@@ -17,0 +17,0 @@ - TDS 7.1 (SQL Server 2000)

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc