-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pluggable sspi-client #41
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,18 @@ | ||
'use strict'; | ||
|
||
var os = require('os'); | ||
|
||
// require and export only for platforms where the module is supported. | ||
// Individual module require'ed use features of node.js that would trigger | ||
// syntax errors in older versions. This allows for the module to be included | ||
// in applications like Tedious which supports older version of node.js, even | ||
// if the functionality itself won't be available. The application can decide | ||
// what to do if the module is not supported on the platform where it's running. | ||
if (require('semver').gte(process.version, '4.0.0') && os.type() === 'Windows_NT') { | ||
module.exports.ModuleSupported = true; | ||
const NativeAuthProvider = require('./native.js').NativeAuthProvider; | ||
|
||
module.exports.SspiClientApi = require('./sspi_client'); | ||
module.exports.Fqdn = require('./fqdn'); | ||
module.exports.MakeSpn = require('./make_spn'); | ||
} | ||
module.exports = function(options) { | ||
// require and export only for platforms where the module is supported. | ||
// Individual module require'ed use features of node.js that would trigger | ||
// syntax errors in older versions. This allows for the module to be included | ||
// in applications like Tedious which supports older version of node.js, even | ||
// if the functionality itself won't be available. The application can decide | ||
// what to do if the module is not supported on the platform where it's running. | ||
if (require('semver').gte(process.version, '4.0.0') && os.type() === 'Windows_NT') { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What do you think about putting the version requirement for Node.js into the |
||
return function(connection) { | ||
return new NativeAuthProvider(connection, options); | ||
}; | ||
} | ||
return undefined; | ||
}; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What do you think about removing this whitespace here? |
||
const SspiClientApi = require('./sspi_client'); | ||
const Fqdn = require('./fqdn'); | ||
const MakeSpn = require('./make_spn'); | ||
|
||
/** | ||
Authenticate to SQL Server via Windows Native SSPI. | ||
|
||
This class allows authentication to SQL Server via native APIs provided | ||
by Windows. This allows client authentication without providing a | ||
username/password. | ||
|
||
Optionally, the `securityPackage` to be used can be specified. SQL Server | ||
understands `'kerberos'`, `'ntlm'` or `'negotiate'` (default). | ||
|
||
`'negotiate'` will automatically decide whether to use Kerberos or NTLM based | ||
authentication, preferring Kerberos if that is supported by the target server | ||
as it's more secure than NTLM. | ||
|
||
@param {Connection} connection | ||
@param {Object} options | ||
@param {?String} options.securityPackage | ||
Can be one of `'ntlm'`, `'kerberos'` or `'negotiate'`. | ||
*/ | ||
class NativeAuthProvider { | ||
constructor(connection, options) { | ||
this.connection = connection; | ||
this.options = options; | ||
|
||
this.client = undefined; | ||
} | ||
|
||
handshake(data, callback) { | ||
if (this.sspiClientResponsePending) { | ||
// We got data from the server while we're waiting for getNextBlob() | ||
// call to complete on the client. We cannot process server data | ||
// until this call completes as the state can change on completion of | ||
// the call. Queue it for later. | ||
const boundDispatchEvent = this.connection.dispatchEvent.bind(this.connection); | ||
return setImmediate(boundDispatchEvent, 'message'); | ||
} | ||
if (data) { | ||
this.sspiClientResponsePending = true; | ||
return this.client.getNextBlob(data, 0, data.length, (responseBuffer, isDone, errorCode, errorString) => { | ||
if (errorCode) { | ||
return callback(new Error(errorString)); | ||
} | ||
this.sspiClientResponsePending = false; | ||
callback(null, responseBuffer); | ||
}); | ||
} else { | ||
const server = this.connection.routingData ? this.connection.routingData.server : this.connection.config.server; | ||
|
||
Fqdn.getFqdn(server, (err, fqdn) => { | ||
if (err) { | ||
return callback(new Error('Error getting Fqdn. Error details: ' + err.message)); | ||
} | ||
|
||
const spn = MakeSpn.makeSpn('MSSQLSvc', fqdn, this.connection.config.options.port); | ||
this.client = new SspiClientApi.SspiClient(spn, this.options.securityPackage); | ||
this.sspiClientResponsePending = true; | ||
this.client.getNextBlob(null, 0, 0, (responseBuffer, isDone, errorCode, errorString) => { | ||
if (errorCode) { | ||
return callback(new Error(errorString)); | ||
} | ||
|
||
if (isDone) { | ||
return callback(new Error('Unexpected isDone=true on getNextBlob in sendLogin7Packet.')); | ||
} | ||
this.sspiClientResponsePending = false; | ||
callback(null, responseBuffer); | ||
}); | ||
}); | ||
} | ||
} | ||
} | ||
|
||
module.exports.NativeAuthProvider = NativeAuthProvider; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think about removing the
.js
extension from the paths passed to therequire
calls?