Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pluggable sspi-client #41

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 15 additions & 14 deletions src_js/index.js
Original file line number Diff line number Diff line change
@@ -1,17 +1,18 @@
'use strict';

var os = require('os');

// require and export only for platforms where the module is supported.
// Individual module require'ed use features of node.js that would trigger
// syntax errors in older versions. This allows for the module to be included
// in applications like Tedious which supports older version of node.js, even
// if the functionality itself won't be available. The application can decide
// what to do if the module is not supported on the platform where it's running.
if (require('semver').gte(process.version, '4.0.0') && os.type() === 'Windows_NT') {
module.exports.ModuleSupported = true;
const NativeAuthProvider = require('./native.js').NativeAuthProvider;

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about removing the .js extension from the paths passed to the require calls?


module.exports.SspiClientApi = require('./sspi_client');
module.exports.Fqdn = require('./fqdn');
module.exports.MakeSpn = require('./make_spn');
}
module.exports = function(options) {
// require and export only for platforms where the module is supported.
// Individual module require'ed use features of node.js that would trigger
// syntax errors in older versions. This allows for the module to be included
// in applications like Tedious which supports older version of node.js, even
// if the functionality itself won't be available. The application can decide
// what to do if the module is not supported on the platform where it's running.
if (require('semver').gte(process.version, '4.0.0') && os.type() === 'Windows_NT') {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about putting the version requirement for Node.js into the package.json file, and removing it from here? That'd allow you to get rid of the semver dependency as well.

return function(connection) {
return new NativeAuthProvider(connection, options);
};
}
return undefined;
};
78 changes: 78 additions & 0 deletions src_js/native.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think about removing this whitespace here?

const SspiClientApi = require('./sspi_client');
const Fqdn = require('./fqdn');
const MakeSpn = require('./make_spn');

/**
Authenticate to SQL Server via Windows Native SSPI.

This class allows authentication to SQL Server via native APIs provided
by Windows. This allows client authentication without providing a
username/password.

Optionally, the `securityPackage` to be used can be specified. SQL Server
understands `'kerberos'`, `'ntlm'` or `'negotiate'` (default).

`'negotiate'` will automatically decide whether to use Kerberos or NTLM based
authentication, preferring Kerberos if that is supported by the target server
as it's more secure than NTLM.

@param {Connection} connection
@param {Object} options
@param {?String} options.securityPackage
Can be one of `'ntlm'`, `'kerberos'` or `'negotiate'`.
*/
class NativeAuthProvider {
constructor(connection, options) {
this.connection = connection;
this.options = options;

this.client = undefined;
}

handshake(data, callback) {
if (this.sspiClientResponsePending) {
// We got data from the server while we're waiting for getNextBlob()
// call to complete on the client. We cannot process server data
// until this call completes as the state can change on completion of
// the call. Queue it for later.
const boundDispatchEvent = this.connection.dispatchEvent.bind(this.connection);
return setImmediate(boundDispatchEvent, 'message');
}
if (data) {
this.sspiClientResponsePending = true;
return this.client.getNextBlob(data, 0, data.length, (responseBuffer, isDone, errorCode, errorString) => {
if (errorCode) {
return callback(new Error(errorString));
}
this.sspiClientResponsePending = false;
callback(null, responseBuffer);
});
} else {
const server = this.connection.routingData ? this.connection.routingData.server : this.connection.config.server;

Fqdn.getFqdn(server, (err, fqdn) => {
if (err) {
return callback(new Error('Error getting Fqdn. Error details: ' + err.message));
}

const spn = MakeSpn.makeSpn('MSSQLSvc', fqdn, this.connection.config.options.port);
this.client = new SspiClientApi.SspiClient(spn, this.options.securityPackage);
this.sspiClientResponsePending = true;
this.client.getNextBlob(null, 0, 0, (responseBuffer, isDone, errorCode, errorString) => {
if (errorCode) {
return callback(new Error(errorString));
}

if (isDone) {
return callback(new Error('Unexpected isDone=true on getNextBlob in sendLogin7Packet.'));
}
this.sspiClientResponsePending = false;
callback(null, responseBuffer);
});
});
}
}
}

module.exports.NativeAuthProvider = NativeAuthProvider;
6 changes: 3 additions & 3 deletions test/integration/sspi-client-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@

const net = require('net');

const SspiClientApi = require('../../src_js/index.js').SspiClientApi;
const Fqdn = require('../../src_js/index.js').Fqdn;
const MakeSpn = require('../../src_js/index.js').MakeSpn;
const SspiClientApi = require('../../src_js/sspi_client.js');
const Fqdn = require('../../src_js/fqdn.js');
const MakeSpn = require('../../src_js/make_spn.js');

let sspiClient = null;
let serverResponse = null;
Expand Down
2 changes: 1 addition & 1 deletion test/unit/fqdn_tests.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
'use strict';

const ConfigUtils = require('../utils/config.js');
const Fqdn = require('../../src_js/index.js').Fqdn;
const Fqdn = require('../../src_js/fqdn.js');

function getLocalhostFqdnPattern() {
return new RegExp("^" + ConfigUtils.getLocalhostFqdn() + "$");
Expand Down
2 changes: 1 addition & 1 deletion test/unit/make_spn_tests.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict';

const MakeSpn = require('../../src_js/index.js').MakeSpn;
const MakeSpn = require('../../src_js/make_spn.js');

exports.makeSpnPort = function(test) {
const spn = MakeSpn.makeSpn('MSSQLSvc', 'www.example.com', 1433);
Expand Down
2 changes: 1 addition & 1 deletion test/unit/sspi_client_tests.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict';

const SspiClientApi = require('../../src_js/index.js').SspiClientApi;
const SspiClientApi = require('../../src_js/sspi_client.js');

// Comment/Uncomment to enable/disable debug logging in native code.
// SspiClientApi.enableNativeDebugLogging();
Expand Down