einfallstoll
diff --git a/‎.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎buffer.js‎
Lines changed: 11 additions & 0 deletions b/‎buffer.js‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎lib/ASN1.js‎
Lines changed: 148 additions & 0 deletions b/‎lib/ASN1.js‎
Lines changed: 148 additions & 0 deletions
diff --git a/‎lib/Cache.js‎
Lines changed: 32 additions & 0 deletions b/‎lib/Cache.js‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎lib/NTLM_AD_Proxy.js‎
Lines changed: 84 additions & 0 deletions b/‎lib/NTLM_AD_Proxy.js‎
Lines changed: 84 additions & 0 deletions
diff --git a/‎lib/NTLM_No_Proxy.js‎
Lines changed: 58 additions & 0 deletions b/‎lib/NTLM_No_Proxy.js‎
Lines changed: 58 additions & 0 deletions
@@ -0,0 +1,2 @@
+node_modules/
+test.js
@@ -0,0 +1,11 @@
+function emptyBuffer(length) {
+    var buf = new Buffer(length);
+    for (var i = 0; i < length; i++) {
+        buf.writeUInt8(0, i);
+    }
+    return buf;
+}
+
+for (var i = 0; i < 100; i++) {
+    console.log((emptyBuffer(30)).toString('hex'));
+}
@@ -0,0 +1,148 @@
+/* jshint node:true */
+/* global toBinary */
+
+var assert = require('assert');
+
+var utils = require('./utils');
+
+var ASN1 = {
+    maketlv: function(dertype, payload) {
+        if (typeof payload === 'string') {
+            payload = new Buffer(payload);
+        }
+
+        var tlv,
+            offset;
+        if (payload.length < 128) {
+            tlv = new Buffer(1 + 1 + payload.length);
+            tlv.writeUInt8(dertype, 0);
+            tlv.writeUInt8(payload.length, 1);
+            offset = 2;
+        } else if (payload.length < 256) {
+            tlv = new Buffer(1 + 2 + payload.length);
+            tlv.writeUInt8(dertype, 0);
+            tlv.writeUInt8(utils.toBinary('10000001'), 1); // Number of length bytes = 1
+            tlv.writeUInt8(payload.length, 2);
+            offset = 3;
+        } else {
+            tlv = new Buffer(1 + 3 + payload.length);
+            tlv.writeUInt8(dertype, 0);
+            tlv.writeUInt8(utils.toBinary('10000010'), 1); // Number of length bytes = 2
+            tlv.writeUInt16LE(payload.length, 2);
+            offset = 4;
+        }
+
+        for (var i = 0; i < payload.length; i++) {
+            tlv.writeUInt8(payload.readUInt8(i), offset++);
+        }
+
+        return tlv;
+    },
+    makeint: function(number, tag) {
+        if (!tag) {
+            tag = 0x02;
+        }
+
+        var payload;
+
+        if (number <= 0) {
+            payload = new Buffer('\0');
+        } else {
+            payload = new Buffer(0);
+            while (number > 0) {
+                var buf = new Buffer(1);
+                buf.writeUInt8(number & 255, 0);
+                payload = buf + payload;
+                number = number >>> 8;
+            }
+        }
+
+        return ASN1.maketlv(tag, payload);
+    },
+    makeseq: function(payload) {
+        return ASN1.maketlv(0x30, payload);
+    },
+    makeoctstr: function(payload) {
+        return ASN1.maketlv(0x04, payload);
+    },
+    
+    parselen: function(berobj) {
+        var length = berobj.readUInt8(1);
+                
+        if (length < 128) {
+            return [length, 2];
+        }
+        
+        var nlength = length & utils.toBinary('01111111');
+        length = 0;
+        
+        for (var i = 2; i < 2 + nlength; i++) {
+            length = length * 256 + berobj.readUInt8(i);   
+        }
+        
+        return [length, 2 + nlength];
+    },
+    parsetlv: function(dertype, derobj, partial) {
+        if (!partial) partial = false;
+        
+        if (derobj.readUInt8(0) != dertype) {
+            throw new Error('BER element ' + derobj.toString('hex') + ' does not start type 0x' + dertype.toString(16));
+        }
+        
+        var lengths = ASN1.parselen(derobj),
+            length = lengths[0],
+            pstart = lengths[1];
+        
+        if (partial) {
+            if (derobj.length < length + pstart) {
+                throw new Error('BER payload ' + derobj.toString('hex') + ' is shorter than expected (' + length + ' bytes, type 0x' + dertype.toString(16) + ').');
+            }
+            return [derobj.slice(pstart, pstart + length), derobj.slice(pstart + length)];
+        }
+        
+        if (derobj.length != length + pstart) {
+            throw new Error('BER payload ' + derobj.toString('hex') + ' is not ' + length + ' bytes long (type 0x' + dertype.toString(16) + ').');
+        }
+        return derobj.slice(pstart);
+    },
+    parseint: function(payload, partial, tag) {
+        if (!partial) partial = false;
+        if (!tag) tag = 0x02;
+        
+        var res = ASN1.parsetlv(tag, payload, partial);
+        if (partial) {
+            payload = res[0];
+        } else {
+            payload = res;
+        }
+        
+        var value = 0;
+        
+        assert.equal(payload.readUInt8(0) & utils.toBinary('10000000'), 0x00);
+        for (var i = 0; i < payload.length; i++) {
+            value = value * 256 + payload.readUInt8(i);
+        }
+        if (partial) {
+            return [value, res[1]];
+        } else {
+            return value;
+        }
+    },
+    parseenum: function(payload, partial) {
+        if (!partial) partial = false;
+        
+        return ASN1.parseint(payload, partial, 0x0A);
+    },
+    parseseq: function(payload, partial) {
+        if (!partial) partial = false;
+        
+        return ASN1.parsetlv(0x30, payload, partial);
+    },
+    parseoctstr: function(payload, partial) {
+        if (!partial) partial = false;
+        
+        return ASN1.parsetlv(0x04, payload, partial);
+    }
+};
+
+module.exports = ASN1;
@@ -0,0 +1,32 @@
+/* jshint node: true */
+
+function Cache() {
+    this._cache = {};
+}
+
+Cache.prototype.remove = function(id) {
+    var proxy = this._cache[id];
+    if (proxy) {
+        proxy[0].close();
+        delete this._cache[id];
+    }
+};
+
+Cache.prototype.add = function(id, proxy) {
+    this._cache[id] = [proxy, Date.now()];
+};
+
+Cache.prototype.clean = function() {
+    var now = Date.now();
+    for (var id in this._cache) {
+        if (this._cache[id][1] + 60 * 1000 < now) {
+            this.remove(id);
+        }
+    }
+};
+
+Cache.prototype.get_proxy = function(id) {
+    return this._cache[id][0];
+};
+
+module.exports = Cache;
@@ -0,0 +1,84 @@
+/* jshint node:true */
+
+var util = require('util');
+
+var ASN1 = require('./ASN1'),
+    NTLM_Proxy = require('./NTLM_Proxy'),
+    utils = require('./utils');
+
+function LDAP_Context() {
+    this.messageID = 0;
+    
+    this.LDAP_Result_success = 0;
+    this.LDAP_Result_saslBindInProgress = 14;
+}
+
+LDAP_Context.prototype.make_session_setup_req = function(ntlm_token, type1) {
+    
+    var authentication = ASN1.maketlv(0xA3, utils.concatBuffer(ASN1.makeoctstr('GSS-SPNEGO'), ASN1.makeoctstr(ntlm_token))),
+        bindRequest = ASN1.maketlv(0x60, utils.concatBuffer(ASN1.makeint(3), ASN1.makeoctstr(''), authentication));
+    
+    this.messageID++;
+    
+    return ASN1.makeseq(utils.concatBuffer(ASN1.makeint(this.messageID), bindRequest));
+};
+
+LDAP_Context.prototype.make_negotiate_protocol_req = function() {
+    return;
+};
+
+LDAP_Context.prototype.parse_session_setup_resp = function(response, callback) {
+    try {
+        var data = ASN1.parseseq(response);
+
+        var messageID = ASN1.parseint(data, true);
+        data = messageID[1];
+        messageID = messageID[0];
+        
+        
+        if (messageID != this.messageID) {
+            throw new Error('Unexpected MessageID: ' + messageID + ' instead of ' + this.messageID);
+        }
+        
+        var controls = ASN1.parsetlv(0x61, data, true);
+        data = controls[0];
+        controls = controls[1];
+        
+        var resultCode = ASN1.parseenum(data, true);
+        data = resultCode[1];
+        resultCode = resultCode[0];
+        
+        var matchedDN = ASN1.parseoctstr(data, true);
+        data = matchedDN[1];
+        matchedDN = matchedDN[0];
+        
+        var diagnosticMessage = ASN1.parseoctstr(data, true);
+        data = diagnosticMessage[1];
+        diagnosticMessage = diagnosticMessage[0];
+                
+        if (resultCode == this.LDAP_Result_success) {
+            return callback(null, true, '');
+        }
+        
+        if (resultCode != this.LDAP_Result_saslBindInProgress) {
+            return callback(null, false, '');
+        }
+        
+        var serverSaslCreds = ASN1.parsetlv(0x87, data);
+        return callback(null, true, serverSaslCreds);
+    }
+    catch (error) {
+        return callback(error);
+    }
+};
+
+function NTLM_AD_Proxy(ipad, domain, base) {
+    this._portad = 389;
+    
+    NTLM_Proxy.call(this, ipad, this._portad, domain, LDAP_Context);
+    this.base = base;
+}
+
+util.inherits(NTLM_AD_Proxy, NTLM_Proxy);
+
+module.exports = NTLM_AD_Proxy;
@@ -0,0 +1,58 @@
+/* jshint node:true */
+
+function NTLM_No_Proxy() {}
+
+NTLM_No_Proxy.prototype.close = function() {
+    
+};
+
+NTLM_No_Proxy.prototype.negotiate = function(ntlm_negotiate, negotiate_callback) {
+    var challenge = new Buffer(40),
+        offset = 0;
+
+    var header = 'NTLMSSP\0';
+    for (var i = 0; i < header.length; i++) {
+        challenge.writeUInt8(header.charCodeAt(i), offset++);
+    }
+
+    challenge.writeUInt8(0x02, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x28, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x01, offset++);
+    challenge.writeUInt8(0x82, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x01, offset++);
+    challenge.writeUInt8(0x23, offset++);
+    challenge.writeUInt8(0x45, offset++);
+    challenge.writeUInt8(0x67, offset++);
+    challenge.writeUInt8(0x89, offset++);
+    challenge.writeUInt8(0xab, offset++);
+    challenge.writeUInt8(0xcd, offset++);
+    challenge.writeUInt8(0xef, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    challenge.writeUInt8(0x00, offset++);
+    
+    negotiate_callback(null, challenge);
+};
+
+NTLM_No_Proxy.prototype.authenticate = function(ntlm_authenticate, authenticate_callback) {
+    authenticate_callback(null, true);
+};
+
+module.exports = NTLM_No_Proxy;