Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 2x 2x 2x 1x 1x 2x 2x 2x 2x 2x 2x 1x 2x 2x 2x 1x 1x 1x 1x 1x 1x 1x | import { hexDump } from './misc'; import { sspi, UserCredential, SecurityContext, InitializeSecurityContextInput, AcceptSecurityContextInput, ServerSecurityContext, } from '../../lib/api'; import { SSO } from './SSO'; import dbg from 'debug'; const debug = dbg('node-expose-sspi:connect'); /** * Retrieves SSO information from an explicit credential (login/password and domain). * The SSO information will be retrieved only if the credential * matches a local account or a domain account. * * @param {sspi.UserCredential} userCredential * @returns {SSO} the SSO object. */ export async function connect(userCredential: UserCredential): Promise<SSO> { const errorMsg = 'Error while building the security context'; const badLoginPasswordError = new Error('Sorry. Logon denied.'); try { const packageInfo = sspi.QuerySecurityPackageInfo('Negotiate'); const clientCred = sspi.AcquireCredentialsHandle({ packageName: 'Negotiate', authData: userCredential, }); const serverCred = sspi.AcquireCredentialsHandle({ packageName: 'Negotiate', }); let serverSecurityContext!: ServerSecurityContext; let clientSecurityContext!: SecurityContext; const clientInput: InitializeSecurityContextInput = { credential: clientCred.credential, targetName: 'kiki', cbMaxToken: packageInfo.cbMaxToken, }; const serverInput: AcceptSecurityContextInput = { credential: serverCred.credential, }; let i = 0; while (true) { debug('i: ', i); i++; if (serverSecurityContext) { clientInput.SecBufferDesc = serverSecurityContext.SecBufferDesc; clientInput.contextHandle = clientSecurityContext?.contextHandle; } clientSecurityContext = sspi.InitializeSecurityContext(clientInput); debug('clientSecurityContext: ', clientSecurityContext); debug(hexDump(clientSecurityContext.SecBufferDesc.buffers[0])); Iif ( clientSecurityContext.SECURITY_STATUS !== 'SEC_I_CONTINUE_NEEDED' && clientSecurityContext.SECURITY_STATUS !== 'SEC_E_OK' ) { throw errorMsg; } serverInput.SecBufferDesc = clientSecurityContext.SecBufferDesc; if (serverSecurityContext) { serverInput.contextHandle = serverSecurityContext.contextHandle; } serverSecurityContext = sspi.AcceptSecurityContext(serverInput); debug('serverSecurityContext: ', serverSecurityContext); if ( serverSecurityContext.SECURITY_STATUS !== 'SEC_I_CONTINUE_NEEDED' && serverSecurityContext.SECURITY_STATUS !== 'SEC_E_OK' ) { Eif (serverSecurityContext.SECURITY_STATUS === 'SEC_E_LOGON_DENIED') { throw badLoginPasswordError; } throw errorMsg; } debug(hexDump(serverSecurityContext.SecBufferDesc.buffers[0])); Eif (serverSecurityContext.SECURITY_STATUS !== 'SEC_E_OK') { continue; } // we have the security context !!! debug('We have the security context !!!'); break; } const sso = new SSO(serverSecurityContext.contextHandle, undefined); await sso.load(); if (sso.user.name === 'Guest') { throw badLoginPasswordError; } return sso; } catch (e) { Eif (e === badLoginPasswordError) { throw e; } console.error('error', e); throw e; } } |