Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 | 1x 1x 1x 1x 1x 1x 1x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 3x | import { sspi, CtxtHandle, Groups } from '../../lib/api'; import { getUser } from './userdb'; import dbg from 'debug'; import { sso } from '.'; import os from 'os'; import { User, SSOMethod, SSOObject, SSOOptions } from './interfaces'; const debug = dbg('node-expose-sspi:SSO'); export class SSO { user!: User; owner!: User; private options: SSOOptions = { useActiveDirectory: true, useGroups: true, useOwner: true, groupFilterRegex: '.*', }; constructor( private serverContextHandle: CtxtHandle, public method: SSOMethod ) {} async load(): Promise<void> { const names = sspi.QueryContextAttributes( this.serverContextHandle, 'SECPKG_ATTR_NAMES' ) as { sUserName: string }; const [domain, name] = names.sUserName.split('\\'); this.user = { domain, name }; // impersonate to retrieve the used access token. sspi.ImpersonateSecurityContext(this.serverContextHandle); debug('impersonate security context ok'); const userToken = sspi.OpenThreadToken(); debug('userToken: ', userToken); try { debug('about to do GetUserNameEx'); this.user.displayName = sspi.GetUserNameEx('NameDisplay'); } catch (e) { // exemple of error scenario: local user without displayname. this.user.displayName = this.user.name; } debug('about to do RevertSecurityContext'); sspi.RevertSecurityContext(this.serverContextHandle); this.user.accessToken = userToken; debug('this.options.useGroups: ', this.options.useGroups); Eif (this.options.useGroups) { debug('about to do GetTokenInformation'); const groups = sspi.GetTokenInformation({ accessToken: userToken, tokenInformationClass: 'TokenGroups', filter: this.options.groupFilterRegex, }) as Groups; groups.sort(); debug('groups: ', groups); this.user.groups = groups; } // free the userToken debug('about to do CloseHandle'); sspi.CloseHandle(userToken); debug('about to do LookupAccountName'); const { sid } = sspi.LookupAccountName(names.sUserName); this.user.sid = sid; try { debug('about to do isOnDomain and isActiveDirectoryReachable'); Iif ( sso.isOnDomain() && sso.isActiveDirectoryReachable() && os.hostname() !== domain && this.options.useActiveDirectory ) { debug('about to do getUser'); const adUser = await getUser(`(sAMAccountName=${name})`); this.user.adUser = adUser; } } catch (e) { debug('cannot getUser from AD. e: ', e); } // owner info. debug('this.options.useOwner: ', this.options.useOwner); Iif (this.options.useOwner) { debug('about to do GetUserName'); const owner = sspi.GetUserName(); debug('owner: ', owner); this.owner = { name: owner }; try { debug('about to do GetUserNameEx'); this.owner.displayName = sspi.GetUserNameEx('NameDisplay'); } catch (e) { // exemple of error scenario: local user without displayname. this.owner.displayName = this.owner.name; } debug('this.options.useGroups: ', this.options.useGroups); if (this.options.useGroups) { debug('about to do OpenProcessToken'); const processToken = sspi.OpenProcessToken([ 'TOKEN_QUERY', 'TOKEN_QUERY_SOURCE', ]); debug('about to do GetTokenInformation'); const ownerGroups = sspi.GetTokenInformation({ accessToken: processToken, tokenInformationClass: 'TokenGroups', filter: this.options.groupFilterRegex, }) as Groups; ownerGroups.sort(); debug('ownerGroups: ', ownerGroups); this.owner.groups = ownerGroups; debug('about to do CloseHandle'); sspi.CloseHandle(processToken); } try { debug('about to do LookupAccountName'); const o = sspi.LookupAccountName(owner); this.owner.sid = o.sid; this.owner.domain = o.domain; } catch (e) { debug('error: ', e); } debug('SSO end.'); } } getJSON(): SSOObject { const json: SSOObject = { method: this.method }; Eif (this.user) { json.user = this.user; } Iif (this.owner) { json.owner = this.owner; } return json; } setOptions(options: Partial<SSOOptions>): void { this.options = { ...this.options, ...options }; } } |