Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: fail ntlm auth gracefully when md4 hashing is not available #1400

Merged
merged 4 commits into from
Jun 8, 2022
Merged

feat: fail ntlm auth gracefully when md4 hashing is not available #1400

merged 4 commits into from
Jun 8, 2022

Conversation

mShan0
Copy link
Contributor

@mShan0 mShan0 commented Feb 9, 2022
edited
Loading

Emits an error explaining that the user needs to enable --openssl-legacy-provider. Also adds tests to test the flag's functionality.

Document changes: #1399 (already merged)
CI Config testing node 17: #1396

@codecov
Copy link

codecov bot commented Feb 9, 2022
edited
Loading

Codecov Report

Merging #1400 (48127ed) into master (734a9df) will decrease coverage by 0.12%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #1400      +/-   ##
==========================================
- Coverage   80.61%   80.49%   -0.13%     
==========================================
  Files          88       88              
  Lines        4710     4716       +6     
  Branches      870      871       +1     
==========================================
- Hits         3797     3796       -1     
- Misses        636      643       +7     
  Partials      277      277
Impacted Files Coverage Δ
src/connection.ts 65.52% <0.00%> (-0.48%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 734a9df...48127ed. Read the comment docs.

MichaelSun90
MichaelSun90 reviewed Feb 14, 2022
View reviewed changes
src/connection.ts Outdated
this.ntlmpacket = undefined;

this.messageIo.readMessage().then((message) => {
this.dispatchEvent('message', message);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if you need to try to catch the whole block. I have not tried it myself, but you could try to check if the income message or the err object has a code match ERR_OSSL_EVP_UNSUPPORTED, and emit the error.

test/integration/connection-test.js Show resolved Hide resolved
@mShan0 mShan0 force-pushed the mark-node17-support-with-ntlm branch from ab7b7cd to 20f72d7 Compare February 15, 2022 23:59
arthurschreiber
arthurschreiber reviewed Mar 30, 2022
View reviewed changes
src/connection.ts Outdated
Comment on lines 3395 to 3433
this.emit('connect', new ConnectionError(`Node 17 now uses OpenSSL 3, which considers md4 encryption a legacy type.
In order to use NTLM with Node 17, enable the '--openssl-legacy-provider' command line flag.
Check the Tedious FAQ for more information.`, 'ELOGIN'));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to turn this into an AggregateError (that would require merging #1409 first to pull in the AggregateError class)?

Also, it might be good to change how the error message is formatted to remove the leading whitespace on lines 2 and 3 of the error message.

src/connection.ts Outdated
In order to use NTLM with Node 17, enable the '--openssl-legacy-provider' command line flag.
Check the Tedious FAQ for more information.`, 'ELOGIN'));
} else {
this.emit('connect', new ConnectionError('Login failed.' + error.message, 'ELOGIN'));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be best to just re-throw any "unknown" errors we encounter here. Otherwise other errors like syntax errors or trying to call methods on an undefined object and so on will get turned into ConnectionErrors here.

What do you think?

@mShan0 mShan0 force-pushed the mark-node17-support-with-ntlm branch from 20f72d7 to 4af64f6 Compare April 29, 2022 20:05
@mShan0 mShan0 force-pushed the mark-node17-support-with-ntlm branch from 1f0cbd8 to e6c6496 Compare May 10, 2022 21:51
@mShan0 mShan0 force-pushed the mark-node17-support-with-ntlm branch from 0f6838f to dbfc679 Compare May 19, 2022 19:41
@mShan0 mShan0 marked this pull request as draft May 19, 2022 21:38
@mShan0 mShan0 marked this pull request as ready for review May 19, 2022 22:39
@arthurschreiber arthurschreiber changed the title feat: support ntlm auth when using node 17 feat: fail ntlm auth gracefully when md4 hashing is not available Jun 8, 2022
@arthurschreiber arthurschreiber merged commit 57a50d4 into master Jun 8, 2022
@github-actions
Copy link

github-actions bot commented Jun 8, 2022

🎉 This PR is included in version 14.6.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@mShan0 mShan0 deleted the mark-node17-support-with-ntlm branch June 22, 2022 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arthurschreiber arthurschreiber arthurschreiber left review comments

@MichaelSun90 MichaelSun90 MichaelSun90 left review comments

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mShan0 @arthurschreiber @MichaelSun90