npm - @tachybase/module-multi-app - Versions diffs - 1.6.0 → 1.6.2 - Mend

@tachybase/module-multi-app 1.6.0 → 1.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (105) hide show

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/caching-sha2-password-auth.js CHANGED Viewed

@@ -1,8 +1,9 @@
+//  SPDX-License-Identifier: LGPL-2.1-or-later
+//  Copyright (c) 2015-2024 MariaDB Corporation Ab
 const PluginAuth = require('./plugin-auth');
 const fs = require('fs');
-const crypto = require('crypto');
 const Errors = require('../../../misc/errors');
-const NativePasswordAuth = require('./native-password-auth');
 const Sha256PasswordAuth = require('./sha256-password-auth');
 const State = {
@@ -16,10 +17,12 @@ const State = {
  * Use caching Sha2 password authentication
  */
 class CachingSha2PasswordAuth extends PluginAuth {
-  constructor(packSeq, compressPackSeq, pluginData, resolve, reject, multiAuthResolver) {
-    super(resolve, reject, multiAuthResolver);
+  constructor(packSeq, compressPackSeq, pluginData, cmdParam, reject, multiAuthResolver) {
+    super(cmdParam, multiAuthResolver, reject);
+    this.multiAuthResolver = multiAuthResolver;
     this.pluginData = pluginData;
     this.sequenceNo = packSeq;
+    this.compressSequenceNo = compressPackSeq;
     this.counter = 0;
     this.state = State.INIT;
   }
@@ -29,15 +32,15 @@ class CachingSha2PasswordAuth extends PluginAuth {
     this.onPacketReceive = this.response;
   }
-  exchange(buffer, out, opts, info) {
+  exchange(packet, out, opts, info) {
     switch (this.state) {
       case State.INIT:
         const truncatedSeed = this.pluginData.slice(0, this.pluginData.length - 1);
-        const encPwd = NativePasswordAuth.encryptPassword(opts.password, truncatedSeed, 'sha256');
+        const encPwd = Sha256PasswordAuth.encryptSha256Password(opts.password, truncatedSeed);
         out.startPacket(this);
         if (encPwd.length > 0) {
           out.writeBuffer(encPwd, 0, encPwd.length);
-          out.flushBuffer(true);
+          out.flushPacket();
         } else {
           out.writeEmptyPacket(true);
         }
@@ -46,12 +49,12 @@ class CachingSha2PasswordAuth extends PluginAuth {
       case State.FAST_AUTH_RESULT:
         // length encoded numeric : 0x01 0x03/0x04
-        const fastAuthResult = buffer[1];
+        const fastAuthResult = packet[1];
         switch (fastAuthResult) {
           case 0x03:
             // success authentication
-            this.emit('send_end');
-            return this.successSend(packet, out, opts, info);
+            // an OK_Packet will follow
+            return;
           case 0x04:
             if (opts.ssl) {
@@ -59,7 +62,7 @@ class CachingSha2PasswordAuth extends PluginAuth {
               out.startPacket(this);
               out.writeString(opts.password);
               out.writeInt8(0);
-              out.flushBuffer(true);
+              out.flushPacket();
               return;
             }
@@ -71,29 +74,20 @@ class CachingSha2PasswordAuth extends PluginAuth {
                   // rsaPublicKey contain path
                   key = fs.readFileSync(key, 'utf8');
                 }
-                this.publicKey = Sha256PasswordAuth.retreivePublicKey(key);
+                this.publicKey = Sha256PasswordAuth.retrievePublicKey(key);
               } catch (err) {
                 return this.throwError(err, info);
               }
               // send Sha256Password Packet
-              Sha256PasswordAuth.sendSha256PwdPacket(
-                this,
-                this.pluginData,
-                this.publicKey,
-                opts.password,
-                out
-              );
+              Sha256PasswordAuth.sendSha256PwdPacket(this, this.pluginData, this.publicKey, opts.password, out);
             } else {
               if (!opts.allowPublicKeyRetrieval) {
                 return this.throwError(
-                  Errors.createError(
+                  Errors.createFatalError(
                     'RSA public key is not available client side. Either set option `cachingRsaPublicKey` to indicate' +
                       ' public key path, or allow public key retrieval with option `allowPublicKeyRetrieval`',
-                    null,
-                    true,
-                    info,
-                    '08S01',
-                    Errors.ER_CANNOT_RETRIEVE_RSA_KEY
+                    Errors.ER_CANNOT_RETRIEVE_RSA_KEY,
+                    info
                   ),
                   info
                 );
@@ -102,48 +96,17 @@ class CachingSha2PasswordAuth extends PluginAuth {
               // ask caching public Key Retrieval
               out.startPacket(this);
               out.writeInt8(0x02);
-              out.flushBuffer(true);
+              out.flushPacket();
             }
-            return;
         }
+        return;
       case State.REQUEST_SERVER_KEY:
-        this.publicKey = Sha256PasswordAuth.retreivePublicKey(buffer.toString('utf8', 1));
+        this.publicKey = Sha256PasswordAuth.retrievePublicKey(packet.toString(undefined, 1));
         this.state = State.SEND_AUTH;
-        Sha256PasswordAuth.sendSha256PwdPacket(
-          this,
-          this.pluginData,
-          this.publicKey,
-          opts.password,
-          out
-        );
-    }
-  }
-  static retreivePublicKey(key) {
-    return key.replace('(-+BEGIN PUBLIC KEY-+\\r?\\n|\\n?-+END PUBLIC KEY-+\\r?\\n?)', '');
-  }
-  static sendSha256PwdPacket(cmd, pluginData, publicKey, password, out) {
-    const truncatedSeed = pluginData.slice(0, pluginData.length - 1);
-    out.startPacket(cmd);
-    const enc = Sha256PasswordAuth.encrypt(truncatedSeed, password, publicKey);
-    out.writeBuffer(enc, 0, enc.length);
-    out.flushBuffer(cmd);
-  }
-  // encrypt password with public key
-  static encrypt(seed, password, publicKey) {
-    const nullFinishedPwd = Buffer.from(password + '\0');
-    const xorBytes = Buffer.allocUnsafe(nullFinishedPwd.length);
-    const seedLength = seed.length;
-    for (let i = 0; i < xorBytes.length; i++) {
-      xorBytes[i] = nullFinishedPwd[i] ^ seed[i % seedLength];
+        Sha256PasswordAuth.sendSha256PwdPacket(this, this.pluginData, this.publicKey, opts.password, out);
+        return;
     }
-    return crypto.publicEncrypt(
-      { key: publicKey, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING },
-      xorBytes
-    );
   }
   response(packet, out, opts, info) {
@@ -155,7 +118,7 @@ class CachingSha2PasswordAuth extends PluginAuth {
       case 0x00:
       case 0xff:
         this.emit('send_end');
-        return this.successSend(packet, out, opts, info);
+        return this.multiAuthResolver(packet, out, opts, info);
       default:
         let promptData = packet.readBufferRemaining();

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/clear-password-auth.js CHANGED Viewed

@@ -1,3 +1,6 @@
+//  SPDX-License-Identifier: LGPL-2.1-or-later
+//  Copyright (c) 2015-2024 MariaDB Corporation Ab
 const PluginAuth = require('./plugin-auth');
 /**
@@ -5,18 +8,48 @@ const PluginAuth = require('./plugin-auth');
  * (used only when SSL is active)
  */
 class ClearPasswordAuth extends PluginAuth {
-  constructor(packSeq, compressPackSeq, pluginData, resolve, reject, multiAuthResolver) {
-    super(resolve, reject, multiAuthResolver);
+  constructor(packSeq, compressPackSeq, pluginData, cmdParam, reject, multiAuthResolver) {
+    super(cmdParam, multiAuthResolver, reject);
     this.sequenceNo = packSeq;
+    this.compressSequenceNo = compressPackSeq;
+    this.counter = 0;
+    this.multiAuthResolver = multiAuthResolver;
   }
   start(out, opts, info) {
     out.startPacket(this);
-    if (opts.password) out.writeString(opts.password);
+    const pwd = opts.password;
+    if (pwd) {
+      if (Array.isArray(pwd)) {
+        out.writeString(pwd[this.counter++]);
+      } else {
+        out.writeString(pwd);
+      }
+    }
     out.writeInt8(0);
-    out.flushBuffer(true);
-    this.emit('send_end');
-    this.onPacketReceive = this.successSend;
+    out.flushPacket();
+    this.onPacketReceive = this.response;
+  }
+  response(packet, out, opts, info) {
+    const marker = packet.peek();
+    switch (marker) {
+      //*********************************************************************************************************
+      //* OK_Packet and Err_Packet ending packet
+      //*********************************************************************************************************
+      case 0x00:
+      case 0xff:
+        this.emit('send_end');
+        return this.multiAuthResolver(packet, out, opts, info);
+      default:
+        packet.readBuffer(); // prompt
+        out.startPacket(this);
+        out.writeString('password');
+        out.writeInt8(0);
+        out.flushPacket();
+    }
   }
 }

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/ed25519-password-auth.js CHANGED Viewed

@@ -1,3 +1,6 @@
+//  SPDX-License-Identifier: LGPL-2.1-or-later
+//  Copyright (c) 2015-2024 MariaDB Corporation Ab
 'use strict';
 const PluginAuth = require('./plugin-auth');
@@ -7,10 +10,11 @@ const Crypto = require('crypto');
  * Standard authentication plugin
  */
 class Ed25519PasswordAuth extends PluginAuth {
-  constructor(packSeq, compressPackSeq, pluginData, resolve, reject, multiAuthResolver) {
-    super(resolve, reject, multiAuthResolver);
+  constructor(packSeq, compressPackSeq, pluginData, cmdParam, reject, multiAuthResolver) {
+    super(cmdParam, multiAuthResolver, reject);
     this.pluginData = pluginData;
     this.sequenceNo = packSeq;
+    this.compressSequenceNo = compressPackSeq;
   }
   start(out, opts, info) {
@@ -20,9 +24,8 @@ class Ed25519PasswordAuth extends PluginAuth {
     const sign = Ed25519PasswordAuth.encryptPassword(opts.password, data);
     out.startPacket(this);
     out.writeBuffer(sign, 0, sign.length);
-    out.flushBuffer(true);
+    out.flushPacket();
     this.emit('send_end');
-    this.onPacketReceive = this.successSend;
   }
   static encryptPassword(password, seed) {
@@ -43,7 +46,7 @@ class Ed25519PasswordAuth extends PluginAuth {
     for (i = 0; i < 32; i++) signedMsg[32 + i] = d[32 + i];
     hash = Crypto.createHash('sha512');
-    const r = hash.update(signedMsg.slice(32, 96)).digest();
+    const r = hash.update(signedMsg.subarray(32, 96)).digest();
     reduce(r);
     scalarbase(p, r);
@@ -73,14 +76,43 @@ class Ed25519PasswordAuth extends PluginAuth {
     modL(signedMsg.subarray(32), x);
-    return signedMsg.slice(0, 64);
+    return signedMsg.subarray(0, 64);
+  }
+  permitHash() {
+    return true;
+  }
+  hash(conf) {
+    let i;
+    let p = [gf(), gf(), gf(), gf()];
+    const signedMsg = Buffer.alloc(96);
+    const bytePwd = Buffer.from(conf.password);
+    let hash = Crypto.createHash('sha512');
+    const d = hash.update(bytePwd).digest();
+    d[0] &= 248;
+    d[31] &= 127;
+    d[31] |= 64;
+    for (i = 0; i < 32; i++) signedMsg[64 + i] = seed[i];
+    for (i = 0; i < 32; i++) signedMsg[32 + i] = d[32 + i];
+    hash = Crypto.createHash('sha512');
+    const r = hash.update(signedMsg.subarray(32, 96)).digest();
+    reduce(r);
+    scalarbase(p, r);
+    return r;
   }
 }
 /*******************************************************
  *
- * This plugin uses the following public domain tweetnacl-js code by Dmitry Chestnykh (from https://github.com/dchest/tweetnacl-js/blob/master/nacl-fast.js).
- * tweetnacl cannot be used directly (secret key mandatory size is 32 in nacl + implementation differ : second scalarbase use hash of secret key, not secret key).
+ * This plugin uses the following public domain tweetnacl-js code by Dmitry Chestnykh
+ * (from https://github.com/dchest/tweetnacl-js/blob/master/nacl-fast.js).
+ * tweetnacl cannot be used directly (secret key mandatory size is 32 in nacl + implementation differ :
+ * second scalarbase use hash of secret key, not secret key).
  *
  *******************************************************/
@@ -93,21 +125,21 @@ const gf = function (init) {
 const gf0 = gf(),
   gf1 = gf([1]),
   D2 = gf([
-    0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e,
-    0xfce7, 0x56df, 0xd9dc, 0x2406
+    0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df,
+    0xd9dc, 0x2406
   ]),
   X = gf([
-    0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4,
-    0x53fe, 0xcd6e, 0x36d3, 0x2169
+    0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e,
+    0x36d3, 0x2169
   ]),
   Y = gf([
-    0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,
-    0x6666, 0x6666, 0x6666, 0x6666
+    0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,
+    0x6666, 0x6666
   ]);
 const L = new Float64Array([
-  0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0,
-  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10
+  0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0x10
 ]);
 function reduce(r) {

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/handshake.js ADDED Viewed

@@ -0,0 +1,198 @@
+//  SPDX-License-Identifier: LGPL-2.1-or-later
+//  Copyright (c) 2015-2024 MariaDB Corporation Ab
+const PluginAuth = require('./plugin-auth');
+const InitialHandshake = require('./initial-handshake');
+const ClientCapabilities = require('../client-capabilities');
+const Capabilities = require('../../../const/capabilities');
+const SslRequest = require('../ssl-request');
+const Errors = require('../../../misc/errors');
+const NativePasswordAuth = require('./native-password-auth');
+const os = require('os');
+const Iconv = require('iconv-lite');
+const Crypto = require('crypto');
+const driverVersion = require('../../../../package.json').version;
+/**
+ * Handshake response
+ */
+class Handshake extends PluginAuth {
+  constructor(auth, getSocket, multiAuthResolver, reject) {
+    super(null, multiAuthResolver, reject);
+    this.sequenceNo = 0;
+    this.compressSequenceNo = 0;
+    this.auth = auth;
+    this.getSocket = getSocket;
+    this.counter = 0;
+    this.onPacketReceive = this.parseHandshakeInit;
+  }
+  start(out, opts, info) {}
+  parseHandshakeInit(packet, out, opts, info) {
+    if (packet.peek() === 0xff) {
+      //in case that some host is not permit to connect server
+      const authErr = packet.readError(info);
+      authErr.fatal = true;
+      return this.throwError(authErr, info);
+    }
+    let handshake = new InitialHandshake(packet, info);
+    ClientCapabilities.init(opts, info);
+    this.pluginName = handshake.pluginName;
+    if (opts.ssl) {
+      if (info.serverCapabilities & Capabilities.SSL) {
+        info.clientCapabilities |= Capabilities.SSL;
+        SslRequest.send(this, out, info, opts);
+        this.auth._createSecureContext(info, () => {
+          // mark self-signed error only if was not explicitly forced
+          const secureSocket = this.getSocket();
+          info.selfSignedCertificate = !secureSocket.authorized;
+          info.tlsAuthorizationError = secureSocket.authorizationError;
+          const serverCert = secureSocket.getPeerCertificate(false);
+          info.tlsCert = serverCert;
+          info.tlsFingerprint = serverCert ? serverCert.fingerprint256.replace(/:/gi, '').toLowerCase() : null;
+          Handshake.send.call(this, this, out, opts, handshake.pluginName, info);
+        });
+      } else {
+        return this.throwNewError(
+          'Trying to connect with ssl, but ssl not enabled in the server',
+          true,
+          info,
+          '08S01',
+          Errors.ER_SERVER_SSL_DISABLED
+        );
+      }
+    } else {
+      Handshake.send(this, out, opts, handshake.pluginName, info);
+    }
+    this.onPacketReceive = this.auth.handshakeResult.bind(this.auth);
+  }
+  permitHash() {
+    return this.pluginName !== 'mysql_clear_password';
+  }
+  hash(conf) {
+    // mysql_native_password hash
+    let hash = Crypto.createHash('sha1');
+    let stage1 = hash.update(conf.password, 'utf8').digest();
+    hash = Crypto.createHash('sha1');
+    return hash.update(stage1).digest();
+  }
+  /**
+   * Send Handshake response packet
+   * see https://mariadb.com/kb/en/library/1-connecting-connecting/#handshake-response-packet
+   *
+   * @param cmd         current handshake command
+   * @param out         output writer
+   * @param opts        connection options
+   * @param pluginName  plugin name
+   * @param info        connection information
+   */
+  static send(cmd, out, opts, pluginName, info) {
+    out.startPacket(cmd);
+    info.defaultPluginName = pluginName;
+    const pwd = Array.isArray(opts.password) ? opts.password[0] : opts.password;
+    let authToken;
+    let authPlugin;
+    switch (pluginName) {
+      case 'mysql_clear_password':
+        authToken = Buffer.from(pwd);
+        authPlugin = 'mysql_clear_password';
+        break;
+      default:
+        authToken = NativePasswordAuth.encryptSha1Password(pwd, info.seed);
+        authPlugin = 'mysql_native_password';
+        break;
+    }
+    out.writeInt32(Number(info.clientCapabilities & BigInt(0xffffffff)));
+    out.writeInt32(1024 * 1024 * 1024); // max packet size
+    // if collation and id < 255, set it directly
+    // is not, additional command SET NAMES xx [COLLATE yy] will be issued
+    out.writeInt8(opts.collation && opts.collation.index <= 255 ? opts.collation.index : 224);
+    for (let i = 0; i < 19; i++) {
+      out.writeInt8(0);
+    }
+    out.writeInt32(Number(info.clientCapabilities >> 32n));
+    //null encoded user
+    out.writeString(opts.user || '');
+    out.writeInt8(0);
+    if (info.serverCapabilities & Capabilities.PLUGIN_AUTH_LENENC_CLIENT_DATA) {
+      out.writeLengthCoded(authToken.length);
+      out.writeBuffer(authToken, 0, authToken.length);
+    } else if (info.serverCapabilities & Capabilities.SECURE_CONNECTION) {
+      out.writeInt8(authToken.length);
+      out.writeBuffer(authToken, 0, authToken.length);
+    } else {
+      out.writeBuffer(authToken, 0, authToken.length);
+      out.writeInt8(0);
+    }
+    if (info.clientCapabilities & Capabilities.CONNECT_WITH_DB) {
+      out.writeString(opts.database);
+      out.writeInt8(0);
+      info.database = opts.database;
+    }
+    if (info.clientCapabilities & Capabilities.PLUGIN_AUTH) {
+      out.writeString(authPlugin);
+      out.writeInt8(0);
+    }
+    if (info.clientCapabilities & Capabilities.CONNECT_ATTRS) {
+      out.writeInt8(0xfc);
+      let initPos = out.pos; //save position, assuming connection attributes length will be less than 2 bytes length
+      out.writeInt16(0);
+      const encoding = info.collation ? info.collation.charset : 'utf8';
+      Handshake.writeAttribute(out, '_client_name', encoding);
+      Handshake.writeAttribute(out, 'MariaDB connector/Node', encoding);
+      Handshake.writeAttribute(out, '_client_version', encoding);
+      Handshake.writeAttribute(out, driverVersion, encoding);
+      const address = cmd.getSocket().address().address;
+      if (address) {
+        Handshake.writeAttribute(out, '_server_host', encoding);
+        Handshake.writeAttribute(out, address, encoding);
+      }
+      Handshake.writeAttribute(out, '_os', encoding);
+      Handshake.writeAttribute(out, process.platform, encoding);
+      Handshake.writeAttribute(out, '_client_host', encoding);
+      Handshake.writeAttribute(out, os.hostname(), encoding);
+      Handshake.writeAttribute(out, '_node_version', encoding);
+      Handshake.writeAttribute(out, process.versions.node, encoding);
+      if (opts.connectAttributes !== true) {
+        let attrNames = Object.keys(opts.connectAttributes);
+        for (let k = 0; k < attrNames.length; ++k) {
+          Handshake.writeAttribute(out, attrNames[k], encoding);
+          Handshake.writeAttribute(out, opts.connectAttributes[attrNames[k]], encoding);
+        }
+      }
+      //write end size
+      out.writeInt16AtPos(initPos);
+    }
+    out.flushPacket();
+  }
+  static writeAttribute(out, val, encoding) {
+    let param = Buffer.isEncoding(encoding) ? Buffer.from(val, encoding) : Iconv.encode(val, encoding);
+    out.writeLengthCoded(param.length);
+    out.writeBuffer(param, 0, param.length);
+  }
+}
+module.exports = Handshake;

package/dist/node_modules/mariadb/lib/cmd/handshake/{initial-handshake.js → auth/initial-handshake.js} RENAMED Viewed

@@ -1,7 +1,11 @@
+//  SPDX-License-Identifier: LGPL-2.1-or-later
+//  Copyright (c) 2015-2024 MariaDB Corporation Ab
 'use strict';
-const Capabilities = require('../../const/capabilities');
-const ConnectionInformation = require('../../misc/connection-information');
+const Capabilities = require('../../../const/capabilities');
+const Collations = require('../../../const/collations');
+const ConnectionInformation = require('../../../misc/connection-information');
 /**
  * Parser server initial handshake.
@@ -19,10 +23,9 @@ class InitialHandshake {
     packet.skip(1); //reserved byte
     let serverCapabilities = BigInt(packet.readUInt16());
-    //skip characterSet
-    packet.skip(1);
+    info.collation = Collations.fromIndex(packet.readUInt8());
     info.status = packet.readUInt16();
-    serverCapabilities += BigInt(packet.readUInt16()) << BigInt(16);
+    serverCapabilities += BigInt(packet.readUInt16()) << 16n;
     let saltLength = 0;
     if (serverCapabilities & Capabilities.PLUGIN_AUTH) {
@@ -34,7 +37,7 @@ class InitialHandshake {
       packet.skip(10);
     } else {
       packet.skip(6);
-      serverCapabilities += BigInt(packet.readUInt32()) << BigInt(32);
+      serverCapabilities += BigInt(packet.readUInt32()) << 32n;
     }
     if (serverCapabilities & Capabilities.SECURE_CONNECTION) {
@@ -58,8 +61,7 @@ class InitialHandshake {
     } else {
       //Support for MDEV-7780 faking server version
       info.serverVersion.mariaDb =
-        info.serverVersion.raw.includes('MariaDB') ||
-        (serverCapabilities & Capabilities.MYSQL) === BigInt(0);
+        info.serverVersion.raw.includes('MariaDB') || (serverCapabilities & Capabilities.MYSQL) === 0n;
     }
     if (serverCapabilities & Capabilities.PLUGIN_AUTH) {

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/native-password-auth.js CHANGED Viewed

@@ -1,3 +1,6 @@
+//  SPDX-License-Identifier: LGPL-2.1-or-later
+//  Copyright (c) 2015-2024 MariaDB Corporation Ab
 'use strict';
 const PluginAuth = require('./plugin-auth');
@@ -7,8 +10,8 @@ const Crypto = require('crypto');
  * Standard authentication plugin
  */
 class NativePasswordAuth extends PluginAuth {
-  constructor(packSeq, compressPackSeq, pluginData, resolve, reject, multiAuthResolver) {
-    super(resolve, reject, multiAuthResolver);
+  constructor(packSeq, compressPackSeq, pluginData, cmdParam, reject, multiAuthResolver) {
+    super(cmdParam, multiAuthResolver, reject);
     this.pluginData = pluginData;
     this.sequenceNo = packSeq;
     this.compressSequenceNo = compressPackSeq;
@@ -17,28 +20,27 @@ class NativePasswordAuth extends PluginAuth {
   start(out, opts, info) {
     //seed is ended with a null byte value.
     const data = this.pluginData.slice(0, 20);
-    let authToken = NativePasswordAuth.encryptPassword(opts.password, data, 'sha1');
+    let authToken = NativePasswordAuth.encryptSha1Password(opts.password, data);
     out.startPacket(this);
     if (authToken.length > 0) {
       out.writeBuffer(authToken, 0, authToken.length);
-      out.flushBuffer(true);
+      out.flushPacket();
     } else {
       out.writeEmptyPacket(true);
     }
     this.emit('send_end');
-    this.onPacketReceive = this.successSend;
   }
-  static encryptPassword(password, seed, algorithm) {
+  static encryptSha1Password(password, seed) {
     if (!password) return Buffer.alloc(0);
-    let hash = Crypto.createHash(algorithm);
+    let hash = Crypto.createHash('sha1');
     let stage1 = hash.update(password, 'utf8').digest();
-    hash = Crypto.createHash(algorithm);
+    hash = Crypto.createHash('sha1');
     let stage2 = hash.update(stage1).digest();
-    hash = Crypto.createHash(algorithm);
+    hash = Crypto.createHash('sha1');
     hash.update(seed);
     hash.update(stage2);
@@ -50,6 +52,17 @@ class NativePasswordAuth extends PluginAuth {
     }
     return returnBytes;
   }
+  permitHash() {
+    return true;
+  }
+  hash(conf) {
+    let hash = Crypto.createHash('sha1');
+    let stage1 = hash.update(conf.password, 'utf8').digest();
+    hash = Crypto.createHash('sha1');
+    return hash.update(stage1).digest();
+  }
 }
 module.exports = NativePasswordAuth;