Fixed bug when connecting to databses using older 11g password verifiers

Author: sharadraju

doc/src/release_notes.rst

@@ -11,6 +11,8 @@ node-oracledb `v6.0.2 <https://github.com/oracle/node-oracledb/compare/v6.0.1...
 Thin Mode Changes
 +++++++++++++++++
 
+#)  Fixed bug connecting to databases with older 11g password verifiers.
+
 #)  Fixed bug when the length of a chunk inside a chunked read spans packets.
     `Issue #1576 <https://github.com/oracle/node-oracledb/issues/1576>`__.
 

lib/thin/protocol/encryptDecrypt.js

@@ -138,18 +138,30 @@ class EncryptDecrypt {
     if (newPassword) {
       newPasswordBytes = Buffer.from(newPassword, 'utf8');
     }
-    let sessionKeyParta = this._decrypt(passwordHash, encodedServerKey);
-    let sessionKeyPartb = Buffer.alloc(32);
-    crypto.randomFillSync(sessionKeyPartb, 0, 32);
-    let encodedClientKey = this._encrypt(passwordHash, sessionKeyPartb);
-    authObj.sessionKey = encodedClientKey.slice().toString('hex').toUpperCase().slice(0, 64);
-
-    iterations = Number(sessionData['AUTH_PBKDF2_SDER_COUNT']);
-    let mixingSalt = Buffer.from(sessionData['AUTH_PBKDF2_CSK_SALT'], 'hex');
-    let partABKey = Buffer.concat([sessionKeyPartb.slice(0, keyLen), sessionKeyParta.slice(0, keyLen)]);
-    let partABKeyStr = partABKey.toString('hex').toUpperCase();
-    let partABKeyBuffer = Buffer.from(partABKeyStr, 'utf8');
-    authObj.comboKey = crypto.pbkdf2Sync(partABKeyBuffer, mixingSalt, iterations, keyLen, 'sha512');
+    const sessionKeyParta = this._decrypt(passwordHash, encodedServerKey);
+    const sessionKeyPartb = Buffer.alloc(sessionKeyParta.length);
+    crypto.randomFillSync(sessionKeyPartb);
+    const encodedClientKey = this._encrypt(passwordHash, sessionKeyPartb);
+
+    if (sessionKeyParta.length === 48) {
+      authObj.sessionKey = encodedClientKey.slice().toString('hex').toUpperCase().slice(0, 96);
+      const buf = Buffer.alloc(24);
+      for (let i = 16; i <= 40; i++) {
+        buf[i - 16] = sessionKeyParta[i] ^ sessionKeyPartb[i];
+      }
+      const part1 = crypto.createHash("md5").update(buf.subarray(0, 16)).digest();
+      const part2 = crypto.createHash("md5").update(buf.subarray(16)).digest();
+      authObj.comboKey = Buffer.concat([part1, part2]).slice(0, keyLen);
+    } else {
+      authObj.sessionKey = encodedClientKey.slice().toString('hex').toUpperCase().slice(0, 64);
+      const mixingSalt = Buffer.from(sessionData['AUTH_PBKDF2_CSK_SALT'], 'hex');
+      iterations = Number(sessionData['AUTH_PBKDF2_SDER_COUNT']);
+      const partABKey = Buffer.concat([sessionKeyPartb.slice(0, keyLen), sessionKeyParta.slice(0, keyLen)]);
+      const partABKeyStr = partABKey.toString('hex').toUpperCase();
+      const partABKeyBuffer = Buffer.from(partABKeyStr, 'utf8');
+      authObj.comboKey = crypto.pbkdf2Sync(partABKeyBuffer, mixingSalt,
+        iterations, keyLen, 'sha512');
+    }
 
     let salt = Buffer.alloc(16);
     if (!verifier11G) {