hopfma
/
om
Watch 4
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
115 Commits
2 Branches
Tree: 56f4a3f940
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '56f4a3f940'
${ noResults }
om/node_modules/mongoose/node_modules/mongodb-core/lib/auth/gssapi.js

gssapi.js 8.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381 
  1. 'use strict';

  2. 

  3. const f = require('util').format;

  4. const Query = require('../connection/commands').Query;

  5. const MongoError = require('../error').MongoError;

  6. const retrieveKerberos = require('../utils').retrieveKerberos;

  7. 

  8. var AuthSession = function(db, username, password, options) {

  9.   this.db = db;

  10.   this.username = username;

  11.   this.password = password;

  12.   this.options = options;

  13. };

  14. 

  15. AuthSession.prototype.equal = function(session) {

  16.   return (

  17.     session.db === this.db &&

  18.     session.username === this.username &&

  19.     session.password === this.password

  20.   );

  21. };

  22. 

  23. /**

  24.  * Creates a new GSSAPI authentication mechanism

  25.  * @class

  26.  * @return {GSSAPI} A cursor instance

  27.  */

  28. var GSSAPI = function(bson) {

  29.   this.bson = bson;

  30.   this.authStore = [];

  31. };

  32. 

  33. /**

  34.  * Authenticate

  35.  * @method

  36.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on

  37.  * @param {[]Connections} connections Connections to authenticate using this authenticator

  38.  * @param {string} db Name of the database

  39.  * @param {string} username Username

  40.  * @param {string} password Password

  41.  * @param {authResultCallback} callback The callback to return the result from the authentication

  42.  * @return {object}

  43.  */

  44. GSSAPI.prototype.auth = function(server, connections, db, username, password, options, callback) {

  45.   var self = this;

  46.   let kerberos;

  47.   try {

  48.     kerberos = retrieveKerberos();

  49.   } catch (e) {

  50.     return callback(e, null);

  51.   }

  52. 

  53.   // TODO: remove this once we fix URI parsing

  54.   var gssapiServiceName = options['gssapiservicename'] || options['gssapiServiceName'] || 'mongodb';

  55.   // Total connections

  56.   var count = connections.length;

  57.   if (count === 0) return callback(null, null);

  58. 

  59.   // Valid connections

  60.   var numberOfValidConnections = 0;

  61.   var errorObject = null;

  62. 

  63.   // For each connection we need to authenticate

  64.   while (connections.length > 0) {

  65.     // Execute MongoCR

  66.     var execute = function(connection) {

  67.       // Start Auth process for a connection

  68.       GSSAPIInitialize(

  69.         self,

  70.         kerberos.processes.MongoAuthProcess,

  71.         db,

  72.         username,

  73.         password,

  74.         db,

  75.         gssapiServiceName,

  76.         server,

  77.         connection,

  78.         options,

  79.         function(err, r) {

  80.           // Adjust count

  81.           count = count - 1;

  82. 

  83.           // If we have an error

  84.           if (err) {

  85.             errorObject = err;

  86.           } else if (r.result['$err']) {

  87.             errorObject = r.result;

  88.           } else if (r.result['errmsg']) {

  89.             errorObject = r.result;

  90.           } else {

  91.             numberOfValidConnections = numberOfValidConnections + 1;

  92.           }

  93. 

  94.           // We have authenticated all connections

  95.           if (count === 0 && numberOfValidConnections > 0) {

  96.             // Store the auth details

  97.             addAuthSession(self.authStore, new AuthSession(db, username, password, options));

  98.             // Return correct authentication

  99.             callback(null, true);

  100.           } else if (count === 0) {

  101.             if (errorObject == null)

  102.               errorObject = new MongoError(f('failed to authenticate using mongocr'));

  103.             callback(errorObject, false);

  104.           }

  105.         }

  106.       );

  107.     };

  108. 

  109.     var _execute = function(_connection) {

  110.       process.nextTick(function() {

  111.         execute(_connection);

  112.       });

  113.     };

  114. 

  115.     _execute(connections.shift());

  116.   }

  117. };

  118. 

  119. //

  120. // Initialize step

  121. var GSSAPIInitialize = function(

  122.   self,

  123.   MongoAuthProcess,

  124.   db,

  125.   username,

  126.   password,

  127.   authdb,

  128.   gssapiServiceName,

  129.   server,

  130.   connection,

  131.   options,

  132.   callback

  133. ) {

  134.   // Create authenticator

  135.   var mongo_auth_process = new MongoAuthProcess(

  136.     connection.host,

  137.     connection.port,

  138.     gssapiServiceName,

  139.     options

  140.   );

  141. 

  142.   // Perform initialization

  143.   mongo_auth_process.init(username, password, function(err) {

  144.     if (err) return callback(err, false);

  145. 

  146.     // Perform the first step

  147.     mongo_auth_process.transition('', function(err, payload) {

  148.       if (err) return callback(err, false);

  149. 

  150.       // Call the next db step

  151.       MongoDBGSSAPIFirstStep(

  152.         self,

  153.         mongo_auth_process,

  154.         payload,

  155.         db,

  156.         username,

  157.         password,

  158.         authdb,

  159.         server,

  160.         connection,

  161.         callback

  162.       );

  163.     });

  164.   });

  165. };

  166. 

  167. //

  168. // Perform first step against mongodb

  169. var MongoDBGSSAPIFirstStep = function(

  170.   self,

  171.   mongo_auth_process,

  172.   payload,

  173.   db,

  174.   username,

  175.   password,

  176.   authdb,

  177.   server,

  178.   connection,

  179.   callback

  180. ) {

  181.   // Build the sasl start command

  182.   var command = {

  183.     saslStart: 1,

  184.     mechanism: 'GSSAPI',

  185.     payload: payload,

  186.     autoAuthorize: 1

  187.   };

  188. 

  189.   // Write the commmand on the connection

  190.   server(

  191.     connection,

  192.     new Query(self.bson, '$external.$cmd', command, {

  193.       numberToSkip: 0,

  194.       numberToReturn: 1

  195.     }),

  196.     function(err, r) {

  197.       if (err) return callback(err, false);

  198.       var doc = r.result;

  199.       // Execute mongodb transition

  200.       mongo_auth_process.transition(r.result.payload, function(err, payload) {

  201.         if (err) return callback(err, false);

  202. 

  203.         // MongoDB API Second Step

  204.         MongoDBGSSAPISecondStep(

  205.           self,

  206.           mongo_auth_process,

  207.           payload,

  208.           doc,

  209.           db,

  210.           username,

  211.           password,

  212.           authdb,

  213.           server,

  214.           connection,

  215.           callback

  216.         );

  217.       });

  218.     }

  219.   );

  220. };

  221. 

  222. //

  223. // Perform first step against mongodb

  224. var MongoDBGSSAPISecondStep = function(

  225.   self,

  226.   mongo_auth_process,

  227.   payload,

  228.   doc,

  229.   db,

  230.   username,

  231.   password,

  232.   authdb,

  233.   server,

  234.   connection,

  235.   callback

  236. ) {

  237.   // Build Authentication command to send to MongoDB

  238.   var command = {

  239.     saslContinue: 1,

  240.     conversationId: doc.conversationId,

  241.     payload: payload

  242.   };

  243. 

  244.   // Execute the command

  245.   // Write the commmand on the connection

  246.   server(

  247.     connection,

  248.     new Query(self.bson, '$external.$cmd', command, {

  249.       numberToSkip: 0,

  250.       numberToReturn: 1

  251.     }),

  252.     function(err, r) {

  253.       if (err) return callback(err, false);

  254.       var doc = r.result;

  255.       // Call next transition for kerberos

  256.       mongo_auth_process.transition(doc.payload, function(err, payload) {

  257.         if (err) return callback(err, false);

  258. 

  259.         // Call the last and third step

  260.         MongoDBGSSAPIThirdStep(

  261.           self,

  262.           mongo_auth_process,

  263.           payload,

  264.           doc,

  265.           db,

  266.           username,

  267.           password,

  268.           authdb,

  269.           server,

  270.           connection,

  271.           callback

  272.         );

  273.       });

  274.     }

  275.   );

  276. };

  277. 

  278. var MongoDBGSSAPIThirdStep = function(

  279.   self,

  280.   mongo_auth_process,

  281.   payload,

  282.   doc,

  283.   db,

  284.   username,

  285.   password,

  286.   authdb,

  287.   server,

  288.   connection,

  289.   callback

  290. ) {

  291.   // Build final command

  292.   var command = {

  293.     saslContinue: 1,

  294.     conversationId: doc.conversationId,

  295.     payload: payload

  296.   };

  297. 

  298.   // Execute the command

  299.   server(

  300.     connection,

  301.     new Query(self.bson, '$external.$cmd', command, {

  302.       numberToSkip: 0,

  303.       numberToReturn: 1

  304.     }),

  305.     function(err, r) {

  306.       if (err) return callback(err, false);

  307.       mongo_auth_process.transition(null, function(err) {

  308.         if (err) return callback(err, null);

  309.         callback(null, r);

  310.       });

  311.     }

  312.   );

  313. };

  314. 

  315. // Add to store only if it does not exist

  316. var addAuthSession = function(authStore, session) {

  317.   var found = false;

  318. 

  319.   for (var i = 0; i < authStore.length; i++) {

  320.     if (authStore[i].equal(session)) {

  321.       found = true;

  322.       break;

  323.     }

  324.   }

  325. 

  326.   if (!found) authStore.push(session);

  327. };

  328. 

  329. /**

  330.  * Remove authStore credentials

  331.  * @method

  332.  * @param {string} db Name of database we are removing authStore details about

  333.  * @return {object}

  334.  */

  335. GSSAPI.prototype.logout = function(dbName) {

  336.   this.authStore = this.authStore.filter(function(x) {

  337.     return x.db !== dbName;

  338.   });

  339. };

  340. 

  341. /**

  342.  * Re authenticate pool

  343.  * @method

  344.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on

  345.  * @param {[]Connections} connections Connections to authenticate using this authenticator

  346.  * @param {authResultCallback} callback The callback to return the result from the authentication

  347.  * @return {object}

  348.  */

  349. GSSAPI.prototype.reauthenticate = function(server, connections, callback) {

  350.   var authStore = this.authStore.slice(0);

  351.   var count = authStore.length;

  352.   if (count === 0) return callback(null, null);

  353.   // Iterate over all the auth details stored

  354.   for (var i = 0; i < authStore.length; i++) {

  355.     this.auth(

  356.       server,

  357.       connections,

  358.       authStore[i].db,

  359.       authStore[i].username,

  360.       authStore[i].password,

  361.       authStore[i].options,

  362.       function(err) {

  363.         count = count - 1;

  364.         // Done re-authenticating

  365.         if (count === 0) {

  366.           callback(err, null);

  367.         }

  368.       }

  369.     );

  370.   }

  371. };

  372. 

  373. /**

  374.  * This is a result from a authentication strategy

  375.  *

  376.  * @callback authResultCallback

  377.  * @param {error} error An error object. Set to null if no error present

  378.  * @param {boolean} result The result of the authentication process

  379.  */

  380. 

  381. module.exports = GSSAPI;