hopfma
/
om
Watch 4
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
115 Commits
2 Branches
Tree: 56f4a3f940
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '56f4a3f940'
${ noResults }
om/node_modules/mongoose/node_modules/mongodb-core/lib/auth/sspi.js

sspi.js 6.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 
  1. 'use strict';

  2. 

  3. const f = require('util').format;

  4. const Query = require('../connection/commands').Query;

  5. const MongoError = require('../error').MongoError;

  6. const retrieveKerberos = require('../utils').retrieveKerberos;

  7. 

  8. var AuthSession = function(db, username, password, options) {

  9.   this.db = db;

  10.   this.username = username;

  11.   this.password = password;

  12.   this.options = options;

  13. };

  14. 

  15. AuthSession.prototype.equal = function(session) {

  16.   return (

  17.     session.db === this.db &&

  18.     session.username === this.username &&

  19.     session.password === this.password

  20.   );

  21. };

  22. 

  23. /**

  24.  * Creates a new SSPI authentication mechanism

  25.  * @class

  26.  * @return {SSPI} A cursor instance

  27.  */

  28. var SSPI = function(bson) {

  29.   this.bson = bson;

  30.   this.authStore = [];

  31. };

  32. 

  33. /**

  34.  * Authenticate

  35.  * @method

  36.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on

  37.  * @param {[]Connections} connections Connections to authenticate using this authenticator

  38.  * @param {string} db Name of the database

  39.  * @param {string} username Username

  40.  * @param {string} password Password

  41.  * @param {authResultCallback} callback The callback to return the result from the authentication

  42.  * @return {object}

  43.  */

  44. SSPI.prototype.auth = function(server, connections, db, username, password, options, callback) {

  45.   var self = this;

  46.   let kerberos;

  47.   try {

  48.     kerberos = retrieveKerberos();

  49.   } catch (e) {

  50.     return callback(e, null);

  51.   }

  52. 

  53.   var gssapiServiceName = options['gssapiServiceName'] || 'mongodb';

  54.   // Total connections

  55.   var count = connections.length;

  56.   if (count === 0) return callback(null, null);

  57. 

  58.   // Valid connections

  59.   var numberOfValidConnections = 0;

  60.   var errorObject = null;

  61. 

  62.   // For each connection we need to authenticate

  63.   while (connections.length > 0) {

  64.     // Execute MongoCR

  65.     var execute = function(connection) {

  66.       // Start Auth process for a connection

  67.       SSIPAuthenticate(

  68.         self,

  69.         kerberos.processes.MongoAuthProcess,

  70.         username,

  71.         password,

  72.         gssapiServiceName,

  73.         server,

  74.         connection,

  75.         options,

  76.         function(err, r) {

  77.           // Adjust count

  78.           count = count - 1;

  79. 

  80.           // If we have an error

  81.           if (err) {

  82.             errorObject = err;

  83.           } else if (r && typeof r === 'object' && r.result['$err']) {

  84.             errorObject = r.result;

  85.           } else if (r && typeof r === 'object' && r.result['errmsg']) {

  86.             errorObject = r.result;

  87.           } else {

  88.             numberOfValidConnections = numberOfValidConnections + 1;

  89.           }

  90. 

  91.           // We have authenticated all connections

  92.           if (count === 0 && numberOfValidConnections > 0) {

  93.             // Store the auth details

  94.             addAuthSession(self.authStore, new AuthSession(db, username, password, options));

  95.             // Return correct authentication

  96.             callback(null, true);

  97.           } else if (count === 0) {

  98.             if (errorObject == null)

  99.               errorObject = new MongoError(f('failed to authenticate using mongocr'));

  100.             callback(errorObject, false);

  101.           }

  102.         }

  103.       );

  104.     };

  105. 

  106.     var _execute = function(_connection) {

  107.       process.nextTick(function() {

  108.         execute(_connection);

  109.       });

  110.     };

  111. 

  112.     _execute(connections.shift());

  113.   }

  114. };

  115. 

  116. function SSIPAuthenticate(

  117.   self,

  118.   MongoAuthProcess,

  119.   username,

  120.   password,

  121.   gssapiServiceName,

  122.   server,

  123.   connection,

  124.   options,

  125.   callback

  126. ) {

  127.   const authProcess = new MongoAuthProcess(

  128.     connection.host,

  129.     connection.port,

  130.     gssapiServiceName,

  131.     options

  132.   );

  133. 

  134.   function authCommand(command, authCb) {

  135.     const query = new Query(self.bson, '$external.$cmd', command, {

  136.       numberToSkip: 0,

  137.       numberToReturn: 1

  138.     });

  139. 

  140.     server(connection, query, authCb);

  141.   }

  142. 

  143.   authProcess.init(username, password, err => {

  144.     if (err) return callback(err, false);

  145. 

  146.     authProcess.transition('', (err, payload) => {

  147.       if (err) return callback(err, false);

  148. 

  149.       const command = {

  150.         saslStart: 1,

  151.         mechanism: 'GSSAPI',

  152.         payload,

  153.         autoAuthorize: 1

  154.       };

  155. 

  156.       authCommand(command, (err, result) => {

  157.         if (err) return callback(err, false);

  158.         const doc = result.result;

  159. 

  160.         authProcess.transition(doc.payload, (err, payload) => {

  161.           if (err) return callback(err, false);

  162.           const command = {

  163.             saslContinue: 1,

  164.             conversationId: doc.conversationId,

  165.             payload

  166.           };

  167. 

  168.           authCommand(command, (err, result) => {

  169.             if (err) return callback(err, false);

  170.             const doc = result.result;

  171. 

  172.             authProcess.transition(doc.payload, (err, payload) => {

  173.               if (err) return callback(err, false);

  174.               const command = {

  175.                 saslContinue: 1,

  176.                 conversationId: doc.conversationId,

  177.                 payload

  178.               };

  179. 

  180.               authCommand(command, (err, response) => {

  181.                 if (err) return callback(err, false);

  182. 

  183.                 authProcess.transition(null, err => {

  184.                   if (err) return callback(err, null);

  185.                   callback(null, response);

  186.                 });

  187.               });

  188.             });

  189.           });

  190.         });

  191.       });

  192.     });

  193.   });

  194. }

  195. 

  196. // Add to store only if it does not exist

  197. var addAuthSession = function(authStore, session) {

  198.   var found = false;

  199. 

  200.   for (var i = 0; i < authStore.length; i++) {

  201.     if (authStore[i].equal(session)) {

  202.       found = true;

  203.       break;

  204.     }

  205.   }

  206. 

  207.   if (!found) authStore.push(session);

  208. };

  209. 

  210. /**

  211.  * Remove authStore credentials

  212.  * @method

  213.  * @param {string} db Name of database we are removing authStore details about

  214.  * @return {object}

  215.  */

  216. SSPI.prototype.logout = function(dbName) {

  217.   this.authStore = this.authStore.filter(function(x) {

  218.     return x.db !== dbName;

  219.   });

  220. };

  221. 

  222. /**

  223.  * Re authenticate pool

  224.  * @method

  225.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on

  226.  * @param {[]Connections} connections Connections to authenticate using this authenticator

  227.  * @param {authResultCallback} callback The callback to return the result from the authentication

  228.  * @return {object}

  229.  */

  230. SSPI.prototype.reauthenticate = function(server, connections, callback) {

  231.   var authStore = this.authStore.slice(0);

  232.   var count = authStore.length;

  233.   if (count === 0) return callback(null, null);

  234.   // Iterate over all the auth details stored

  235.   for (var i = 0; i < authStore.length; i++) {

  236.     this.auth(

  237.       server,

  238.       connections,

  239.       authStore[i].db,

  240.       authStore[i].username,

  241.       authStore[i].password,

  242.       authStore[i].options,

  243.       function(err) {

  244.         count = count - 1;

  245.         // Done re-authenticating

  246.         if (count === 0) {

  247.           callback(err, null);

  248.         }

  249.       }

  250.     );

  251.   }

  252. };

  253. 

  254. /**

  255.  * This is a result from a authentication strategy

  256.  *

  257.  * @callback authResultCallback

  258.  * @param {error} error An error object. Set to null if no error present

  259.  * @param {boolean} result The result of the authentication process

  260.  */

  261. 

  262. module.exports = SSPI;