hopfma
/
om
Watch 4
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Ohm-Management - Projektarbeit B-ME
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
215 Commits
2 Branches
Tree: 6a69bbcaf7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6a69bbcaf7'
${ noResults }
om/node_modules/mongodb-core/lib/auth/gssapi.js

gssapi.js 5.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241 
  1. 'use strict';

  2. 

  3. const AuthProvider = require('./auth_provider').AuthProvider;

  4. const retrieveKerberos = require('../utils').retrieveKerberos;

  5. let kerberos;

  6. 

  7. /**

  8.  * Creates a new GSSAPI authentication mechanism

  9.  * @class

  10.  * @extends AuthProvider

  11.  */

  12. class GSSAPI extends AuthProvider {

  13.   /**

  14.    * Implementation of authentication for a single connection

  15.    * @override

  16.    */

  17.   _authenticateSingleConnection(sendAuthCommand, connection, credentials, callback) {

  18.     const source = credentials.source;

  19.     const username = credentials.username;

  20.     const password = credentials.password;

  21.     const mechanismProperties = credentials.mechanismProperties;

  22.     const gssapiServiceName =

  23.       mechanismProperties['gssapiservicename'] ||

  24.       mechanismProperties['gssapiServiceName'] ||

  25.       'mongodb';

  26. 

  27.     GSSAPIInitialize(

  28.       this,

  29.       kerberos.processes.MongoAuthProcess,

  30.       source,

  31.       username,

  32.       password,

  33.       source,

  34.       gssapiServiceName,

  35.       sendAuthCommand,

  36.       connection,

  37.       mechanismProperties,

  38.       callback

  39.     );

  40.   }

  41. 

  42.   /**

  43.    * Authenticate

  44.    * @override

  45.    * @method

  46.    */

  47.   auth(sendAuthCommand, connections, credentials, callback) {

  48.     if (kerberos == null) {

  49.       try {

  50.         kerberos = retrieveKerberos();

  51.       } catch (e) {

  52.         return callback(e, null);

  53.       }

  54.     }

  55. 

  56.     super.auth(sendAuthCommand, connections, credentials, callback);

  57.   }

  58. }

  59. 

  60. //

  61. // Initialize step

  62. var GSSAPIInitialize = function(

  63.   self,

  64.   MongoAuthProcess,

  65.   db,

  66.   username,

  67.   password,

  68.   authdb,

  69.   gssapiServiceName,

  70.   sendAuthCommand,

  71.   connection,

  72.   options,

  73.   callback

  74. ) {

  75.   // Create authenticator

  76.   var mongo_auth_process = new MongoAuthProcess(

  77.     connection.host,

  78.     connection.port,

  79.     gssapiServiceName,

  80.     options

  81.   );

  82. 

  83.   // Perform initialization

  84.   mongo_auth_process.init(username, password, function(err) {

  85.     if (err) return callback(err, false);

  86. 

  87.     // Perform the first step

  88.     mongo_auth_process.transition('', function(err, payload) {

  89.       if (err) return callback(err, false);

  90. 

  91.       // Call the next db step

  92.       MongoDBGSSAPIFirstStep(

  93.         self,

  94.         mongo_auth_process,

  95.         payload,

  96.         db,

  97.         username,

  98.         password,

  99.         authdb,

  100.         sendAuthCommand,

  101.         connection,

  102.         callback

  103.       );

  104.     });

  105.   });

  106. };

  107. 

  108. //

  109. // Perform first step against mongodb

  110. var MongoDBGSSAPIFirstStep = function(

  111.   self,

  112.   mongo_auth_process,

  113.   payload,

  114.   db,

  115.   username,

  116.   password,

  117.   authdb,

  118.   sendAuthCommand,

  119.   connection,

  120.   callback

  121. ) {

  122.   // Build the sasl start command

  123.   var command = {

  124.     saslStart: 1,

  125.     mechanism: 'GSSAPI',

  126.     payload: payload,

  127.     autoAuthorize: 1

  128.   };

  129. 

  130.   // Write the commmand on the connection

  131.   sendAuthCommand(connection, '$external.$cmd', command, (err, doc) => {

  132.     if (err) return callback(err, false);

  133.     // Execute mongodb transition

  134.     mongo_auth_process.transition(doc.payload, function(err, payload) {

  135.       if (err) return callback(err, false);

  136. 

  137.       // MongoDB API Second Step

  138.       MongoDBGSSAPISecondStep(

  139.         self,

  140.         mongo_auth_process,

  141.         payload,

  142.         doc,

  143.         db,

  144.         username,

  145.         password,

  146.         authdb,

  147.         sendAuthCommand,

  148.         connection,

  149.         callback

  150.       );

  151.     });

  152.   });

  153. };

  154. 

  155. //

  156. // Perform first step against mongodb

  157. var MongoDBGSSAPISecondStep = function(

  158.   self,

  159.   mongo_auth_process,

  160.   payload,

  161.   doc,

  162.   db,

  163.   username,

  164.   password,

  165.   authdb,

  166.   sendAuthCommand,

  167.   connection,

  168.   callback

  169. ) {

  170.   // Build Authentication command to send to MongoDB

  171.   var command = {

  172.     saslContinue: 1,

  173.     conversationId: doc.conversationId,

  174.     payload: payload

  175.   };

  176. 

  177.   // Execute the command

  178.   // Write the commmand on the connection

  179.   sendAuthCommand(connection, '$external.$cmd', command, (err, doc) => {

  180.     if (err) return callback(err, false);

  181.     // Call next transition for kerberos

  182.     mongo_auth_process.transition(doc.payload, function(err, payload) {

  183.       if (err) return callback(err, false);

  184. 

  185.       // Call the last and third step

  186.       MongoDBGSSAPIThirdStep(

  187.         self,

  188.         mongo_auth_process,

  189.         payload,

  190.         doc,

  191.         db,

  192.         username,

  193.         password,

  194.         authdb,

  195.         sendAuthCommand,

  196.         connection,

  197.         callback

  198.       );

  199.     });

  200.   });

  201. };

  202. 

  203. var MongoDBGSSAPIThirdStep = function(

  204.   self,

  205.   mongo_auth_process,

  206.   payload,

  207.   doc,

  208.   db,

  209.   username,

  210.   password,

  211.   authdb,

  212.   sendAuthCommand,

  213.   connection,

  214.   callback

  215. ) {

  216.   // Build final command

  217.   var command = {

  218.     saslContinue: 1,

  219.     conversationId: doc.conversationId,

  220.     payload: payload

  221.   };

  222. 

  223.   // Execute the command

  224.   sendAuthCommand(connection, '$external.$cmd', command, (err, r) => {

  225.     if (err) return callback(err, false);

  226.     mongo_auth_process.transition(null, function(err) {

  227.       if (err) return callback(err, null);

  228.       callback(null, r);

  229.     });

  230.   });

  231. };

  232. 

  233. /**

  234.  * This is a result from a authentication strategy

  235.  *

  236.  * @callback authResultCallback

  237.  * @param {error} error An error object. Set to null if no error present

  238.  * @param {boolean} result The result of the authentication process

  239.  */

  240. 

  241. module.exports = GSSAPI;