Accueil Explorer Aide
Connexion
etouimi
/
SPAMAP-Web-App
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Branche: master
Branches Tags
SPAMAP-Web-App
/
node_modules
/
mongodb-core
/
lib
/
auth
/
gssapi.js

gssapi.js 5.0 KB
Lien permanent Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241 
  1. 'use strict';
    2. 

  2. 

  3. const AuthProvider = require('./auth_provider').AuthProvider;
    4. 

  4. const retrieveKerberos = require('../utils').retrieveKerberos;
    5. 

  5. let kerberos;
    6. 

  6. 

  7. /**
    8. 

  8.  * Creates a new GSSAPI authentication mechanism
    9. 

  9.  * @class
    10. 

  10.  * @extends AuthProvider
    11. 

  11.  */
    12. 

  12. class GSSAPI extends AuthProvider {
    13. 

  13.   /**
    14. 

  14.    * Implementation of authentication for a single connection
    15. 

  15.    * @override
    16. 

  16.    */
    17. 

  17.   _authenticateSingleConnection(sendAuthCommand, connection, credentials, callback) {
    18. 

  18.     const source = credentials.source;
    19. 

  19.     const username = credentials.username;
    20. 

  20.     const password = credentials.password;
    21. 

  21.     const mechanismProperties = credentials.mechanismProperties;
    22. 

  22.     const gssapiServiceName =
    23. 

  23.       mechanismProperties['gssapiservicename'] ||
    24. 

  24.       mechanismProperties['gssapiServiceName'] ||
    25. 

  25.       'mongodb';
    26. 

  26. 

  27.     GSSAPIInitialize(
    28. 

  28.       this,
    29. 

  29.       kerberos.processes.MongoAuthProcess,
    30. 

  30.       source,
    31. 

  31.       username,
    32. 

  32.       password,
    33. 

  33.       source,
    34. 

  34.       gssapiServiceName,
    35. 

  35.       sendAuthCommand,
    36. 

  36.       connection,
    37. 

  37.       mechanismProperties,
    38. 

  38.       callback
    39. 

  39.     );
    40. 

  40.   }
    41. 

  41. 

  42.   /**
    43. 

  43.    * Authenticate
    44. 

  44.    * @override
    45. 

  45.    * @method
    46. 

  46.    */
    47. 

  47.   auth(sendAuthCommand, connections, credentials, callback) {
    48. 

  48.     if (kerberos == null) {
    49. 

  49.       try {
    50. 

  50.         kerberos = retrieveKerberos();
    51. 

  51.       } catch (e) {
    52. 

  52.         return callback(e, null);
    53. 

  53.       }
    54. 

  54.     }
    55. 

  55. 

  56.     super.auth(sendAuthCommand, connections, credentials, callback);
    57. 

  57.   }
    58. 

  58. }
    59. 

  59. 

  60. //
    61. 

  61. // Initialize step
    62. 

  62. var GSSAPIInitialize = function(
    63. 

  63.   self,
    64. 

  64.   MongoAuthProcess,
    65. 

  65.   db,
    66. 

  66.   username,
    67. 

  67.   password,
    68. 

  68.   authdb,
    69. 

  69.   gssapiServiceName,
    70. 

  70.   sendAuthCommand,
    71. 

  71.   connection,
    72. 

  72.   options,
    73. 

  73.   callback
    74. 

  74. ) {
    75. 

  75.   // Create authenticator
    76. 

  76.   var mongo_auth_process = new MongoAuthProcess(
    77. 

  77.     connection.host,
    78. 

  78.     connection.port,
    79. 

  79.     gssapiServiceName,
    80. 

  80.     options
    81. 

  81.   );
    82. 

  82. 

  83.   // Perform initialization
    84. 

  84.   mongo_auth_process.init(username, password, function(err) {
    85. 

  85.     if (err) return callback(err, false);
    86. 

  86. 

  87.     // Perform the first step
    88. 

  88.     mongo_auth_process.transition('', function(err, payload) {
    89. 

  89.       if (err) return callback(err, false);
    90. 

  90. 

  91.       // Call the next db step
    92. 

  92.       MongoDBGSSAPIFirstStep(
    93. 

  93.         self,
    94. 

  94.         mongo_auth_process,
    95. 

  95.         payload,
    96. 

  96.         db,
    97. 

  97.         username,
    98. 

  98.         password,
    99. 

  99.         authdb,
    100. 

  100.         sendAuthCommand,
    101. 

  101.         connection,
    102. 

  102.         callback
    103. 

  103.       );
    104. 

  104.     });
    105. 

  105.   });
    106. 

  106. };
    107. 

  107. 

  108. //
    109. 

  109. // Perform first step against mongodb
    110. 

  110. var MongoDBGSSAPIFirstStep = function(
    111. 

  111.   self,
    112. 

  112.   mongo_auth_process,
    113. 

  113.   payload,
    114. 

  114.   db,
    115. 

  115.   username,
    116. 

  116.   password,
    117. 

  117.   authdb,
    118. 

  118.   sendAuthCommand,
    119. 

  119.   connection,
    120. 

  120.   callback
    121. 

  121. ) {
    122. 

  122.   // Build the sasl start command
    123. 

  123.   var command = {
    124. 

  124.     saslStart: 1,
    125. 

  125.     mechanism: 'GSSAPI',
    126. 

  126.     payload: payload,
    127. 

  127.     autoAuthorize: 1
    128. 

  128.   };
    129. 

  129. 

  130.   // Write the commmand on the connection
    131. 

  131.   sendAuthCommand(connection, '$external.$cmd', command, (err, doc) => {
    132. 

  132.     if (err) return callback(err, false);
    133. 

  133.     // Execute mongodb transition
    134. 

  134.     mongo_auth_process.transition(doc.payload, function(err, payload) {
    135. 

  135.       if (err) return callback(err, false);
    136. 

  136. 

  137.       // MongoDB API Second Step
    138. 

  138.       MongoDBGSSAPISecondStep(
    139. 

  139.         self,
    140. 

  140.         mongo_auth_process,
    141. 

  141.         payload,
    142. 

  142.         doc,
    143. 

  143.         db,
    144. 

  144.         username,
    145. 

  145.         password,
    146. 

  146.         authdb,
    147. 

  147.         sendAuthCommand,
    148. 

  148.         connection,
    149. 

  149.         callback
    150. 

  150.       );
    151. 

  151.     });
    152. 

  152.   });
    153. 

  153. };
    154. 

  154. 

  155. //
    156. 

  156. // Perform first step against mongodb
    157. 

  157. var MongoDBGSSAPISecondStep = function(
    158. 

  158.   self,
    159. 

  159.   mongo_auth_process,
    160. 

  160.   payload,
    161. 

  161.   doc,
    162. 

  162.   db,
    163. 

  163.   username,
    164. 

  164.   password,
    165. 

  165.   authdb,
    166. 

  166.   sendAuthCommand,
    167. 

  167.   connection,
    168. 

  168.   callback
    169. 

  169. ) {
    170. 

  170.   // Build Authentication command to send to MongoDB
    171. 

  171.   var command = {
    172. 

  172.     saslContinue: 1,
    173. 

  173.     conversationId: doc.conversationId,
    174. 

  174.     payload: payload
    175. 

  175.   };
    176. 

  176. 

  177.   // Execute the command
    178. 

  178.   // Write the commmand on the connection
    179. 

  179.   sendAuthCommand(connection, '$external.$cmd', command, (err, doc) => {
    180. 

  180.     if (err) return callback(err, false);
    181. 

  181.     // Call next transition for kerberos
    182. 

  182.     mongo_auth_process.transition(doc.payload, function(err, payload) {
    183. 

  183.       if (err) return callback(err, false);
    184. 

  184. 

  185.       // Call the last and third step
    186. 

  186.       MongoDBGSSAPIThirdStep(
    187. 

  187.         self,
    188. 

  188.         mongo_auth_process,
    189. 

  189.         payload,
    190. 

  190.         doc,
    191. 

  191.         db,
    192. 

  192.         username,
    193. 

  193.         password,
    194. 

  194.         authdb,
    195. 

  195.         sendAuthCommand,
    196. 

  196.         connection,
    197. 

  197.         callback
    198. 

  198.       );
    199. 

  199.     });
    200. 

  200.   });
    201. 

  201. };
    202. 

  202. 

  203. var MongoDBGSSAPIThirdStep = function(
    204. 

  204.   self,
    205. 

  205.   mongo_auth_process,
    206. 

  206.   payload,
    207. 

  207.   doc,
    208. 

  208.   db,
    209. 

  209.   username,
    210. 

  210.   password,
    211. 

  211.   authdb,
    212. 

  212.   sendAuthCommand,
    213. 

  213.   connection,
    214. 

  214.   callback
    215. 

  215. ) {
    216. 

  216.   // Build final command
    217. 

  217.   var command = {
    218. 

  218.     saslContinue: 1,
    219. 

  219.     conversationId: doc.conversationId,
    220. 

  220.     payload: payload
    221. 

  221.   };
    222. 

  222. 

  223.   // Execute the command
    224. 

  224.   sendAuthCommand(connection, '$external.$cmd', command, (err, r) => {
    225. 

  225.     if (err) return callback(err, false);
    226. 

  226.     mongo_auth_process.transition(null, function(err) {
    227. 

  227.       if (err) return callback(err, null);
    228. 

  228.       callback(null, r);
    229. 

  229.     });
    230. 

  230.   });
    231. 

  231. };
    232. 

  232. 

  233. /**
    234. 

  234.  * This is a result from a authentication strategy
    235. 

  235.  *
    236. 

  236.  * @callback authResultCallback
    237. 

  237.  * @param {error} error An error object. Set to null if no error present
    238. 

  238.  * @param {boolean} result The result of the authentication process
    239. 

  239.  */
    240. 

  240. 

  241. module.exports = GSSAPI;
    242.