PageRenderTime 34ms CodeModel.GetById 17ms app.highlight 13ms RepoModel.GetById 2ms app.codeStats 0ms

/node_modules/mongoose/node_modules/mongodb-core/lib/auth/sspi.js

https://bitbucket.org/coleman333/smartsite
JavaScript | 304 lines | 208 code | 33 blank | 63 comment | 35 complexity | 5ce8d76ae1125cd587a483ac1d613d42 MD5 | raw file
  1'use strict';
  2
  3var f = require('util').format,
  4  require_optional = require('require_optional'),
  5  Query = require('../connection/commands').Query,
  6  MongoError = require('../error').MongoError;
  7
  8var AuthSession = function(db, username, password, options) {
  9  this.db = db;
 10  this.username = username;
 11  this.password = password;
 12  this.options = options;
 13};
 14
 15AuthSession.prototype.equal = function(session) {
 16  return (
 17    session.db === this.db &&
 18    session.username === this.username &&
 19    session.password === this.password
 20  );
 21};
 22
 23// Kerberos class
 24var Kerberos = null;
 25var MongoAuthProcess = null;
 26
 27// Try to grab the Kerberos class
 28try {
 29  Kerberos = require_optional('kerberos').Kerberos;
 30  // Authentication process for Mongo
 31  MongoAuthProcess = require_optional('kerberos').processes.MongoAuthProcess;
 32} catch (err) {} // eslint-disable-line
 33
 34/**
 35 * Creates a new SSPI authentication mechanism
 36 * @class
 37 * @return {SSPI} A cursor instance
 38 */
 39var SSPI = function(bson) {
 40  this.bson = bson;
 41  this.authStore = [];
 42};
 43
 44/**
 45 * Authenticate
 46 * @method
 47 * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
 48 * @param {[]Connections} connections Connections to authenticate using this authenticator
 49 * @param {string} db Name of the database
 50 * @param {string} username Username
 51 * @param {string} password Password
 52 * @param {authResultCallback} callback The callback to return the result from the authentication
 53 * @return {object}
 54 */
 55SSPI.prototype.auth = function(server, connections, db, username, password, options, callback) {
 56  var self = this;
 57  // We don't have the Kerberos library
 58  if (Kerberos == null) return callback(new Error('Kerberos library is not installed'));
 59  var gssapiServiceName = options['gssapiServiceName'] || 'mongodb';
 60  // Total connections
 61  var count = connections.length;
 62  if (count === 0) return callback(null, null);
 63
 64  // Valid connections
 65  var numberOfValidConnections = 0;
 66  var errorObject = null;
 67
 68  // For each connection we need to authenticate
 69  while (connections.length > 0) {
 70    // Execute MongoCR
 71    var execute = function(connection) {
 72      // Start Auth process for a connection
 73      SSIPAuthenticate(
 74        self,
 75        username,
 76        password,
 77        gssapiServiceName,
 78        server,
 79        connection,
 80        options,
 81        function(err, r) {
 82          // Adjust count
 83          count = count - 1;
 84
 85          // If we have an error
 86          if (err) {
 87            errorObject = err;
 88          } else if (r && typeof r === 'object' && r.result['$err']) {
 89            errorObject = r.result;
 90          } else if (r && typeof r === 'object' && r.result['errmsg']) {
 91            errorObject = r.result;
 92          } else {
 93            numberOfValidConnections = numberOfValidConnections + 1;
 94          }
 95
 96          // We have authenticated all connections
 97          if (count === 0 && numberOfValidConnections > 0) {
 98            // Store the auth details
 99            addAuthSession(self.authStore, new AuthSession(db, username, password, options));
100            // Return correct authentication
101            callback(null, true);
102          } else if (count === 0) {
103            if (errorObject == null)
104              errorObject = new MongoError(f('failed to authenticate using mongocr'));
105            callback(errorObject, false);
106          }
107        }
108      );
109    };
110
111    var _execute = function(_connection) {
112      process.nextTick(function() {
113        execute(_connection);
114      });
115    };
116
117    _execute(connections.shift());
118  }
119};
120
121var SSIPAuthenticate = function(
122  self,
123  username,
124  password,
125  gssapiServiceName,
126  server,
127  connection,
128  options,
129  callback
130) {
131  // Build Authentication command to send to MongoDB
132  var command = {
133    saslStart: 1,
134    mechanism: 'GSSAPI',
135    payload: '',
136    autoAuthorize: 1
137  };
138
139  // Create authenticator
140  var mongo_auth_process = new MongoAuthProcess(
141    connection.host,
142    connection.port,
143    gssapiServiceName,
144    options
145  );
146
147  // Execute first sasl step
148  server(
149    connection,
150    new Query(self.bson, '$external.$cmd', command, {
151      numberToSkip: 0,
152      numberToReturn: 1
153    }),
154    function(err, r) {
155      if (err) return callback(err, false);
156      var doc = r.result;
157
158      mongo_auth_process.init(username, password, function(err) {
159        if (err) return callback(err);
160
161        mongo_auth_process.transition(doc.payload, function(err, payload) {
162          if (err) return callback(err);
163
164          // Perform the next step against mongod
165          var command = {
166            saslContinue: 1,
167            conversationId: doc.conversationId,
168            payload: payload
169          };
170
171          // Execute the command
172          server(
173            connection,
174            new Query(self.bson, '$external.$cmd', command, {
175              numberToSkip: 0,
176              numberToReturn: 1
177            }),
178            function(err, r) {
179              if (err) return callback(err, false);
180              var doc = r.result;
181
182              mongo_auth_process.transition(doc.payload, function(err, payload) {
183                if (err) return callback(err);
184
185                // Perform the next step against mongod
186                var command = {
187                  saslContinue: 1,
188                  conversationId: doc.conversationId,
189                  payload: payload
190                };
191
192                // Execute the command
193                server(
194                  connection,
195                  new Query(self.bson, '$external.$cmd', command, {
196                    numberToSkip: 0,
197                    numberToReturn: 1
198                  }),
199                  function(err, r) {
200                    if (err) return callback(err, false);
201                    var doc = r.result;
202
203                    mongo_auth_process.transition(doc.payload, function(err, payload) {
204                      // Perform the next step against mongod
205                      var command = {
206                        saslContinue: 1,
207                        conversationId: doc.conversationId,
208                        payload: payload
209                      };
210
211                      // Execute the command
212                      server(
213                        connection,
214                        new Query(self.bson, '$external.$cmd', command, {
215                          numberToSkip: 0,
216                          numberToReturn: 1
217                        }),
218                        function(err, r) {
219                          if (err) return callback(err, false);
220                          var doc = r.result;
221
222                          if (doc.done) return callback(null, true);
223                          callback(new Error('Authentication failed'), false);
224                        }
225                      );
226                    });
227                  }
228                );
229              });
230            }
231          );
232        });
233      });
234    }
235  );
236};
237
238// Add to store only if it does not exist
239var addAuthSession = function(authStore, session) {
240  var found = false;
241
242  for (var i = 0; i < authStore.length; i++) {
243    if (authStore[i].equal(session)) {
244      found = true;
245      break;
246    }
247  }
248
249  if (!found) authStore.push(session);
250};
251
252/**
253 * Remove authStore credentials
254 * @method
255 * @param {string} db Name of database we are removing authStore details about
256 * @return {object}
257 */
258SSPI.prototype.logout = function(dbName) {
259  this.authStore = this.authStore.filter(function(x) {
260    return x.db !== dbName;
261  });
262};
263
264/**
265 * Re authenticate pool
266 * @method
267 * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
268 * @param {[]Connections} connections Connections to authenticate using this authenticator
269 * @param {authResultCallback} callback The callback to return the result from the authentication
270 * @return {object}
271 */
272SSPI.prototype.reauthenticate = function(server, connections, callback) {
273  var authStore = this.authStore.slice(0);
274  var count = authStore.length;
275  if (count === 0) return callback(null, null);
276  // Iterate over all the auth details stored
277  for (var i = 0; i < authStore.length; i++) {
278    this.auth(
279      server,
280      connections,
281      authStore[i].db,
282      authStore[i].username,
283      authStore[i].password,
284      authStore[i].options,
285      function(err) {
286        count = count - 1;
287        // Done re-authenticating
288        if (count === 0) {
289          callback(err, null);
290        }
291      }
292    );
293  }
294};
295
296/**
297 * This is a result from a authentication strategy
298 *
299 * @callback authResultCallback
300 * @param {error} error An error object. Set to null if no error present
301 * @param {boolean} result The result of the authentication process
302 */
303
304module.exports = SSPI;