首页 发现 帮助
登录
hua
/
mini_huahua
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 1991995a05
分支列表 标签列表
mini_huahua
/
node_modules
/
mongodb-core
/
lib
/
auth
/
gssapi.js

gssapi.js 8.1 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 
  1. "use strict";
    2. 

  2. 

  3. var f = require('util').format
    4. 

  4.   , require_optional = require('require_optional')
    5. 

  5.   , Query = require('../connection/commands').Query
    6. 

  6.   , MongoError = require('../error');
    7. 

  7. 

  8. var AuthSession = function(db, username, password, options) {
    9. 

  9.   this.db = db;
    10. 

  10.   this.username = username;
    11. 

  11.   this.password = password;
    12. 

  12.   this.options = options;
    13. 

  13. }
    14. 

  14. 

  15. AuthSession.prototype.equal = function(session) {
    16. 

  16.   return session.db == this.db
    17. 

  17.     && session.username == this.username
    18. 

  18.     && session.password == this.password;
    19. 

  19. }
    20. 

  20. 

  21. // Kerberos class
    22. 

  22. var Kerberos = null;
    23. 

  23. var MongoAuthProcess = null;
    24. 

  24. 

  25. // Try to grab the Kerberos class
    26. 

  26. try {
    27. 

  27.   Kerberos = require_optional('kerberos').Kerberos;
    28. 

  28.   // Authentication process for Mongo
    29. 

  29.   MongoAuthProcess = require_optional('kerberos').processes.MongoAuthProcess;
    30. 

  30. } catch(err) {  
    31. 

  31. }
    32. 

  32. 

  33. /**
    34. 

  34.  * Creates a new GSSAPI authentication mechanism
    35. 

  35.  * @class
    36. 

  36.  * @return {GSSAPI} A cursor instance
    37. 

  37.  */
    38. 

  38. var GSSAPI = function(bson) {
    39. 

  39.   this.bson = bson;
    40. 

  40.   this.authStore = [];
    41. 

  41. }
    42. 

  42. 

  43. /**
    44. 

  44.  * Authenticate
    45. 

  45.  * @method
    46. 

  46.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
    47. 

  47.  * @param {[]Connections} connections Connections to authenticate using this authenticator
    48. 

  48.  * @param {string} db Name of the database
    49. 

  49.  * @param {string} username Username
    50. 

  50.  * @param {string} password Password
    51. 

  51.  * @param {authResultCallback} callback The callback to return the result from the authentication
    52. 

  52.  * @return {object}
    53. 

  53.  */
    54. 

  54. GSSAPI.prototype.auth = function(server, connections, db, username, password, options, callback) {
    55. 

  55.   var self = this;
    56. 

  56.   // We don't have the Kerberos library
    57. 

  57.   if(Kerberos == null) return callback(new Error("Kerberos library is not installed"));
    58. 

  58.   var gssapiServiceName = options['gssapiServiceName'] || 'mongodb';
    59. 

  59.   // Total connections
    60. 

  60.   var count = connections.length;
    61. 

  61.   if(count == 0) return callback(null, null);
    62. 

  62. 

  63.   // Valid connections
    64. 

  64.   var numberOfValidConnections = 0;
    65. 

  65.   var errorObject = null;
    66. 

  66. 

  67.   // For each connection we need to authenticate
    68. 

  68.   while(connections.length > 0) {
    69. 

  69.     // Execute MongoCR
    70. 

  70.     var execute = function(connection) {
    71. 

  71.       // Start Auth process for a connection
    72. 

  72.       GSSAPIInitialize(self, db, username, password, db, gssapiServiceName, server, connection, options, function(err, r) {
    73. 

  73.         // Adjust count
    74. 

  74.         count = count - 1;
    75. 

  75. 

  76.         // If we have an error
    77. 

  77.         if(err) {
    78. 

  78.           errorObject = err;
    79. 

  79.         } else if(r.result['$err']) {
    80. 

  80.           errorObject = r.result;
    81. 

  81.         } else if(r.result['errmsg']) {
    82. 

  82.           errorObject = r.result;
    83. 

  83.         } else {
    84. 

  84.           numberOfValidConnections = numberOfValidConnections + 1;
    85. 

  85.         }
    86. 

  86. 

  87.         // We have authenticated all connections
    88. 

  88.         if(count == 0 && numberOfValidConnections > 0) {
    89. 

  89.           // Store the auth details
    90. 

  90.           addAuthSession(self.authStore, new AuthSession(db, username, password, options));
    91. 

  91.           // Return correct authentication
    92. 

  92.           callback(null, true);
    93. 

  93.         } else if(count == 0) {
    94. 

  94.           if(errorObject == null) errorObject = new MongoError(f("failed to authenticate using mongocr"));
    95. 

  95.           callback(errorObject, false);
    96. 

  96.         }
    97. 

  97.       });
    98. 

  98.     }
    99. 

  99. 

  100.     var _execute = function(_connection) {
    101. 

  101.       process.nextTick(function() {
    102. 

  102.         execute(_connection);
    103. 

  103.       });
    104. 

  104.     }
    105. 

  105. 

  106.     _execute(connections.shift());
    107. 

  107.   }
    108. 

  108. }
    109. 

  109. 

  110. //
    111. 

  111. // Initialize step
    112. 

  112. var GSSAPIInitialize = function(self, db, username, password, authdb, gssapiServiceName, server, connection, options, callback) {
    113. 

  113.   // Create authenticator
    114. 

  114.   var mongo_auth_process = new MongoAuthProcess(connection.host, connection.port, gssapiServiceName, options);
    115. 

  115. 

  116.   // Perform initialization
    117. 

  117.   mongo_auth_process.init(username, password, function(err) {
    118. 

  118.     if(err) return callback(err, false);
    119. 

  119. 

  120.     // Perform the first step
    121. 

  121.     mongo_auth_process.transition('', function(err, payload) {
    122. 

  122.       if(err) return callback(err, false);
    123. 

  123. 

  124.       // Call the next db step
    125. 

  125.       MongoDBGSSAPIFirstStep(self, mongo_auth_process, payload, db, username, password, authdb, server, connection, callback);
    126. 

  126.     });
    127. 

  127.   });
    128. 

  128. }
    129. 

  129. 

  130. //
    131. 

  131. // Perform first step against mongodb
    132. 

  132. var MongoDBGSSAPIFirstStep = function(self, mongo_auth_process, payload, db, username, password, authdb, server, connection, callback) {
    133. 

  133.   // Build the sasl start command
    134. 

  134.   var command = {
    135. 

  135.       saslStart: 1
    136. 

  136.     , mechanism: 'GSSAPI'
    137. 

  137.     , payload: payload
    138. 

  138.     , autoAuthorize: 1
    139. 

  139.   };
    140. 

  140. 

  141.   // Write the commmand on the connection
    142. 

  142.   server(connection, new Query(self.bson, "$external.$cmd", command, {
    143. 

  143.     numberToSkip: 0, numberToReturn: 1
    144. 

  144.   }), function(err, r) {
    145. 

  145.     if(err) return callback(err, false);
    146. 

  146.     var doc = r.result;
    147. 

  147.     // Execute mongodb transition
    148. 

  148.     mongo_auth_process.transition(r.result.payload, function(err, payload) {
    149. 

  149.       if(err) return callback(err, false);
    150. 

  150. 

  151.       // MongoDB API Second Step
    152. 

  152.       MongoDBGSSAPISecondStep(self, mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback);
    153. 

  153.     });
    154. 

  154.   });
    155. 

  155. }
    156. 

  156. 

  157. //
    158. 

  158. // Perform first step against mongodb
    159. 

  159. var MongoDBGSSAPISecondStep = function(self, mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback) {
    160. 

  160.   // Build Authentication command to send to MongoDB
    161. 

  161.   var command = {
    162. 

  162.       saslContinue: 1
    163. 

  163.     , conversationId: doc.conversationId
    164. 

  164.     , payload: payload
    165. 

  165.   };
    166. 

  166. 

  167.   // Execute the command
    168. 

  168.   // Write the commmand on the connection
    169. 

  169.   server(connection, new Query(self.bson, "$external.$cmd", command, {
    170. 

  170.     numberToSkip: 0, numberToReturn: 1
    171. 

  171.   }), function(err, r) {
    172. 

  172.     if(err) return callback(err, false);
    173. 

  173.     var doc = r.result;
    174. 

  174.     // Call next transition for kerberos
    175. 

  175.     mongo_auth_process.transition(doc.payload, function(err, payload) {
    176. 

  176.       if(err) return callback(err, false);
    177. 

  177. 

  178.       // Call the last and third step
    179. 

  179.       MongoDBGSSAPIThirdStep(self, mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback);
    180. 

  180.     });
    181. 

  181.   });
    182. 

  182. }
    183. 

  183. 

  184. var MongoDBGSSAPIThirdStep = function(self, mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback) {
    185. 

  185.   // Build final command
    186. 

  186.   var command = {
    187. 

  187.       saslContinue: 1
    188. 

  188.     , conversationId: doc.conversationId
    189. 

  189.     , payload: payload
    190. 

  190.   };
    191. 

  191. 

  192.   // Execute the command
    193. 

  193.   server(connection, new Query(self.bson, "$external.$cmd", command, {
    194. 

  194.     numberToSkip: 0, numberToReturn: 1
    195. 

  195.   }), function(err, r) {
    196. 

  196.     if(err) return callback(err, false);
    197. 

  197.     mongo_auth_process.transition(null, function(err) {
    198. 

  198.       if(err) return callback(err, null);
    199. 

  199.       callback(null, r);
    200. 

  200.     });
    201. 

  201.   });
    202. 

  202. }
    203. 

  203. 

  204. // Add to store only if it does not exist
    205. 

  205. var addAuthSession = function(authStore, session) {
    206. 

  206.   var found = false;
    207. 

  207. 

  208.   for(var i = 0; i < authStore.length; i++) {
    209. 

  209.     if(authStore[i].equal(session)) {
    210. 

  210.       found = true;
    211. 

  211.       break;
    212. 

  212.     }
    213. 

  213.   }
    214. 

  214. 

  215.   if(!found) authStore.push(session);
    216. 

  216. }
    217. 

  217. 

  218. /**
    219. 

  219.  * Remove authStore credentials
    220. 

  220.  * @method
    221. 

  221.  * @param {string} db Name of database we are removing authStore details about
    222. 

  222.  * @return {object}
    223. 

  223.  */
    224. 

  224. GSSAPI.prototype.logout = function(dbName) {
    225. 

  225.   this.authStore = this.authStore.filter(function(x) {
    226. 

  226.     return x.db != dbName;
    227. 

  227.   });
    228. 

  228. }
    229. 

  229. 

  230. /**
    231. 

  231.  * Re authenticate pool
    232. 

  232.  * @method
    233. 

  233.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
    234. 

  234.  * @param {[]Connections} connections Connections to authenticate using this authenticator
    235. 

  235.  * @param {authResultCallback} callback The callback to return the result from the authentication
    236. 

  236.  * @return {object}
    237. 

  237.  */
    238. 

  238. GSSAPI.prototype.reauthenticate = function(server, connections, callback) {
    239. 

  239.   var authStore = this.authStore.slice(0);
    240. 

  240.   var count = authStore.length;
    241. 

  241.   if(count == 0) return callback(null, null);
    242. 

  242.   // Iterate over all the auth details stored
    243. 

  243.   for(var i = 0; i < authStore.length; i++) {
    244. 

  244.     this.auth(server, connections, authStore[i].db, authStore[i].username, authStore[i].password, authStore[i].options, function(err) {
    245. 

  245.       count = count - 1;
    246. 

  246.       // Done re-authenticating
    247. 

  247.       if(count == 0) {
    248. 

  248.         callback(err, null);
    249. 

  249.       }
    250. 

  250.     });
    251. 

  251.   }
    252. 

  252. }
    253. 

  253. 

  254. /**
    255. 

  255.  * This is a result from a authentication strategy
    256. 

  256.  *
    257. 

  257.  * @callback authResultCallback
    258. 

  258.  * @param {error} error An error object. Set to null if no error present
    259. 

  259.  * @param {boolean} result The result of the authentication process
    260. 

  260.  */
    261. 

  261. 

  262. module.exports = GSSAPI;
    263.