Home Explore Help
Register Sign In
shanpin
/
chat-server
Watch 3
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: bf846a7082
Branches Tags
chat-server
/
qq-imsvr
/
node_modules
/
mongodb-core
/
lib
/
auth
/
gssapi.js

gssapi.js 7.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244 
  1. "use strict";
    2. 

  2. 

  3. var f = require('util').format
    4. 

  4.   , crypto = require('crypto')
    5. 

  5.   , MongoError = require('../error');
    6. 

  6. 

  7. var AuthSession = function(db, username, password, options) {
    8. 

  8.   this.db = db;
    9. 

  9.   this.username = username;
    10. 

  10.   this.password = password;
    11. 

  11.   this.options = options;
    12. 

  12. }
    13. 

  13. 

  14. AuthSession.prototype.equal = function(session) {
    15. 

  15.   return session.db == this.db 
    16. 

  16.     && session.username == this.username
    17. 

  17.     && session.password == this.password;
    18. 

  18. }
    19. 

  19. 

  20. // Kerberos class
    21. 

  21. var Kerberos = null;
    22. 

  22. var MongoAuthProcess = null;
    23. 

  23. 

  24. // Try to grab the Kerberos class
    25. 

  25. try {
    26. 

  26.   Kerberos = require('kerberos').Kerberos
    27. 

  27.   // Authentication process for Mongo
    28. 

  28.   MongoAuthProcess = require('kerberos').processes.MongoAuthProcess
    29. 

  29. } catch(err) {}
    30. 

  30. 

  31. /**
    32. 

  32.  * Creates a new GSSAPI authentication mechanism
    33. 

  33.  * @class
    34. 

  34.  * @return {GSSAPI} A cursor instance
    35. 

  35.  */
    36. 

  36. var GSSAPI = function() {
    37. 

  37.   this.authStore = [];
    38. 

  38. }
    39. 

  39. 

  40. /**
    41. 

  41.  * Authenticate
    42. 

  42.  * @method
    43. 

  43.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
    44. 

  44.  * @param {Pool} pool Connection pool for this topology
    45. 

  45.  * @param {string} db Name of the database
    46. 

  46.  * @param {string} username Username
    47. 

  47.  * @param {string} password Password
    48. 

  48.  * @param {authResultCallback} callback The callback to return the result from the authentication
    49. 

  49.  * @return {object}
    50. 

  50.  */
    51. 

  51. GSSAPI.prototype.auth = function(server, pool, db, username, password, options, callback) {
    52. 

  52.   var self = this;
    53. 

  53.   // We don't have the Kerberos library
    54. 

  54.   if(Kerberos == null) return callback(new Error("Kerberos library is not installed"));  
    55. 

  55.   var gssapiServiceName = options['gssapiServiceName'] || 'mongodb';
    56. 

  56.   // Get all the connections
    57. 

  57.   var connections = pool.getAll();
    58. 

  58.   // Total connections
    59. 

  59.   var count = connections.length;
    60. 

  60.   if(count == 0) return callback(null, null);
    61. 

  61. 

  62.   // Valid connections
    63. 

  63.   var numberOfValidConnections = 0;
    64. 

  64.   var credentialsValid = false;
    65. 

  65.   var errorObject = null;
    66. 

  66. 

  67.   // For each connection we need to authenticate
    68. 

  68.   while(connections.length > 0) {    
    69. 

  69.     // Execute MongoCR
    70. 

  70.     var execute = function(connection) {
    71. 

  71.       // Start Auth process for a connection
    72. 

  72.       GSSAPIInitialize(db, username, password, db, gssapiServiceName, server, connection, function(err, r) {
    73. 

  73.         // Adjust count
    74. 

  74.         count = count - 1;
    75. 

  75. 

  76.         // If we have an error
    77. 

  77.         if(err) {
    78. 

  78.           errorObject = err;
    79. 

  79.         } else if(r.result['$err']) {
    80. 

  80.           errorObject = r.result;
    81. 

  81.         } else if(r.result['errmsg']) {
    82. 

  82.           errorObject = r.result;
    83. 

  83.         } else {
    84. 

  84.           credentialsValid = true;
    85. 

  85.           numberOfValidConnections = numberOfValidConnections + 1;
    86. 

  86.         }
    87. 

  87. 

  88.         // We have authenticated all connections
    89. 

  89.         if(count == 0 && numberOfValidConnections > 0) {
    90. 

  90.           // Store the auth details
    91. 

  91.           addAuthSession(self.authStore, new AuthSession(db, username, password, options));
    92. 

  92.           // Return correct authentication
    93. 

  93.           callback(null, true);
    94. 

  94.         } else if(count == 0) {
    95. 

  95.           if(errorObject == null) errorObject = new MongoError(f("failed to authenticate using mongocr"));
    96. 

  96.           callback(errorObject, false);
    97. 

  97.         }
    98. 

  98.       });
    99. 

  99.     }
    100. 

  100. 

  101.     // Get the connection
    102. 

  102.     execute(connections.shift());
    103. 

  103.   }
    104. 

  104. }
    105. 

  105. 

  106. //
    107. 

  107. // Initialize step
    108. 

  108. var GSSAPIInitialize = function(db, username, password, authdb, gssapiServiceName, server, connection, callback) {
    109. 

  109.   // Create authenticator
    110. 

  110.   var mongo_auth_process = new MongoAuthProcess(connection.host, connection.port, gssapiServiceName);
    111. 

  111. 

  112.   // Perform initialization
    113. 

  113.   mongo_auth_process.init(username, password, function(err, context) {
    114. 

  114.     if(err) return callback(err, false);
    115. 

  115. 

  116.     // Perform the first step
    117. 

  117.     mongo_auth_process.transition('', function(err, payload) {
    118. 

  118.       if(err) return callback(err, false);
    119. 

  119. 

  120.       // Call the next db step
    121. 

  121.       MongoDBGSSAPIFirstStep(mongo_auth_process, payload, db, username, password, authdb, server, connection, callback);
    122. 

  122.     });
    123. 

  123.   });
    124. 

  124. }
    125. 

  125. 

  126. //
    127. 

  127. // Perform first step against mongodb
    128. 

  128. var MongoDBGSSAPIFirstStep = function(mongo_auth_process, payload, db, username, password, authdb, server, connection, callback) {
    129. 

  129.   // Build the sasl start command
    130. 

  130.   var command = {
    131. 

  131.       saslStart: 1
    132. 

  132.     , mechanism: 'GSSAPI'
    133. 

  133.     , payload: payload
    134. 

  134.     , autoAuthorize: 1
    135. 

  135.   };
    136. 

  136. 

  137.   // Execute first sasl step
    138. 

  138.   server.command("$external.$cmd"
    139. 

  139.     , command
    140. 

  140.     , { connection: connection }, function(err, r) {
    141. 

  141.     if(err) return callback(err, false);    
    142. 

  142.     var doc = r.result;
    143. 

  143.     // Execute mongodb transition
    144. 

  144.     mongo_auth_process.transition(r.result.payload, function(err, payload) {
    145. 

  145.       if(err) return callback(err, false);
    146. 

  146. 

  147.       // MongoDB API Second Step
    148. 

  148.       MongoDBGSSAPISecondStep(mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback);
    149. 

  149.     });
    150. 

  150.   });
    151. 

  151. }
    152. 

  152. 

  153. //
    154. 

  154. // Perform first step against mongodb
    155. 

  155. var MongoDBGSSAPISecondStep = function(mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback) {
    156. 

  156.   // Build Authentication command to send to MongoDB
    157. 

  157.   var command = {
    158. 

  158.       saslContinue: 1
    159. 

  159.     , conversationId: doc.conversationId
    160. 

  160.     , payload: payload
    161. 

  161.   };
    162. 

  162. 

  163.   // Execute the command
    164. 

  164.   server.command("$external.$cmd"
    165. 

  165.     , command
    166. 

  166.     , { connection: connection }, function(err, r) {
    167. 

  167.     if(err) return callback(err, false);
    168. 

  168.     var doc = r.result;
    169. 

  169.     // Call next transition for kerberos
    170. 

  170.     mongo_auth_process.transition(doc.payload, function(err, payload) {
    171. 

  171.       if(err) return callback(err, false);
    172. 

  172. 

  173.       // Call the last and third step
    174. 

  174.       MongoDBGSSAPIThirdStep(mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback);
    175. 

  175.     });    
    176. 

  176.   });
    177. 

  177. }
    178. 

  178. 

  179. var MongoDBGSSAPIThirdStep = function(mongo_auth_process, payload, doc, db, username, password, authdb, server, connection, callback) {
    180. 

  180.   // Build final command
    181. 

  181.   var command = {
    182. 

  182.       saslContinue: 1
    183. 

  183.     , conversationId: doc.conversationId
    184. 

  184.     , payload: payload
    185. 

  185.   };
    186. 

  186. 

  187.   // Execute the command
    188. 

  188.   server.command("$external.$cmd"
    189. 

  189.     , command
    190. 

  190.     , { connection: connection }, function(err, r) {
    191. 

  191.     if(err) return callback(err, false);
    192. 

  192.     mongo_auth_process.transition(null, function(err, payload) {
    193. 

  193.       if(err) return callback(err, null);
    194. 

  194.       callback(null, r);
    195. 

  195.     });
    196. 

  196.   });
    197. 

  197. }
    198. 

  198. 

  199. // Add to store only if it does not exist
    200. 

  200. var addAuthSession = function(authStore, session) {
    201. 

  201.   var found = false;
    202. 

  202. 

  203.   for(var i = 0; i < authStore.length; i++) {
    204. 

  204.     if(authStore[i].equal(session)) {
    205. 

  205.       found = true;
    206. 

  206.       break;
    207. 

  207.     }
    208. 

  208.   }
    209. 

  209. 

  210.   if(!found) authStore.push(session);
    211. 

  211. }
    212. 

  212. 

  213. /**
    214. 

  214.  * Re authenticate pool
    215. 

  215.  * @method
    216. 

  216.  * @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
    217. 

  217.  * @param {Pool} pool Connection pool for this topology
    218. 

  218.  * @param {authResultCallback} callback The callback to return the result from the authentication
    219. 

  219.  * @return {object}
    220. 

  220.  */
    221. 

  221. GSSAPI.prototype.reauthenticate = function(server, pool, callback) {
    222. 

  222.   var count = this.authStore.length;
    223. 

  223.   if(count == 0) return callback(null, null);
    224. 

  224.   // Iterate over all the auth details stored
    225. 

  225.   for(var i = 0; i < this.authStore.length; i++) {
    226. 

  226.     this.auth(server, pool, this.authStore[i].db, this.authStore[i].username, this.authStore[i].password, this.authStore[i].options, function(err, r) {
    227. 

  227.       count = count - 1;
    228. 

  228.       // Done re-authenticating
    229. 

  229.       if(count == 0) {
    230. 

  230.         callback(null, null);
    231. 

  231.       }
    232. 

  232.     });
    233. 

  233.   }
    234. 

  234. }
    235. 

  235. 

  236. /**
    237. 

  237.  * This is a result from a authentication strategy
    238. 

  238.  *
    239. 

  239.  * @callback authResultCallback
    240. 

  240.  * @param {error} error An error object. Set to null if no error present
    241. 

  241.  * @param {boolean} result The result of the authentication process
    242. 

  242.  */
    243. 

  243. 

  244. module.exports = GSSAPI;
    245.