Permalink
Browse files

Added win32 tests for kerberos

  • Loading branch information...
1 parent cf93219 commit 3be1249c40190ed8dfe9f564a9b98fded512207b @christkv christkv committed Apr 4, 2013
@@ -6,8 +6,10 @@ var DbCommand = require('../commands/db_command').DbCommand
var Kerberos = null;
// Try to grab the Kerberos class
try {
- Kerberos = require('kerberos').Kerberos;
-} catch(err) {}
+ Kerberos = require('kerberos').Kerberos
+ // Authentication process for Mongo
+ MongoAuthProcess = require('kerberos').processes.MongoAuthProcess
+} catch(err) {console.dir(err)}
var authenticate = function(db, username, password, authdb, options, callback) {
var numberOfConnections = 0;
@@ -24,10 +26,7 @@ var authenticate = function(db, username, password, authdb, options, callback) {
options['onAll'] = true;
}
- //
- // TODO: Authenticate all connections with the credentials
- // TODO: Ensure correct Re-Authentication of all connections on reconnects using GSSAPI
- //
+ // Grab all the connections
var connections = db.serverConfig.allRawConnections();
var error = null;
// Authenticate all connections
@@ -55,30 +54,26 @@ var authenticate = function(db, username, password, authdb, options, callback) {
//
// Initialize step
var GSSAPIInitialize = function(db, username, password, authdb, connection, callback) {
- // Create Kerberos instance
- var kerberos = new Kerberos();
- // Right let's get sasl going
- var connection = db.serverConfig.checkoutWriter();
- // Create connection string
- var kerberos_connection_string = format("mongodb@%s", connection.socketOptions.host);
- // Start the kerberos process
- kerberos.authGSSClientInit(kerberos_connection_string, Kerberos.GSS_C_MUTUAL_FLAG, function(err, context) {
+ // Create authenticator
+ var mongo_auth_process = new MongoAuthProcess(connection.socketOptions.host, connection.socketOptions.port);
+
+ // Perform initialization
+ mongo_auth_process.init(username, password, function(err, context) {
if(err) return callback(err, false);
- // Let's perform the first step
- kerberos.authGSSClientStep(context, '', function(err, result) {
+ // Perform the first step
+ mongo_auth_process.transition('', function(err, payload) {
if(err) return callback(err, false);
- // Call next step
- MongoDBGSSAPIFirstStep(kerberos, context, db, username, password, authdb, connection, callback);
+
+ // Call the next db step
+ MongoDBGSSAPIFirstStep(mongo_auth_process, payload, db, username, password, authdb, connection, callback);
});
});
}
//
// Perform first step against mongodb
-var MongoDBGSSAPIFirstStep = function(kerberos, context, db, username, password, authdb, connection, callback) {
- // Grab the payload
- var payload = context.response;
+var MongoDBGSSAPIFirstStep = function(mongo_auth_process, payload, db, username, password, authdb, connection, callback) {
// Build the sasl start command
var command = {
saslStart: 1
@@ -93,22 +88,19 @@ var MongoDBGSSAPIFirstStep = function(kerberos, context, db, username, password,
// Get the payload
doc = doc.documents[0];
var db_payload = doc.payload;
-
- // Show payload
- kerberos.authGSSClientStep(context, doc.payload, function(err, result) {
+
+ mongo_auth_process.transition(doc.payload, function(err, payload) {
if(err) return callback(err, false);
+
// MongoDB API Second Step
- MongoDBGSSAPISecondStep(kerberos, context, doc, db, username, password, authdb, connection, callback);
+ MongoDBGSSAPISecondStep(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback);
});
});
}
//
// Perform first step against mongodb
-var MongoDBGSSAPISecondStep = function(kerberos, context, doc, db, username, password, authdb, connection, callback) {
- // Get the payload
- var payload = context.response || '';
-
+var MongoDBGSSAPISecondStep = function(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback) {
// Build Authentication command to send to MongoDB
var command = {
saslContinue: 1
@@ -122,26 +114,18 @@ var MongoDBGSSAPISecondStep = function(kerberos, context, doc, db, username, pas
// Get the result document
doc = doc.documents[0];
-
- // GSS Client Unwrap
- kerberos.authGSSClientUnwrap(context, doc.payload, function(err, result) {
- if(err) return callback(err, false);
- var payload = context.response;
- // Wrap the response
- kerberos.authGSSClientWrap(context, payload, username, function(err, result) {
- if(err) return callback(err, false);
+ // Call next transition for kerberos
+ mongo_auth_process.transition(doc.payload, function(err, payload) {
+ if(err) return callback(err, false);
- // Call the last and third step
- MongoDBGSSAPIThirdStep(kerberos, context, doc, db, username, password, authdb, connection, callback);
- });
- });
+ // Call the last and third step
+ MongoDBGSSAPIThirdStep(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback);
+ });
});
}
-var MongoDBGSSAPIThirdStep = function(kerberos, context, doc, db, username, password, authdb, connection, callback) {
- var payload = context.response;
-
+var MongoDBGSSAPIThirdStep = function(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback) {
// Build final command
var command = {
saslContinue: 1
@@ -153,8 +137,7 @@ var MongoDBGSSAPIThirdStep = function(kerberos, context, doc, db, username, pass
db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
if(err) return callback(err, false);
- // Clean up context
- kerberos.authGSSClientClean(context, function(err, result) {
+ mongo_auth_process.transition(null, function(err, payload) {
if(err) return callback(err, false);
callback(null, true);
});
@@ -7,17 +7,10 @@ var Kerberos = null;
// Try to grab the Kerberos class
try {
Kerberos = require('kerberos').Kerberos
- // , SecurityCredentials = require('kerberos').SSPI.SecurityCredentials
- // , SecurityContext = require('kerberos').SSPI.SecurityContext
- // , SecurityBuffer = require('kerberos').SSPI.SecurityBuffer
- // , SecurityBufferDescriptor = require('kerberos').SSPI.SecurityBufferDescriptor
-
// Authentication process for Mongo
MongoAuthProcess = require('kerberos').processes.MongoAuthProcess
} catch(err) {console.dir(err)}
-// console.dir(require('kerberos').processes.MongoAuthProcess)
-
var authenticate = function(db, username, password, authdb, options, callback) {
var numberOfConnections = 0;
var errorObject = null;
@@ -35,6 +28,32 @@ var authenticate = function(db, username, password, authdb, options, callback) {
var connection = db.serverConfig.allRawConnections()[0];
+ // Grab all the connections
+ var connections = db.serverConfig.allRawConnections();
+ var error = null;
+
+ // Authenticate all connections
+ for(var i = 0; i < numberOfConnections; i++) {
+ // Start Auth process for a connection
+ SSIPAuthenticate(db, username, password, authdb, connections[i], function(err, result) {
+ // Adjust number of connections left to connect
+ numberOfConnections = numberOfConnections - 1;
+ // If we have an error save it
+ if(err) error = err;
+
+ // We are done
+ if(numberOfConnections == 0) {
+ if(err) return callback(err, false);
+ // We authenticated correctly save the credentials
+ db.auths = [{'username':username, 'password':password, 'authdb': authdb, 'authMechanism': 'GSSAPI'}];
+ // Return valid callback
+ return callback(null, true);
+ }
+ });
+ }
+}
+
+var SSIPAuthenticate = function(db, username, password, authdb, connection, callback) {
// --------------------------------------------------------------
// Async Version
// --------------------------------------------------------------
@@ -108,182 +127,7 @@ var authenticate = function(db, username, password, authdb, options, callback) {
});
});
});
- });
-
- // // --------------------------------------------------------------
- // // Sync Version
- // // --------------------------------------------------------------
- // var command = {
- // saslStart: 1
- // , mechanism: 'GSSAPI'
- // , payload: ''
- // , autoAuthorize: 1
- // };
-
- // // Execute first sasl step
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // console.log("=========================================================");
- // console.log("========= authenticate 0");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
-
- // // Aquire security credentials
- // var security_credentials = SecurityCredentials.aquire_kerberos(username, password);
- // console.log("=========================================================");
- // console.log("========= security credential 0");
- // console.log("=========================================================");
- // console.dir(security_credentials)
-
- // // Set up service principal
- // var target = format("mongodb/%s", connection.socketOptions.host);
- // // Initialize the security context
- // console.dir(doc)
- // console.log("=========================================================");
- // console.log("========= security context 0")
- // console.log("=========================================================");
- // var security_context = SecurityContext.initializeSync(security_credentials, target, doc.payload);
- // console.dir(security_context.payload)
-
- // // Perform the next step against mongod
- // var command = {
- // saslContinue: 1
- // , conversationId: doc.conversationId
- // , payload: security_context.payload
- // };
-
- // // Execute the command
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // console.log("=========================================================");
- // console.log("========= authenticate 1");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
- // // Let's perform a step
- // security_context.initializeSync(target, doc.payload);
- // console.log("=========================================================");
- // console.log("========= security context 1")
- // console.log("=========================================================");
- // console.dir(security_context.payload)
-
- // // Perform the next step against mongod
- // var command = {
- // saslContinue: 1
- // , conversationId: doc.conversationId
- // , payload: security_context.payload
- // };
-
- // // Execute the command
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // console.log("=========================================================");
- // console.log("========= authenticate 2");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
-
- // var messageLength = 0;
- // // Get the raw bytes
- // var encryptedBytes = new Buffer(doc.payload, 'base64');
- // var encryptedMessage = new Buffer(messageLength);
- // // Copy first byte
- // encryptedBytes.copy(encryptedMessage, 0, 0, messageLength);
- // console.log("================================== decryptMEssage")
- // console.dir(encryptedMessage)
-
- // var securityTrailerLength = encryptedBytes.length - messageLength;
- // var securityTrailer = new Buffer(securityTrailerLength);
- // encryptedBytes.copy(securityTrailer, 0, messageLength, securityTrailerLength);
-
- // var buffers = [
- // new SecurityBuffer(SecurityBuffer.DATA, encryptedBytes)
- // , new SecurityBuffer(SecurityBuffer.STREAM, securityTrailer)
- // ];
-
- // console.log("****************************************************")
- // console.dir(encryptedBytes)
- // console.dir(securityTrailer)
-
- // var descriptor = new SecurityBufferDescriptor(buffers);
-
-
- // // Decrypt the message
- // security_context.decryptMessageSync(descriptor);
- // console.log("=========================================================");
- // console.log("========= security context 2")
- // console.log("=========================================================");
- // console.dir(security_context.payload)
-
- // var length = 4;
- // if(username != null) {
- // length += username.length;
- // }
-
- // var bytesReceivedFromServer = new Buffer(length);
- // bytesReceivedFromServer[0] = 0x01; // NO_PROTECTION
- // bytesReceivedFromServer[1] = 0x00; // NO_PROTECTION
- // bytesReceivedFromServer[2] = 0x00; // NO_PROTECTION
- // bytesReceivedFromServer[3] = 0x00; // NO_PROTECTION
-
- // if(username != null) {
- // var authorization_id_bytes = new Buffer(username, 'utf8');
- // authorization_id_bytes.copy(bytesReceivedFromServer, 4, 0);
- // }
-
- // console.log(bytesReceivedFromServer.toString('base64'))
- // console.log("=========================================================");
- // console.log("========= security context 3")
- // console.log("=========================================================");
- // // Get the sizes
- // var sizes = security_context.queryContextAttributesSync(0x00);
- // console.dir(sizes)
-
- // var buffers = [
- // new SecurityBuffer(SecurityBuffer.TOKEN, new Buffer(sizes.securityTrailer))
- // , new SecurityBuffer(SecurityBuffer.DATA, bytesReceivedFromServer)
- // , new SecurityBuffer(SecurityBuffer.PADDING, new Buffer(sizes.blockSize))
- // ]
-
- // var descriptor = new SecurityBufferDescriptor(buffers);
-
- // // Encrypt the data
- // security_context.encryptMessageSync(descriptor, 0x80000001);
- // console.log("=========================================================");
- // console.log("========= security context 4")
- // console.log("=========================================================");
- // console.dir(security_context.payload)
-
- // // Perform the next step against mongod
- // var command = {
- // saslContinue: 1
- // , conversationId: doc.conversationId
- // , payload: security_context.payload
- // };
-
- // // Execute the command
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // console.log("=========================================================");
- // console.log("========= authenticate 3");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // if(doc.done) return callback(null, true);
- // callback(new Error("Authentication failed"), false);
- // });
- // });
- // });
- // });
+ });
}
exports.authenticate = authenticate;
Oops, something went wrong.

0 comments on commit 3be1249

Please sign in to comment.