Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added win32 tests for kerberos

  • Loading branch information...
commit 3be1249c40190ed8dfe9f564a9b98fded512207b 1 parent cf93219
@christkv christkv authored
View
75 lib/mongodb/auth/mongodb_gssapi.js
@@ -6,8 +6,10 @@ var DbCommand = require('../commands/db_command').DbCommand
var Kerberos = null;
// Try to grab the Kerberos class
try {
- Kerberos = require('kerberos').Kerberos;
-} catch(err) {}
+ Kerberos = require('kerberos').Kerberos
+ // Authentication process for Mongo
+ MongoAuthProcess = require('kerberos').processes.MongoAuthProcess
+} catch(err) {console.dir(err)}
var authenticate = function(db, username, password, authdb, options, callback) {
var numberOfConnections = 0;
@@ -24,10 +26,7 @@ var authenticate = function(db, username, password, authdb, options, callback) {
options['onAll'] = true;
}
- //
- // TODO: Authenticate all connections with the credentials
- // TODO: Ensure correct Re-Authentication of all connections on reconnects using GSSAPI
- //
+ // Grab all the connections
var connections = db.serverConfig.allRawConnections();
var error = null;
// Authenticate all connections
@@ -55,30 +54,26 @@ var authenticate = function(db, username, password, authdb, options, callback) {
//
// Initialize step
var GSSAPIInitialize = function(db, username, password, authdb, connection, callback) {
- // Create Kerberos instance
- var kerberos = new Kerberos();
- // Right let's get sasl going
- var connection = db.serverConfig.checkoutWriter();
- // Create connection string
- var kerberos_connection_string = format("mongodb@%s", connection.socketOptions.host);
- // Start the kerberos process
- kerberos.authGSSClientInit(kerberos_connection_string, Kerberos.GSS_C_MUTUAL_FLAG, function(err, context) {
+ // Create authenticator
+ var mongo_auth_process = new MongoAuthProcess(connection.socketOptions.host, connection.socketOptions.port);
+
+ // Perform initialization
+ mongo_auth_process.init(username, password, function(err, context) {
if(err) return callback(err, false);
- // Let's perform the first step
- kerberos.authGSSClientStep(context, '', function(err, result) {
+ // Perform the first step
+ mongo_auth_process.transition('', function(err, payload) {
if(err) return callback(err, false);
- // Call next step
- MongoDBGSSAPIFirstStep(kerberos, context, db, username, password, authdb, connection, callback);
+
+ // Call the next db step
+ MongoDBGSSAPIFirstStep(mongo_auth_process, payload, db, username, password, authdb, connection, callback);
});
});
}
//
// Perform first step against mongodb
-var MongoDBGSSAPIFirstStep = function(kerberos, context, db, username, password, authdb, connection, callback) {
- // Grab the payload
- var payload = context.response;
+var MongoDBGSSAPIFirstStep = function(mongo_auth_process, payload, db, username, password, authdb, connection, callback) {
// Build the sasl start command
var command = {
saslStart: 1
@@ -93,22 +88,19 @@ var MongoDBGSSAPIFirstStep = function(kerberos, context, db, username, password,
// Get the payload
doc = doc.documents[0];
var db_payload = doc.payload;
-
- // Show payload
- kerberos.authGSSClientStep(context, doc.payload, function(err, result) {
+
+ mongo_auth_process.transition(doc.payload, function(err, payload) {
if(err) return callback(err, false);
+
// MongoDB API Second Step
- MongoDBGSSAPISecondStep(kerberos, context, doc, db, username, password, authdb, connection, callback);
+ MongoDBGSSAPISecondStep(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback);
});
});
}
//
// Perform first step against mongodb
-var MongoDBGSSAPISecondStep = function(kerberos, context, doc, db, username, password, authdb, connection, callback) {
- // Get the payload
- var payload = context.response || '';
-
+var MongoDBGSSAPISecondStep = function(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback) {
// Build Authentication command to send to MongoDB
var command = {
saslContinue: 1
@@ -122,26 +114,18 @@ var MongoDBGSSAPISecondStep = function(kerberos, context, doc, db, username, pas
// Get the result document
doc = doc.documents[0];
-
- // GSS Client Unwrap
- kerberos.authGSSClientUnwrap(context, doc.payload, function(err, result) {
- if(err) return callback(err, false);
- var payload = context.response;
- // Wrap the response
- kerberos.authGSSClientWrap(context, payload, username, function(err, result) {
- if(err) return callback(err, false);
+ // Call next transition for kerberos
+ mongo_auth_process.transition(doc.payload, function(err, payload) {
+ if(err) return callback(err, false);
- // Call the last and third step
- MongoDBGSSAPIThirdStep(kerberos, context, doc, db, username, password, authdb, connection, callback);
- });
- });
+ // Call the last and third step
+ MongoDBGSSAPIThirdStep(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback);
+ });
});
}
-var MongoDBGSSAPIThirdStep = function(kerberos, context, doc, db, username, password, authdb, connection, callback) {
- var payload = context.response;
-
+var MongoDBGSSAPIThirdStep = function(mongo_auth_process, payload, doc, db, username, password, authdb, connection, callback) {
// Build final command
var command = {
saslContinue: 1
@@ -153,8 +137,7 @@ var MongoDBGSSAPIThirdStep = function(kerberos, context, doc, db, username, pass
db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
if(err) return callback(err, false);
- // Clean up context
- kerberos.authGSSClientClean(context, function(err, result) {
+ mongo_auth_process.transition(null, function(err, payload) {
if(err) return callback(err, false);
callback(null, true);
});
View
210 lib/mongodb/auth/mongodb_sspi.js
@@ -7,17 +7,10 @@ var Kerberos = null;
// Try to grab the Kerberos class
try {
Kerberos = require('kerberos').Kerberos
- // , SecurityCredentials = require('kerberos').SSPI.SecurityCredentials
- // , SecurityContext = require('kerberos').SSPI.SecurityContext
- // , SecurityBuffer = require('kerberos').SSPI.SecurityBuffer
- // , SecurityBufferDescriptor = require('kerberos').SSPI.SecurityBufferDescriptor
-
// Authentication process for Mongo
MongoAuthProcess = require('kerberos').processes.MongoAuthProcess
} catch(err) {console.dir(err)}
-// console.dir(require('kerberos').processes.MongoAuthProcess)
-
var authenticate = function(db, username, password, authdb, options, callback) {
var numberOfConnections = 0;
var errorObject = null;
@@ -35,6 +28,32 @@ var authenticate = function(db, username, password, authdb, options, callback) {
var connection = db.serverConfig.allRawConnections()[0];
+ // Grab all the connections
+ var connections = db.serverConfig.allRawConnections();
+ var error = null;
+
+ // Authenticate all connections
+ for(var i = 0; i < numberOfConnections; i++) {
+ // Start Auth process for a connection
+ SSIPAuthenticate(db, username, password, authdb, connections[i], function(err, result) {
+ // Adjust number of connections left to connect
+ numberOfConnections = numberOfConnections - 1;
+ // If we have an error save it
+ if(err) error = err;
+
+ // We are done
+ if(numberOfConnections == 0) {
+ if(err) return callback(err, false);
+ // We authenticated correctly save the credentials
+ db.auths = [{'username':username, 'password':password, 'authdb': authdb, 'authMechanism': 'GSSAPI'}];
+ // Return valid callback
+ return callback(null, true);
+ }
+ });
+ }
+}
+
+var SSIPAuthenticate = function(db, username, password, authdb, connection, callback) {
// --------------------------------------------------------------
// Async Version
// --------------------------------------------------------------
@@ -108,182 +127,7 @@ var authenticate = function(db, username, password, authdb, options, callback) {
});
});
});
- });
-
- // // --------------------------------------------------------------
- // // Sync Version
- // // --------------------------------------------------------------
- // var command = {
- // saslStart: 1
- // , mechanism: 'GSSAPI'
- // , payload: ''
- // , autoAuthorize: 1
- // };
-
- // // Execute first sasl step
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // console.log("=========================================================");
- // console.log("========= authenticate 0");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
-
- // // Aquire security credentials
- // var security_credentials = SecurityCredentials.aquire_kerberos(username, password);
- // console.log("=========================================================");
- // console.log("========= security credential 0");
- // console.log("=========================================================");
- // console.dir(security_credentials)
-
- // // Set up service principal
- // var target = format("mongodb/%s", connection.socketOptions.host);
- // // Initialize the security context
- // console.dir(doc)
- // console.log("=========================================================");
- // console.log("========= security context 0")
- // console.log("=========================================================");
- // var security_context = SecurityContext.initializeSync(security_credentials, target, doc.payload);
- // console.dir(security_context.payload)
-
- // // Perform the next step against mongod
- // var command = {
- // saslContinue: 1
- // , conversationId: doc.conversationId
- // , payload: security_context.payload
- // };
-
- // // Execute the command
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // console.log("=========================================================");
- // console.log("========= authenticate 1");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
- // // Let's perform a step
- // security_context.initializeSync(target, doc.payload);
- // console.log("=========================================================");
- // console.log("========= security context 1")
- // console.log("=========================================================");
- // console.dir(security_context.payload)
-
- // // Perform the next step against mongod
- // var command = {
- // saslContinue: 1
- // , conversationId: doc.conversationId
- // , payload: security_context.payload
- // };
-
- // // Execute the command
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // console.log("=========================================================");
- // console.log("========= authenticate 2");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
-
- // var messageLength = 0;
- // // Get the raw bytes
- // var encryptedBytes = new Buffer(doc.payload, 'base64');
- // var encryptedMessage = new Buffer(messageLength);
- // // Copy first byte
- // encryptedBytes.copy(encryptedMessage, 0, 0, messageLength);
- // console.log("================================== decryptMEssage")
- // console.dir(encryptedMessage)
-
- // var securityTrailerLength = encryptedBytes.length - messageLength;
- // var securityTrailer = new Buffer(securityTrailerLength);
- // encryptedBytes.copy(securityTrailer, 0, messageLength, securityTrailerLength);
-
- // var buffers = [
- // new SecurityBuffer(SecurityBuffer.DATA, encryptedBytes)
- // , new SecurityBuffer(SecurityBuffer.STREAM, securityTrailer)
- // ];
-
- // console.log("****************************************************")
- // console.dir(encryptedBytes)
- // console.dir(securityTrailer)
-
- // var descriptor = new SecurityBufferDescriptor(buffers);
-
-
- // // Decrypt the message
- // security_context.decryptMessageSync(descriptor);
- // console.log("=========================================================");
- // console.log("========= security context 2")
- // console.log("=========================================================");
- // console.dir(security_context.payload)
-
- // var length = 4;
- // if(username != null) {
- // length += username.length;
- // }
-
- // var bytesReceivedFromServer = new Buffer(length);
- // bytesReceivedFromServer[0] = 0x01; // NO_PROTECTION
- // bytesReceivedFromServer[1] = 0x00; // NO_PROTECTION
- // bytesReceivedFromServer[2] = 0x00; // NO_PROTECTION
- // bytesReceivedFromServer[3] = 0x00; // NO_PROTECTION
-
- // if(username != null) {
- // var authorization_id_bytes = new Buffer(username, 'utf8');
- // authorization_id_bytes.copy(bytesReceivedFromServer, 4, 0);
- // }
-
- // console.log(bytesReceivedFromServer.toString('base64'))
- // console.log("=========================================================");
- // console.log("========= security context 3")
- // console.log("=========================================================");
- // // Get the sizes
- // var sizes = security_context.queryContextAttributesSync(0x00);
- // console.dir(sizes)
-
- // var buffers = [
- // new SecurityBuffer(SecurityBuffer.TOKEN, new Buffer(sizes.securityTrailer))
- // , new SecurityBuffer(SecurityBuffer.DATA, bytesReceivedFromServer)
- // , new SecurityBuffer(SecurityBuffer.PADDING, new Buffer(sizes.blockSize))
- // ]
-
- // var descriptor = new SecurityBufferDescriptor(buffers);
-
- // // Encrypt the data
- // security_context.encryptMessageSync(descriptor, 0x80000001);
- // console.log("=========================================================");
- // console.log("========= security context 4")
- // console.log("=========================================================");
- // console.dir(security_context.payload)
-
- // // Perform the next step against mongod
- // var command = {
- // saslContinue: 1
- // , conversationId: doc.conversationId
- // , payload: security_context.payload
- // };
-
- // // Execute the command
- // db._executeQueryCommand(DbCommand.createDbCommand(db, command, {}, '$external'), {connection:connection}, function(err, doc) {
- // console.log("=========================================================");
- // console.log("========= authenticate 3");
- // console.log("=========================================================");
- // console.dir(err);
- // console.dir(doc);
- // if(err) return callback(err);
- // doc = doc.documents[0];
-
- // if(doc.done) return callback(null, true);
- // callback(new Error("Authentication failed"), false);
- // });
- // });
- // });
- // });
+ });
}
exports.authenticate = authenticate;
View
20 test/runners/kerberos_runners.js
@@ -6,6 +6,18 @@ module.exports = function(configurations) {
//
//
+ // Set the test to run dependent on the platform
+ var tests = [
+ '/test/tests/kerberos/kdc_tests.js'
+ ];
+
+ // If we have win32 change the test
+ if(process.platform == 'win32') {
+ tests = [
+ '/test/tests/kerberos/kdc_win32_tests.js'
+ ];
+ }
+
// Configure a Run of tests
var kdc_runner = Runner
// Add configurations to the test runner
@@ -14,12 +26,8 @@ module.exports = function(configurations) {
// First parameter is test suite name
// Second parameter is the configuration used
// Third parameter is the list of files to execute
- .add("single_server_auth",
- [
- '/test/tests/kerberos/kdc_tests.js'
- ]
- );
-
+ .add("single_server_auth", tests);
+
// Export runners
return {
runner: kdc_runner
View
2  test/tests/kerberos/kdc_tests.js
@@ -12,8 +12,6 @@ exports['Should Correctly Authenticate using kerberos with MongoClient'] = funct
, MongoClient = configuration.getMongoPackage().MongoClient
, Server = configuration.getMongoPackage().Server;
- console.log("============= hey")
-
// KDC Server
var server = "kdc.10gen.me";
var principal = "dev1@10GEN.ME";
View
98 test/tests/kerberos/kdc_win32_tests.js
@@ -0,0 +1,98 @@
+var format = require('util').format;
+
+// You need to set up the kinit tab first
+// kinit dev1@10GEN.ME
+// password: (not shown)
+
+/**
+ * @ignore
+ */
+exports['Should Correctly Authenticate on Win32 using kerberos with MongoClient'] = function(configuration, test) {
+ var Db = configuration.getMongoPackage().Db
+ , MongoClient = configuration.getMongoPackage().MongoClient
+ , Server = configuration.getMongoPackage().Server;
+
+ // KDC Server
+ var server = "kdc.10gen.me";
+ var principal = "dev1@10GEN.ME";
+ var pass = "a";
+ var urlEncodedPrincipal = encodeURIComponent(principal);
+
+ // Let's write the actual connection code
+ MongoClient.connect(format("mongodb://%s:%s@%s/test?authMechanism=GSSAPI&maxPoolSize=1", urlEncodedPrincipal, pass, server), function(err, db) {
+ test.equal(null, err);
+ test.ok(db != null);
+
+ // Attempt an operation
+ db.admin().command({listDatabases:1}, function(err, docs) {
+ test.equal(null, err);
+ test.ok(docs.documents[0].databases);
+
+ db.close();
+ test.done();
+ });
+ });
+}
+
+/**
+ * @ignore
+ */
+exports['Should Correctly Authenticate using kerberos on Win32 with MongoClient and then reconnect'] = function(configuration, test) {
+ var Db = configuration.getMongoPackage().Db
+ , MongoClient = configuration.getMongoPackage().MongoClient
+ , Server = configuration.getMongoPackage().Server;
+
+ // KDC Server
+ var server = "kdc.10gen.me";
+ var principal = "dev1@10GEN.ME";
+ var pass = "a";
+ var urlEncodedPrincipal = encodeURIComponent(principal);
+
+ // Let's write the actual connection code
+ MongoClient.connect(format("mongodb://%s:%s@%s/test?authMechanism=GSSAPI&maxPoolSize=5", urlEncodedPrincipal, pass, server), function(err, db) {
+ test.equal(null, err);
+ test.ok(db != null);
+
+ // Close the connection
+ db.close();
+
+ // Attempt an operation
+ db.admin().command({listDatabases:1}, function(err, docs) {
+ test.equal(null, err);
+ test.ok(docs.documents[0].databases);
+
+ db.close();
+ test.done();
+ });
+ });
+}
+
+/**
+ * @ignore
+ */
+exports['Should Correctly Authenticate on Win32 authenticate method manually'] = function(configuration, test) {
+ var Db = configuration.getMongoPackage().Db
+ , MongoClient = configuration.getMongoPackage().MongoClient
+ , Server = configuration.getMongoPackage().Server;
+
+ // KDC Server
+ var server = "kdc.10gen.me";
+ var principal = "dev1@10GEN.ME";
+ var urlEncodedPrincipal = encodeURIComponent(principal);
+ var pass = "a";
+
+ var db = new Db('test', new Server('kdc.10gen.me', 27017), {w:1});
+ db.open(function(err, db) {
+ test.equal(null, err);
+ test.ok(db != null);
+
+ // Authenticate
+ db.authenticate(principal, pass, {authMechanism: 'GSSAPI'}, function(err, result) {
+ test.equal(null, err);
+ test.ok(result);
+
+ db.close();
+ test.done();
+ });
+ });
+}
Please sign in to comment.
Something went wrong with that request. Please try again.