beppe/yahoo-thing
1
0
Fork 0
mirror of https://github.com/bvanroll/yahoo-thing.git synced 2025-08-30 04:22:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

euh

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2019-01-25 01:39:48 +01:00
commit 41ac3fb32a
3269 changed files with 396937 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
node_modules/mongodb-core/lib/auth/defaultAuthProviders.js generated vendored Normal file
View File

@@ -0,0 +1,29 @@
'use strict';
const MongoCR = require('./mongocr');
const X509 = require('./x509');
const Plain = require('./plain');
const GSSAPI = require('./gssapi');
const SSPI = require('./sspi');
const ScramSHA1 = require('./scram').ScramSHA1;
const ScramSHA256 = require('./scram').ScramSHA256;
/**
* Returns the default authentication providers.
*
* @param {BSON} bson Bson definition
* @returns {Object} a mapping of auth names to auth types
*/
function defaultAuthProviders(bson) {
return {
mongocr: new MongoCR(bson),
x509: new X509(bson),
plain: new Plain(bson),
gssapi: new GSSAPI(bson),
sspi: new SSPI(bson),
'scram-sha-1': new ScramSHA1(bson),
'scram-sha-256': new ScramSHA256(bson)
};
}
module.exports = { defaultAuthProviders };

381
node_modules/mongodb-core/lib/auth/gssapi.js generated vendored Normal file
View File

@@ -0,0 +1,381 @@
'use strict';
const f = require('util').format;
const Query = require('../connection/commands').Query;
const MongoError = require('../error').MongoError;
const retrieveKerberos = require('../utils').retrieveKerberos;
var AuthSession = function(db, username, password, options) {
this.db = db;
this.username = username;
this.password = password;
this.options = options;
};
AuthSession.prototype.equal = function(session) {
return (
session.db === this.db &&
session.username === this.username &&
session.password === this.password
);
};
/**
* Creates a new GSSAPI authentication mechanism
* @class
* @return {GSSAPI} A cursor instance
*/
var GSSAPI = function(bson) {
this.bson = bson;
this.authStore = [];
};
/**
* Authenticate
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {string} db Name of the database
* @param {string} username Username
* @param {string} password Password
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
GSSAPI.prototype.auth = function(server, connections, db, username, password, options, callback) {
var self = this;
let kerberos;
try {
kerberos = retrieveKerberos();
} catch (e) {
return callback(e, null);
}
// TODO: remove this once we fix URI parsing
var gssapiServiceName = options['gssapiservicename'] || options['gssapiServiceName'] || 'mongodb';
// Total connections
var count = connections.length;
if (count === 0) return callback(null, null);
// Valid connections
var numberOfValidConnections = 0;
var errorObject = null;
// For each connection we need to authenticate
while (connections.length > 0) {
// Execute MongoCR
var execute = function(connection) {
// Start Auth process for a connection
GSSAPIInitialize(
self,
kerberos.processes.MongoAuthProcess,
db,
username,
password,
db,
gssapiServiceName,
server,
connection,
options,
function(err, r) {
// Adjust count
count = count - 1;
// If we have an error
if (err) {
errorObject = err;
} else if (r.result['$err']) {
errorObject = r.result;
} else if (r.result['errmsg']) {
errorObject = r.result;
} else {
numberOfValidConnections = numberOfValidConnections + 1;
}
// We have authenticated all connections
if (count === 0 && numberOfValidConnections > 0) {
// Store the auth details
addAuthSession(self.authStore, new AuthSession(db, username, password, options));
// Return correct authentication
callback(null, true);
} else if (count === 0) {
if (errorObject == null)
errorObject = new MongoError(f('failed to authenticate using mongocr'));
callback(errorObject, false);
}
}
);
};
var _execute = function(_connection) {
process.nextTick(function() {
execute(_connection);
});
};
_execute(connections.shift());
}
};
//
// Initialize step
var GSSAPIInitialize = function(
self,
MongoAuthProcess,
db,
username,
password,
authdb,
gssapiServiceName,
server,
connection,
options,
callback
) {
// Create authenticator
var mongo_auth_process = new MongoAuthProcess(
connection.host,
connection.port,
gssapiServiceName,
options
);
// Perform initialization
mongo_auth_process.init(username, password, function(err) {
if (err) return callback(err, false);
// Perform the first step
mongo_auth_process.transition('', function(err, payload) {
if (err) return callback(err, false);
// Call the next db step
MongoDBGSSAPIFirstStep(
self,
mongo_auth_process,
payload,
db,
username,
password,
authdb,
server,
connection,
callback
);
});
});
};
//
// Perform first step against mongodb
var MongoDBGSSAPIFirstStep = function(
self,
mongo_auth_process,
payload,
db,
username,
password,
authdb,
server,
connection,
callback
) {
// Build the sasl start command
var command = {
saslStart: 1,
mechanism: 'GSSAPI',
payload: payload,
autoAuthorize: 1
};
// Write the commmand on the connection
server(
connection,
new Query(self.bson, '$external.$cmd', command, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
if (err) return callback(err, false);
var doc = r.result;
// Execute mongodb transition
mongo_auth_process.transition(r.result.payload, function(err, payload) {
if (err) return callback(err, false);
// MongoDB API Second Step
MongoDBGSSAPISecondStep(
self,
mongo_auth_process,
payload,
doc,
db,
username,
password,
authdb,
server,
connection,
callback
);
});
}
);
};
//
// Perform first step against mongodb
var MongoDBGSSAPISecondStep = function(
self,
mongo_auth_process,
payload,
doc,
db,
username,
password,
authdb,
server,
connection,
callback
) {
// Build Authentication command to send to MongoDB
var command = {
saslContinue: 1,
conversationId: doc.conversationId,
payload: payload
};
// Execute the command
// Write the commmand on the connection
server(
connection,
new Query(self.bson, '$external.$cmd', command, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
if (err) return callback(err, false);
var doc = r.result;
// Call next transition for kerberos
mongo_auth_process.transition(doc.payload, function(err, payload) {
if (err) return callback(err, false);
// Call the last and third step
MongoDBGSSAPIThirdStep(
self,
mongo_auth_process,
payload,
doc,
db,
username,
password,
authdb,
server,
connection,
callback
);
});
}
);
};
var MongoDBGSSAPIThirdStep = function(
self,
mongo_auth_process,
payload,
doc,
db,
username,
password,
authdb,
server,
connection,
callback
) {
// Build final command
var command = {
saslContinue: 1,
conversationId: doc.conversationId,
payload: payload
};
// Execute the command
server(
connection,
new Query(self.bson, '$external.$cmd', command, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
if (err) return callback(err, false);
mongo_auth_process.transition(null, function(err) {
if (err) return callback(err, null);
callback(null, r);
});
}
);
};
// Add to store only if it does not exist
var addAuthSession = function(authStore, session) {
var found = false;
for (var i = 0; i < authStore.length; i++) {
if (authStore[i].equal(session)) {
found = true;
break;
}
}
if (!found) authStore.push(session);
};
/**
* Remove authStore credentials
* @method
* @param {string} db Name of database we are removing authStore details about
* @return {object}
*/
GSSAPI.prototype.logout = function(dbName) {
this.authStore = this.authStore.filter(function(x) {
return x.db !== dbName;
});
};
/**
* Re authenticate pool
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
GSSAPI.prototype.reauthenticate = function(server, connections, callback) {
var authStore = this.authStore.slice(0);
var count = authStore.length;
if (count === 0) return callback(null, null);
// Iterate over all the auth details stored
for (var i = 0; i < authStore.length; i++) {
this.auth(
server,
connections,
authStore[i].db,
authStore[i].username,
authStore[i].password,
authStore[i].options,
function(err) {
count = count - 1;
// Done re-authenticating
if (count === 0) {
callback(err, null);
}
}
);
}
};
/**
* This is a result from a authentication strategy
*
* @callback authResultCallback
* @param {error} error An error object. Set to null if no error present
* @param {boolean} result The result of the authentication process
*/
module.exports = GSSAPI;

214
node_modules/mongodb-core/lib/auth/mongocr.js generated vendored Normal file
View File

@@ -0,0 +1,214 @@
'use strict';
var f = require('util').format,
crypto = require('crypto'),
Query = require('../connection/commands').Query,
MongoError = require('../error').MongoError;
var AuthSession = function(db, username, password) {
this.db = db;
this.username = username;
this.password = password;
};
AuthSession.prototype.equal = function(session) {
return (
session.db === this.db &&
session.username === this.username &&
session.password === this.password
);
};
/**
* Creates a new MongoCR authentication mechanism
* @class
* @return {MongoCR} A cursor instance
*/
var MongoCR = function(bson) {
this.bson = bson;
this.authStore = [];
};
// Add to store only if it does not exist
var addAuthSession = function(authStore, session) {
var found = false;
for (var i = 0; i < authStore.length; i++) {
if (authStore[i].equal(session)) {
found = true;
break;
}
}
if (!found) authStore.push(session);
};
/**
* Authenticate
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {string} db Name of the database
* @param {string} username Username
* @param {string} password Password
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
MongoCR.prototype.auth = function(server, connections, db, username, password, callback) {
var self = this;
// Total connections
var count = connections.length;
if (count === 0) return callback(null, null);
// Valid connections
var numberOfValidConnections = 0;
var errorObject = null;
// For each connection we need to authenticate
while (connections.length > 0) {
// Execute MongoCR
var executeMongoCR = function(connection) {
// Write the commmand on the connection
server(
connection,
new Query(
self.bson,
f('%s.$cmd', db),
{
getnonce: 1
},
{
numberToSkip: 0,
numberToReturn: 1
}
),
function(err, r) {
var nonce = null;
var key = null;
// Adjust the number of connections left
// Get nonce
if (err == null) {
nonce = r.result.nonce;
// Use node md5 generator
var md5 = crypto.createHash('md5');
// Generate keys used for authentication
md5.update(username + ':mongo:' + password, 'utf8');
var hash_password = md5.digest('hex');
// Final key
md5 = crypto.createHash('md5');
md5.update(nonce + username + hash_password, 'utf8');
key = md5.digest('hex');
}
// Execute command
// Write the commmand on the connection
server(
connection,
new Query(
self.bson,
f('%s.$cmd', db),
{
authenticate: 1,
user: username,
nonce: nonce,
key: key
},
{
numberToSkip: 0,
numberToReturn: 1
}
),
function(err, r) {
count = count - 1;
// If we have an error
if (err) {
errorObject = err;
} else if (r.result['$err']) {
errorObject = r.result;
} else if (r.result['errmsg']) {
errorObject = r.result;
} else {
numberOfValidConnections = numberOfValidConnections + 1;
}
// We have authenticated all connections
if (count === 0 && numberOfValidConnections > 0) {
// Store the auth details
addAuthSession(self.authStore, new AuthSession(db, username, password));
// Return correct authentication
callback(null, true);
} else if (count === 0) {
if (errorObject == null)
errorObject = new MongoError(f('failed to authenticate using mongocr'));
callback(errorObject, false);
}
}
);
}
);
};
var _execute = function(_connection) {
process.nextTick(function() {
executeMongoCR(_connection);
});
};
_execute(connections.shift());
}
};
/**
* Remove authStore credentials
* @method
* @param {string} db Name of database we are removing authStore details about
* @return {object}
*/
MongoCR.prototype.logout = function(dbName) {
this.authStore = this.authStore.filter(function(x) {
return x.db !== dbName;
});
};
/**
* Re authenticate pool
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
MongoCR.prototype.reauthenticate = function(server, connections, callback) {
var authStore = this.authStore.slice(0);
var count = authStore.length;
if (count === 0) return callback(null, null);
// Iterate over all the auth details stored
for (var i = 0; i < authStore.length; i++) {
this.auth(
server,
connections,
authStore[i].db,
authStore[i].username,
authStore[i].password,
function(err) {
count = count - 1;
// Done re-authenticating
if (count === 0) {
callback(err, null);
}
}
);
}
};
/**
* This is a result from a authentication strategy
*
* @callback authResultCallback
* @param {error} error An error object. Set to null if no error present
* @param {boolean} result The result of the authentication process
*/
module.exports = MongoCR;

183
node_modules/mongodb-core/lib/auth/plain.js generated vendored Normal file
View File

@@ -0,0 +1,183 @@
'use strict';
var f = require('util').format,
retrieveBSON = require('../connection/utils').retrieveBSON,
Query = require('../connection/commands').Query,
MongoError = require('../error').MongoError;
var BSON = retrieveBSON(),
Binary = BSON.Binary;
var AuthSession = function(db, username, password) {
this.db = db;
this.username = username;
this.password = password;
};
AuthSession.prototype.equal = function(session) {
return (
session.db === this.db &&
session.username === this.username &&
session.password === this.password
);
};
/**
* Creates a new Plain authentication mechanism
* @class
* @return {Plain} A cursor instance
*/
var Plain = function(bson) {
this.bson = bson;
this.authStore = [];
};
/**
* Authenticate
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {string} db Name of the database
* @param {string} username Username
* @param {string} password Password
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
Plain.prototype.auth = function(server, connections, db, username, password, callback) {
var self = this;
// Total connections
var count = connections.length;
if (count === 0) return callback(null, null);
// Valid connections
var numberOfValidConnections = 0;
var errorObject = null;
// For each connection we need to authenticate
while (connections.length > 0) {
// Execute MongoCR
var execute = function(connection) {
// Create payload
var payload = new Binary(f('\x00%s\x00%s', username, password));
// Let's start the sasl process
var command = {
saslStart: 1,
mechanism: 'PLAIN',
payload: payload,
autoAuthorize: 1
};
// Let's start the process
server(
connection,
new Query(self.bson, '$external.$cmd', command, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
// Adjust count
count = count - 1;
// If we have an error
if (err) {
errorObject = err;
} else if (r.result['$err']) {
errorObject = r.result;
} else if (r.result['errmsg']) {
errorObject = r.result;
} else {
numberOfValidConnections = numberOfValidConnections + 1;
}
// We have authenticated all connections
if (count === 0 && numberOfValidConnections > 0) {
// Store the auth details
addAuthSession(self.authStore, new AuthSession(db, username, password));
// Return correct authentication
callback(null, true);
} else if (count === 0) {
if (errorObject == null)
errorObject = new MongoError(f('failed to authenticate using mongocr'));
callback(errorObject, false);
}
}
);
};
var _execute = function(_connection) {
process.nextTick(function() {
execute(_connection);
});
};
_execute(connections.shift());
}
};
// Add to store only if it does not exist
var addAuthSession = function(authStore, session) {
var found = false;
for (var i = 0; i < authStore.length; i++) {
if (authStore[i].equal(session)) {
found = true;
break;
}
}
if (!found) authStore.push(session);
};
/**
* Remove authStore credentials
* @method
* @param {string} db Name of database we are removing authStore details about
* @return {object}
*/
Plain.prototype.logout = function(dbName) {
this.authStore = this.authStore.filter(function(x) {
return x.db !== dbName;
});
};
/**
* Re authenticate pool
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
Plain.prototype.reauthenticate = function(server, connections, callback) {
var authStore = this.authStore.slice(0);
var count = authStore.length;
if (count === 0) return callback(null, null);
// Iterate over all the auth details stored
for (var i = 0; i < authStore.length; i++) {
this.auth(
server,
connections,
authStore[i].db,
authStore[i].username,
authStore[i].password,
function(err) {
count = count - 1;
// Done re-authenticating
if (count === 0) {
callback(err, null);
}
}
);
}
};
/**
* This is a result from a authentication strategy
*
* @callback authResultCallback
* @param {error} error An error object. Set to null if no error present
* @param {boolean} result The result of the authentication process
*/
module.exports = Plain;

442
node_modules/mongodb-core/lib/auth/scram.js generated vendored Normal file
View File

@@ -0,0 +1,442 @@
'use strict';
var f = require('util').format,
crypto = require('crypto'),
retrieveBSON = require('../connection/utils').retrieveBSON,
Query = require('../connection/commands').Query,
MongoError = require('../error').MongoError,
Buffer = require('safe-buffer').Buffer;
let saslprep;
try {
saslprep = require('saslprep');
} catch (e) {
// don't do anything;
}
var BSON = retrieveBSON(),
Binary = BSON.Binary;
var AuthSession = function(db, username, password) {
this.db = db;
this.username = username;
this.password = password;
};
AuthSession.prototype.equal = function(session) {
return (
session.db === this.db &&
session.username === this.username &&
session.password === this.password
);
};
var id = 0;
/**
* Creates a new ScramSHA authentication mechanism
* @class
* @return {ScramSHA} A cursor instance
*/
var ScramSHA = function(bson, cryptoMethod) {
this.bson = bson;
this.authStore = [];
this.id = id++;
this.cryptoMethod = cryptoMethod || 'sha1';
};
var parsePayload = function(payload) {
var dict = {};
var parts = payload.split(',');
for (var i = 0; i < parts.length; i++) {
var valueParts = parts[i].split('=');
dict[valueParts[0]] = valueParts[1];
}
return dict;
};
var passwordDigest = function(username, password) {
if (typeof username !== 'string') throw new MongoError('username must be a string');
if (typeof password !== 'string') throw new MongoError('password must be a string');
if (password.length === 0) throw new MongoError('password cannot be empty');
// Use node md5 generator
var md5 = crypto.createHash('md5');
// Generate keys used for authentication
md5.update(username + ':mongo:' + password, 'utf8');
return md5.digest('hex');
};
// XOR two buffers
function xor(a, b) {
if (!Buffer.isBuffer(a)) a = Buffer.from(a);
if (!Buffer.isBuffer(b)) b = Buffer.from(b);
const length = Math.max(a.length, b.length);
const res = [];
for (let i = 0; i < length; i += 1) {
res.push(a[i] ^ b[i]);
}
return Buffer.from(res).toString('base64');
}
function H(method, text) {
return crypto
.createHash(method)
.update(text)
.digest();
}
function HMAC(method, key, text) {
return crypto
.createHmac(method, key)
.update(text)
.digest();
}
var _hiCache = {};
var _hiCacheCount = 0;
var _hiCachePurge = function() {
_hiCache = {};
_hiCacheCount = 0;
};
const hiLengthMap = {
sha256: 32,
sha1: 20
};
function HI(data, salt, iterations, cryptoMethod) {
// omit the work if already generated
const key = [data, salt.toString('base64'), iterations].join('_');
if (_hiCache[key] !== undefined) {
return _hiCache[key];
}
// generate the salt
const saltedData = crypto.pbkdf2Sync(
data,
salt,
iterations,
hiLengthMap[cryptoMethod],
cryptoMethod
);
// cache a copy to speed up the next lookup, but prevent unbounded cache growth
if (_hiCacheCount >= 200) {
_hiCachePurge();
}
_hiCache[key] = saltedData;
_hiCacheCount += 1;
return saltedData;
}
/**
* Authenticate
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {string} db Name of the database
* @param {string} username Username
* @param {string} password Password
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
ScramSHA.prototype.auth = function(server, connections, db, username, password, callback) {
var self = this;
// Total connections
var count = connections.length;
if (count === 0) return callback(null, null);
// Valid connections
var numberOfValidConnections = 0;
var errorObject = null;
const cryptoMethod = this.cryptoMethod;
let mechanism = 'SCRAM-SHA-1';
let processedPassword;
if (cryptoMethod === 'sha256') {
mechanism = 'SCRAM-SHA-256';
let saslprepFn = (server.s && server.s.saslprep) || saslprep;
if (saslprepFn) {
processedPassword = saslprepFn(password);
} else {
console.warn('Warning: no saslprep library specified. Passwords will not be sanitized');
processedPassword = password;
}
} else {
processedPassword = passwordDigest(username, password);
}
// Execute MongoCR
var executeScram = function(connection) {
// Clean up the user
username = username.replace('=', '=3D').replace(',', '=2C');
// Create a random nonce
var nonce = crypto.randomBytes(24).toString('base64');
// var nonce = 'MsQUY9iw0T9fx2MUEz6LZPwGuhVvWAhc'
// NOTE: This is done b/c Javascript uses UTF-16, but the server is hashing in UTF-8.
// Since the username is not sasl-prep-d, we need to do this here.
const firstBare = Buffer.concat([
Buffer.from('n=', 'utf8'),
Buffer.from(username, 'utf8'),
Buffer.from(',r=', 'utf8'),
Buffer.from(nonce, 'utf8')
]);
// Build command structure
var cmd = {
saslStart: 1,
mechanism: mechanism,
payload: new Binary(Buffer.concat([Buffer.from('n,,', 'utf8'), firstBare])),
autoAuthorize: 1
};
// Handle the error
var handleError = function(err, r) {
if (err) {
numberOfValidConnections = numberOfValidConnections - 1;
errorObject = err;
return false;
} else if (r.result['$err']) {
errorObject = r.result;
return false;
} else if (r.result['errmsg']) {
errorObject = r.result;
return false;
} else {
numberOfValidConnections = numberOfValidConnections + 1;
}
return true;
};
// Finish up
var finish = function(_count, _numberOfValidConnections) {
if (_count === 0 && _numberOfValidConnections > 0) {
// Store the auth details
addAuthSession(self.authStore, new AuthSession(db, username, password));
// Return correct authentication
return callback(null, true);
} else if (_count === 0) {
if (errorObject == null)
errorObject = new MongoError(f('failed to authenticate using scram'));
return callback(errorObject, false);
}
};
var handleEnd = function(_err, _r) {
// Handle any error
handleError(_err, _r);
// Adjust the number of connections
count = count - 1;
// Execute the finish
finish(count, numberOfValidConnections);
};
// Write the commmand on the connection
server(
connection,
new Query(self.bson, f('%s.$cmd', db), cmd, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
// Do we have an error, handle it
if (handleError(err, r) === false) {
count = count - 1;
if (count === 0 && numberOfValidConnections > 0) {
// Store the auth details
addAuthSession(self.authStore, new AuthSession(db, username, password));
// Return correct authentication
return callback(null, true);
} else if (count === 0) {
if (errorObject == null)
errorObject = new MongoError(f('failed to authenticate using scram'));
return callback(errorObject, false);
}
return;
}
// Get the dictionary
var dict = parsePayload(r.result.payload.value());
// Unpack dictionary
var iterations = parseInt(dict.i, 10);
var salt = dict.s;
var rnonce = dict.r;
// Set up start of proof
var withoutProof = f('c=biws,r=%s', rnonce);
var saltedPassword = HI(
processedPassword,
Buffer.from(salt, 'base64'),
iterations,
cryptoMethod
);
if (iterations && iterations < 4096) {
const error = new MongoError(`Server returned an invalid iteration count ${iterations}`);
return callback(error, false);
}
// Create the client key
const clientKey = HMAC(cryptoMethod, saltedPassword, 'Client Key');
// Create the stored key
const storedKey = H(cryptoMethod, clientKey);
// Create the authentication message
const authMessage = [
firstBare,
r.result.payload.value().toString('base64'),
withoutProof
].join(',');
// Create client signature
const clientSignature = HMAC(cryptoMethod, storedKey, authMessage);
// Create client proof
const clientProof = f('p=%s', xor(clientKey, clientSignature));
// Create client final
const clientFinal = [withoutProof, clientProof].join(',');
// Create continue message
const cmd = {
saslContinue: 1,
conversationId: r.result.conversationId,
payload: new Binary(Buffer.from(clientFinal))
};
//
// Execute sasl continue
// Write the commmand on the connection
server(
connection,
new Query(self.bson, f('%s.$cmd', db), cmd, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
if (r && r.result.done === false) {
var cmd = {
saslContinue: 1,
conversationId: r.result.conversationId,
payload: Buffer.alloc(0)
};
// Write the commmand on the connection
server(
connection,
new Query(self.bson, f('%s.$cmd', db), cmd, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
handleEnd(err, r);
}
);
} else {
handleEnd(err, r);
}
}
);
}
);
};
var _execute = function(_connection) {
process.nextTick(function() {
executeScram(_connection);
});
};
// For each connection we need to authenticate
while (connections.length > 0) {
_execute(connections.shift());
}
};
// Add to store only if it does not exist
var addAuthSession = function(authStore, session) {
var found = false;
for (var i = 0; i < authStore.length; i++) {
if (authStore[i].equal(session)) {
found = true;
break;
}
}
if (!found) authStore.push(session);
};
/**
* Remove authStore credentials
* @method
* @param {string} db Name of database we are removing authStore details about
* @return {object}
*/
ScramSHA.prototype.logout = function(dbName) {
this.authStore = this.authStore.filter(function(x) {
return x.db !== dbName;
});
};
/**
* Re authenticate pool
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
ScramSHA.prototype.reauthenticate = function(server, connections, callback) {
var authStore = this.authStore.slice(0);
var count = authStore.length;
// No connections
if (count === 0) return callback(null, null);
// Iterate over all the auth details stored
for (var i = 0; i < authStore.length; i++) {
this.auth(
server,
connections,
authStore[i].db,
authStore[i].username,
authStore[i].password,
function(err) {
count = count - 1;
// Done re-authenticating
if (count === 0) {
callback(err, null);
}
}
);
}
};
class ScramSHA1 extends ScramSHA {
constructor(bson) {
super(bson, 'sha1');
}
}
class ScramSHA256 extends ScramSHA {
constructor(bson) {
super(bson, 'sha256');
}
}
module.exports = { ScramSHA1, ScramSHA256 };

262
node_modules/mongodb-core/lib/auth/sspi.js generated vendored Normal file
View File

@@ -0,0 +1,262 @@
'use strict';
const f = require('util').format;
const Query = require('../connection/commands').Query;
const MongoError = require('../error').MongoError;
const retrieveKerberos = require('../utils').retrieveKerberos;
var AuthSession = function(db, username, password, options) {
this.db = db;
this.username = username;
this.password = password;
this.options = options;
};
AuthSession.prototype.equal = function(session) {
return (
session.db === this.db &&
session.username === this.username &&
session.password === this.password
);
};
/**
* Creates a new SSPI authentication mechanism
* @class
* @return {SSPI} A cursor instance
*/
var SSPI = function(bson) {
this.bson = bson;
this.authStore = [];
};
/**
* Authenticate
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {string} db Name of the database
* @param {string} username Username
* @param {string} password Password
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
SSPI.prototype.auth = function(server, connections, db, username, password, options, callback) {
var self = this;
let kerberos;
try {
kerberos = retrieveKerberos();
} catch (e) {
return callback(e, null);
}
var gssapiServiceName = options['gssapiServiceName'] || 'mongodb';
// Total connections
var count = connections.length;
if (count === 0) return callback(null, null);
// Valid connections
var numberOfValidConnections = 0;
var errorObject = null;
// For each connection we need to authenticate
while (connections.length > 0) {
// Execute MongoCR
var execute = function(connection) {
// Start Auth process for a connection
SSIPAuthenticate(
self,
kerberos.processes.MongoAuthProcess,
username,
password,
gssapiServiceName,
server,
connection,
options,
function(err, r) {
// Adjust count
count = count - 1;
// If we have an error
if (err) {
errorObject = err;
} else if (r && typeof r === 'object' && r.result['$err']) {
errorObject = r.result;
} else if (r && typeof r === 'object' && r.result['errmsg']) {
errorObject = r.result;
} else {
numberOfValidConnections = numberOfValidConnections + 1;
}
// We have authenticated all connections
if (count === 0 && numberOfValidConnections > 0) {
// Store the auth details
addAuthSession(self.authStore, new AuthSession(db, username, password, options));
// Return correct authentication
callback(null, true);
} else if (count === 0) {
if (errorObject == null)
errorObject = new MongoError(f('failed to authenticate using mongocr'));
callback(errorObject, false);
}
}
);
};
var _execute = function(_connection) {
process.nextTick(function() {
execute(_connection);
});
};
_execute(connections.shift());
}
};
function SSIPAuthenticate(
self,
MongoAuthProcess,
username,
password,
gssapiServiceName,
server,
connection,
options,
callback
) {
const authProcess = new MongoAuthProcess(
connection.host,
connection.port,
gssapiServiceName,
options
);
function authCommand(command, authCb) {
const query = new Query(self.bson, '$external.$cmd', command, {
numberToSkip: 0,
numberToReturn: 1
});
server(connection, query, authCb);
}
authProcess.init(username, password, err => {
if (err) return callback(err, false);
authProcess.transition('', (err, payload) => {
if (err) return callback(err, false);
const command = {
saslStart: 1,
mechanism: 'GSSAPI',
payload,
autoAuthorize: 1
};
authCommand(command, (err, result) => {
if (err) return callback(err, false);
const doc = result.result;
authProcess.transition(doc.payload, (err, payload) => {
if (err) return callback(err, false);
const command = {
saslContinue: 1,
conversationId: doc.conversationId,
payload
};
authCommand(command, (err, result) => {
if (err) return callback(err, false);
const doc = result.result;
authProcess.transition(doc.payload, (err, payload) => {
if (err) return callback(err, false);
const command = {
saslContinue: 1,
conversationId: doc.conversationId,
payload
};
authCommand(command, (err, response) => {
if (err) return callback(err, false);
authProcess.transition(null, err => {
if (err) return callback(err, null);
callback(null, response);
});
});
});
});
});
});
});
});
}
// Add to store only if it does not exist
var addAuthSession = function(authStore, session) {
var found = false;
for (var i = 0; i < authStore.length; i++) {
if (authStore[i].equal(session)) {
found = true;
break;
}
}
if (!found) authStore.push(session);
};
/**
* Remove authStore credentials
* @method
* @param {string} db Name of database we are removing authStore details about
* @return {object}
*/
SSPI.prototype.logout = function(dbName) {
this.authStore = this.authStore.filter(function(x) {
return x.db !== dbName;
});
};
/**
* Re authenticate pool
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
SSPI.prototype.reauthenticate = function(server, connections, callback) {
var authStore = this.authStore.slice(0);
var count = authStore.length;
if (count === 0) return callback(null, null);
// Iterate over all the auth details stored
for (var i = 0; i < authStore.length; i++) {
this.auth(
server,
connections,
authStore[i].db,
authStore[i].username,
authStore[i].password,
authStore[i].options,
function(err) {
count = count - 1;
// Done re-authenticating
if (count === 0) {
callback(err, null);
}
}
);
}
};
/**
* This is a result from a authentication strategy
*
* @callback authResultCallback
* @param {error} error An error object. Set to null if no error present
* @param {boolean} result The result of the authentication process
*/
module.exports = SSPI;

179
node_modules/mongodb-core/lib/auth/x509.js generated vendored Normal file
View File

@@ -0,0 +1,179 @@
'use strict';
var f = require('util').format,
Query = require('../connection/commands').Query,
MongoError = require('../error').MongoError;
var AuthSession = function(db, username, password) {
this.db = db;
this.username = username;
this.password = password;
};
AuthSession.prototype.equal = function(session) {
return (
session.db === this.db &&
session.username === this.username &&
session.password === this.password
);
};
/**
* Creates a new X509 authentication mechanism
* @class
* @return {X509} A cursor instance
*/
var X509 = function(bson) {
this.bson = bson;
this.authStore = [];
};
/**
* Authenticate
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {string} db Name of the database
* @param {string} username Username
* @param {string} password Password
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
X509.prototype.auth = function(server, connections, db, username, password, callback) {
var self = this;
// Total connections
var count = connections.length;
if (count === 0) return callback(null, null);
// Valid connections
var numberOfValidConnections = 0;
var errorObject = null;
// For each connection we need to authenticate
while (connections.length > 0) {
// Execute MongoCR
var execute = function(connection) {
// Let's start the sasl process
var command = {
authenticate: 1,
mechanism: 'MONGODB-X509'
};
// Add username if specified
if (username) {
command.user = username;
}
// Let's start the process
server(
connection,
new Query(self.bson, '$external.$cmd', command, {
numberToSkip: 0,
numberToReturn: 1
}),
function(err, r) {
// Adjust count
count = count - 1;
// If we have an error
if (err) {
errorObject = err;
} else if (r.result['$err']) {
errorObject = r.result;
} else if (r.result['errmsg']) {
errorObject = r.result;
} else {
numberOfValidConnections = numberOfValidConnections + 1;
}
// We have authenticated all connections
if (count === 0 && numberOfValidConnections > 0) {
// Store the auth details
addAuthSession(self.authStore, new AuthSession(db, username, password));
// Return correct authentication
callback(null, true);
} else if (count === 0) {
if (errorObject == null)
errorObject = new MongoError(f('failed to authenticate using mongocr'));
callback(errorObject, false);
}
}
);
};
var _execute = function(_connection) {
process.nextTick(function() {
execute(_connection);
});
};
_execute(connections.shift());
}
};
// Add to store only if it does not exist
var addAuthSession = function(authStore, session) {
var found = false;
for (var i = 0; i < authStore.length; i++) {
if (authStore[i].equal(session)) {
found = true;
break;
}
}
if (!found) authStore.push(session);
};
/**
* Remove authStore credentials
* @method
* @param {string} db Name of database we are removing authStore details about
* @return {object}
*/
X509.prototype.logout = function(dbName) {
this.authStore = this.authStore.filter(function(x) {
return x.db !== dbName;
});
};
/**
* Re authenticate pool
* @method
* @param {{Server}|{ReplSet}|{Mongos}} server Topology the authentication method is being called on
* @param {[]Connections} connections Connections to authenticate using this authenticator
* @param {authResultCallback} callback The callback to return the result from the authentication
* @return {object}
*/
X509.prototype.reauthenticate = function(server, connections, callback) {
var authStore = this.authStore.slice(0);
var count = authStore.length;
if (count === 0) return callback(null, null);
// Iterate over all the auth details stored
for (var i = 0; i < authStore.length; i++) {
this.auth(
server,
connections,
authStore[i].db,
authStore[i].username,
authStore[i].password,
function(err) {
count = count - 1;
// Done re-authenticating
if (count === 0) {
callback(err, null);
}
}
);
}
};
/**
* This is a result from a authentication strategy
*
* @callback authResultCallback
* @param {error} error An error object. Set to null if no error present
* @param {boolean} result The result of the authentication process
*/
module.exports = X509;