Skip to content
This repository was archived by the owner on Feb 4, 2022. It is now read-only.

Commit 2a68d8b

Browse files
mbroadstmbroadst
committed
fix(sspi): correct auth process for SSPI
The SSPI auth process should have been the same as GSSAPI, but it instead initialized and transitioned kerberos _after_ an initial connect to the client. Starting with MongoDB 4.0, this simply will not work anymore, and needs to be corrected. NODE-1479
1 parent ef586a6 commit 2a68d8b

File tree

1 file changed

+49
-87
lines changed

1 file changed

+49
-87
lines changed

lib/auth/sspi.js

Lines changed: 49 additions & 87 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ class SSPI extends AuthProvider {
4747
}
4848
}
4949

50-
var SSIPAuthenticate = function(
50+
function SSIPAuthenticate(
5151
self,
5252
username,
5353
password,
@@ -57,111 +57,73 @@ var SSIPAuthenticate = function(
5757
options,
5858
callback
5959
) {
60-
// Build Authentication command to send to MongoDB
61-
var command = {
62-
saslStart: 1,
63-
mechanism: 'GSSAPI',
64-
payload: '',
65-
autoAuthorize: 1
66-
};
67-
68-
// Create authenticator
69-
var mongo_auth_process = new MongoAuthProcess(
60+
const authProcess = new MongoAuthProcess(
7061
connection.host,
7162
connection.port,
7263
gssapiServiceName,
7364
options
7465
);
7566

76-
// Execute first sasl step
77-
server(
78-
connection,
79-
new Query(self.bson, '$external.$cmd', command, {
67+
function authCommand(command, authCb) {
68+
const query = new Query(self.bson, '$external.$cmd', command, {
8069
numberToSkip: 0,
8170
numberToReturn: 1
82-
}),
83-
function(err, r) {
71+
});
72+
73+
server(connection, query, authCb);
74+
}
75+
76+
authProcess.init(username, password, err => {
77+
if (err) return callback(err, false);
78+
79+
authProcess.transition('', (err, payload) => {
8480
if (err) return callback(err, false);
85-
var doc = r.result;
8681

87-
mongo_auth_process.init(username, password, function(err) {
88-
if (err) return callback(err);
82+
const command = {
83+
saslStart: 1,
84+
mechanism: 'GSSAPI',
85+
payload,
86+
autoAuthorize: 1
87+
};
8988

90-
mongo_auth_process.transition(doc.payload, function(err, payload) {
91-
if (err) return callback(err);
89+
authCommand(command, (err, result) => {
90+
if (err) return callback(err, false);
91+
const doc = result.result;
9292

93-
// Perform the next step against mongod
94-
var command = {
93+
authProcess.transition(doc.payload, (err, payload) => {
94+
if (err) return callback(err, false);
95+
const command = {
9596
saslContinue: 1,
9697
conversationId: doc.conversationId,
97-
payload: payload
98+
payload
9899
};
99100

100-
// Execute the command
101-
server(
102-
connection,
103-
new Query(self.bson, '$external.$cmd', command, {
104-
numberToSkip: 0,
105-
numberToReturn: 1
106-
}),
107-
function(err, r) {
101+
authCommand(command, (err, result) => {
102+
if (err) return callback(err, false);
103+
const doc = result.result;
104+
105+
authProcess.transition(doc.payload, (err, payload) => {
108106
if (err) return callback(err, false);
109-
var doc = r.result;
110-
111-
mongo_auth_process.transition(doc.payload, function(err, payload) {
112-
if (err) return callback(err);
113-
114-
// Perform the next step against mongod
115-
var command = {
116-
saslContinue: 1,
117-
conversationId: doc.conversationId,
118-
payload: payload
119-
};
120-
121-
// Execute the command
122-
server(
123-
connection,
124-
new Query(self.bson, '$external.$cmd', command, {
125-
numberToSkip: 0,
126-
numberToReturn: 1
127-
}),
128-
function(err, r) {
129-
if (err) return callback(err, false);
130-
var doc = r.result;
131-
132-
mongo_auth_process.transition(doc.payload, function(err, payload) {
133-
// Perform the next step against mongod
134-
var command = {
135-
saslContinue: 1,
136-
conversationId: doc.conversationId,
137-
payload: payload
138-
};
139-
140-
// Execute the command
141-
server(
142-
connection,
143-
new Query(self.bson, '$external.$cmd', command, {
144-
numberToSkip: 0,
145-
numberToReturn: 1
146-
}),
147-
function(err, r) {
148-
if (err) return callback(err, false);
149-
var doc = r.result;
150-
151-
if (doc.done) return callback(null, true);
152-
callback(new Error('Authentication failed'), false);
153-
}
154-
);
155-
});
156-
}
157-
);
107+
const command = {
108+
saslContinue: 1,
109+
conversationId: doc.conversationId,
110+
payload
111+
};
112+
113+
authCommand(command, (err, response) => {
114+
if (err) return callback(err, false);
115+
116+
authProcess.transition(null, err => {
117+
if (err) return callback(err, null);
118+
callback(null, response);
119+
});
158120
});
159-
}
160-
);
121+
});
122+
});
161123
});
162124
});
163-
}
164-
);
165-
};
125+
});
126+
});
127+
}
166128

167129
module.exports = SSPI;

0 commit comments

Comments
 (0)