UNPKG

krb5

Version:

Kerberos library bindings for Node.js

github.com/adaltas/node-krb5

adaltas/node-krb5

147 lines (131 loc) 5.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
k = require '../build/Release/krb5' fs = require 'fs' cleanup = (ctx, princ, ccache) -> k.krb5_free_principal_sync ctx, princ if princ if ccache k.krb5_cc_close ctx, ccache, (err) -> k.krb5_free_context_sync ctx if ctx else k.krb5_free_context_sync ctx if ctx handle_error = (callback, err, ctx, princ, ccache) -> return err unless err err = k.krb5_get_error_message_sync(ctx, err) cleanup ctx, princ, ccache return callback Error err kinit = (options, callback) -> return callback Error 'Please specify principal for kinit' unless options.principal return callback Error 'Please specify password or keytab for kinit' unless options.password or options.keytab if options.principal.indexOf('@') != -1 split = options.principal.split('@') options.principal = split[0] options.realm = split[1] do_init = -> k.krb5_init_context (err, ctx) -> return handle_error callback, err, ctx if err do_realm ctx do_realm = (ctx) -> if !options.realm k.krb5_get_default_realm ctx, (err, realm) -> return handle_error callback, err, ctx if err options.realm = realm do_principal ctx else do_principal ctx do_principal = (ctx) -> k.krb5_build_principal ctx, options.realm.length, options.realm, options.principal, (err, princ) -> return handle_error callback, err, ctx if err do_ccache ctx, princ do_ccache = (ctx, princ) -> if options.ccname if options.ccname.indexOf(':KEYRING') != -1 cleanup ctx, princ return callback Error 'KEYRING method not supported.' k.krb5_cc_resolve ctx, options.ccname, (err, ccache) -> return handle_error callback, err, ctx, princ if err do_creds ctx, princ, ccache else k.krb5_cc_default ctx, (err, ccache) -> return handle_error callback, err, ctx, princ if err do_creds ctx, princ, ccache do_creds = (ctx, princ, ccache) -> ccname = k.krb5_cc_get_name_sync ctx, ccache fs.exists ccname, (exists) -> if !exists k.krb5_cc_initialize ctx, ccache, princ, (err) -> return handle_error callback, err, ctx, princ if err if options.password then get_creds_password() else get_creds_keytab() else if options.password then get_creds_password() else get_creds_keytab() get_creds_password = -> k.krb5_get_init_creds_password ctx, princ, options.password, (err, creds) -> return handle_error callback, err, ctx, princ, ccache if err store_creds creds get_creds_keytab = -> k.krb5_kt_resolve ctx, options.keytab, (err, kt) -> return handle_error callback, err, ctx, princ, ccache if err k.krb5_get_init_creds_keytab ctx, princ, kt, 0, (err, creds) -> return handle_error callback, err, ctx, princ, ccache if err store_creds creds store_creds = (creds) -> k.krb5_cc_store_cred ctx, ccache, creds, (err) -> return handle_error callback, err, ctx, princ, ccache if err cleanup ctx, princ, ccache callback undefined, ccname do_init() kdestroy = (options, callback) -> k.krb5_init_context (err, ctx) -> return handle_error(callback, err, ctx) if err do_ccache(ctx) do_ccache = (ctx) -> if options.ccname k.krb5_cc_resolve ctx, options.ccname, (err, ccache) -> return handle_error(callback, err, ctx, null, ccache) if err do_destroy ctx, ccache else k.krb5_cc_default ctx, (err, ccache) -> return handle_error(callback, err, ctx, null, ccache) if err do_destroy ctx, ccache do_destroy = (ctx, ccache) -> k.krb5_cc_destroy ctx, ccache, (err) -> return handle_error(callback, err, ctx) if err callback undefined spnego = (options, callback) -> options.ccname ?= "" if options.service_principal input_name_type = 'GSS_C_NT_USER_NAME' service = options.service_principal else if options.service_fqdn or options.hostbased_service input_name_type = 'GSS_C_NT_HOSTBASED_SERVICE' service = options.service_fqdn or options.hostbased_service service = "HTTP@#{service}" unless /.*[@]/.test service else return callback Error 'Missing option "service_principal" or "hostbased_service"' k.generate_spnego_token service, input_name_type, options.ccname, (err, token) -> return callback (if err is "" then undefined else Error err), token?.toString 'base64' module.exports = kinit: (options, callback) -> return kinit options, callback if typeof callback is 'function' return new Promise (resolve, reject) -> kinit options, (err, ccname) -> reject err if err resolve ccname spnego: (options, callback) -> return spnego options, callback if typeof callback is 'function' return new Promise (resolve, reject) -> spnego options, (err, token) -> reject err if err resolve token kdestroy: (options, callback) -> options ?= {} if typeof options is 'function' callback = options return kdestroy {}, callback else return kdestroy options, callback if typeof callback is 'function' return new Promise (resolve, reject) -> kdestroy options, (err) -> reject err if err resolve()