(authContext: AuthContext)
| 38 | |
| 39 | export class GSSAPI extends AuthProvider { |
| 40 | override async auth(authContext: AuthContext): Promise<void> { |
| 41 | const { connection, credentials } = authContext; |
| 42 | if (credentials == null) { |
| 43 | throw new MongoMissingCredentialsError('Credentials required for GSSAPI authentication'); |
| 44 | } |
| 45 | |
| 46 | const { username } = credentials; |
| 47 | |
| 48 | const client = await makeKerberosClient(authContext); |
| 49 | |
| 50 | const payload = await client.step(''); |
| 51 | |
| 52 | const saslStartResponse = await externalCommand(connection, saslStart(payload)); |
| 53 | |
| 54 | const negotiatedPayload = await negotiate(client, 10, saslStartResponse.payload); |
| 55 | |
| 56 | const saslContinueResponse = await externalCommand( |
| 57 | connection, |
| 58 | saslContinue(negotiatedPayload, saslStartResponse.conversationId) |
| 59 | ); |
| 60 | |
| 61 | const finalizePayload = await finalize(client, username, saslContinueResponse.payload); |
| 62 | |
| 63 | await externalCommand(connection, { |
| 64 | saslContinue: 1, |
| 65 | conversationId: saslContinueResponse.conversationId, |
| 66 | payload: finalizePayload |
| 67 | }); |
| 68 | } |
| 69 | } |
| 70 | |
| 71 | async function makeKerberosClient({ |
nothing calls this directly
no test coverage detected