2020-05-27 21:06:33 +00:00
|
|
|
#pragma once
|
|
|
|
|
2020-06-03 11:20:53 +00:00
|
|
|
#if !defined(ARCADIA_BUILD)
|
|
|
|
# include "config_core.h"
|
2020-05-27 21:06:33 +00:00
|
|
|
#endif
|
|
|
|
|
2020-09-15 09:55:57 +00:00
|
|
|
#include <common/types.h>
|
2020-05-27 21:06:33 +00:00
|
|
|
|
|
|
|
#if USE_LDAP
|
2020-06-03 11:20:53 +00:00
|
|
|
# include <ldap.h>
|
|
|
|
# define MAYBE_NORETURN
|
2020-05-27 21:06:33 +00:00
|
|
|
#else
|
2020-06-03 11:20:53 +00:00
|
|
|
# define MAYBE_NORETURN [[noreturn]]
|
2020-05-27 21:06:33 +00:00
|
|
|
#endif
|
|
|
|
|
2021-03-11 20:41:10 +00:00
|
|
|
#include <chrono>
|
2021-06-14 09:43:16 +00:00
|
|
|
#include <optional>
|
2021-03-11 20:41:10 +00:00
|
|
|
#include <set>
|
|
|
|
#include <vector>
|
|
|
|
|
2020-05-27 21:06:33 +00:00
|
|
|
|
|
|
|
namespace DB
|
|
|
|
{
|
|
|
|
|
|
|
|
class LDAPClient
|
|
|
|
{
|
|
|
|
public:
|
2021-03-11 20:41:10 +00:00
|
|
|
struct SearchParams
|
|
|
|
{
|
|
|
|
enum class Scope
|
|
|
|
{
|
|
|
|
BASE,
|
|
|
|
ONE_LEVEL,
|
|
|
|
SUBTREE,
|
|
|
|
CHILDREN
|
|
|
|
};
|
|
|
|
|
|
|
|
String base_dn;
|
|
|
|
Scope scope = Scope::SUBTREE;
|
|
|
|
String search_filter;
|
|
|
|
String attribute = "cn";
|
2021-03-28 22:23:20 +00:00
|
|
|
|
|
|
|
void combineHash(std::size_t & seed) const;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct RoleSearchParams
|
|
|
|
: public SearchParams
|
|
|
|
{
|
2021-03-11 20:41:10 +00:00
|
|
|
String prefix;
|
|
|
|
|
|
|
|
void combineHash(std::size_t & seed) const;
|
|
|
|
};
|
|
|
|
|
2021-03-28 22:23:20 +00:00
|
|
|
using RoleSearchParamsList = std::vector<RoleSearchParams>;
|
|
|
|
|
2021-03-11 20:41:10 +00:00
|
|
|
using SearchResults = std::set<String>;
|
|
|
|
using SearchResultsList = std::vector<SearchResults>;
|
|
|
|
|
|
|
|
struct Params
|
|
|
|
{
|
|
|
|
enum class ProtocolVersion
|
|
|
|
{
|
|
|
|
V2,
|
|
|
|
V3
|
|
|
|
};
|
|
|
|
|
|
|
|
enum class TLSEnable
|
|
|
|
{
|
|
|
|
NO,
|
|
|
|
YES_STARTTLS,
|
|
|
|
YES
|
|
|
|
};
|
|
|
|
|
|
|
|
enum class TLSProtocolVersion
|
|
|
|
{
|
|
|
|
SSL2,
|
|
|
|
SSL3,
|
|
|
|
TLS1_0,
|
|
|
|
TLS1_1,
|
|
|
|
TLS1_2
|
|
|
|
};
|
|
|
|
|
|
|
|
enum class TLSRequireCert
|
|
|
|
{
|
|
|
|
NEVER,
|
|
|
|
ALLOW,
|
|
|
|
TRY,
|
|
|
|
DEMAND
|
|
|
|
};
|
|
|
|
|
|
|
|
enum class SASLMechanism
|
|
|
|
{
|
|
|
|
UNKNOWN,
|
|
|
|
SIMPLE
|
|
|
|
};
|
|
|
|
|
|
|
|
ProtocolVersion protocol_version = ProtocolVersion::V3;
|
|
|
|
|
|
|
|
String host;
|
|
|
|
std::uint16_t port = 636;
|
|
|
|
|
|
|
|
TLSEnable enable_tls = TLSEnable::YES;
|
|
|
|
TLSProtocolVersion tls_minimum_protocol_version = TLSProtocolVersion::TLS1_2;
|
|
|
|
TLSRequireCert tls_require_cert = TLSRequireCert::DEMAND;
|
|
|
|
String tls_cert_file;
|
|
|
|
String tls_key_file;
|
|
|
|
String tls_ca_cert_file;
|
|
|
|
String tls_ca_cert_dir;
|
|
|
|
String tls_cipher_suite;
|
|
|
|
|
|
|
|
SASLMechanism sasl_mechanism = SASLMechanism::SIMPLE;
|
|
|
|
|
|
|
|
String bind_dn;
|
|
|
|
String user;
|
|
|
|
String password;
|
|
|
|
|
2021-03-28 22:23:20 +00:00
|
|
|
std::optional<SearchParams> user_dn_detection;
|
|
|
|
|
2021-03-11 20:41:10 +00:00
|
|
|
std::chrono::seconds verification_cooldown{0};
|
|
|
|
|
|
|
|
std::chrono::seconds operation_timeout{40};
|
|
|
|
std::chrono::seconds network_timeout{30};
|
|
|
|
std::chrono::seconds search_timeout{20};
|
|
|
|
std::uint32_t search_limit = 100;
|
|
|
|
|
|
|
|
void combineCoreHash(std::size_t & seed) const;
|
|
|
|
};
|
|
|
|
|
|
|
|
explicit LDAPClient(const Params & params_);
|
2020-05-27 21:06:33 +00:00
|
|
|
~LDAPClient();
|
|
|
|
|
|
|
|
LDAPClient(const LDAPClient &) = delete;
|
|
|
|
LDAPClient(LDAPClient &&) = delete;
|
|
|
|
LDAPClient & operator= (const LDAPClient &) = delete;
|
|
|
|
LDAPClient & operator= (LDAPClient &&) = delete;
|
|
|
|
|
|
|
|
protected:
|
2020-11-19 22:02:18 +00:00
|
|
|
MAYBE_NORETURN void diag(const int rc, String text = "");
|
2020-05-27 21:06:33 +00:00
|
|
|
MAYBE_NORETURN void openConnection();
|
|
|
|
void closeConnection() noexcept;
|
2021-03-11 20:41:10 +00:00
|
|
|
SearchResults search(const SearchParams & search_params);
|
2020-05-27 21:06:33 +00:00
|
|
|
|
|
|
|
protected:
|
2021-03-11 20:41:10 +00:00
|
|
|
const Params params;
|
2020-05-27 21:06:33 +00:00
|
|
|
#if USE_LDAP
|
|
|
|
LDAP * handle = nullptr;
|
|
|
|
#endif
|
2021-03-28 22:23:20 +00:00
|
|
|
String final_user_name;
|
|
|
|
String final_bind_dn;
|
|
|
|
String final_user_dn;
|
2020-05-27 21:06:33 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
class LDAPSimpleAuthClient
|
|
|
|
: private LDAPClient
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
using LDAPClient::LDAPClient;
|
2021-03-28 22:23:20 +00:00
|
|
|
bool authenticate(const RoleSearchParamsList * role_search_params, SearchResultsList * role_search_results);
|
2020-05-27 21:06:33 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
#undef MAYBE_NORETURN
|