ClickHouse/src/Access/ExternalAuthenticators.h

#pragma once

#include <Access/LDAPParams.h>
#include <common/types.h>

#include <chrono>
#include <map>
#include <mutex>
#include <unordered_map>


namespace Poco
{
    class Logger;

    namespace Util
    {
        class AbstractConfiguration;
    }
}


namespace DB
{

class ExternalAuthenticators
{
public:
    void reset();
    void setConfiguration(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log);
    bool checkLDAPCredentials(const String & server, const String & user_name, const String & password,
        const LDAPSearchParamsList * search_params = nullptr, LDAPSearchResultsList * search_results = nullptr) const;

private:
    struct LDAPCacheEntry
    {
        std::size_t last_successful_params_hash = 0;
        std::chrono::steady_clock::time_point last_successful_authentication_timestamp;
        LDAPSearchResultsList last_successful_search_results;
    };

    using LDAPServerCache = std::unordered_map<String, LDAPCacheEntry>; // user name   -> cache entry
    using LDAPServerCaches = std::map<String, LDAPServerCache>;         // server name -> cache
    using LDAPServersParams = std::map<String, LDAPServerParams>;       // server name -> params

private:
    mutable std::recursive_mutex mutex;
    LDAPServersParams ldap_server_params;
    mutable LDAPServerCaches ldap_server_caches;
};

}
Add LDAP authentication support 2020-05-27 21:06:33 +00:00			`#pragma once`

			`#include <Access/LDAPParams.h>`
Try speedup build (#14809) 2020-09-15 09:55:57 +00:00			`#include <common/types.h>`
Add LDAP authentication support 2020-05-27 21:06:33 +00:00
Move caching and LDAP credential verification code to ExternalAuthenticators 2020-12-24 21:49:19 +00:00			`#include <chrono>`
Add LDAP authentication support 2020-05-27 21:06:33 +00:00			`#include <map>`
			`#include <mutex>`
Move caching and LDAP credential verification code to ExternalAuthenticators 2020-12-24 21:49:19 +00:00			`#include <unordered_map>`
Add LDAP authentication support 2020-05-27 21:06:33 +00:00

Compilation fix: add missing "/include" Style fix 2020-05-29 12:14:42 +00:00			`namespace Poco`
			`{`
Rename LDAP_PASSWORD to LDAP_SERVER and use "ldap_server" as a string key Some refactoring 2020-05-29 07:47:01 +00:00			`class Logger;`
Compilation fix: add missing "/include" Style fix 2020-05-29 12:14:42 +00:00
Rename LDAP_PASSWORD to LDAP_SERVER and use "ldap_server" as a string key Some refactoring 2020-05-29 07:47:01 +00:00			`namespace Util`
			`{`
			`class AbstractConfiguration;`
			`}`
			`}`


Add LDAP authentication support 2020-05-27 21:06:33 +00:00			`namespace DB`
			`{`

			`class ExternalAuthenticators`
			`{`
			`public:`
Refactor ExternalAuthenticators configuration process 2020-07-11 17:06:01 +00:00			`void reset();`
Implement LDAPAccessStorage and integrate it into AccessControlManager Rename ExternalAuthenticators::setConfig to setConfiguration Revisit LDAP servers config section comments Add user_directories config section with comments (only for ldap) Fix bug in MemoryAccessStorage::insertImpl 2020-07-23 17:55:24 +00:00			`void setConfiguration(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log);`
Rename {username} to {user_name} Add caching/checking of search_params Adjust comments/doc Use special authentication logic from ExternalAuthenticators::checkLDAPCredentials 2021-01-06 03:40:47 +00:00			`bool checkLDAPCredentials(const String & server, const String & user_name, const String & password,`
			`const LDAPSearchParamsList * search_params = nullptr, LDAPSearchResultsList * search_results = nullptr) const;`
Move parseExternalAuthenticators functionality into the c-tor of ExternalAuthenticators 2020-06-02 09:37:02 +00:00
Move caching and LDAP credential verification code to ExternalAuthenticators 2020-12-24 21:49:19 +00:00			`private:`
			`struct LDAPCacheEntry`
			`{`
Refine the caching 2020-12-24 23:46:08 +00:00			`std::size_t last_successful_params_hash = 0;`
			`std::chrono::steady_clock::time_point last_successful_authentication_timestamp;`
Rename {username} to {user_name} Add caching/checking of search_params Adjust comments/doc Use special authentication logic from ExternalAuthenticators::checkLDAPCredentials 2021-01-06 03:40:47 +00:00			`LDAPSearchResultsList last_successful_search_results;`
Move caching and LDAP credential verification code to ExternalAuthenticators 2020-12-24 21:49:19 +00:00			`};`

			`using LDAPServerCache = std::unordered_map<String, LDAPCacheEntry>; // user name -> cache entry`
			`using LDAPServerCaches = std::map<String, LDAPServerCache>; // server name -> cache`
			`using LDAPServersParams = std::map<String, LDAPServerParams>; // server name -> params`
Add LDAP authentication support 2020-05-27 21:06:33 +00:00
			`private:`
Refactor ExternalAuthenticators configuration process 2020-07-11 17:06:01 +00:00			`mutable std::recursive_mutex mutex;`
Move caching and LDAP credential verification code to ExternalAuthenticators 2020-12-24 21:49:19 +00:00			`LDAPServersParams ldap_server_params;`
			`mutable LDAPServerCaches ldap_server_caches;`
Add LDAP authentication support 2020-05-27 21:06:33 +00:00			`};`

			`}`