Refactor ExternalAuthenticators configuration process

2024-11-28 18:42:26 +00:00 · 2020-07-11 21:06:01 +04:00 · 2020-07-11 21:06:01 +04:00 · 3e68368b59
commit 3e68368b59
parent af98e74afd
6 changed files with 20 additions and 14 deletions
--- a/src/Access/AccessControlManager.cpp
+++ b/src/Access/AccessControlManager.cpp
@ -65,7 +65,8 @@ AccessControlManager::AccessControlManager()
      role_cache(std::make_unique<RoleCache>(*this)),
      row_policy_cache(std::make_unique<RowPolicyCache>(*this)),
      quota_cache(std::make_unique<QuotaCache>(*this)),
-      settings_profiles_cache(std::make_unique<SettingsProfilesCache>(*this))
+      settings_profiles_cache(std::make_unique<SettingsProfilesCache>(*this)),
+      external_authenticators(std::make_unique<ExternalAuthenticators>())
 {
 }

@ -82,7 +83,7 @@ void AccessControlManager::setLocalDirectory(const String & directory_path)

 void AccessControlManager::setExternalAuthenticatorsConfig(const Poco::Util::AbstractConfiguration & config)
 {
-    external_authenticators = std::make_unique<ExternalAuthenticators>(config, getLogger());
+    external_authenticators->setConfig(config, getLogger());
 }


@ -170,9 +171,9 @@ std::shared_ptr<const SettingsChanges> AccessControlManager::getProfileSettings(
    return settings_profiles_cache->getProfileSettings(profile_name);
 }

-const ExternalAuthenticators * AccessControlManager::getExternalAuthenticators() const
+const ExternalAuthenticators & AccessControlManager::getExternalAuthenticators() const
 {
-    return external_authenticators.get();
+    return *external_authenticators;
 }

 }
--- a/src/Access/AccessControlManager.h
+++ b/src/Access/AccessControlManager.h
@ -87,7 +87,7 @@ public:

    std::shared_ptr<const SettingsChanges> getProfileSettings(const String & profile_name) const;

-    const ExternalAuthenticators * getExternalAuthenticators() const;
+    const ExternalAuthenticators & getExternalAuthenticators() const;

 private:
    class ContextAccessCache;
--- a/src/Access/Authentication.cpp
+++ b/src/Access/Authentication.cpp
@ -49,7 +49,7 @@ Authentication::Digest Authentication::getPasswordDoubleSHA1() const
 }


-bool Authentication::isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators * external_authenticators) const
+bool Authentication::isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators & external_authenticators) const
 {
    switch (type)
    {
@ -82,10 +82,7 @@ bool Authentication::isCorrectPassword(const String & password_, const String &

        case LDAP_SERVER:
        {
-            if (!external_authenticators)
-                throw Exception("External authenticators are not configured", ErrorCodes::BAD_ARGUMENTS);
-
-            auto ldap_server_params = external_authenticators->getLDAPServerParams(server_name);
+            auto ldap_server_params = external_authenticators.getLDAPServerParams(server_name);
            ldap_server_params.user = user_;
            ldap_server_params.password = password_;

--- a/src/Access/Authentication.h
+++ b/src/Access/Authentication.h
@ -89,7 +89,7 @@ public:

    /// Checks if the provided password is correct. Returns false if not.
    /// User name and external authenticators' info are used only by some specific authentication type (e.g., LDAP_SERVER).
-    bool isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators * external_authenticators) const;
+    bool isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators & external_authenticators) const;

    friend bool operator ==(const Authentication & lhs, const Authentication & rhs) { return (lhs.type == rhs.type) && (lhs.password_hash == rhs.password_hash); }
    friend bool operator !=(const Authentication & lhs, const Authentication & rhs) { return !(lhs == rhs); }
--- a/src/Access/ExternalAuthenticators.cpp
+++ b/src/Access/ExternalAuthenticators.cpp
@ -150,8 +150,15 @@ void parseAndAddLDAPServers(ExternalAuthenticators & external_authenticators, co

 }

-ExternalAuthenticators::ExternalAuthenticators(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log)
+void ExternalAuthenticators::reset() {
+    std::scoped_lock lock(mutex);
+    ldap_server_params.clear();
+}
+
+void ExternalAuthenticators::setConfig(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log)
 {
+    std::scoped_lock lock(mutex);
+    reset();
    parseAndAddLDAPServers(*this, config, log);
 }

--- a/src/Access/ExternalAuthenticators.h
+++ b/src/Access/ExternalAuthenticators.h
@ -25,13 +25,14 @@ namespace DB
 class ExternalAuthenticators
 {
 public:
-    explicit ExternalAuthenticators(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log);
+    void reset();
+    void setConfig(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log);

    void setLDAPServerParams(const String & server, const LDAPServerParams & params);
    LDAPServerParams getLDAPServerParams(const String & server) const;

 private:
-    mutable std::mutex mutex;
+    mutable std::recursive_mutex mutex;
    std::map<String, LDAPServerParams> ldap_server_params;
 };