thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-28 18:42:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor ExternalAuthenticators configuration process

Browse Source
This commit is contained in:
Denis Glazachev 2020-07-11 21:06:01 +04:00
parent af98e74afd
commit 3e68368b59
6 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Access/AccessControlManager.cpp
View File

@ -65,7 +65,8 @@ AccessControlManager::AccessControlManager()
role_cache(std::make_unique<RoleCache>(*this)), role_cache(std::make_unique<RoleCache>(*this)),
row_policy_cache(std::make_unique<RowPolicyCache>(*this)), row_policy_cache(std::make_unique<RowPolicyCache>(*this)),
quota_cache(std::make_unique<QuotaCache>(*this)), quota_cache(std::make_unique<QuotaCache>(*this)),
settings_profiles_cache(std::make_unique<SettingsProfilesCache>(*this)) settings_profiles_cache(std::make_unique<SettingsProfilesCache>(*this)),
external_authenticators(std::make_unique<ExternalAuthenticators>())
{ {
} }
@ -82,7 +83,7 @@ void AccessControlManager::setLocalDirectory(const String & directory_path)
void AccessControlManager::setExternalAuthenticatorsConfig(const Poco::Util::AbstractConfiguration & config) void AccessControlManager::setExternalAuthenticatorsConfig(const Poco::Util::AbstractConfiguration & config)
{ {
external_authenticators = std::make_unique<ExternalAuthenticators>(config, getLogger()); external_authenticators->setConfig(config, getLogger());
} }
@ -170,9 +171,9 @@ std::shared_ptr<const SettingsChanges> AccessControlManager::getProfileSettings(
return settings_profiles_cache->getProfileSettings(profile_name); return settings_profiles_cache->getProfileSettings(profile_name);
} }
const ExternalAuthenticators * AccessControlManager::getExternalAuthenticators() const const ExternalAuthenticators & AccessControlManager::getExternalAuthenticators() const
{ {
return external_authenticators.get(); return *external_authenticators;
} }
} }

2
src/Access/AccessControlManager.h
View File

@ -87,7 +87,7 @@ public:
std::shared_ptr<const SettingsChanges> getProfileSettings(const String & profile_name) const; std::shared_ptr<const SettingsChanges> getProfileSettings(const String & profile_name) const;
const ExternalAuthenticators * getExternalAuthenticators() const; const ExternalAuthenticators & getExternalAuthenticators() const;
private: private:
class ContextAccessCache; class ContextAccessCache;

7
src/Access/Authentication.cpp
View File

@ -49,7 +49,7 @@ Authentication::Digest Authentication::getPasswordDoubleSHA1() const
} }
bool Authentication::isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators * external_authenticators) const bool Authentication::isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators & external_authenticators) const
{ {
switch (type) switch (type)
{ {
@ -82,10 +82,7 @@ bool Authentication::isCorrectPassword(const String & password_, const String &
case LDAP_SERVER: case LDAP_SERVER:
{ {
if (!external_authenticators) auto ldap_server_params = external_authenticators.getLDAPServerParams(server_name);
throw Exception("External authenticators are not configured", ErrorCodes::BAD_ARGUMENTS);
auto ldap_server_params = external_authenticators->getLDAPServerParams(server_name);
ldap_server_params.user = user_; ldap_server_params.user = user_;
ldap_server_params.password = password_; ldap_server_params.password = password_;

2
src/Access/Authentication.h
View File

@ -89,7 +89,7 @@ public:
/// Checks if the provided password is correct. Returns false if not. /// Checks if the provided password is correct. Returns false if not.
/// User name and external authenticators' info are used only by some specific authentication type (e.g., LDAP_SERVER). /// User name and external authenticators' info are used only by some specific authentication type (e.g., LDAP_SERVER).
bool isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators * external_authenticators) const; bool isCorrectPassword(const String & password_, const String & user_, const ExternalAuthenticators & external_authenticators) const;
friend bool operator ==(const Authentication & lhs, const Authentication & rhs) { return (lhs.type == rhs.type) && (lhs.password_hash == rhs.password_hash); } friend bool operator ==(const Authentication & lhs, const Authentication & rhs) { return (lhs.type == rhs.type) && (lhs.password_hash == rhs.password_hash); }
friend bool operator !=(const Authentication & lhs, const Authentication & rhs) { return !(lhs == rhs); } friend bool operator !=(const Authentication & lhs, const Authentication & rhs) { return !(lhs == rhs); }

9
src/Access/ExternalAuthenticators.cpp
View File

@ -150,8 +150,15 @@ void parseAndAddLDAPServers(ExternalAuthenticators & external_authenticators, co
} }
ExternalAuthenticators::ExternalAuthenticators(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log) void ExternalAuthenticators::reset() {
std::scoped_lock lock(mutex);
ldap_server_params.clear();
}
void ExternalAuthenticators::setConfig(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log)
{ {
std::scoped_lock lock(mutex);
reset();
parseAndAddLDAPServers(*this, config, log); parseAndAddLDAPServers(*this, config, log);
} }

5
src/Access/ExternalAuthenticators.h
View File

@ -25,13 +25,14 @@ namespace DB
class ExternalAuthenticators class ExternalAuthenticators
{ {
public: public:
explicit ExternalAuthenticators(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log); void reset();
void setConfig(const Poco::Util::AbstractConfiguration & config, Poco::Logger * log);
void setLDAPServerParams(const String & server, const LDAPServerParams & params); void setLDAPServerParams(const String & server, const LDAPServerParams & params);
LDAPServerParams getLDAPServerParams(const String & server) const; LDAPServerParams getLDAPServerParams(const String & server) const;
private: private:
mutable std::mutex mutex; mutable std::recursive_mutex mutex;
std::map<String, LDAPServerParams> ldap_server_params; std::map<String, LDAPServerParams> ldap_server_params;
}; };