Serialize all calls to ldap lib

This commit is contained in:
Denis Glazachev 2020-10-03 00:31:14 +04:00
parent 80c334a5ac
commit ab2c37cead

View File

@ -2,6 +2,8 @@
#include <Common/Exception.h> #include <Common/Exception.h>
#include <ext/scope_guard.h> #include <ext/scope_guard.h>
#include <mutex>
#include <cstring> #include <cstring>
#include <sys/time.h> #include <sys/time.h>
@ -27,16 +29,13 @@ LDAPClient::~LDAPClient()
closeConnection(); closeConnection();
} }
void LDAPClient::openConnection()
{
const bool graceful_bind_failure = false;
diag(openConnection(graceful_bind_failure));
}
#if USE_LDAP #if USE_LDAP
namespace namespace
{ {
std::recursive_mutex ldap_global_mutex;
auto escapeForLDAP(const String & src) auto escapeForLDAP(const String & src)
{ {
String dest; String dest;
@ -63,10 +62,13 @@ namespace
return dest; return dest;
} }
} }
void LDAPClient::diag(const int rc) void LDAPClient::diag(const int rc)
{ {
std::scoped_lock lock(ldap_global_mutex);
if (rc != LDAP_SUCCESS) if (rc != LDAP_SUCCESS)
{ {
String text; String text;
@ -100,8 +102,18 @@ void LDAPClient::diag(const int rc)
} }
} }
void LDAPClient::openConnection()
{
std::scoped_lock lock(ldap_global_mutex);
const bool graceful_bind_failure = false;
diag(openConnection(graceful_bind_failure));
}
int LDAPClient::openConnection(const bool graceful_bind_failure) int LDAPClient::openConnection(const bool graceful_bind_failure)
{ {
std::scoped_lock lock(ldap_global_mutex);
closeConnection(); closeConnection();
{ {
@ -258,6 +270,8 @@ int LDAPClient::openConnection(const bool graceful_bind_failure)
void LDAPClient::closeConnection() noexcept void LDAPClient::closeConnection() noexcept
{ {
std::scoped_lock lock(ldap_global_mutex);
if (!handle) if (!handle)
return; return;
@ -267,6 +281,8 @@ void LDAPClient::closeConnection() noexcept
bool LDAPSimpleAuthClient::check() bool LDAPSimpleAuthClient::check()
{ {
std::scoped_lock lock(ldap_global_mutex);
if (params.user.empty()) if (params.user.empty())
throw Exception("LDAP authentication of a user with an empty name is not allowed", ErrorCodes::BAD_ARGUMENTS); throw Exception("LDAP authentication of a user with an empty name is not allowed", ErrorCodes::BAD_ARGUMENTS);
@ -312,6 +328,11 @@ void LDAPClient::diag(const int)
throw Exception("ClickHouse was built without LDAP support", ErrorCodes::FEATURE_IS_NOT_ENABLED_AT_BUILD_TIME); throw Exception("ClickHouse was built without LDAP support", ErrorCodes::FEATURE_IS_NOT_ENABLED_AT_BUILD_TIME);
} }
void LDAPClient::openConnection()
{
throw Exception("ClickHouse was built without LDAP support", ErrorCodes::FEATURE_IS_NOT_ENABLED_AT_BUILD_TIME);
}
int LDAPClient::openConnection(const bool) int LDAPClient::openConnection(const bool)
{ {
throw Exception("ClickHouse was built without LDAP support", ErrorCodes::FEATURE_IS_NOT_ENABLED_AT_BUILD_TIME); throw Exception("ClickHouse was built without LDAP support", ErrorCodes::FEATURE_IS_NOT_ENABLED_AT_BUILD_TIME);