mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-25 09:02:00 +00:00
Cleanup code in KerberosInit
This commit is contained in:
parent
3cfea6e76f
commit
d1d6d87432
@ -14,7 +14,7 @@ int KerberosInit::init(const String & keytab_file, const String & principal, con
|
|||||||
// Using mutex to prevent cache file corruptions
|
// Using mutex to prevent cache file corruptions
|
||||||
std::unique_lock<std::mutex> lck(kinit_mtx);
|
std::unique_lock<std::mutex> lck(kinit_mtx);
|
||||||
|
|
||||||
auto log = &Poco::Logger::get("ADQM");
|
auto log = &Poco::Logger::get("KerberosInit");
|
||||||
LOG_DEBUG(log,"Trying to authenticate to Kerberos v5");
|
LOG_DEBUG(log,"Trying to authenticate to Kerberos v5");
|
||||||
|
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
@ -39,10 +39,10 @@ int KerberosInit::init(const String & keytab_file, const String & principal, con
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Resolve the default ccache and get its type and default principal (if it is initialized).
|
// Resolve the default cache and get its type and default principal (if it is initialized).
|
||||||
ret = krb5_cc_default(k5.ctx, &defcache);
|
ret = krb5_cc_default(k5.ctx, &defcache);
|
||||||
if (ret)
|
if (ret)
|
||||||
throw Exception("Error while getting default ccache", ErrorCodes::KERBEROS_ERROR);
|
throw Exception("Error while getting default cache", ErrorCodes::KERBEROS_ERROR);
|
||||||
LOG_DEBUG(log,"Resolved default cache");
|
LOG_DEBUG(log,"Resolved default cache");
|
||||||
deftype = krb5_cc_get_type(k5.ctx, defcache);
|
deftype = krb5_cc_get_type(k5.ctx, defcache);
|
||||||
if (krb5_cc_get_principal(k5.ctx, defcache, &defcache_princ) != 0)
|
if (krb5_cc_get_principal(k5.ctx, defcache, &defcache_princ) != 0)
|
||||||
@ -116,7 +116,7 @@ int KerberosInit::init(const String & keytab_file, const String & principal, con
|
|||||||
ret = krb5_get_renewed_creds(k5.ctx, &my_creds, k5.me, k5.out_cc, nullptr);
|
ret = krb5_get_renewed_creds(k5.ctx, &my_creds, k5.me, k5.out_cc, nullptr);
|
||||||
if (ret)
|
if (ret)
|
||||||
{
|
{
|
||||||
LOG_DEBUG(log,"Renew failed, trying to get initial credentials");
|
LOG_DEBUG(log,"Renew failed ({}). Trying to get initial credentials", ret);
|
||||||
ret = krb5_get_init_creds_keytab(k5.ctx, &my_creds, k5.me, keytab, 0, nullptr, options);
|
ret = krb5_get_init_creds_keytab(k5.ctx, &my_creds, k5.me, keytab, 0, nullptr, options);
|
||||||
if (ret)
|
if (ret)
|
||||||
throw Exception("Error in getting initial credentials", ErrorCodes::KERBEROS_ERROR);
|
throw Exception("Error in getting initial credentials", ErrorCodes::KERBEROS_ERROR);
|
||||||
@ -139,7 +139,7 @@ int KerberosInit::init(const String & keytab_file, const String & principal, con
|
|||||||
if (k5.switch_to_cache) {
|
if (k5.switch_to_cache) {
|
||||||
ret = krb5_cc_switch(k5.ctx, k5.out_cc);
|
ret = krb5_cc_switch(k5.ctx, k5.out_cc);
|
||||||
if (ret)
|
if (ret)
|
||||||
throw Exception("Error while switching to new ccache", ErrorCodes::KERBEROS_ERROR);
|
throw Exception("Error while switching to new cache", ErrorCodes::KERBEROS_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
LOG_DEBUG(log,"Authenticated to Kerberos v5");
|
LOG_DEBUG(log,"Authenticated to Kerberos v5");
|
||||||
|
@ -73,7 +73,7 @@ void HDFSBuilderWrapper::loadFromConfig(const Poco::Util::AbstractConfiguration
|
|||||||
|
|
||||||
void HDFSBuilderWrapper::runKinit()
|
void HDFSBuilderWrapper::runKinit()
|
||||||
{
|
{
|
||||||
LOG_DEBUG(&Poco::Logger::get("HDFSClient"), "ADQM: running KerberosInit");
|
LOG_DEBUG(&Poco::Logger::get("HDFSClient"), "Running KerberosInit");
|
||||||
KerberosInit k_init;
|
KerberosInit k_init;
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@ -81,7 +81,7 @@ void HDFSBuilderWrapper::runKinit()
|
|||||||
} catch (const DB::Exception & e) {
|
} catch (const DB::Exception & e) {
|
||||||
throw Exception("KerberosInit failure: "+ getExceptionMessage(e, false), ErrorCodes::KERBEROS_ERROR);
|
throw Exception("KerberosInit failure: "+ getExceptionMessage(e, false), ErrorCodes::KERBEROS_ERROR);
|
||||||
}
|
}
|
||||||
LOG_DEBUG(&Poco::Logger::get("HDFSClient"), "ADQM: finished KerberosInit");
|
LOG_DEBUG(&Poco::Logger::get("HDFSClient"), "Finished KerberosInit");
|
||||||
}
|
}
|
||||||
|
|
||||||
HDFSBuilderWrapper createHDFSBuilder(const String & uri_str, const Poco::Util::AbstractConfiguration & config)
|
HDFSBuilderWrapper createHDFSBuilder(const String & uri_str, const Poco::Util::AbstractConfiguration & config)
|
||||||
|
@ -519,19 +519,17 @@ void StorageKafka::updateConfiguration(cppkafka::Configuration & conf)
|
|||||||
|
|
||||||
if (conf.has_property("sasl.kerberos.keytab") && conf.has_property("sasl.kerberos.principal"))
|
if (conf.has_property("sasl.kerberos.keytab") && conf.has_property("sasl.kerberos.principal"))
|
||||||
{
|
{
|
||||||
LOG_DEBUG(log, "ADQM: preparing KerberosInit");
|
|
||||||
String keytab = conf.get("sasl.kerberos.keytab");
|
String keytab = conf.get("sasl.kerberos.keytab");
|
||||||
String principal = conf.get("sasl.kerberos.principal");
|
String principal = conf.get("sasl.kerberos.principal");
|
||||||
LOG_DEBUG(log, "ADQM: keytab: {}, principal: {}", keytab, principal);
|
LOG_DEBUG(log, "Running KerberosInit");
|
||||||
LOG_DEBUG(log, "ADQM: running KerberosInit");
|
|
||||||
KerberosInit k_init;
|
KerberosInit k_init;
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
k_init.init(keytab,principal);
|
k_init.init(keytab,principal);
|
||||||
} catch (const Exception & e) {
|
} catch (const Exception & e) {
|
||||||
LOG_ERROR(log, "ADQM: KerberosInit failure: {}", getExceptionMessage(e, false));
|
LOG_ERROR(log, "KerberosInit failure: {}", getExceptionMessage(e, false));
|
||||||
}
|
}
|
||||||
LOG_DEBUG(log, "ADQM: finished KerberosInit");
|
LOG_DEBUG(log, "Finished KerberosInit");
|
||||||
conf.set("sasl.kerberos.kinit.cmd","");
|
conf.set("sasl.kerberos.kinit.cmd","");
|
||||||
conf.set("sasl.kerberos.min.time.before.relogin","0");
|
conf.set("sasl.kerberos.min.time.before.relogin","0");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user