blob: f45f6acd651cc3a37f6b80b3625738352457e5d3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#pragma once
#include "clickhouse_config.h"
#include <Access/Credentials.h>
#include <base/types.h>
#include <memory>
#if USE_KRB5
# error #include <gssapi/gssapi.h>
# error #include <gssapi/gssapi_ext.h>
# error #include <gssapi/gssapi_krb5.h>
# define MAYBE_NORETURN
#else
# define MAYBE_NORETURN [[noreturn]]
#endif
namespace Poco { class Logger; }
namespace DB
{
class GSSAcceptorContext
: public Credentials
{
public:
struct Params
{
String mechanism = "1.2.840.113554.1.2.2"; // OID: krb5
String principal;
String realm;
String keytab;
};
explicit GSSAcceptorContext(const Params & params_);
virtual ~GSSAcceptorContext() override;
GSSAcceptorContext(const GSSAcceptorContext &) = delete;
GSSAcceptorContext(GSSAcceptorContext &&) = delete;
GSSAcceptorContext & operator= (const GSSAcceptorContext &) = delete;
GSSAcceptorContext & operator= (GSSAcceptorContext &&) = delete;
const String & getRealm() const;
bool isFailed() const;
MAYBE_NORETURN String processToken(const String & input_token, Poco::Logger * log);
private:
void reset();
void resetHandles() noexcept;
void initHandles();
const Params params;
bool is_failed = false;
String realm;
#if USE_KRB5
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_cred_id_t acceptor_credentials_handle = GSS_C_NO_CREDENTIAL;
#endif
};
}
#undef MAYBE_NORETURN
|
