2021-03-05 14:57:16 +00:00
|
|
|
#include <Interpreters/SessionLog.h>
|
|
|
|
|
|
|
|
#include <Access/ContextAccess.h>
|
|
|
|
#include <Access/User.h>
|
|
|
|
#include <Access/EnabledRolesInfo.h>
|
|
|
|
#include <Core/Settings.h>
|
2022-05-17 16:22:52 +00:00
|
|
|
#include <Core/Protocol.h>
|
2021-03-05 14:57:16 +00:00
|
|
|
#include <DataTypes/DataTypeArray.h>
|
|
|
|
#include <DataTypes/DataTypeDateTime64.h>
|
|
|
|
#include <DataTypes/DataTypeDate.h>
|
|
|
|
#include <DataTypes/DataTypeNullable.h>
|
|
|
|
#include <DataTypes/DataTypeDateTime.h>
|
|
|
|
#include <DataTypes/DataTypeEnum.h>
|
|
|
|
#include <DataTypes/DataTypeTuple.h>
|
|
|
|
#include <DataTypes/DataTypeFactory.h>
|
|
|
|
#include <DataTypes/DataTypeLowCardinality.h>
|
|
|
|
#include <DataTypes/DataTypeString.h>
|
|
|
|
#include <DataTypes/DataTypesNumber.h>
|
|
|
|
#include <DataTypes/DataTypeUUID.h>
|
|
|
|
#include <Common/IPv6ToBinary.h>
|
|
|
|
#include <Columns/ColumnArray.h>
|
|
|
|
#include <Columns/ColumnString.h>
|
|
|
|
#include <Columns/ColumnTuple.h>
|
|
|
|
#include <Access/SettingsProfilesInfo.h>
|
2022-01-10 19:01:41 +00:00
|
|
|
#include <Interpreters/Context.h>
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
#include <cassert>
|
|
|
|
|
|
|
|
namespace
|
|
|
|
{
|
|
|
|
using namespace DB;
|
|
|
|
|
|
|
|
auto eventTime()
|
|
|
|
{
|
|
|
|
const auto finish_time = std::chrono::system_clock::now();
|
|
|
|
|
2022-10-03 18:52:14 +00:00
|
|
|
return std::make_pair(timeInSeconds(finish_time), timeInMicroseconds(finish_time));
|
2021-03-05 14:57:16 +00:00
|
|
|
}
|
|
|
|
|
2021-11-01 14:03:20 +00:00
|
|
|
using AuthType = AuthenticationType;
|
2021-03-05 14:57:16 +00:00
|
|
|
using Interface = ClientInfo::Interface;
|
|
|
|
|
|
|
|
void fillColumnArray(const Strings & data, IColumn & column)
|
|
|
|
{
|
|
|
|
auto & array = typeid_cast<ColumnArray &>(column);
|
|
|
|
size_t size = 0;
|
|
|
|
auto & data_col = array.getData();
|
|
|
|
for (const auto & name : data)
|
|
|
|
{
|
|
|
|
data_col.insertData(name.data(), name.size());
|
|
|
|
++size;
|
|
|
|
}
|
|
|
|
auto & offsets = array.getOffsets();
|
|
|
|
offsets.push_back(offsets.back() + size);
|
2022-05-20 08:14:03 +00:00
|
|
|
}
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
namespace DB
|
|
|
|
{
|
|
|
|
|
2021-10-30 14:51:58 +00:00
|
|
|
SessionLogElement::SessionLogElement(const UUID & auth_id_, Type type_)
|
|
|
|
: auth_id(auth_id_),
|
2021-03-05 14:57:16 +00:00
|
|
|
type(type_)
|
|
|
|
{
|
|
|
|
std::tie(event_time, event_time_microseconds) = eventTime();
|
|
|
|
}
|
|
|
|
|
|
|
|
NamesAndTypesList SessionLogElement::getNamesAndTypes()
|
|
|
|
{
|
2022-03-02 17:22:12 +00:00
|
|
|
auto event_type = std::make_shared<DataTypeEnum8>(
|
2021-03-05 14:57:16 +00:00
|
|
|
DataTypeEnum8::Values
|
|
|
|
{
|
|
|
|
{"LoginFailure", static_cast<Int8>(SESSION_LOGIN_FAILURE)},
|
|
|
|
{"LoginSuccess", static_cast<Int8>(SESSION_LOGIN_SUCCESS)},
|
|
|
|
{"Logout", static_cast<Int8>(SESSION_LOGOUT)}
|
|
|
|
});
|
|
|
|
|
2021-11-01 14:03:20 +00:00
|
|
|
#define AUTH_TYPE_NAME_AND_VALUE(v) std::make_pair(AuthenticationTypeInfo::get(v).raw_name, static_cast<Int8>(v))
|
2022-03-02 17:22:12 +00:00
|
|
|
auto identified_with_column = std::make_shared<DataTypeEnum8>(
|
2021-03-05 14:57:16 +00:00
|
|
|
DataTypeEnum8::Values
|
|
|
|
{
|
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::NO_PASSWORD),
|
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::PLAINTEXT_PASSWORD),
|
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::SHA256_PASSWORD),
|
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::DOUBLE_SHA1_PASSWORD),
|
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::LDAP),
|
2022-05-17 16:22:52 +00:00
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::KERBEROS),
|
2022-10-28 19:04:20 +00:00
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::SSL_CERTIFICATE),
|
2023-05-02 14:29:56 +00:00
|
|
|
AUTH_TYPE_NAME_AND_VALUE(AuthType::BCRYPT_PASSWORD),
|
2021-03-05 14:57:16 +00:00
|
|
|
});
|
|
|
|
#undef AUTH_TYPE_NAME_AND_VALUE
|
2023-01-04 14:22:39 +00:00
|
|
|
static_assert(static_cast<int>(AuthenticationType::MAX) == 8);
|
2021-03-05 14:57:16 +00:00
|
|
|
|
2022-03-02 17:22:12 +00:00
|
|
|
auto interface_type_column = std::make_shared<DataTypeEnum8>(
|
2021-03-05 14:57:16 +00:00
|
|
|
DataTypeEnum8::Values
|
|
|
|
{
|
|
|
|
{"TCP", static_cast<Int8>(Interface::TCP)},
|
|
|
|
{"HTTP", static_cast<Int8>(Interface::HTTP)},
|
|
|
|
{"gRPC", static_cast<Int8>(Interface::GRPC)},
|
|
|
|
{"MySQL", static_cast<Int8>(Interface::MYSQL)},
|
2022-04-21 09:09:10 +00:00
|
|
|
{"PostgreSQL", static_cast<Int8>(Interface::POSTGRESQL)},
|
|
|
|
{"Local", static_cast<Int8>(Interface::LOCAL)},
|
|
|
|
{"TCP_Interserver", static_cast<Int8>(Interface::TCP_INTERSERVER)}
|
2021-03-05 14:57:16 +00:00
|
|
|
});
|
2022-04-21 09:09:10 +00:00
|
|
|
static_assert(magic_enum::enum_count<Interface>() == 7);
|
2021-03-05 14:57:16 +00:00
|
|
|
|
2022-03-02 17:22:12 +00:00
|
|
|
auto lc_string_datatype = std::make_shared<DataTypeLowCardinality>(std::make_shared<DataTypeString>());
|
2021-03-05 14:57:16 +00:00
|
|
|
|
2022-03-02 17:22:12 +00:00
|
|
|
auto settings_type_column = std::make_shared<DataTypeArray>(
|
2021-03-05 14:57:16 +00:00
|
|
|
std::make_shared<DataTypeTuple>(
|
|
|
|
DataTypes({
|
|
|
|
// setting name
|
|
|
|
lc_string_datatype,
|
|
|
|
// value
|
|
|
|
std::make_shared<DataTypeString>()
|
|
|
|
})));
|
|
|
|
|
|
|
|
return
|
|
|
|
{
|
|
|
|
{"type", std::move(event_type)},
|
2021-10-30 14:51:58 +00:00
|
|
|
{"auth_id", std::make_shared<DataTypeUUID>()},
|
|
|
|
{"session_id", std::make_shared<DataTypeString>()},
|
2021-03-05 14:57:16 +00:00
|
|
|
{"event_date", std::make_shared<DataTypeDate>()},
|
|
|
|
{"event_time", std::make_shared<DataTypeDateTime>()},
|
|
|
|
{"event_time_microseconds", std::make_shared<DataTypeDateTime64>(6)},
|
|
|
|
|
2022-05-23 19:55:17 +00:00
|
|
|
{"user", std::make_shared<DataTypeNullable>(std::make_shared<DataTypeString>())},
|
2022-05-21 00:05:02 +00:00
|
|
|
{"auth_type", std::make_shared<DataTypeNullable>(std::move(identified_with_column))},
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
{"profiles", std::make_shared<DataTypeArray>(lc_string_datatype)},
|
|
|
|
{"roles", std::make_shared<DataTypeArray>(lc_string_datatype)},
|
2021-10-30 14:59:22 +00:00
|
|
|
{"settings", std::move(settings_type_column)},
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
{"client_address", DataTypeFactory::instance().get("IPv6")},
|
|
|
|
{"client_port", std::make_shared<DataTypeUInt16>()},
|
|
|
|
{"interface", std::move(interface_type_column)},
|
|
|
|
|
|
|
|
{"client_hostname", std::make_shared<DataTypeString>()},
|
|
|
|
{"client_name", std::make_shared<DataTypeString>()},
|
|
|
|
{"client_revision", std::make_shared<DataTypeUInt32>()},
|
|
|
|
{"client_version_major", std::make_shared<DataTypeUInt32>()},
|
|
|
|
{"client_version_minor", std::make_shared<DataTypeUInt32>()},
|
|
|
|
{"client_version_patch", std::make_shared<DataTypeUInt32>()},
|
|
|
|
|
|
|
|
{"failure_reason", std::make_shared<DataTypeString>()},
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
void SessionLogElement::appendToBlock(MutableColumns & columns) const
|
|
|
|
{
|
|
|
|
assert(type >= SESSION_LOGIN_FAILURE && type <= SESSION_LOGOUT);
|
2021-11-02 09:02:22 +00:00
|
|
|
assert(user_identified_with >= AuthenticationType::NO_PASSWORD && user_identified_with <= AuthenticationType::MAX);
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
size_t i = 0;
|
|
|
|
|
|
|
|
columns[i++]->insert(type);
|
2021-10-30 14:51:58 +00:00
|
|
|
columns[i++]->insert(auth_id);
|
2021-03-05 14:57:16 +00:00
|
|
|
columns[i++]->insert(session_id);
|
|
|
|
columns[i++]->insert(static_cast<DayNum>(DateLUT::instance().toDayNum(event_time).toUnderType()));
|
|
|
|
columns[i++]->insert(event_time);
|
|
|
|
columns[i++]->insert(event_time_microseconds);
|
|
|
|
|
2022-05-23 19:55:17 +00:00
|
|
|
assert((user && user_identified_with) || client_info.interface == ClientInfo::Interface::TCP_INTERSERVER);
|
|
|
|
columns[i++]->insert(user ? Field(*user) : Field());
|
2022-05-21 00:05:02 +00:00
|
|
|
columns[i++]->insert(user_identified_with ? Field(*user_identified_with) : Field());
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
fillColumnArray(profiles, *columns[i++]);
|
|
|
|
fillColumnArray(roles, *columns[i++]);
|
|
|
|
|
|
|
|
{
|
2021-10-30 14:59:22 +00:00
|
|
|
auto & settings_array_col = assert_cast<ColumnArray &>(*columns[i++]);
|
|
|
|
auto & settings_tuple_col = assert_cast<ColumnTuple &>(settings_array_col.getData());
|
|
|
|
auto & names_col = *settings_tuple_col.getColumnPtr(0)->assumeMutable();
|
|
|
|
auto & values_col = assert_cast<ColumnString &>(*settings_tuple_col.getColumnPtr(1)->assumeMutable());
|
2021-03-05 14:57:16 +00:00
|
|
|
|
2021-10-30 14:59:22 +00:00
|
|
|
for (const auto & kv : settings)
|
2021-03-05 14:57:16 +00:00
|
|
|
{
|
|
|
|
names_col.insert(kv.first);
|
|
|
|
values_col.insert(kv.second);
|
|
|
|
}
|
|
|
|
|
2021-10-30 14:59:22 +00:00
|
|
|
auto & offsets = settings_array_col.getOffsets();
|
|
|
|
offsets.push_back(settings_tuple_col.size());
|
2021-03-05 14:57:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
columns[i++]->insertData(IPv6ToBinary(client_info.current_address.host()).data(), 16);
|
|
|
|
columns[i++]->insert(client_info.current_address.port());
|
|
|
|
|
|
|
|
columns[i++]->insert(client_info.interface);
|
|
|
|
|
|
|
|
columns[i++]->insertData(client_info.client_hostname.data(), client_info.client_hostname.length());
|
|
|
|
columns[i++]->insertData(client_info.client_name.data(), client_info.client_name.length());
|
|
|
|
columns[i++]->insert(client_info.client_tcp_protocol_version);
|
|
|
|
columns[i++]->insert(client_info.client_version_major);
|
|
|
|
columns[i++]->insert(client_info.client_version_minor);
|
|
|
|
columns[i++]->insert(client_info.client_version_patch);
|
|
|
|
|
|
|
|
columns[i++]->insertData(auth_failure_reason.data(), auth_failure_reason.length());
|
|
|
|
}
|
|
|
|
|
2023-08-03 22:06:33 +00:00
|
|
|
void SessionLog::addLoginSuccess(const UUID & auth_id,
|
|
|
|
const String & session_id,
|
|
|
|
const Settings & settings,
|
|
|
|
const ContextAccessPtr & access,
|
|
|
|
const ClientInfo & client_info,
|
|
|
|
const UserPtr & login_user)
|
2021-03-05 14:57:16 +00:00
|
|
|
{
|
2021-10-30 14:51:58 +00:00
|
|
|
DB::SessionLogElement log_entry(auth_id, SESSION_LOGIN_SUCCESS);
|
2021-03-05 14:57:16 +00:00
|
|
|
log_entry.client_info = client_info;
|
|
|
|
|
2022-05-21 00:05:02 +00:00
|
|
|
if (login_user)
|
2022-05-23 19:55:17 +00:00
|
|
|
{
|
|
|
|
log_entry.user = login_user->getName();
|
2022-05-21 00:05:02 +00:00
|
|
|
log_entry.user_identified_with = login_user->auth_data.getType();
|
2022-05-23 19:55:17 +00:00
|
|
|
}
|
2022-05-17 16:22:52 +00:00
|
|
|
log_entry.external_auth_server = login_user ? login_user->auth_data.getLDAPServerName() : "";
|
2021-03-05 14:57:16 +00:00
|
|
|
|
2023-08-03 22:06:33 +00:00
|
|
|
log_entry.session_id = session_id;
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
if (const auto roles_info = access->getRolesInfo())
|
|
|
|
log_entry.roles = roles_info->getCurrentRolesNames();
|
|
|
|
|
|
|
|
if (const auto profile_info = access->getDefaultProfileInfo())
|
2022-05-05 20:31:59 +00:00
|
|
|
log_entry.profiles = profile_info->getProfileNames();
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
for (const auto & s : settings.allChanged())
|
2021-10-30 14:59:22 +00:00
|
|
|
log_entry.settings.emplace_back(s.getName(), s.getValueString());
|
2021-03-05 14:57:16 +00:00
|
|
|
|
2023-07-28 07:23:34 +00:00
|
|
|
add(std::move(log_entry));
|
2021-03-05 14:57:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void SessionLog::addLoginFailure(
|
2021-10-30 14:51:58 +00:00
|
|
|
const UUID & auth_id,
|
2021-03-05 14:57:16 +00:00
|
|
|
const ClientInfo & info,
|
2022-05-23 19:55:17 +00:00
|
|
|
const std::optional<String> & user,
|
2021-03-05 14:57:16 +00:00
|
|
|
const Exception & reason)
|
|
|
|
{
|
2021-10-30 14:51:58 +00:00
|
|
|
SessionLogElement log_entry(auth_id, SESSION_LOGIN_FAILURE);
|
2021-03-05 14:57:16 +00:00
|
|
|
|
|
|
|
log_entry.user = user;
|
|
|
|
log_entry.auth_failure_reason = reason.message();
|
|
|
|
log_entry.client_info = info;
|
2021-11-01 14:03:20 +00:00
|
|
|
log_entry.user_identified_with = AuthenticationType::NO_PASSWORD;
|
2021-03-05 14:57:16 +00:00
|
|
|
|
2023-07-28 07:23:34 +00:00
|
|
|
add(std::move(log_entry));
|
2021-03-05 14:57:16 +00:00
|
|
|
}
|
|
|
|
|
2022-05-18 12:06:52 +00:00
|
|
|
void SessionLog::addLogOut(const UUID & auth_id, const UserPtr & login_user, const ClientInfo & client_info)
|
2021-03-05 14:57:16 +00:00
|
|
|
{
|
2021-10-30 14:51:58 +00:00
|
|
|
auto log_entry = SessionLogElement(auth_id, SESSION_LOGOUT);
|
2022-05-21 00:05:02 +00:00
|
|
|
if (login_user)
|
2022-05-23 19:55:17 +00:00
|
|
|
{
|
|
|
|
log_entry.user = login_user->getName();
|
2022-05-21 00:05:02 +00:00
|
|
|
log_entry.user_identified_with = login_user->auth_data.getType();
|
2022-05-23 19:55:17 +00:00
|
|
|
}
|
2022-05-18 12:06:52 +00:00
|
|
|
log_entry.external_auth_server = login_user ? login_user->auth_data.getLDAPServerName() : "";
|
2021-03-05 14:57:16 +00:00
|
|
|
log_entry.client_info = client_info;
|
|
|
|
|
2023-07-28 07:23:34 +00:00
|
|
|
add(std::move(log_entry));
|
2021-03-05 14:57:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|