add server setting

src/Access/AccessEntityIO.cpp

@@ -82,7 +82,7 @@ AccessEntityPtr deserializeAccessEntityImpl(const String & definition)
             if (res)
                 throw Exception(ErrorCodes::INCORRECT_ACCESS_ENTITY_DEFINITION, "Two access entities attached in the same file");
             res = user = std::make_unique<User>();
-            InterpreterCreateUserQuery::updateUserFromQuery(*user, *create_user_query, /* allow_no_password = */ true, /* allow_plaintext_password = */ true);
+            InterpreterCreateUserQuery::updateUserFromQuery(*user, *create_user_query, /* allow_no_password = */ true, /* allow_plaintext_password = */ true, /* max_number_of_authentication_methods = */ std::numeric_limits<std::size_t>::max());
         }
         else if (auto * create_role_query = query->as<ASTCreateRoleQuery>())
         {

src/Core/ServerSettings.h

@@ -116,6 +116,7 @@ namespace DB
     M(UInt64, max_part_num_to_warn, 100000lu, "If the number of parts is greater than this value, the server will create a warning that will displayed to user.", 0) \
     M(UInt64, max_table_num_to_throw, 0lu, "If number of tables is greater than this value, server will throw an exception. 0 means no limitation. View, remote tables, dictionary, system tables are not counted. Only count table in Atomic/Ordinary/Replicated/Lazy database engine.", 0) \
     M(UInt64, max_database_num_to_throw, 0lu, "If number of databases is greater than this value, server will throw an exception. 0 means no limitation.", 0) \
+    M(UInt64, max_authentication_methods_per_user, 256, "The maximum number of authentication methods a user can be created with or altered. Changing this setting does not affect existing users.", 0) \
     M(UInt64, concurrent_threads_soft_limit_num, 0, "Sets how many concurrent thread can be allocated before applying CPU pressure. Zero means unlimited.", 0) \
     M(UInt64, concurrent_threads_soft_limit_ratio_to_cores, 0, "Same as concurrent_threads_soft_limit_num, but with ratio to cores.", 0) \
     \

src/Core/Settings.h

@@ -966,7 +966,6 @@ class IColumn;
     \
     M(Bool, allow_experimental_database_materialized_mysql, false, "Allow to create database with Engine=MaterializedMySQL(...).", 0) \
     M(Bool, allow_experimental_database_materialized_postgresql, false, "Allow to create database with Engine=MaterializedPostgreSQL(...).", 0) \
-    \
     /** Experimental feature for moving data between shards. */ \
     M(Bool, allow_experimental_query_deduplication, false, "Experimental data deduplication for SELECT queries based on part UUIDs", 0) \
 

src/Interpreters/Access/InterpreterCreateUserQuery.cpp

@@ -6,6 +6,7 @@
 #include <Access/ReplicatedAccessStorage.h>
 #include <Access/User.h>
 #include <Common/logger_useful.h>
+#include <Core/ServerSettings.h>
 #include <Interpreters/Access/InterpreterSetRoleQuery.h>
 #include <Interpreters/Context.h>
 #include <Interpreters/executeDDLQueryOnCluster.h>
@@ -43,7 +44,8 @@ namespace
         bool replace_authentication_methods,
         bool allow_implicit_no_password,
         bool allow_no_password,
-        bool allow_plaintext_password)
+        bool allow_plaintext_password,
+        std::size_t max_number_of_authentication_methods)
     {
         if (override_name)
             user.setName(override_name->toString());
@@ -80,6 +82,14 @@ namespace
             user.authentication_methods.clear();
         }
 
+        auto number_of_authentication_methods = user.authentication_methods.size() + authentication_methods.size();
+        if (number_of_authentication_methods > max_number_of_authentication_methods)
+        {
+            throw Exception(ErrorCodes::BAD_ARGUMENTS,
+                "User can not be created/updated because it exceeds the allowed quantity of authentication methods per user."
+                "Check the `max_authentication_methods_per_user` setting");
+        }
+
         for (const auto & authentication_method : authentication_methods)
         {
             user.authentication_methods.emplace_back(authentication_method);
@@ -251,7 +261,8 @@ BlockIO InterpreterCreateUserQuery::execute()
             updateUserFromQueryImpl(
                 *updated_user, query, authentication_methods, {}, default_roles_from_query, settings_from_query, grantees_from_query,
                 valid_until, query.reset_authentication_methods_to_new, query.replace_authentication_methods,
-                implicit_no_password_allowed, no_password_allowed, plaintext_password_allowed);
+                implicit_no_password_allowed, no_password_allowed,
+                plaintext_password_allowed, getContext()->getServerSettings().max_authentication_methods_per_user);
             return updated_user;
         };
 
@@ -272,7 +283,8 @@ BlockIO InterpreterCreateUserQuery::execute()
             updateUserFromQueryImpl(
                 *new_user, query, authentication_methods, name, default_roles_from_query, settings_from_query, RolesOrUsersSet::AllTag{},
                 valid_until, query.reset_authentication_methods_to_new, query.replace_authentication_methods,
-                implicit_no_password_allowed, no_password_allowed, plaintext_password_allowed);
+                implicit_no_password_allowed, no_password_allowed,
+                plaintext_password_allowed, getContext()->getServerSettings().max_authentication_methods_per_user);
             new_users.emplace_back(std::move(new_user));
         }
 
@@ -309,7 +321,12 @@ BlockIO InterpreterCreateUserQuery::execute()
 }
 
 
-void InterpreterCreateUserQuery::updateUserFromQuery(User & user, const ASTCreateUserQuery & query, bool allow_no_password, bool allow_plaintext_password)
+void InterpreterCreateUserQuery::updateUserFromQuery(
+    User & user,
+    const ASTCreateUserQuery & query,
+    bool allow_no_password,
+    bool allow_plaintext_password,
+    std::size_t max_number_of_authentication_methods)
 {
     std::vector<AuthenticationData> authentication_methods;
     if (!query.authentication_methods.empty())
@@ -337,7 +354,8 @@ void InterpreterCreateUserQuery::updateUserFromQuery(User & user, const ASTCreat
         query.replace_authentication_methods,
         allow_no_password,
         allow_plaintext_password,
-        true);
+        true,
+        max_number_of_authentication_methods);
 }
 
 void registerInterpreterCreateUserQuery(InterpreterFactory & factory)

src/Interpreters/Access/InterpreterCreateUserQuery.h

@@ -17,7 +17,12 @@ public:
 
     BlockIO execute() override;
 
-    static void updateUserFromQuery(User & user, const ASTCreateUserQuery & query, bool allow_no_password, bool allow_plaintext_password);
+    static void updateUserFromQuery(
+        User & user,
+        const ASTCreateUserQuery & query,
+        bool allow_no_password,
+        bool allow_plaintext_password,
+        std::size_t max_number_of_authentication_methods);
 
 private:
     ASTPtr query_ptr;