thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-20 00:30:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added FT testcase

Browse Source
This commit is contained in:
HeenaBansal2009 2022-02-18 12:58:46 -08:00
parent d16cae53b4
commit 1b263f0c15
21 changed files with 196 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
programs/client/clickhouse-client.xml
View File

@ -29,6 +29,7 @@
<test>{display_name} \x01\e[1;32m\x02:)\x01\e[0m\x02 </test> <!-- if it matched to the substring "test" in the server display name - -->
<production>{display_name} \x01\e[1;31m\x02:)\x01\e[0m\x02 </production> <!-- if it matched to the substring "production" in the server display name -->
</prompt_by_server_display_name>
<!--
Settings adjustable via command-line parameters
can take their defaults from that config file, see examples:

5
programs/local/LocalServer.cpp
View File

@ -389,6 +389,9 @@ void LocalServer::setupUsers()
ConfigurationPtr users_config;
//set the allow_plaintext_password setting in global context.
global_context->setAllowPlaintextPasswordSetting(config().getBool("allow_plaintext_password",1));
if (config().has("users_config") || config().has("config-file") || fs::exists("config.xml"))
{
const auto users_config_path = config().getString("users_config", config().getString("config-file", "config.xml"));
@ -397,9 +400,7 @@ void LocalServer::setupUsers()
users_config = loaded_config.configuration;
}
else
{
users_config = getConfigurationFromXMLString(minimal_default_user_xml);
}
if (users_config)
global_context->setUsersConfig(users_config);

2
programs/server/Server.cpp
View File

@ -1069,6 +1069,8 @@ if (ThreadFuzzer::instance().isEffective())
auto & access_control = global_context->getAccessControl();
if (config().has("custom_settings_prefixes"))
access_control.setCustomSettingsPrefixes(config().getString("custom_settings_prefixes"));
///set the allow_plaintext_password setting in context.
access_control.setAllowPlaintextPasswordSetting(config().getBool("allow_plaintext_password", 1));
/// Initialize access storages.
try

12
programs/server/config.xml
View File

@ -201,9 +201,9 @@
<!-- For 'Connection: keep-alive' in HTTP 1.1 -->
<keep_alive_timeout>3</keep_alive_timeout>
<enable_plaintext_password>0</enable_plaintext_password>
<!-- gRPC protocol (see src/Server/grpc_protos/clickhouse_grpc.proto for the API) -->
<grpc_port>9100</grpc_port>
<!-- <grpc_port>9100</grpc_port> -->
<grpc>
<enable_ssl>false</enable_ssl>
@ -243,7 +243,7 @@
openssl dhparam -out /etc/clickhouse-server/dhparam.pem 4096
Only file format with BEGIN DH PARAMETERS is supported.
-->
<!-- <dhParamsFile>/etc/clickhouse-server/dhparam.pem</dhParamsFile> -->
<!-- <dhParamsFile>/etc/clickhouse-server/dhparam.pem</dhParamsFile>-->
<verificationMode>none</verificationMode>
<loadDefaultCAFile>true</loadDefaultCAFile>
<cacheSessions>true</cacheSessions>
@ -367,6 +367,9 @@
<!-- Path to temporary data for processing hard queries. -->
<tmp_path>/var/lib/clickhouse/tmp/</tmp_path>
<!-- Disable AuthType Plaintext_password for ACL. -->
<!-- <allow_plaintext_password>0<allow_plaintext_password> -->
<!-- Policy from the <storage_configuration> for the temporary files.
If not set <tmp_path> is used, otherwise <tmp_path> is ignored.
@ -1257,8 +1260,7 @@
<!-- Changing <enabled> to true allows sending crash reports to -->
<!-- the ClickHouse core developers team via Sentry https://sentry.io -->
<!-- Doing so at least in pre-production environments is highly appreciated -->
<enabled>true</enabled>
<debug>true</debug>
<enabled>false</enabled>
<!-- Change <anonymize> to true if you don't feel comfortable attaching the server hostname to the crash report -->
<anonymize>false</anonymize>
<!-- Default endpoint should be changed to different Sentry DSN only if you have -->

10
programs/server/users.xml
View File

@ -29,7 +29,7 @@
<!-- Users and ACL. -->
<users>
<!-- If user name was not specified, 'default' user is used. -->
<default>
<default>
<!-- See also the files in users.d directory where the password can be overridden.
Password could be specified in plaintext or in SHA256 (in hex format).
@ -64,8 +64,9 @@
How to generate double SHA1:
Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'
In first line will be password and in second - corresponding double SHA1.
-->
<no_password/>
-->
<password></password>
<!-- List of networks with open access.
To open access from everywhere, specify:
@ -92,8 +93,9 @@
<!-- Settings profile for user. -->
<profile>default</profile>
<!-- Quota for user. -->
<quota>default</quota>
<quota>default</quota>
<!-- User can create other users and grant rights to them. -->
<!-- <access_management>1</access_management> -->

18
src/Access/AccessControl.cpp
View File

@ -172,7 +172,7 @@ void AccessControl::addUsersConfigStorage(const String & storage_name_, const Po
{
auto check_setting_name_function = [this](const std::string_view & setting_name) { checkSettingNameIsAllowed(setting_name); };
auto new_storage = std::make_shared<UsersConfigAccessStorage>(storage_name_, check_setting_name_function);
new_storage->setConfig(users_config_);
new_storage->setConfig(users_config_, allow_plaintext_password);
addStorage(new_storage);
LOG_DEBUG(getLogger(), "Added {} access storage '{}', path: {}",
String(new_storage->getStorageType()), new_storage->getStorageName(), new_storage->getPath());
@ -182,10 +182,10 @@ void AccessControl::addUsersConfigStorage(
const String & users_config_path_,
const String & include_from_path_,
const String & preprocessed_dir_,
const zkutil::GetZooKeeper & get_zookeeper_function_, const bool allow_plaintext_password)
const zkutil::GetZooKeeper & get_zookeeper_function_)
{
addUsersConfigStorage(
UsersConfigAccessStorage::STORAGE_TYPE, users_config_path_, include_from_path_, preprocessed_dir_, get_zookeeper_function_,allow_plaintext_password);
UsersConfigAccessStorage::STORAGE_TYPE, users_config_path_, include_from_path_, preprocessed_dir_, get_zookeeper_function_);
}
void AccessControl::addUsersConfigStorage(
@ -193,7 +193,7 @@ void AccessControl::addUsersConfigStorage(
const String & users_config_path_,
const String & include_from_path_,
const String & preprocessed_dir_,
const zkutil::GetZooKeeper & get_zookeeper_function_,const bool allow_plaintext_password)
const zkutil::GetZooKeeper & get_zookeeper_function_)
{
auto storages = getStoragesPtr();
for (const auto & storage : *storages)
@ -206,11 +206,14 @@ void AccessControl::addUsersConfigStorage(
}
auto check_setting_name_function = [this](const std::string_view & setting_name) { checkSettingNameIsAllowed(setting_name); };
auto new_storage = std::make_shared<UsersConfigAccessStorage>(storage_name_, check_setting_name_function);
new_storage->load(users_config_path_, include_from_path_, preprocessed_dir_, get_zookeeper_function_,allow_plaintext_password);
new_storage->load(users_config_path_, include_from_path_, preprocessed_dir_, get_zookeeper_function_, allow_plaintext_password);
addStorage(new_storage);
LOG_DEBUG(getLogger(), "Added {} access storage '{}', path: {}", String(new_storage->getStorageType()), new_storage->getStorageName(), new_storage->getPath());
}
void AccessControl::setAllowPlaintextPasswordSetting(const bool allow_plaintext_password_)
{
allow_plaintext_password = allow_plaintext_password_;
}
void AccessControl::reloadUsersConfigs()
{
auto storages = getStoragesPtr();
@ -332,7 +335,6 @@ void AccessControl::addStoragesFromUserDirectoriesConfig(
type = LDAPAccessStorage::STORAGE_TYPE;
String name = config.getString(prefix + ".name", type);
const bool allow_plaintext_password = config.getBool("enable_plaintext_password" ,0);
if (type == MemoryAccessStorage::STORAGE_TYPE)
{
@ -343,7 +345,7 @@ void AccessControl::addStoragesFromUserDirectoriesConfig(
String path = config.getString(prefix + ".path");
if (std::filesystem::path{path}.is_relative() && std::filesystem::exists(config_dir + path))
path = config_dir + path;
addUsersConfigStorage(name, path, include_from_path, dbms_dir, get_zookeeper_function,allow_plaintext_password);
addUsersConfigStorage(name, path, include_from_path, dbms_dir, get_zookeeper_function);
}
else if (type == DiskAccessStorage::STORAGE_TYPE)
{

8
src/Access/AccessControl.h
View File

@ -61,13 +61,13 @@ public:
void addUsersConfigStorage(const String & users_config_path_,
const String & include_from_path_,
const String & preprocessed_dir_,
const zkutil::GetZooKeeper & get_zookeeper_function_ = {},const bool allow_plaintext_password=0);
const zkutil::GetZooKeeper & get_zookeeper_function_ = {});
void addUsersConfigStorage(const String & storage_name_,
const String & users_config_path_,
const String & include_from_path_,
const String & preprocessed_dir_,
const zkutil::GetZooKeeper & get_zookeeper_function_ = {},const bool allow_plaintext_password=0);
const zkutil::GetZooKeeper & get_zookeeper_function_ = {});
void reloadUsersConfigs();
void startPeriodicReloadingUsersConfigs();
@ -144,6 +144,9 @@ public:
const String & forwarded_address,
const String & custom_quota_key) const;
void setAllowPlaintextPasswordSetting(const bool allow_plaintext_password);
bool getAllowPlaintextPasswordSetting() const { return allow_plaintext_password; }
std::vector<QuotaUsage> getAllQuotasUsage() const;
std::shared_ptr<const EnabledSettings> getEnabledSettings(
@ -167,6 +170,7 @@ private:
std::unique_ptr<SettingsProfilesCache> settings_profiles_cache;
std::unique_ptr<ExternalAuthenticators> external_authenticators;
std::unique_ptr<CustomSettingsPrefixes> custom_settings_prefixes;
bool allow_plaintext_password;
};
}

5
src/Access/Common/AuthenticationData.cpp
View File

@ -95,6 +95,7 @@ bool operator ==(const AuthenticationData & lhs, const AuthenticationData & rhs)
&& (lhs.ldap_server_name == rhs.ldap_server_name) && (lhs.kerberos_realm == rhs.kerberos_realm);
}
void AuthenticationData::setPassword(const String & password_)
{
switch (type)
@ -127,10 +128,6 @@ String AuthenticationData::getPassword() const
return String(password_hash.data(), password_hash.data() + password_hash.size());
}
void AuthenticationData::setPlaintextPasswordSetting(const bool allow_plaintext_password_ )
{
allow_plaintext_password = allow_plaintext_password_;
}
void AuthenticationData::setPasswordHashHex(const String & hash)
{

8
src/Access/Common/AuthenticationData.h
View File

@ -60,13 +60,6 @@ public:
/// Sets the password and encrypt it using the authentication type set in the constructor.
void setPassword(const String & password_);
///sets the config enable_plaintext_password value from global context
void setPlaintextPasswordSetting(const bool allow_plaintext_password_);
bool getPlaintextPasswordSetting() const {
std::cout<<"Heena - Inside this function"<< allow_plaintext_password <<"\n";
return allow_plaintext_password;
}
/// Returns the password. Allowed to use only for Type::PLAINTEXT_PASSWORD.
String getPassword() const;
@ -104,7 +97,6 @@ private:
Digest password_hash;
String ldap_server_name;
String kerberos_realm;
bool allow_plaintext_password;
};
}

43
src/Access/UsersConfigAccessStorage.cpp
View File

@ -19,9 +19,6 @@
#include <cstring>
#include <filesystem>
#include <base/FnTraits.h>
#include "Poco/Logger.h"
#include <base/logger_useful.h>
namespace DB
@ -31,8 +28,9 @@ namespace ErrorCodes
extern const int BAD_ARGUMENTS;
extern const int UNKNOWN_ADDRESS_PATTERN_TYPE;
extern const int NOT_IMPLEMENTED;
}
extern const int ILLEGAL_TYPE_OF_ARGUMENT;
}
namespace
{
@ -73,35 +71,24 @@ namespace
if (num_password_fields < 1)
throw Exception("Either 'password' or 'password_sha256_hex' or 'password_double_sha1_hex' or 'no_password' or 'ldap' or 'kerberos' must be specified for user " + user_name + ".", ErrorCodes::BAD_ARGUMENTS);
//bool user_has_allow_plaintext_password = config.has(user_config + ".enable_plaintext_password");
// bool user_allow_plaintext_password=0 ;
// if(user_has_allow_plaintext_password)
// bool allow_plaintext_password = config.getBool(user_config + ".enable_plaintext_password",allow_plaintext_password_);
bool allow_plaintext_password = allow_plaintext_password_;
if (has_password_plaintext)
bool allow_plaintext_password = allow_plaintext_password_;
if (has_password_plaintext)
{
if(!allow_plaintext_password)
// LOG_ERROR(log(&Poco::Logger::get("BaseDaemon")), "Incorrect User configuration. User is not allowed to configure PLAINTEXT_PASSWORD if the setting name enable_plaintext_password setting is off");
// LOG_ERROR(log(&Poco::Logger::get("BaseDaemon"), "Incorrect User configuration. User is not allowed to configure PLAINTEXT_PASSWORD if the setting name enable_plaintext_password setting is off.Please chnage the authtype to SHA256_PASSWORD,DOUBLE_SHA1_PASSWORD");
throw Exception("Incorrect User configuration. User is not allowed to configure PLAINTEXT_PASSWORD. Please configure User with authtype to SHA256_PASSWORD,DOUBLE_SHA1_PASSWORD OR enable setting enable_plaintext_password in server configuration to configure user with plaintext password"
"It is recommended to use plaintext_password.", ErrorCodes::ILLEGAL_TYPE_OF_ARGUMENT);
if (!allow_plaintext_password)
throw Exception("Incorrect User configuration. User is not allowed to configure PLAINTEXT_PASSWORD. Please configure User with authtype SHA256_PASSWORD,DOUBLE_SHA1_PASSWORD OR enable setting allow_plaintext_password in server configuration to configure user with plaintext password"
" Though it is not recommended to use plaintext_password.", ErrorCodes::ILLEGAL_TYPE_OF_ARGUMENT);
user->auth_data = AuthenticationData{AuthenticationType::PLAINTEXT_PASSWORD};
user->auth_data.setPassword(config.getString(user_config + ".password"));
user->auth_data.setPlaintextPasswordSetting(allow_plaintext_password);
}
else if (has_password_sha256_hex)
{
user->auth_data = AuthenticationData{AuthenticationType::SHA256_PASSWORD};
user->auth_data.setPasswordHashHex(config.getString(user_config + ".password_sha256_hex"));
user->auth_data.setPlaintextPasswordSetting(allow_plaintext_password);
}
else if (has_password_double_sha1_hex)
{
user->auth_data = AuthenticationData{AuthenticationType::DOUBLE_SHA1_PASSWORD};
user->auth_data.setPasswordHashHex(config.getString(user_config + ".password_double_sha1_hex"));
user->auth_data.setPlaintextPasswordSetting(allow_plaintext_password);
}
else if (has_ldap)
{
@ -219,7 +206,7 @@ namespace
}
std::vector<AccessEntityPtr> parseUsers(const Poco::Util::AbstractConfiguration & config,const bool allow_plaintext_password)
std::vector<AccessEntityPtr> parseUsers(const Poco::Util::AbstractConfiguration & config, const bool allow_plaintext_password)
{
Poco::Util::AbstractConfiguration::Keys user_names;
config.keys("users", user_names);
@ -231,7 +218,7 @@ namespace
{
try
{
users.push_back(parseUser(config, user_name,allow_plaintext_password));
users.push_back(parseUser(config, user_name, allow_plaintext_password));
}
catch (Exception & e)
{
@ -542,12 +529,12 @@ bool UsersConfigAccessStorage::isPathEqual(const String & path_) const
}
void UsersConfigAccessStorage::setConfig(const Poco::Util::AbstractConfiguration & config)
void UsersConfigAccessStorage::setConfig(const Poco::Util::AbstractConfiguration & config, const bool allow_plaintext_password)
{
std::lock_guard lock{load_mutex};
path.clear();
config_reloader.reset();
parseFromConfig(config,allow_plaintext_password);
parseFromConfig(config, allow_plaintext_password);
}
void UsersConfigAccessStorage::parseFromConfig(const Poco::Util::AbstractConfiguration & config, const bool allow_plaintext_password)
@ -555,7 +542,7 @@ void UsersConfigAccessStorage::parseFromConfig(const Poco::Util::AbstractConfigu
try
{
std::vector<std::pair<UUID, AccessEntityPtr>> all_entities;
for (const auto & entity : parseUsers(config,allow_plaintext_password))
for (const auto & entity : parseUsers(config, allow_plaintext_password))
all_entities.emplace_back(generateID(*entity), entity);
for (const auto & entity : parseQuotas(config))
all_entities.emplace_back(generateID(*entity), entity);
@ -576,12 +563,10 @@ void UsersConfigAccessStorage::load(
const String & users_config_path,
const String & include_from_path,
const String & preprocessed_dir,
const zkutil::GetZooKeeper & get_zookeeper_function, const bool allow_plaintext_password_flag)
const zkutil::GetZooKeeper & get_zookeeper_function, const bool allow_plaintext_password_)
{
// allow_plaintext_password = allow_plaintext_password;
std::lock_guard lock{load_mutex};
path = std::filesystem::path{users_config_path}.lexically_normal();
allow_plaintext_password = allow_plaintext_password_flag;
config_reloader.reset();
config_reloader = std::make_unique<ConfigReloader>(
users_config_path,
@ -591,7 +576,7 @@ void UsersConfigAccessStorage::load(
std::make_shared<Poco::Event>(),
[&](Poco::AutoPtr<Poco::Util::AbstractConfiguration> new_config, bool /*initial_loading*/)
{
parseFromConfig(*new_config,allow_plaintext_password);
parseFromConfig(*new_config, allow_plaintext_password_);
Settings::checkNoSettingNamesAtTopLevel(*new_config, users_config_path);
},

7
src/Access/UsersConfigAccessStorage.h
View File

@ -32,12 +32,12 @@ public:
String getPath() const;
bool isPathEqual(const String & path_) const;
void setConfig(const Poco::Util::AbstractConfiguration & config);
void setConfig(const Poco::Util::AbstractConfiguration & config, const bool allow_plaintext_password=1);
void load(const String & users_config_path,
const String & include_from_path = {},
const String & preprocessed_dir = {},
const zkutil::GetZooKeeper & get_zookeeper_function = {},const bool allow_plaintext_password=0);
const zkutil::GetZooKeeper & get_zookeeper_function = {}, const bool allow_plaintext_password=1);
void reload();
void startPeriodicReloading();
void stopPeriodicReloading();
@ -47,7 +47,7 @@ public:
bool hasSubscription(AccessEntityType type) const override;
private:
void parseFromConfig(const Poco::Util::AbstractConfiguration & config,const bool allow_plaintext_password);
void parseFromConfig(const Poco::Util::AbstractConfiguration & config, const bool allow_plaintext_password);
std::optional<UUID> findImpl(AccessEntityType type, const String & name) const override;
std::vector<UUID> findAllImpl(AccessEntityType type) const override;
@ -61,6 +61,5 @@ private:
String path;
std::unique_ptr<ConfigReloader> config_reloader;
mutable std::mutex load_mutex;
bool allow_plaintext_password;
};
}

39
src/Interpreters/Access/InterpreterCreateUserQuery.cpp
View File

@ -14,12 +14,11 @@
namespace DB
{
namespace ErrorCodes
{
extern const int LOGICAL_ERROR;
}
extern const int ILLEGAL_TYPE_OF_ARGUMENT;
}
namespace
{
void updateUserFromQueryImpl(
@ -28,7 +27,7 @@ namespace
const std::shared_ptr<ASTUserNameWithHost> & override_name,
const std::optional<RolesOrUsersSet> & override_default_roles,
const std::optional<SettingsProfileElements> & override_settings,
const std::optional<RolesOrUsersSet> & override_grantees,const bool allow_plaintext_password)
const std::optional<RolesOrUsersSet> & override_grantees, const bool allow_plaintext_password)
{
if (override_name)
user.setName(override_name->toString());
@ -37,15 +36,14 @@ namespace
else if (query.names->size() == 1)
user.setName(query.names->front()->toString());
if (query.auth_data){
if(query.auth_data->getType()==AuthenticationType::PLAINTEXT_PASSWORD && !allow_plaintext_password)
throw Exception(ErrorCodes::ILLEGAL_TYPE_OF_ARGUMENT, "InterPreterQuery: User is not allowed to Create users with type "+ toString(query.auth_data->getType())+"Please configure User with authtype "
"to SHA256_PASSWORD,DOUBLE_SHA1_PASSWORD OR enable setting enable_plaintext_password in server configuration to configure user with plaintext password"
"It is recommended to use plaintext_password.");
// throw Exception("InterPreterQuery: User is not allowed to Create users with type " + toString(query.auth_data->getType()), ErrorCodes::LOGICAL_ERROR);
if (query.auth_data)
{
if (query.auth_data->getType() == AuthenticationType::PLAINTEXT_PASSWORD && !allow_plaintext_password)
throw Exception(ErrorCodes::ILLEGAL_TYPE_OF_ARGUMENT, "InterPreterQuery: User is not allowed to Create users with type "+ toString(query.auth_data->getType())+"Please configure User with authtype "
"to SHA256_PASSWORD,DOUBLE_SHA1_PASSWORD OR enable setting allow_plaintext_password in server configuration to configure user with plaintext password"
"Though it is recommended to use plaintext_password.");
user.auth_data = *query.auth_data;
}
if (override_name && !override_name->host_pattern.empty())
{
user.allowed_client_hosts = AllowedClientHosts{};
@ -87,22 +85,13 @@ namespace
}
}
BlockIO InterpreterCreateUserQuery::execute()
{
const auto & query = query_ptr->as<const ASTCreateUserQuery &>();
auto & access_control = getContext()->getAccessControl();
auto access = getContext()->getAccess();
access->checkAccess(query.alter ? AccessType::ALTER_USER : AccessType::CREATE_USER);
String username= access->getUserName();
std::cout<<"Heena - lets see what is the user name: "<< access->getUserName();
auto user = access->getUser();
bool allow_plaintext_password = user->auth_data.getPlaintextPasswordSetting();
// bool allow_plaintext_password = getContext().getSettingsRef().allow_plaintext_password
if(allow_plaintext_password)
std::cout<<"Heena - Finally got";
bool allow_plaintext_password = access_control.getAllowPlaintextPasswordSetting();
std::optional<RolesOrUsersSet> default_roles_from_query;
if (query.default_roles)
@ -131,7 +120,7 @@ BlockIO InterpreterCreateUserQuery::execute()
auto update_func = [&](const AccessEntityPtr & entity) -> AccessEntityPtr
{
auto updated_user = typeid_cast<std::shared_ptr<User>>(entity->clone());
updateUserFromQueryImpl(*updated_user, query, {}, default_roles_from_query, settings_from_query, grantees_from_query,allow_plaintext_password);
updateUserFromQueryImpl(*updated_user, query, {}, default_roles_from_query, settings_from_query, grantees_from_query, allow_plaintext_password);
return updated_user;
};
@ -150,7 +139,7 @@ BlockIO InterpreterCreateUserQuery::execute()
for (const auto & name : *query.names)
{
auto new_user = std::make_shared<User>();
updateUserFromQueryImpl(*new_user, query, name, default_roles_from_query, settings_from_query, RolesOrUsersSet::AllTag{},allow_plaintext_password);
updateUserFromQueryImpl(*new_user, query, name, default_roles_from_query, settings_from_query, RolesOrUsersSet::AllTag{}, allow_plaintext_password);
new_users.emplace_back(std::move(new_user));
}
@ -178,9 +167,9 @@ BlockIO InterpreterCreateUserQuery::execute()
}
void InterpreterCreateUserQuery::updateUserFromQuery(User & user, const ASTCreateUserQuery & query,const bool allow_plaintext_password)
void InterpreterCreateUserQuery::updateUserFromQuery(User & user, const ASTCreateUserQuery & query, const bool allow_plaintext_password)
{
updateUserFromQueryImpl(user, query, {}, {}, {}, {},allow_plaintext_password);
updateUserFromQueryImpl(user, query, {}, {}, {}, {}, allow_plaintext_password);
}
}

2
src/Interpreters/Access/InterpreterCreateUserQuery.h
View File

@ -17,7 +17,7 @@ public:
BlockIO execute() override;
static void updateUserFromQuery(User & user, const ASTCreateUserQuery & query,const bool allow_plaintext_password=1);
static void updateUserFromQuery(User & user, const ASTCreateUserQuery & query, const bool allow_plaintext_password=1);
private:
ASTPtr query_ptr;

13
src/Interpreters/Context.cpp
View File

@ -669,8 +669,19 @@ void Context::setUsersConfig(const ConfigurationPtr & config)
shared->access_control->setUsersConfig(*shared->users_config);
}
ConfigurationPtr Context::getUsersConfig()
void Context::setAllowPlaintextPasswordSetting(const bool allow_plaintext_password)
{
auto lock = getLock();
shared->access_control->setAllowPlaintextPasswordSetting(allow_plaintext_password);
}
bool Context::getAllowPlaintextPasswordSetting() const
{
return shared->access_control->getAllowPlaintextPasswordSetting();
}
ConfigurationPtr Context::getUsersConfig()
{
auto lock = getLock();
return shared->users_config;
}

2
src/Interpreters/Context.h
View File

@ -383,6 +383,8 @@ public:
* The accumulated quota values are not reset if the quota is not deleted.
*/
void setUsersConfig(const ConfigurationPtr & config);
void setAllowPlaintextPasswordSetting(const bool allow_plaintext_password_);
bool getAllowPlaintextPasswordSetting() const;
ConfigurationPtr getUsersConfig();
/// Sets the current user assuming that he/she is already authenticated.

6
src/Parsers/Access/ASTCreateUserQuery.cpp
View File

@ -36,7 +36,6 @@ namespace
String auth_type_name = AuthenticationTypeInfo::get(auth_type).name;
String by_keyword = "BY";
std::optional<String> by_value;
if (
show_password ||
@ -48,11 +47,6 @@ namespace
{
case AuthenticationType::PLAINTEXT_PASSWORD:
{
//bool allow_plaintext_password = auth_data.getPlaintextPasswordSetting();
// std::cout<<"heena - You are at right place to throw exception."<<allow_plaintext_password<<"\n";
//if(allow_plaintext_password)
// std::cout<<"heena - You are in";
by_value = auth_data.getPassword();
break;
}

6
tests/config/users.d/readonly.xml
View File

@ -8,9 +8,9 @@
</profiles>
<users>
<readonly>
<no_password/>
<networks incl="networks" replace="replace">
<readonly>
<password></password>
<networks incl="networks" replace="replace">
<ip>::1</ip>
<ip>127.0.0.1</ip>
</networks>

4
tests/config/users.d/session_log_test.xml
View File

@ -18,8 +18,8 @@
<users>
<session_log_test_xml_user>
<no_password/>
<networks incl="networks" replace="replace">
<password></password>
<networks incl="networks" replace="replace">
<ip>::1</ip>
<ip>127.0.0.1</ip>
</networks>

23
tests/queries/0_stateless/02207_allow_plaintext_password.config.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0"?>
<clickhouse>
<logger>
<level>trace</level>
<console>true</console>
</logger>
<tcp_port>9000</tcp_port>
<allow_plaintext_password>0</allow_plaintext_password>
<path>.</path>
<mark_cache_size>0</mark_cache_size>
<!-- Sources to read users, roles, access rights, profiles of settings, quotas. -->
<user_directories>
<users_xml>
<!-- Path to configuration file with predefined users. -->
<path>users.xml</path>
</users_xml>
<local_directory>
<!-- Path to folder where users created by SQL commands are stored. -->
<path>./</path>
</local_directory>
</user_directories>
</clickhouse>

0
tests/queries/0_stateless/02207_allow_plaintext_password.reference Normal file
View File

86
tests/queries/0_stateless/02207_allow_plaintext_password.sh Executable file
View File

@ -0,0 +1,86 @@
#!/usr/bin/env bash
# Tags: no-tsan, no-asan, no-ubsan, no-msan, no-parallel, no-fasttest
# Tag no-tsan: requires jemalloc to track small allocations
# Tag no-asan: requires jemalloc to track small allocations
# Tag no-ubsan: requires jemalloc to track small allocations
# Tag no-msan: requires jemalloc to track small allocations
#
# Regression for INSERT SELECT, that abnormally terminates the server
# in case of too small memory limits.
#
# NOTE: After #24483 had been merged the only place where the allocation may
# fail is the insert into PODArray in DB::OwnSplitChannel::log, but after
# #24069 those errors will be ignored, so to check new behaviour separate
# server is required.
#
CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
# shellcheck source=../shell_config.sh
. "$CURDIR"/../shell_config.sh
cp "$CURDIR"/../../../programs/server/users.xml "$CURDIR"/users.xml
sed -i 's/<password><\/password>/<no_password\/>/g' "$CURDIR"/users.xml
sed -i 's/<!-- <access_management>1<\/access_management> -->/<access_management>1<\/access_management>/g' "$CURDIR"/users.xml
server_opts=(
"--config-file=$CURDIR/$(basename "${BASH_SOURCE[0]}" .sh).config.xml"
"--"
# to avoid multiple listen sockets (complexity for port discovering)
"--listen_host=127.1"
# we will discover the real port later.
"--tcp_port=0"
"--shutdown_wait_unfinished=0"
)
CLICKHOUSE_WATCHDOG_ENABLE=0 $CLICKHOUSE_SERVER_BINARY "${server_opts[@]}" &> clickhouse-server.stderr &
server_pid=$!
server_port=
i=0 retries=300
# wait until server will start to listen (max 30 seconds)
while [[ -z $server_port ]] && [[ $i -lt $retries ]]; do
server_port=$(lsof -n -a -P -i tcp -s tcp:LISTEN -p $server_pid 2>/dev/null | awk -F'[ :]' '/LISTEN/ { print $(NF-1) }')
((++i))
sleep 0.1
if ! kill -0 $server_pid >& /dev/null; then
echo "No server (pid $server_pid)"
break
fi
done
if [[ -z $server_port ]]; then
echo "Cannot wait for LISTEN socket" >&2
exit 1
fi
# wait for the server to start accepting tcp connections (max 30 seconds)
i=0 retries=300
while ! $CLICKHOUSE_CLIENT_BINARY --host 127.1 --port "$server_port" --format Null -q 'select 1' 2>/dev/null && [[ $i -lt $retries ]]; do
sleep 0.1
if ! kill -0 $server_pid >& /dev/null; then
echo "No server (pid $server_pid)"
break
fi
done
if ! $CLICKHOUSE_CLIENT_BINARY --host 127.1 --port "$server_port" --format Null -q 'select 1'; then
echo "Cannot wait until server will start accepting connections on <tcp_port>" >&2
exit 1
fi
$CLICKHOUSE_CLIENT_BINARY --host 127.1 --port "$server_port" -q "CREATE USER u_02207 HOST IP '127.1' IDENTIFIED WITH plaintext_password BY 'qwerty' " " -- { serverError 43 } --" &> /dev/null ;
# no sleep, since flushing to stderr should not be buffered.
grep 'User is not allowed to Create users with type PLAINTEXT_PASSWORD' clickhouse-server.stderr
# send TERM and save the error code to ensure that it is 0 (EXIT_SUCCESS)
kill $server_pid
wait $server_pid
return_code=$?
rm -f clickhouse-server.stderr
rm -f "$CURDIR"/users.xml
exit $return_code