mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-10 01:25:21 +00:00
Alexander Tokmakov
GitHub
commit
29d9b82954
@ -805,20 +805,9 @@ protected:
|
||||
const String & user_name,
|
||||
const String & password,
|
||||
Session & session,
|
||||
Messaging::MessageTransport & mt,
|
||||
const Poco::Net::SocketAddress & address)
|
||||
{
|
||||
try
|
||||
{
|
||||
session.authenticate(user_name, password, address);
|
||||
}
|
||||
catch (const Exception &)
|
||||
{
|
||||
mt.send(
|
||||
Messaging::ErrorOrNoticeResponse(Messaging::ErrorOrNoticeResponse::ERROR, "28P01", "Invalid user or password"),
|
||||
true);
|
||||
throw;
|
||||
}
|
||||
session.authenticate(user_name, password, address);
|
||||
}
|
||||
|
||||
public:
|
||||
@ -839,10 +828,10 @@ public:
|
||||
void authenticate(
|
||||
const String & user_name,
|
||||
Session & session,
|
||||
Messaging::MessageTransport & mt,
|
||||
[[maybe_unused]] Messaging::MessageTransport & mt,
|
||||
const Poco::Net::SocketAddress & address) override
|
||||
{
|
||||
return setPassword(user_name, "", session, mt, address);
|
||||
return setPassword(user_name, "", session, address);
|
||||
}
|
||||
|
||||
AuthenticationType getType() const override
|
||||
@ -866,7 +855,7 @@ public:
|
||||
if (type == Messaging::FrontMessageType::PASSWORD_MESSAGE)
|
||||
{
|
||||
std::unique_ptr<Messaging::PasswordMessage> password = mt.receive<Messaging::PasswordMessage>();
|
||||
return setPassword(user_name, password->password, session, mt, address);
|
||||
return setPassword(user_name, password->password, session, address);
|
||||
}
|
||||
else
|
||||
throw Exception(ErrorCodes::UNEXPECTED_PACKET_FROM_CLIENT,
|
||||
@ -901,20 +890,30 @@ public:
|
||||
Messaging::MessageTransport & mt,
|
||||
const Poco::Net::SocketAddress & address)
|
||||
{
|
||||
const AuthenticationType user_auth_type = session.getAuthenticationTypeOrLogInFailure(user_name);
|
||||
if (type_to_method.find(user_auth_type) != type_to_method.end())
|
||||
AuthenticationType user_auth_type;
|
||||
try
|
||||
{
|
||||
type_to_method[user_auth_type]->authenticate(user_name, session, mt, address);
|
||||
mt.send(Messaging::AuthenticationOk(), true);
|
||||
LOG_DEBUG(log, "Authentication for user {} was successful.", user_name);
|
||||
return;
|
||||
user_auth_type = session.getAuthenticationTypeOrLogInFailure(user_name);
|
||||
if (type_to_method.find(user_auth_type) != type_to_method.end())
|
||||
{
|
||||
type_to_method[user_auth_type]->authenticate(user_name, session, mt, address);
|
||||
mt.send(Messaging::AuthenticationOk(), true);
|
||||
LOG_DEBUG(log, "Authentication for user {} was successful.", user_name);
|
||||
return;
|
||||
}
|
||||
}
|
||||
catch (const Exception&)
|
||||
{
|
||||
mt.send(Messaging::ErrorOrNoticeResponse(Messaging::ErrorOrNoticeResponse::ERROR, "28P01", "Invalid user or password"),
|
||||
true);
|
||||
|
||||
throw;
|
||||
}
|
||||
|
||||
mt.send(
|
||||
Messaging::ErrorOrNoticeResponse(Messaging::ErrorOrNoticeResponse::ERROR, "0A000", "Authentication method is not supported"),
|
||||
true);
|
||||
mt.send(Messaging::ErrorOrNoticeResponse(Messaging::ErrorOrNoticeResponse::ERROR, "0A000", "Authentication method is not supported"),
|
||||
true);
|
||||
|
||||
throw Exception(ErrorCodes::NOT_IMPLEMENTED, "Authentication type {} is not supported.", user_auth_type);
|
||||
throw Exception(ErrorCodes::NOT_IMPLEMENTED, "Authentication method is not supported: {}", user_auth_type);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
<users>
|
||||
<session_log_test_xml_user>
|
||||
<password></password>
|
||||
<no_password></no_password>
|
||||
<networks incl="networks" replace="replace">
|
||||
<ip>::1</ip>
|
||||
<ip>127.0.0.1</ip>
|
||||
|
||||
@ -4,215 +4,291 @@ TCP endpoint
|
||||
TCP 'wrong password' case is skipped for no_password.
|
||||
HTTP endpoint
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint no_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
MySQL 'wrong password' case is skipped for no_password.
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL 'wrong password' case is skipped for no_password.
|
||||
|
||||
# no_password - No profiles no roles
|
||||
TCP endpoint
|
||||
TCP 'wrong password' case is skipped for no_password.
|
||||
HTTP endpoint
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint no_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
MySQL 'wrong password' case is skipped for no_password.
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL 'wrong password' case is skipped for no_password.
|
||||
|
||||
# no_password - Two profiles, no roles
|
||||
TCP endpoint
|
||||
TCP 'wrong password' case is skipped for no_password.
|
||||
HTTP endpoint
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint no_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
MySQL 'wrong password' case is skipped for no_password.
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL 'wrong password' case is skipped for no_password.
|
||||
|
||||
# no_password - Two profiles and two simple roles
|
||||
TCP endpoint
|
||||
TCP 'wrong password' case is skipped for no_password.
|
||||
HTTP endpoint
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
HTTP 'wrong password' case is skipped for no_password.
|
||||
MySQL endpoint no_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
MySQL 'wrong password' case is skipped for no_password.
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL 'wrong password' case is skipped for no_password.
|
||||
|
||||
# plaintext_password - No profiles no roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint plaintext_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
|
||||
# plaintext_password - Two profiles, no roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint plaintext_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
|
||||
# plaintext_password - Two profiles and two simple roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint plaintext_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
|
||||
# sha256_password - No profiles no roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint sha256_password
|
||||
MySQL 'successful login' case is skipped for sha256_password.
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL tests are skipped for sha256_password
|
||||
|
||||
# sha256_password - Two profiles, no roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint sha256_password
|
||||
MySQL 'successful login' case is skipped for sha256_password.
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL tests are skipped for sha256_password
|
||||
|
||||
# sha256_password - Two profiles and two simple roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint sha256_password
|
||||
MySQL 'successful login' case is skipped for sha256_password.
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL tests are skipped for sha256_password
|
||||
|
||||
# double_sha1_password - No profiles no roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint double_sha1_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL tests are skipped for double_sha1_password
|
||||
|
||||
# double_sha1_password - Two profiles, no roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint double_sha1_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL tests are skipped for double_sha1_password
|
||||
|
||||
# double_sha1_password - Two profiles and two simple roles
|
||||
TCP endpoint
|
||||
HTTP endpoint
|
||||
MySQL endpoint
|
||||
HTTP endpoint with named session
|
||||
MySQL endpoint double_sha1_password
|
||||
Wrong username
|
||||
Wrong password
|
||||
PostrgreSQL endpoint
|
||||
PostgreSQL tests are skipped for double_sha1_password
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles TCP Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP Logout many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_no_profiles_no_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_no_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles TCP Logout 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles HTTP Logout many
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_no_password_two_profiles_two_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_no_profiles_no_roles PostgreSQL LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_no_roles PostgreSQL LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles TCP Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP Logout many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles MySQL LoginSuccess 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles MySQL Logout 1
|
||||
${BASE_USERNAME}_plaintext_password_two_profiles_two_roles PostgreSQL LoginFailure many
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_sha256_password_no_profiles_no_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles TCP Logout 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP Logout many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_no_roles MySQL LoginFailure many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles TCP LoginFailure 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles TCP LoginSuccess 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles TCP Logout 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP LoginFailure 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP LoginSuccess 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP Logout 1
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP LoginFailure many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP LoginSuccess many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP Logout many
|
||||
${BASE_USERNAME}_sha256_password_two_profiles_two_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_no_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_double_sha1_password_two_profiles_two_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_no_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_no_password_no_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_no_password_no_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_no_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_no_profiles_no_roles PostgreSQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_no_roles PostgreSQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_two_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_two_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_two_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_two_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_no_password_two_profiles_two_roles PostgreSQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_no_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_plaintext_password_no_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_no_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_no_profiles_no_roles PostgreSQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_no_roles PostgreSQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_two_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_two_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_two_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_plaintext_password_two_profiles_two_roles PostgreSQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_sha256_password_no_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_sha256_password_no_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_sha256_password_no_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_no_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_no_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_no_roles MySQL LoginFailure many
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_two_roles TCP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP LoginFailure 1
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_two_roles HTTP LoginFailure many
|
||||
invalid_${BASE_USERNAME}_sha256_password_two_profiles_two_roles MySQL LoginFailure many
|
||||
invalid_session_log_test_xml_user TCP LoginFailure 1
|
||||
invalid_session_log_test_xml_user HTTP LoginFailure 1
|
||||
invalid_session_log_test_xml_user HTTP LoginFailure many
|
||||
invalid_session_log_test_xml_user MySQL LoginFailure many
|
||||
invalid_session_log_test_xml_user PostgreSQL LoginFailure many
|
||||
session_log_test_xml_user TCP LoginSuccess 1
|
||||
session_log_test_xml_user TCP Logout 1
|
||||
session_log_test_xml_user HTTP LoginSuccess 1
|
||||
session_log_test_xml_user HTTP Logout 1
|
||||
session_log_test_xml_user HTTP LoginSuccess many
|
||||
session_log_test_xml_user HTTP Logout many
|
||||
session_log_test_xml_user MySQL LoginSuccess 1
|
||||
session_log_test_xml_user MySQL Logout 1
|
||||
@ -1,6 +1,5 @@
|
||||
#!/usr/bin/env bash
|
||||
# Tags: long, no-parallel, no-fasttest
|
||||
# Tag no-fasttest: Accesses CH via mysql table function (which is unavailable)
|
||||
|
||||
##################################################################################################
|
||||
# Verify that login, logout, and login failure events are properly stored in system.session_log
|
||||
@ -11,9 +10,8 @@
|
||||
# Using multiple protocols
|
||||
# * native TCP protocol with CH client
|
||||
# * HTTP with CURL
|
||||
# * MySQL - CH server accesses itself via mysql table function, query typically fails (unrelated)
|
||||
# but auth should be performed properly.
|
||||
# * PostgreSQL - CH server accesses itself via postgresql table function (currently out of order).
|
||||
# * MySQL - CH server accesses itself via mysql table function.
|
||||
# * PostgreSQL - CH server accesses itself via postgresql table function, but can't execute query (No LOGIN SUCCESS entry).
|
||||
# * gRPC - not done yet
|
||||
#
|
||||
# There is way to control how many time a query (e.g. via mysql table function) is retried
|
||||
@ -53,7 +51,7 @@ function reportError()
|
||||
|
||||
function executeQuery()
|
||||
{
|
||||
## Execute query (provided via heredoc or herestring) and print query in case of error.
|
||||
# Execute query (provided via heredoc or herestring) and print query in case of error.
|
||||
trap 'rm -f ${TMP_QUERY_FILE}; trap - ERR RETURN' RETURN
|
||||
# Since we want to report with current values supplied to this function call
|
||||
# shellcheck disable=SC2064
|
||||
@ -82,7 +80,7 @@ trap "cleanup" EXIT
|
||||
function executeQueryExpectError()
|
||||
{
|
||||
cat - > "${TMP_QUERY_FILE}"
|
||||
! ${CLICKHOUSE_CLIENT} "${@}" --multiquery --queries-file "${TMP_QUERY_FILE}" 2>&1 | tee -a ${TMP_QUERY_FILE}
|
||||
! ${CLICKHOUSE_CLIENT} --multiquery --queries-file "${TMP_QUERY_FILE}" "${@}" 2>&1 | tee -a ${TMP_QUERY_FILE}
|
||||
}
|
||||
|
||||
function createUser()
|
||||
@ -121,6 +119,8 @@ function createUser()
|
||||
executeQuery <<EOF
|
||||
DROP USER IF EXISTS '${username}';
|
||||
CREATE USER '${username}' IDENTIFIED WITH ${auth_type} ${password};
|
||||
GRANT SELECT ON system.one TO ${username};
|
||||
GRANT SELECT ON INFORMATION_SCHEMA.* TO ${username};
|
||||
EOF
|
||||
ALL_USERNAMES+=("${username}")
|
||||
}
|
||||
@ -144,7 +144,7 @@ function testTCP()
|
||||
# Wrong username
|
||||
executeQueryExpectError -u "invalid_${username}" \
|
||||
<<< "SELECT 1 Format Null" \
|
||||
| grep -Eq "Code: 516. .+ invalid_${username}: Authentication failed: password is incorrect or there is no user with such name"
|
||||
| grep -Eq "Code: 516. .+ invalid_${username}: Authentication failed*"
|
||||
|
||||
# Wrong password
|
||||
if [[ "${auth_type}" == "no_password" ]]
|
||||
@ -153,11 +153,11 @@ function testTCP()
|
||||
else
|
||||
# user with `no_password` user is able to login with any password, so it makes sense to skip this testcase.
|
||||
executeQueryExpectError -u "${username}" --password "invalid_${password}" \
|
||||
<<< "SELECT 1 Format Null" \
|
||||
| grep -Eq "Code: 516. .+ ${username}: Authentication failed: password is incorrect or there is no user with such name"
|
||||
<<< "SELECT 1 Format Null" \
|
||||
| grep -Eq "Code: 516. .+ ${username}: Authentication failed: password is incorrect, or there is no user with such name"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function testHTTPWithURL()
|
||||
{
|
||||
local auth_type="${1}"
|
||||
@ -173,8 +173,7 @@ function testHTTPWithURL()
|
||||
# Wrong username
|
||||
${CLICKHOUSE_CURL} -sS "${clickhouse_url}" \
|
||||
-H "X-ClickHouse-User: invalid_${username}" -H "X-ClickHouse-Key: ${password}" \
|
||||
-d 'SELECT 1 Format Null' \
|
||||
| grep -Eq "Code: 516. .+ invalid_${username}: Authentication failed: password is incorrect or there is no user with such name"
|
||||
-d 'SELECT 1 Format Null' | grep -Eq "Code: 516. DB::Exception: invalid_${username}: Authentication failed: password is incorrect, or there is no user with such name"
|
||||
|
||||
# Wrong password
|
||||
if [[ "${auth_type}" == "no_password" ]]
|
||||
@ -185,7 +184,7 @@ function testHTTPWithURL()
|
||||
${CLICKHOUSE_CURL} -sS "${clickhouse_url}" \
|
||||
-H "X-ClickHouse-User: ${username}" -H "X-ClickHouse-Key: invalid_${password}" \
|
||||
-d 'SELECT 1 Format Null' \
|
||||
| grep -Eq "Code: 516. .+ ${username}: Authentication failed: password is incorrect or there is no user with such name"
|
||||
| grep -Eq "Code: 516. .+ ${username}: Authentication failed: password is incorrect, or there is no user with such name"
|
||||
fi
|
||||
}
|
||||
|
||||
@ -197,7 +196,7 @@ function testHTTP()
|
||||
|
||||
function testHTTPNamedSession()
|
||||
{
|
||||
# echo "HTTP endpoint with named session"
|
||||
echo "HTTP endpoint with named session"
|
||||
local HTTP_SESSION_ID
|
||||
HTTP_SESSION_ID="session_id_$(cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32)"
|
||||
if [ -v CLICKHOUSE_URL_PARAMS ]
|
||||
@ -212,7 +211,7 @@ function testHTTPNamedSession()
|
||||
|
||||
function testMySQL()
|
||||
{
|
||||
echo "MySQL endpoint"
|
||||
echo "MySQL endpoint ${auth_type}"
|
||||
local auth_type="${1}"
|
||||
local username="${2}"
|
||||
local password="${3}"
|
||||
@ -225,58 +224,64 @@ function testMySQL()
|
||||
then
|
||||
echo "MySQL 'successful login' case is skipped for ${auth_type}."
|
||||
else
|
||||
# CH is able to log into itself via MySQL protocol but query fails.
|
||||
executeQueryExpectError \
|
||||
<<< "SELECT 1 FROM mysql('127.0.0.1:9004', 'system', 'numbers', '${username}', '${password}') LIMIT 1 \
|
||||
FORMAT NUll" \
|
||||
| grep -Eq "Code: 1000\. DB::Exception: .*"
|
||||
executeQuery \
|
||||
<<< "SELECT 1 FROM mysql('127.0.0.1:9004', 'system', 'one', '${username}', '${password}') LIMIT 1 \
|
||||
FORMAT Null"
|
||||
fi
|
||||
|
||||
# echo 'Wrong username'
|
||||
echo 'Wrong username'
|
||||
executeQueryExpectError \
|
||||
<<< "SELECT 1 FROM mysql('127.0.0.1:9004', 'system', 'numbers', 'invalid_${username}', '${password}') LIMIT 1 \
|
||||
FORMAT NUll" \
|
||||
<<< "SELECT 1 FROM mysql('127.0.0.1:9004', 'system', 'one', 'invalid_${username}', '${password}') LIMIT 1 \
|
||||
FORMAT Null" \
|
||||
| grep -Eq "Code: 1000\. DB::Exception: .* invalid_${username}"
|
||||
|
||||
# echo 'Wrong password'
|
||||
|
||||
echo 'Wrong password'
|
||||
if [[ "${auth_type}" == "no_password" ]]
|
||||
then
|
||||
# user with `no_password` is able to login with any password, so it makes sense to skip this testcase.
|
||||
echo "MySQL 'wrong password' case is skipped for ${auth_type}."
|
||||
else
|
||||
# user with `no_password` is able to login with any password, so it makes sense to skip this testcase.
|
||||
executeQueryExpectError \
|
||||
<<< "SELECT 1 FROM mysql('127.0.0.1:9004', 'system', 'numbers', '${username}', 'invalid_${password}') LIMIT 1 \
|
||||
FORMAT NUll" \
|
||||
| grep -Eq "Code: 1000\. DB::Exception: .* ${username}"
|
||||
<<< "SELECT 1 FROM mysql('127.0.0.1:9004', 'system', 'one', '${username}', 'invalid_${password}') LIMIT 1 \
|
||||
FORMAT Null" | grep -Eq "Code: 1000\. DB::Exception: .* ${username}"
|
||||
fi
|
||||
}
|
||||
|
||||
# function testPostgreSQL()
|
||||
# {
|
||||
# local auth_type="${1}"
|
||||
#
|
||||
# # Right now it is impossible to log into CH via PostgreSQL protocol without a password.
|
||||
# if [[ "${auth_type}" == "no_password" ]]
|
||||
# then
|
||||
# return 0
|
||||
# fi
|
||||
#
|
||||
# # Loging\Logout
|
||||
# # CH is being able to log into itself via PostgreSQL protocol but query fails.
|
||||
# executeQueryExpectError \
|
||||
# <<< "SELECT 1 FROM postgresql('localhost:9005', 'system', 'numbers', '${username}', '${password}') LIMIT 1 FORMAT NUll" \
|
||||
# | grep -Eq "Code: 1001. DB::Exception: .* pqxx::broken_connection: .*"
|
||||
#
|
||||
# # Wrong username
|
||||
# executeQueryExpectError \
|
||||
# <<< "SELECT 1 FROM postgresql('localhost:9005', 'system', 'numbers', 'invalid_${username}', '${password}') LIMIT 1 FORMAT NUll" \
|
||||
# | grep -Eq "Code: 1001. DB::Exception: .* pqxx::broken_connection: .*"
|
||||
#
|
||||
# # Wrong password
|
||||
# executeQueryExpectError \
|
||||
# <<< "SELECT 1 FROM postgresql('localhost:9005', 'system', 'numbers', '${username}', 'invalid_${password}') LIMIT 1 FORMAT NUll" \
|
||||
# | grep -Eq "Code: 1001. DB::Exception: .* pqxx::broken_connection: .*"
|
||||
# }
|
||||
function testPostgreSQL()
|
||||
{
|
||||
echo "PostrgreSQL endpoint"
|
||||
local auth_type="${1}"
|
||||
|
||||
if [[ "${auth_type}" == "sha256_password" || "${auth_type}" == "double_sha1_password" ]]
|
||||
then
|
||||
echo "PostgreSQL tests are skipped for ${auth_type}"
|
||||
return 0
|
||||
fi
|
||||
|
||||
# TODO: Uncomment this case after implementation of postgresql function
|
||||
# Connecting to ClickHouse server
|
||||
## Loging\Logout
|
||||
## CH is being able to log into itself via PostgreSQL protocol but query fails.
|
||||
#executeQueryExpectError \
|
||||
# <<< "SELECT 1 FROM postgresql('localhost:9005', 'system', 'one', '${username}', '${password}') LIMIT 1 FORMAT Null" \
|
||||
|
||||
# Wrong username
|
||||
executeQueryExpectError \
|
||||
<<< "SELECT 1 FROM postgresql('localhost:9005', 'system', 'one', 'invalid_${username}', '${password}') LIMIT 1 FORMAT Null" \
|
||||
| grep -Eq "Invalid user or password"
|
||||
|
||||
if [[ "${auth_type}" == "no_password" ]]
|
||||
then
|
||||
# user with `no_password` is able to login with any password, so it makes sense to skip this testcase.
|
||||
echo "PostgreSQL 'wrong password' case is skipped for ${auth_type}."
|
||||
else
|
||||
# Wrong password
|
||||
executeQueryExpectError \
|
||||
<<< "SELECT 1 FROM postgresql('localhost:9005', 'system', 'one', '${username}', 'invalid_${password}') LIMIT 1 FORMAT Null" \
|
||||
| grep -Eq "Invalid user or password"
|
||||
fi
|
||||
}
|
||||
|
||||
function runEndpointTests()
|
||||
{
|
||||
@ -288,7 +293,7 @@ function runEndpointTests()
|
||||
local password="${3}"
|
||||
local setup_queries="${4:-}"
|
||||
|
||||
echo
|
||||
echo
|
||||
echo "# ${auth_type} - ${case_name} "
|
||||
|
||||
${CLICKHOUSE_CLIENT} -q "SET log_comment='${username} ${auth_type} - ${case_name}';"
|
||||
@ -301,9 +306,9 @@ function runEndpointTests()
|
||||
testTCP "${auth_type}" "${username}" "${password}"
|
||||
testHTTP "${auth_type}" "${username}" "${password}"
|
||||
|
||||
# testHTTPNamedSession "${auth_type}" "${username}" "${password}"
|
||||
testHTTPNamedSession "${auth_type}" "${username}" "${password}"
|
||||
testMySQL "${auth_type}" "${username}" "${password}"
|
||||
# testPostgreSQL "${auth_type}" "${username}" "${password}"
|
||||
testPostgreSQL "${auth_type}" "${username}" "${password}"
|
||||
}
|
||||
|
||||
function testAsUserIdentifiedBy()
|
||||
Loading…
Reference in New Issue
Block a user