thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-22 07:31:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11081 from vitlibar/fix-no-password-mode

Browse Source 
Fix settings NO_PASSWORD authentication mode in users.xml.
This commit is contained in:
Vitaly Baranov 2020-05-26 14:20:34 +03:00 committed by GitHub
commit 2c8a355f19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Access/UsersConfigAccessStorage.cpp
View File

@ -52,18 +52,20 @@ namespace
String user_config = "users." + user_name; String user_config = "users." + user_name;
bool has_password = config.has(user_config + ".password"); bool has_no_password = config.has(user_config + ".no_password");
bool has_password_plaintext = config.has(user_config + ".password");
bool has_password_sha256_hex = config.has(user_config + ".password_sha256_hex"); bool has_password_sha256_hex = config.has(user_config + ".password_sha256_hex");
bool has_password_double_sha1_hex = config.has(user_config + ".password_double_sha1_hex"); bool has_password_double_sha1_hex = config.has(user_config + ".password_double_sha1_hex");
if (has_password + has_password_sha256_hex + has_password_double_sha1_hex > 1) size_t num_password_fields = has_no_password + has_password_plaintext + has_password_sha256_hex + has_password_double_sha1_hex;
throw Exception("More than one field of 'password', 'password_sha256_hex', 'password_double_sha1_hex' is used to specify password for user " + user_name + ". Must be only one of them.", if (num_password_fields > 1)
throw Exception("More than one field of 'password', 'password_sha256_hex', 'password_double_sha1_hex', 'no_password' are used to specify password for user " + user_name + ". Must be only one of them.",
ErrorCodes::BAD_ARGUMENTS); ErrorCodes::BAD_ARGUMENTS);
if (!has_password && !has_password_sha256_hex && !has_password_double_sha1_hex) if (num_password_fields < 1)
throw Exception("Either 'password' or 'password_sha256_hex' or 'password_double_sha1_hex' must be specified for user " + user_name + ".", ErrorCodes::BAD_ARGUMENTS); throw Exception("Either 'password' or 'password_sha256_hex' or 'password_double_sha1_hex' or 'no_password' must be specified for user " + user_name + ".", ErrorCodes::BAD_ARGUMENTS);
if (has_password) if (has_password_plaintext)
{ {
user->authentication = Authentication{Authentication::PLAINTEXT_PASSWORD}; user->authentication = Authentication{Authentication::PLAINTEXT_PASSWORD};
user->authentication.setPassword(config.getString(user_config + ".password")); user->authentication.setPassword(config.getString(user_config + ".password"));

4
tests/integration/test_authentication/test.py
View File

@ -23,6 +23,10 @@ def test_authentication_pass():
assert instance.query("SELECT currentUser()", user='sasha') == 'sasha\n' assert instance.query("SELECT currentUser()", user='sasha') == 'sasha\n'
assert instance.query("SELECT currentUser()", user='masha', password='qwerty') == 'masha\n' assert instance.query("SELECT currentUser()", user='masha', password='qwerty') == 'masha\n'
# 'no_password' authentication type allows to login with any password.
assert instance.query("SELECT currentUser()", user='sasha', password='something') == 'sasha\n'
assert instance.query("SELECT currentUser()", user='sasha', password='something2') == 'sasha\n'
def test_authentication_fail(): def test_authentication_fail():
# User doesn't exist. # User doesn't exist.