From 3a20fbdbf67b546d6d4aab47e35cbe621c454eb6 Mon Sep 17 00:00:00 2001 From: Nikolay Degterinsky Date: Wed, 4 Jan 2023 02:20:45 +0000 Subject: [PATCH] Better --- src/Client/ClientBase.cpp | 12 +++++++++++- .../Access/InterpreterCreateUserQuery.cpp | 7 ++----- src/Parsers/Access/ParserCreateUserQuery.cpp | 3 +++ 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/Client/ClientBase.cpp b/src/Client/ClientBase.cpp index 1b32541522c..244b52771c5 100644 --- a/src/Client/ClientBase.cpp +++ b/src/Client/ClientBase.cpp @@ -805,8 +805,13 @@ void ClientBase::processTextAsSingleQuery(const String & full_query) /// But for asynchronous inserts we don't extract data, because it's needed /// to be done on server side in that case (for coalescing the data from multiple inserts on server side). const auto * insert = parsed_query->as(); + /// In the case of a CREATE USER query, we should serialize the parsed AST to send + /// the hash of the password, if applicable, to the server instead of the actual password. + const auto * create_user_query = parsed_query->as(); if (insert && isSyncInsertWithData(*insert, global_context)) query_to_execute = full_query.substr(0, insert->data - full_query.data()); + else if (create_user_query) + query_to_execute = serializeAST(*parsed_query); else query_to_execute = full_query; @@ -1786,7 +1791,12 @@ MultiQueryProcessingStage ClientBase::analyzeMultiQueryText( query_to_execute_end = isSyncInsertWithData(*insert_ast, global_context) ? insert_ast->data : this_query_end; } - query_to_execute = all_queries_text.substr(this_query_begin - all_queries_text.data(), query_to_execute_end - this_query_begin); + /// In the case of a CREATE USER query, we should serialize the parsed AST to send + /// the hash of the password, if applicable, to the server instead of the actual password. + if (const auto * create_user_query = parsed_query->as()) + query_to_execute = serializeAST(*parsed_query); + else + query_to_execute = all_queries_text.substr(this_query_begin - all_queries_text.data(), query_to_execute_end - this_query_begin); // Try to include the trailing comment with test hints. It is just // a guess for now, because we don't yet know where the query ends diff --git a/src/Interpreters/Access/InterpreterCreateUserQuery.cpp b/src/Interpreters/Access/InterpreterCreateUserQuery.cpp index 1c7a93efa99..761bc8c0acf 100644 --- a/src/Interpreters/Access/InterpreterCreateUserQuery.cpp +++ b/src/Interpreters/Access/InterpreterCreateUserQuery.cpp @@ -110,15 +110,12 @@ BlockIO InterpreterCreateUserQuery::execute() "Authentication type NO_PASSWORD must be explicitly specified, check the setting allow_implicit_no_password in the server configuration"); if (query.auth_data->getType() == AuthenticationType::NO_PASSWORD && query.temporary_password) - { query.auth_data = AuthenticationData::makePasswordAuthenticationData(default_password_type, query.temporary_password.value()); - } if (!query.attach && query.temporary_password) - { access_control.checkPasswordComplexityRules(query.temporary_password.value()); - query.temporary_password.reset(); - } + + query.temporary_password.reset(); std::optional default_roles_from_query; if (query.default_roles) diff --git a/src/Parsers/Access/ParserCreateUserQuery.cpp b/src/Parsers/Access/ParserCreateUserQuery.cpp index ba4a4582dab..d1a91669dcc 100644 --- a/src/Parsers/Access/ParserCreateUserQuery.cpp +++ b/src/Parsers/Access/ParserCreateUserQuery.cpp @@ -157,7 +157,10 @@ namespace temporary_password = value; if (!type) + { + auth_data = AuthenticationData{AuthenticationType::NO_PASSWORD}; return true; + } if (expect_password) {