thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-22 07:31:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Backport #70148 to 24.9: Fix bcrypt password being displayed in system.query_log

Browse Source
This commit is contained in:
robot-clickhouse 2024-10-01 17:07:57 +00:00
parent 0fb2ebccd1
commit 6545628c6f
3 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Parsers/Access/ASTAuthenticationData.cpp
View File

@ -216,7 +216,8 @@ bool ASTAuthenticationData::hasSecretParts() const
auto auth_type = *type;
if ((auth_type == AuthenticationType::PLAINTEXT_PASSWORD)
|| (auth_type == AuthenticationType::SHA256_PASSWORD)
|| (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD))
|| (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD)
|| (auth_type == AuthenticationType::BCRYPT_PASSWORD))
return true;
return childrenHaveSecretParts();

1
tests/queries/0_stateless/01292_create_user.reference
View File

@ -119,3 +119,4 @@ u4_01292 local_directory ['double_sha1_password'] ['{}'] ['::/0'] [] [] [] 1 []
\N u4_01292 \N 2 readonly 1 \N \N \N \N
-- multiple authentication methods
u1_01292 ['plaintext_password','kerberos','bcrypt_password','ldap'] ['{}','{"realm":"qwerty10"}','{}','{"server":"abc"}']
-- no passwords or hashes in query_log

13
tests/queries/0_stateless/01292_create_user.sql
View File

@ -235,6 +235,17 @@ DROP USER u1_01292, u2_01292, u3_01292, u4_01292, u5_01292;
DROP ROLE r1_01292, r2_01292;
SELECT '-- multiple authentication methods';
CREATE USER u1_01292 IDENTIFIED WITH plaintext_password by '1', kerberos REALM 'qwerty10', bcrypt_password by '3', ldap SERVER 'abc';
CREATE USER u1_01292 IDENTIFIED WITH plaintext_password by 'qwe123', kerberos REALM 'qwerty10', bcrypt_password by '123qwe', ldap SERVER 'abc';
SELECT name, auth_type, auth_params FROM system.users WHERE name = 'u1_01292' ORDER BY name;
DROP USER u1_01292;
SELECT '-- no passwords or hashes in query_log';
SYSTEM FLUSH LOGS;
SELECT query
FROM system.query_log
WHERE
query NOT LIKE '%query_log%' AND event_date >= yesterday() AND current_database = currentDatabase() AND
(query LIKE '%qwe123%' OR query LIKE '%123qwe%' OR
query LIKE '%18138372FAD4B94533CD4881F03DC6C69296DD897234E0CEE83F727E2E6B1F63%' OR
query LIKE '%8DCDD69CE7D121DE8013062AEAEB2A148910D50E%' OR
query like '%$2a$12$rz5iy2LhuwBezsM88ZzWiemOVUeJ94xHTzwAlLMDhTzwUxOHaY64q%');