mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-25 17:12:03 +00:00
Backport #70148 to 24.9: Fix bcrypt password being displayed in system.query_log
This commit is contained in:
parent
0fb2ebccd1
commit
6545628c6f
@ -216,7 +216,8 @@ bool ASTAuthenticationData::hasSecretParts() const
|
||||
auto auth_type = *type;
|
||||
if ((auth_type == AuthenticationType::PLAINTEXT_PASSWORD)
|
||||
|| (auth_type == AuthenticationType::SHA256_PASSWORD)
|
||||
|| (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD))
|
||||
|| (auth_type == AuthenticationType::DOUBLE_SHA1_PASSWORD)
|
||||
|| (auth_type == AuthenticationType::BCRYPT_PASSWORD))
|
||||
return true;
|
||||
|
||||
return childrenHaveSecretParts();
|
||||
|
@ -119,3 +119,4 @@ u4_01292 local_directory ['double_sha1_password'] ['{}'] ['::/0'] [] [] [] 1 []
|
||||
\N u4_01292 \N 2 readonly 1 \N \N \N \N
|
||||
-- multiple authentication methods
|
||||
u1_01292 ['plaintext_password','kerberos','bcrypt_password','ldap'] ['{}','{"realm":"qwerty10"}','{}','{"server":"abc"}']
|
||||
-- no passwords or hashes in query_log
|
||||
|
@ -235,6 +235,17 @@ DROP USER u1_01292, u2_01292, u3_01292, u4_01292, u5_01292;
|
||||
DROP ROLE r1_01292, r2_01292;
|
||||
|
||||
SELECT '-- multiple authentication methods';
|
||||
CREATE USER u1_01292 IDENTIFIED WITH plaintext_password by '1', kerberos REALM 'qwerty10', bcrypt_password by '3', ldap SERVER 'abc';
|
||||
CREATE USER u1_01292 IDENTIFIED WITH plaintext_password by 'qwe123', kerberos REALM 'qwerty10', bcrypt_password by '123qwe', ldap SERVER 'abc';
|
||||
SELECT name, auth_type, auth_params FROM system.users WHERE name = 'u1_01292' ORDER BY name;
|
||||
DROP USER u1_01292;
|
||||
|
||||
SELECT '-- no passwords or hashes in query_log';
|
||||
SYSTEM FLUSH LOGS;
|
||||
SELECT query
|
||||
FROM system.query_log
|
||||
WHERE
|
||||
query NOT LIKE '%query_log%' AND event_date >= yesterday() AND current_database = currentDatabase() AND
|
||||
(query LIKE '%qwe123%' OR query LIKE '%123qwe%' OR
|
||||
query LIKE '%18138372FAD4B94533CD4881F03DC6C69296DD897234E0CEE83F727E2E6B1F63%' OR
|
||||
query LIKE '%8DCDD69CE7D121DE8013062AEAEB2A148910D50E%' OR
|
||||
query like '%$2a$12$rz5iy2LhuwBezsM88ZzWiemOVUeJ94xHTzwAlLMDhTzwUxOHaY64q%');
|
||||
|
Loading…
Reference in New Issue
Block a user