thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-23 16:12:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

pass session certificate for showCertificate()

Browse Source
This commit is contained in:
Yakov Olkhovskiy 2022-09-18 07:11:52 +00:00
parent 910d49302c
commit c66f412300
8 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/Functions/FunctionShowCertificate.h
View File

@ -1,5 +1,7 @@
#pragma once #pragma once
#include <memory>
#include <string>
#include <Common/config.h> #include <Common/config.h>
#include <Columns/ColumnMap.h> #include <Columns/ColumnMap.h>
@ -33,14 +35,18 @@ class FunctionShowCertificate : public IFunction
public: public:
static constexpr auto name = "showCertificate"; static constexpr auto name = "showCertificate";
static FunctionPtr create(ContextPtr) static FunctionPtr create(ContextPtr ctx)
{ {
#if !defined(USE_SSL) || USE_SSL == 0 #if !defined(USE_SSL) || USE_SSL == 0
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSL support is disabled"); throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSL support is disabled");
#endif #endif
return std::make_shared<FunctionShowCertificate>(); return std::make_shared<FunctionShowCertificate>(ctx->getQueryContext()->getClientInfo().certificate);
} }
std::string certificate;
explicit FunctionShowCertificate(const std::string & certificate_ = "") : certificate(certificate_) {}
String getName() const override { return name; } String getName() const override { return name; }
size_t getNumberOfArguments() const override { return 0; } size_t getNumberOfArguments() const override { return 0; }
@ -61,7 +67,15 @@ public:
if (input_rows_count) if (input_rows_count)
{ {
#if USE_SSL #if USE_SSL
if (const X509 * cert = SSL_CTX_get0_certificate(Poco::Net::SSLManager::instance().defaultServerContext()->sslContext())) std::unique_ptr<Poco::Crypto::X509Certificate> x509_cert;
if (!certificate.empty())
x509_cert = std::make_unique<Poco::Crypto::X509Certificate>(certificate);
const X509 * cert = x509_cert ?
x509_cert->certificate() :
SSL_CTX_get0_certificate(Poco::Net::SSLManager::instance().defaultServerContext()->sslContext());
if (cert)
{ {
BIO * b = BIO_new(BIO_s_mem()); BIO * b = BIO_new(BIO_s_mem());
SCOPE_EXIT( SCOPE_EXIT(

1
src/Interpreters/ClientInfo.h
View File

@ -69,6 +69,7 @@ public:
Interface interface = Interface::TCP; Interface interface = Interface::TCP;
bool is_secure = false; bool is_secure = false;
String certificate;
/// For tcp /// For tcp
String os_user; String os_user;

3
src/Interpreters/Session.cpp
View File

@ -244,7 +244,7 @@ void Session::shutdownNamedSessions()
NamedSessionsStorage::instance().shutdown(); NamedSessionsStorage::instance().shutdown();
} }
Session::Session(const ContextPtr & global_context_, ClientInfo::Interface interface_, bool is_secure) Session::Session(const ContextPtr & global_context_, ClientInfo::Interface interface_, bool is_secure, const std::string & certificate)
: auth_id(UUIDHelpers::generateV4()), : auth_id(UUIDHelpers::generateV4()),
global_context(global_context_), global_context(global_context_),
log(&Poco::Logger::get(String{magic_enum::enum_name(interface_)} + "-Session")) log(&Poco::Logger::get(String{magic_enum::enum_name(interface_)} + "-Session"))
@ -252,6 +252,7 @@ Session::Session(const ContextPtr & global_context_, ClientInfo::Interface inter
prepared_client_info.emplace(); prepared_client_info.emplace();
prepared_client_info->interface = interface_; prepared_client_info->interface = interface_;
prepared_client_info->is_secure = is_secure; prepared_client_info->is_secure = is_secure;
prepared_client_info->certificate = certificate;
} }
Session::~Session() Session::~Session()

2
src/Interpreters/Session.h
View File

@ -32,7 +32,7 @@ public:
/// Stops using named sessions. The method must be called at the server shutdown. /// Stops using named sessions. The method must be called at the server shutdown.
static void shutdownNamedSessions(); static void shutdownNamedSessions();
Session(const ContextPtr & global_context_, ClientInfo::Interface interface_, bool is_secure = false); Session(const ContextPtr & global_context_, ClientInfo::Interface interface_, bool is_secure = false, const std::string & certificate = "");
~Session(); ~Session();
Session(const Session &&) = delete; Session(const Session &&) = delete;

3
src/Server/TCPHandler.cpp
View File

@ -115,6 +115,7 @@ TCPHandler::TCPHandler(IServer & server_, TCPServer & tcp_server_, const Poco::N
, tcp_server(tcp_server_) , tcp_server(tcp_server_)
, log(&Poco::Logger::get("TCPHandler")) , log(&Poco::Logger::get("TCPHandler"))
, forwarded_for(stack_data.forwarded_for) , forwarded_for(stack_data.forwarded_for)
, certificate(stack_data.certificate)
, server_display_name(std::move(server_display_name_)) , server_display_name(std::move(server_display_name_))
{ {
} }
@ -1065,7 +1066,7 @@ std::unique_ptr<Session> TCPHandler::makeSession()
{ {
auto interface = is_interserver_mode ? ClientInfo::Interface::TCP_INTERSERVER : ClientInfo::Interface::TCP; auto interface = is_interserver_mode ? ClientInfo::Interface::TCP_INTERSERVER : ClientInfo::Interface::TCP;
auto res = std::make_unique<Session>(server.context(), interface, socket().secure()); auto res = std::make_unique<Session>(server.context(), interface, socket().secure(), certificate);
auto & client_info = res->getClientInfo(); auto & client_info = res->getClientInfo();
client_info.forwarded_for = forwarded_for; client_info.forwarded_for = forwarded_for;

1
src/Server/TCPHandler.h
View File

@ -153,6 +153,7 @@ private:
Poco::Logger * log; Poco::Logger * log;
String forwarded_for; String forwarded_for;
String certificate;
String client_name; String client_name;
UInt64 client_version_major = 0; UInt64 client_version_major = 0;

1
src/Server/TCPProtocolStackData.h
View File

@ -10,6 +10,7 @@ struct TCPProtocolStackData
{ {
Poco::Net::StreamSocket socket; Poco::Net::StreamSocket socket;
std::string forwarded_for; std::string forwarded_for;
std::string certificate;
}; };
} }

1
src/Server/TLSHandler.h
View File

@ -43,6 +43,7 @@ public:
ctx = new Context(Context::Usage::SERVER_USE, key, certificate, ctx->getCAPaths().caLocation); ctx = new Context(Context::Usage::SERVER_USE, key, certificate, ctx->getCAPaths().caLocation);
socket() = SecureStreamSocket::attach(socket(), ctx); socket() = SecureStreamSocket::attach(socket(), ctx);
stack_data.socket = socket(); stack_data.socket = socket();
stack_data.certificate = certificate;
#else #else
throw Exception{"SSL support for TCP protocol is disabled because Poco library was built without NetSSL support.", throw Exception{"SSL support for TCP protocol is disabled because Poco library was built without NetSSL support.",
ErrorCodes::SUPPORT_IS_DISABLED}; ErrorCodes::SUPPORT_IS_DISABLED};