thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-19 16:20:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

make sure all alters except id related are allowed even if state of user is invalid afterwards

Browse Source
This commit is contained in:
Arthur Passos 2024-08-21 19:07:54 -03:00
parent 4fd19c3ad9
commit d7d40db036
1 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/Interpreters/Access/InterpreterCreateUserQuery.cpp
View File

@ -82,19 +82,6 @@ namespace
user.authentication_methods.clear();
}
auto number_of_authentication_methods = user.authentication_methods.size() + authentication_methods.size();
if (number_of_authentication_methods > max_number_of_authentication_methods)
{
throw Exception(ErrorCodes::BAD_ARGUMENTS,
"User can not be created/updated because it exceeds the allowed quantity of authentication methods per user."
"Check the `max_authentication_methods_per_user` setting");
}
for (const auto & authentication_method : authentication_methods)
{
user.authentication_methods.emplace_back(authentication_method);
}
// drop existing ones and keep the most recent
if (reset_authentication_methods)
{
@ -103,6 +90,24 @@ namespace
user.authentication_methods.emplace_back(backup_authentication_method);
}
if (!authentication_methods.empty())
{
// we only check if user exceeds the allowed quantity of authentication methods in case the create/alter query includes
// authentication information. Otherwise, we can bypass this check to avoid blocking non-authentication related alters.
auto number_of_authentication_methods = user.authentication_methods.size() + authentication_methods.size();
if (number_of_authentication_methods > max_number_of_authentication_methods)
{
throw Exception(ErrorCodes::BAD_ARGUMENTS,
"User can not be created/updated because it exceeds the allowed quantity of authentication methods per user."
"Check the `max_authentication_methods_per_user` setting");
}
}
for (const auto & authentication_method : authentication_methods)
{
user.authentication_methods.emplace_back(authentication_method);
}
if (!query.alter)
{
for (const auto & authentication_method : user.authentication_methods)