Commit Graph

40 Commits

Author SHA1 Message Date
Vitaly Baranov
6c74b44729 Fix possible crash when login as dropped user. 2021-07-15 19:01:34 +03:00
Vitaly Baranov
1dc415596c Fix race condition in ContextAccess. 2021-05-17 10:03:26 +03:00
Vitaly Baranov
d6e0342c30 Improvements in implementations of the classes AccessRights and GrantedRoles. 2021-03-14 19:12:35 +03:00
Alexey Milovidov
9c1516bd74 Slightly better for gcc-9 2020-12-21 03:41:22 +03:00
Alexey Milovidov
31b955e14a Slightly better for gcc-9 2020-12-21 03:38:53 +03:00
Vitaly Baranov
d7a3cc8c90 Don't show the "_temporary_and_external_tables" database in system tables
system.databases, system.tables, system.columns.
2020-12-17 11:42:25 +03:00
Vitaly Baranov
a98e2311f8
Merge pull request #17908 from vitlibar/fix-checking-introspection-grants
Fix checking introspection grants
2020-12-14 12:10:17 +03:00
Vitaly Baranov
1b3893bcab User with allow_ddl=0 cannot do DDL but can grant DDL. 2020-12-11 16:38:49 +03:00
Vitaly Baranov
648be453a4 User with allow_introspection_functions=0 cannot call introspection functions but can grant INTROSPECTION. 2020-12-11 16:38:49 +03:00
Vitaly Baranov
710ba6f617 Simplify class ContextAccess. 2020-12-11 16:38:45 +03:00
Alexey Milovidov
c9aa412151 Allow quotas to be keyed by proxy-forwarded IP address 2020-12-02 00:09:16 +03:00
Alexey Milovidov
32ed8c9681 Fix trailing whitespace 2020-10-26 22:12:40 +03:00
Vitaly Baranov
eddd26cf3a Fix deadlock in InterpreterGrantQuery. 2020-10-13 01:03:47 +03:00
Vitaly Baranov
dbc837c148 IAccessStorage now can override the login() function. 2020-09-19 01:04:20 +03:00
Denis Glazachev
b68d7b6c24
Merge branch 'master' into ldap-per-user-authentication 2020-07-11 21:37:52 +04:00
Vitaly Baranov
30e3d61b01 Fix calculating implicit access rights. 2020-07-10 17:16:43 +03:00
Denis Glazachev
9effacfbc1 Merge branch 'master' into ldap-per-user-authentication
* master: (1102 commits)
  Update README.md
  Update README.md
  Update README.md
  Update index.md
  [docs] add intrdocution for statements page (#12189)
  Revert "Run perf tests with memory sampling (for allocations >1M)"
  Sanitize LINK_LIBRARIES property for the directories (#12160)
  [docs] refactor Domains overview (#12186)
  DOCS-647: toStartOfSecond (#12190)
  [docs] add intrdocution for commercial page (#12187)
  DOCSUP-1348 Russian translation for new functions (#133) (#12194)
  changelog fixes
  Update index.md (#12191)
  Update zh kafka.md title (#12192)
  Added test for #3767
  style fix for #12152
  Tests for fixed issues #10846 and #7347
  changelog fixes
  [docs] introduction for special table engines (#12170)
  [docs] introduction for third-party interfaces (#12175)
  ...

# Conflicts:
#	src/Access/ya.make
#	src/Common/ErrorCodes.cpp
2020-07-08 00:42:09 +04:00
Vitaly Baranov
03b36c262e Improve REVOKE command: now it requires only grant/admin option for only
access which will be revoked.
REVOKE ALL FROM user1 now revokes all granted roles.
2020-07-02 12:54:24 +03:00
Vitaly Baranov
c39eb8f71b Fix partial revokes (complex cases). 2020-06-30 18:47:02 +03:00
Vitaly Baranov
eb27814fbe Fix access rights: cannot grant INTROSPECTION when allow_introspection_functions=0. 2020-06-29 16:43:31 +03:00
Vitaly Baranov
bd72bd6e10 Fix access rights: cannot grant DDL when allow_ddl=0 2020-06-28 21:38:14 +03:00
Denis Glazachev
c427524bc8 Simplefy ExternalAuthenticators exposure to isCorrectPassword() 2020-06-03 01:02:31 +04:00
Denis Glazachev
2863de750e Merge branch 'master' into ldap-per-user-authentication 2020-05-28 01:30:52 +04:00
Denis Glazachev
d74f1357d4 Add LDAP authentication support 2020-05-28 01:06:33 +04:00
Alexey Milovidov
7e1813825b Return old names of macros 2020-05-24 01:24:01 +03:00
Alexey Milovidov
9d24908e53 Progress on task 2020-05-23 20:52:11 +03:00
Alexey Milovidov
f68d1ceb4f find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" << [^<]+ << "[^"]+" << [^<]+ << "[^"]+" << [^<]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+)\);/\1_FORMATTED(\2, "\3{}\5{}\7{}", \4, \6, \8);/' 2020-05-23 20:02:09 +03:00
Alexey Milovidov
8042e5febe find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" << [^<]+ << "[^"]+" << [^<]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+)\);/\1_FORMATTED(\2, "\3{}\5{}", \4, \6);/' 2020-05-23 19:58:15 +03:00
Vitaly Baranov
5b84121d81 Improve system tables for quotas. Remove function currentQuota(). 2020-05-13 19:40:48 +03:00
Vitaly Baranov
e64e2ebdf6 Improve system table for row policies. Remove function currentRowPolicies(). 2020-05-13 19:40:48 +03:00
Vitaly Baranov
c7213ab607 Use boost::flat_set instead of vector to store current and enabled roles. 2020-05-13 19:40:48 +03:00
Vitaly Baranov
66e348a93f Refactoring of getting information about access rights. 2020-05-13 19:40:33 +03:00
Ivan Lezhankin
e230632645 Changes required for auto-sync with Arcadia 2020-04-16 15:31:57 +03:00
Vitaly Baranov
2e55d44e57 Fix using the current database for access checking when the database isn't specified. 2020-04-11 20:13:56 +03:00
Vitaly Baranov
23ac1ee87c readonly user now can execute SHOW CREATE for access entities. 2020-04-09 10:22:51 +03:00
Vitaly Baranov
e573549945 Rework access rights for table functions. 2020-04-07 23:31:59 +03:00
Vitaly Baranov
423fa5087a Add SHOW_USERS(SHOW ROLES, etc.) privileges. 2020-04-07 23:20:38 +03:00
Vitaly Baranov
e5d8f05251 Rename sql command "CREATE POLICY" -> "CREATE ROW POLICY", "CREATE POLICY" is now an alias. 2020-04-07 23:20:38 +03:00
Vitaly Baranov
c2f5e3c4ad Improve declaration of access rights: single place in code instead of three. 2020-04-07 23:20:38 +03:00
Ivan Lezhankin
06446b4f08 dbms/ → src/ 2020-04-03 18:14:31 +03:00