thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-12 01:12:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
109,733 Commits 9,297 Branches 1,782 Tags 2.1 GiB
1f59536d4a
Commit Graph

770 Commits

Author SHA1 Message Date
Konstantin Morozov
b4de735a90 refactoring: fix space 2022-08-28 20:55:08 +03:00
Konstantin Morozov
08e9e799d0 refactoring: fix 2022-08-28 20:53:00 +03:00
Konstantin Morozov
75bd61fad5 Merge remote-tracking branch 'origin/ref/remove-unnecessary-allocation' into ref/remove-unnecessary-allocation 
# Conflicts:
#	src/Access/ContextAccess.cpp
#	src/Access/ContextAccess.h
 2022-08-28 20:50:29 +03:00
Konstantin Morozov
7cd2821aed refactoring: template make helper 2022-08-28 20:42:55 +03:00
Konstantin Morozov
4050ab819e refactoring: remove unnecessary allocation 2022-08-28 17:23:17 +03:00
Konstantin Morozov
d4d80dd3c1 refactoring: remove unnecessary allocation 2022-08-28 17:09:13 +03:00
Sergei Trifonov
c5d1bbf680 reimplement with <allow> tag 2022-08-26 21:20:00 +02:00
Sergei Trifonov
856a2f5956 Allow to modify constrained settings in readonly mode 2022-08-25 17:24:24 +02:00
avogar
8dd54c043d Merge branch 'master' of github.com:ClickHouse/ClickHouse into schema-inference-cache 2022-08-17 11:47:40 +00:00
alexX512
6bf29cb610 Change class LRUCache to class CachBase. Check running CacheBase with default pcahce policy SLRU 2022-08-07 19:59:30 +00:00
avogar
9b1a267203 Refactor, remove TTL, add size limit, add system table and system query 2022-08-05 16:20:15 +00:00
Azat Khuzhin
498c8b3c52 Fix clang-tidy in utils/examples 
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
 2022-07-29 11:36:51 +03:00
Alexander Tokmakov
bed2206ae9
Merge pull request #39460 from ClickHouse/remove_some_dead_and_commented_code 
Remove some dead and commented code
 2022-07-22 13:24:34 +03:00
Alexander Tokmakov
9e9969cea7
Merge pull request #37827 from arthurpassos/host_regexp_multiple_domains 
Test host_regexp against all PTR records instead of only one
 2022-07-21 16:43:05 +03:00
Alexander Tokmakov
a8da5d96fc remove some dead and commented code 2022-07-21 15:05:48 +02:00
Nikolai Kochetov
91043351aa Fixing build. 2022-07-20 20:30:16 +00:00
Vitaly Baranov
6bf7bffbeb Correct the list of always accessible system tables. 2022-07-15 15:44:29 +02:00
Vitaly Baranov
de34d173ba Remove excessive log messages. 2022-07-15 15:44:29 +02:00
Vitaly Baranov
c85b2b5732 Add option enabling that SELECT from the system database requires grant. 2022-07-15 15:44:25 +02:00
avogar
9291d33080 Pass const std::string_view & by value, not by reference 2022-07-14 16:11:57 +00:00
Arthur Passos
395dada988 minor style adjustments 2022-07-13 09:40:56 -03:00
Arthur Passos
cb349c05c5 minor adjustments 2022-07-12 19:27:44 -03:00
Arthur Passos
d48690d455 Make CaresPTRResolver a singleton through DNSPTRResolverProvider, add comments and address minor comments 2022-07-12 14:21:10 -03:00
Robert Schulze
1a7727a254
Prefix overridden add_executable() command with "clickhouse_" 
A simple HelloWorld program with zero includes except iostream triggers
a build of ca. 2000 source files. The reason is that ClickHouse's
top-level CMakeLists.txt overrides "add_executable()" to link all
binaries against "clickhouse_new_delete". This links against
"clickhouse_common_io", which in turn has lots of 3rd party library
dependencies ... Without linking "clickhouse_new_delete", the number of
compiled files for "HelloWorld" goes down to ca. 70.

As an example, the self-extracting-executable needs none of its current
dependencies but other programs may also benefit.

In order to restore access to the original "add_executable()", the
overriding version is now prefixed. There is precedence for a
"clickhouse_" prefix (as opposed to "ch_"), for example
"clickhouse_split_debug_symbols". In general prefixing makes sense also
because overriding CMake commands relies on undocumented behavior and is
considered not-so-great practice (*).

(*) https://crascit.com/2018/09/14/do-not-redefine-cmake-commands/
 2022-07-11 19:36:18 +02:00
Vitaly Baranov
ed27987646
Merge pull request #38861 from vitlibar/backup-improvements-9 
Backup Improvements 9
 2022-07-07 02:24:47 +02:00
Vitaly Baranov
1ac46c5e48 Fix making backups containing multiple ACL tables. 2022-07-05 20:57:01 +02:00
Vitaly Baranov
43d35eec1b Write unfinished mutations to backup. 2022-07-05 14:51:09 +02:00
Arthur Passos
d66154e697 Test host_regexp against all PTR records instead of only one 2022-07-04 10:05:28 -03:00
Vitaly Baranov
b4103c1a0e
Merge pull request #38674 from vitlibar/fix-crash-when-grant-all-on-cluster 
Fix crash when granting ALL on cluster.
 2022-07-04 10:13:56 +02:00
Vitaly Baranov
92e0ee0b6f More detailed error messages. 2022-07-03 14:20:19 +02:00
Vitaly Baranov
1a71e44b28
Merge pull request #38024 from nvartolomei/nv/error-if-profile-does-not-exist 
Throw exception when xml user profile does not exist
 2022-07-03 11:26:08 +02:00
mergify[bot]
dfac2ca2fc
Merge branch 'master' into fix-crash-when-grant-all-on-cluster 2022-07-02 17:38:45 +00:00
Vitaly Baranov
8195aa768b Move checking if parent profile is allowed to UsersConfigAccessStorage. 2022-07-01 14:46:35 +02:00
Vitaly Baranov
ae2f586170 Fix crash when granting ALL on cluster. 2022-07-01 12:19:56 +02:00
Vitaly Baranov
e367d96964 Fix style. 2022-06-30 15:10:33 +02:00
Vitaly Baranov
5456bde4a2 Improve gathering metadata for storing ACL in backups. 2022-06-30 09:46:37 +02:00
Vitaly Baranov
031ca28fdc Add test for partition clause. More checks for data compatibility on restore. 2022-06-30 08:37:18 +02:00
Vitaly Baranov
11b51d2878 Implement storing UDF in backups. 2022-06-30 08:37:17 +02:00
Vitaly Baranov
44db346fea Improve gathering metadata for backup - part 3. 2022-06-30 08:37:17 +02:00
Robert Schulze
f692ead6ad
Don't use std::unique_lock unless we have to 
Replace where possible by std::lock_guard which is more light-weight.
 2022-06-28 19:19:06 +00:00
Yakov Olkhovskiy
d5f65ece9b
Merge pull request #38105 from arenadata/ADQM-419 
Add kerberosInit function as a replacement for kinit executable calls in Kafka and HDFS
 2022-06-27 14:19:24 -04:00
mergify[bot]
f63c959679
Merge branch 'master' into cleanup_garbage_in_store_dir 2022-06-26 13:35:10 +00:00
Alexander Tokmakov
74f38710a8 Merge branch 'master' into cleanup_garbage_in_store_dir 2022-06-23 21:43:28 +02:00
kssenii
6fbd49f554 Merge master 2022-06-23 21:40:01 +02:00
kssenii
468c98ff42 Better 2022-06-23 17:46:27 +02:00
Roman Vasin
cb748cd8ec Fix code style in KerberosInit 2022-06-23 16:11:48 +03:00
Roman Vasin
4bf1fc4718 Add error code and message displaying in exceptions of KerberosInit; Correct code style in KerberosInit 2022-06-23 10:28:31 +03:00
kssenii
dce1c76270 Fix 2022-06-22 18:00:25 +02:00
Roman Vasin
7bd65c8c24 Add comments to KerberosInit; Remove input cache and flags from KerberosInit 2022-06-22 16:31:48 +03:00
Roman Vasin
f281199588 Fix code style in KerberosInit; Add anonymous namespace; Add comment about using kerberos_init 2022-06-22 11:28:00 +03:00
Roman Vasin
1d6eea6cfa Replace LOG_DEBUG by LOG_TRACE in KerberosInit; Correct exception message; Prohibit making a copy of KerberosInit 2022-06-21 18:55:17 +03:00
Alexander Tokmakov
ba0fcec993 add background cleanup of store/ subdirs 2022-06-21 12:35:47 +02:00
Robert Schulze
55b39e709d
Merge remote-tracking branch 'origin/master' into clang-tsa 2022-06-20 16:39:32 +02:00
Robert Schulze
5a4f21c50f
Support for Clang Thread Safety Analysis (TSA) 
- TSA is a static analyzer build by Google which finds race conditions
  and deadlocks at compile time.

- It works by associating a shared member variable with a
  synchronization primitive that protects it. The compiler can then
  check at each access if proper locking happened before. A good
  introduction are [0] and [1].

- TSA requires some help by the programmer via annotations. Luckily,
  LLVM's libcxx already has annotations for std::mutex, std::lock_guard,
  std::shared_mutex and std::scoped_lock. This commit enables them
  (--> contrib/libcxx-cmake/CMakeLists.txt).

- Further, this commit adds convenience macros for the low-level
  annotations for use in ClickHouse (--> base/defines.h). For
  demonstration, they are leveraged in a few places.

- As we compile with "-Wall -Wextra -Weverything", the required compiler
  flag "-Wthread-safety-analysis" was already enabled. Negative checks
  are an experimental feature of TSA and disabled
  (--> cmake/warnings.cmake). Compile times did not increase noticeably.

- TSA is used in a few places with simple locking. I tried TSA also
  where locking is more complex. The problem was usually that it is
  unclear which data is protected by which lock :-(. But there was
  definitely some weird code where locking looked broken. So there is
  some potential to find bugs.

*** Limitations of TSA besides the ones listed in [1]:

- The programmer needs to know which lock protects which piece of shared
  data. This is not always easy for large classes.

- Two synchronization primitives used in ClickHouse are not annotated in
  libcxx:
  (1) std::unique_lock: A releaseable lock handle often together with
      std::condition_variable, e.g. in solve producer-consumer problems.
  (2) std::recursive_mutex: A re-entrant mutex variant. Its usage can be
      considered a design flaw + typically it is slower than a standard
      mutex. In this commit, one std::recursive_mutex was converted to
      std::mutex and annotated with TSA.

- For free-standing functions (e.g. helper functions) which are passed
  shared data members, it can be tricky to specify the associated lock.
  This is because the annotations use the normal C++ rules for symbol
  resolution.

[0] https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
[1] https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/42958.pdf
 2022-06-20 16:13:25 +02:00
Vitaly Baranov
a6fc0dea4e Fix clang-tidy more. 2022-06-20 11:04:37 +02:00
Vitaly Baranov
2c8788266c Fix tests. 2022-06-20 03:44:49 +02:00
Vitaly Baranov
8a7c970ce0 Fix style. 2022-06-19 15:58:26 +02:00
Vitaly Baranov
115be82440 DiskAccessStorage is now allowed to backup by default. 2022-06-19 13:16:36 +02:00
Vitaly Baranov
9f197defda Add support for setting 'allow_backup' to skip access entities from putting to backup. 2022-06-19 12:49:50 +02:00
Vitaly Baranov
01aaaf7395 More accurate access checking for RESTORE. 2022-06-19 11:26:41 +02:00
Vitaly Baranov
a0c558a17e Implement backup/restore for ACL system tables (system.users, system.roles, etc.) 2022-06-17 18:14:31 +02:00
Roman Vasin
d93fd3bd2d Add complilation support for case when krb5 is not used 2022-06-16 09:30:40 +00:00
Vitaly Baranov
c0f06c5e16 Require new privilige 'BACKUP' to make a backup. 2022-06-15 20:32:35 +02:00
Roman Vasin
344fbe8de4 Fix code style 2022-06-15 20:26:42 +03:00
Roman Vasin
89a659e738 Move krb header files from KerberosInit.h to KerberosInit.cpp 2022-06-15 20:08:16 +03:00
Roman Vasin
1c26424371 Change message in StorageKafka; Code style correction 2022-06-15 19:35:21 +03:00
Roman Vasin
dd5b0ee065 Add kerberosInit() function to call KeberosInit 2022-06-15 17:02:53 +03:00
Antonio Andelic
dded528d13
Merge pull request #36424 from PolyProgrammist/r1unfreeze 
SYSTEM UNFREEZE query that deletes the whole backup
 2022-06-14 08:44:45 +02:00
Nikita Mikhaylov
fc626b2897
Update SettingsProfilesCache.cpp 2022-06-14 00:16:28 +02:00
Vitaly Baranov
241b51c7d4
Add implicit grants with grant option too. (#38017) 2022-06-14 00:09:51 +02:00
Nicolae Vartolomei
9555153f95 Throw exception when xml user profile does not exist 
Closes #26086
 2022-06-13 13:29:08 +00:00
Roman Vasin
4c560584c7 Code cleanup in KerberosInit and kafka integration tests 2022-06-10 12:38:39 +03:00
Roman Vasin
d1d6d87432 Cleanup code in KerberosInit 2022-06-09 11:51:15 +03:00
Roman Vasin
3cfea6e76f Cleanup code in KerberosInit, HDFSCommon and StorageKafka; update English and Russian documentation. 2022-06-08 17:57:45 +03:00
Vadim Volodin
637d293fbd Add SYSTEM UNFREEZE query 2022-06-08 15:21:14 +03:00
Roman Vasin
2b76d0c6a9 Add new integration test for kerberized Kafka; remove old kinit code from HDFSCommon 2022-06-08 12:26:35 +03:00
Roman Vasin
a156a77890 Add KerberosInit into StorageKafka 2022-06-07 14:59:46 +03:00
Vitaly Baranov
d199478169
Merge pull request #37303 from ClickHouse/fix_trash 
Try to fix some trash
 2022-06-07 10:17:39 +02:00
Roman Vasin
323835f51d Add renew/init logic in KerberosInit 2022-06-06 11:34:10 +03:00
Roman Vasin
8b5bf02927 Add support of cache commands in KerberosInit 2022-06-03 18:07:18 +03:00
Roman Vasin
82ce2d76c3 Add KerberosInit class; add kerberos_init console example; modify HDFSCommon.cpp 2022-06-03 12:06:31 +03:00
Alexander Tokmakov
cce9057eef fix style check 2022-06-02 15:27:32 +02:00
Alexander Tokmakov
3d346c766a better code 2022-06-01 16:49:26 +02:00
Maksim Kita
d1a4550b4f Fix create or drop of sql user defined functions in readonly mode 2022-05-31 17:23:41 +02:00
Alexander Tokmakov
4e52f45695 Merge branch 'master' into fix_trash 2022-05-28 19:43:19 +02:00
Alexander Tokmakov
eb71dd4c78
Merge pull request #37547 from ClickHouse/followup_37398 
Follow-up to #37398
 2022-05-26 20:29:41 +03:00
Alexander Tokmakov
e8f33fb0d9 fix flaky tests 2022-05-26 14:17:05 +02:00
Alexander Tokmakov
779e6ea0b9 make it better, fix on cluster queries 2022-05-25 20:17:49 +02:00
Alexander Tokmakov
4618429201 fixes 2022-05-24 18:53:52 +02:00
Alexander Tokmakov
dbde63d275 fixes 2022-05-24 14:24:03 +02:00
Alexander Tokmakov
d0f998fb88 Merge branch 'master' into fix_trash 2022-05-23 21:25:56 +02:00
Vitaly Baranov
9ec3b35cf2 Use AccessExpireCache instead of ExpireCache. 2022-05-21 10:15:44 +02:00
Vitaly Baranov
58f4a86ec7 Rework notifications used in access management. 2022-05-21 10:15:39 +02:00
Alexander Tokmakov
c48410b574 fix trash in my code 2022-05-21 02:05:02 +02:00
Alexander Tokmakov
9772924d06 Merge branch 'master' into fix_trash 2022-05-18 17:27:54 +02:00
Alexander Tokmakov
dea39d8175 fix some trash 2022-05-17 18:22:52 +02:00
Vitaly Baranov
f34a5cdee2
Merge branch 'master' into ON_CLUSTER-grant 2022-05-17 13:21:20 +02:00
Kseniia Sumarokova
94683786dc
Merge branch 'master' into MeiliSearch 2022-05-16 22:42:09 +02:00
Azat Khuzhin
01e1c5345a Add separate CLUSTER grant 
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.

Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)

So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:

    DROP DATABASE default ON CLUSTER cluster_with_data

This is not 100% safe, but at least something.

Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.

v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
 2022-05-16 13:57:45 +03:00
Robert Schulze
e3cfec5b09
Merge remote-tracking branch 'origin/master' into clangtidies 2022-05-16 10:12:50 +02:00
Marcelo Rodriguez
3b733ec8eb Update Exception Message for allowed auth types 
update error message per this commit:
cb66a63aa4

the xml tag changed from `<certificates>` to `<ssl_certificates>`

will also submit a correction to the following doc page:
https://clickhouse.com/docs/en/operations/external-authenticators/ssl-x509
 2022-05-11 10:56:12 -06:00
mergify[bot]
0e2a86dcee
Merge branch 'master' into MeiliSearch 2022-05-11 08:49:19 +00:00
Kruglov Pavel
23bd9390a6
Merge pull request #36997 from vitlibar/users-without-assigned-policies-can-view-rows 
Users without assigned row policies can view rows
 2022-05-09 12:04:50 +02:00
Robert Schulze
1b81bb49b4
Enable clang-tidy modernize-deprecated-headers & hicpp-deprecated-headers 
Official docs:

  Some headers from C library were deprecated in C++ and are no longer
  welcome in C++ codebases. Some have no effect in C++. For more details
  refer to the C++ 14 Standard [depr.c.headers] section. This check
  replaces C standard library headers with their C++ alternatives and
  removes redundant ones.
 2022-05-09 08:23:33 +02:00
Vitaly Baranov
69bec2f377 Users without assigned row policies can view rows now. 2022-05-07 14:50:24 +02:00
Robert Schulze
330212e0f4
Remove inherited create() method + disallow copying 
The original motivation for this commit was that shared_ptr_helper used
std::shared_ptr<>() which does two heap allocations instead of
make_shared<>() which does a single allocation. Turned out that
1. the affected code (--> Storages/) is not on a hot path (rendering the
performance argument moot ...)
2. yet copying Storage objects is potentially dangerous and was
   previously allowed.

Hence, this change

- removes shared_ptr_helper and as a result all inherited create() methods,

- instead, Storage objects are now created using make_shared<>() by the
  caller (for that to work, many constructors had to be made public), and

- all Storage classes were marked as noncopyable using boost::noncopyable.

In sum, we are (likely) not making things faster but the code becomes
cleaner and harder to misuse.
 2022-05-02 08:46:52 +02:00
Mikhail Artemenko
cf48390cb9
Merge branch 'master' into MeiliSearch 2022-05-02 00:28:42 +03:00
Nikita Mikhaylov
93a65463d0
Added SYSTEM SYNC DATABASE query (#35944) 2022-05-01 15:40:18 +02:00
Mikhail Artemenko
41f657d8ed
Merge branch 'master' into MeiliSearch 2022-05-01 10:01:56 +03:00
Alexey Milovidov
1ddb04b992
Merge pull request #36715 from amosbird/refactorbase 
Reorganize source files so that base won't depend on Common
 2022-04-30 09:40:58 +03:00
mergify[bot]
288b68c86e
Merge branch 'master' into followup_password_hash_salt 2022-04-29 08:17:05 +00:00
Amos Bird
4a5e4274f0
base should not depend on Common 2022-04-29 10:26:35 +08:00
Yakov Olkhovskiy
f966d69791 error processing for RAND_bytes, style issue 2022-04-21 13:07:44 -04:00
Yakov Olkhovskiy
85df222f15 refactoring ParserAttachAccessEntity 2022-04-20 22:57:44 -04:00
larryluogit
46a9226bf6
Merge branch 'ClickHouse:master' into feature-password 2022-04-20 07:57:21 -04:00
Rajkumar
419970cc1c moved class definition to header 2022-04-20 04:05:23 -07:00
Robert Schulze
118e94523c
Activate clang-tidy warning "readability-container-contains" 
This check suggests replacing <Container>.count() by
<Container>.contains() which is more speaking and in case of
multimaps/multisets also faster.
 2022-04-18 23:53:11 +02:00
larryluogit
393fd88d95
Merge branch 'ClickHouse:master' into feature-password 2022-04-18 11:39:40 -04:00
Alexey Milovidov
294efeccfe Fix clang-tidy-14 (part 1) 2022-04-16 04:54:04 +02:00
Mikhail Artemenko
2fd86cc564
Merge branch 'master' into MeiliSearch 2022-04-13 12:05:46 +03:00
Rajkumar
c711e42b62 argument changed to const ref 2022-04-12 09:31:32 -07:00
Rajkumar
14cb87e3ef password hash salt feature 2022-04-12 07:30:09 -07:00
Mikhail Artemenko
151eeb1a27
Merge branch 'master' into MeiliSearch 2022-04-06 17:07:55 +03:00
Alexander Tokmakov
a2167f12b8 Merge branch 'master' into mvcc_prototype 2022-04-04 14:24:23 +02:00
Alexey Milovidov
5a47958744
Merge pull request #35736 from CurtizJ/quota-written-bytes 
Add quota for written bytes
 2022-04-03 05:26:49 +03:00
Anton Popov
687942ce70 more strict quota for written bytes 2022-04-01 15:02:49 +00:00
Alexander Tokmakov
6591d1ceb7 Merge branch 'master' into mvcc_prototype 2022-04-01 15:38:46 +02:00
Anton Popov
caacc7d385 add quota for written bytes 2022-03-29 18:21:29 +00:00
taiyang-li
67c3c0be3d Merge branch 'master' into improve_access_type 2022-03-29 20:42:57 +08:00
Alexander Tokmakov
208b242188 Merge branch 'master' into mvcc_prototype 2022-03-28 19:58:06 +02:00
Alexey Milovidov
bb35184da1 Add metric about size of async INSERTs 2022-03-28 02:04:19 +02:00
Alexander Tokmakov
3c762f566d Merge branch 'master' into mvcc_prototype 2022-03-21 20:16:29 +01:00
Alexey Milovidov
0ce4696c49
Revert "[WIP] New row policies" 2022-03-21 08:41:33 +03:00
taiyang-li
7d50bd1eb3 add access type hive 2022-03-21 11:19:45 +08:00
Alexander Tokmakov
9e05b12d2c Merge branch 'master' into mvcc_prototype 2022-03-20 22:42:26 +01:00
Vitaly Baranov
afe6a1003a Add new row policy kind: simple 2022-03-20 17:34:59 +01:00
Vitaly Baranov
3e950d79b3 Add new setting rbac_version. 2022-03-17 15:28:51 +01:00
Vitaly Baranov
470582e262 Change type of RowPolicyKind: bool -> enum. 2022-03-17 15:28:05 +01:00
Alexander Tokmakov
4b3e13a4fe Merge branch 'master' into mvcc_prototype 2022-03-16 21:06:19 +01:00
Vitaly Baranov
39614e6e15
Merge pull request #35276 from vitlibar/fix-code-style-and-minor-corrections-after-allow-no-password 
Fix code style and other minor corrections after implementing allow_no_password.
 2022-03-16 18:55:05 +01:00
Vitaly Baranov
e690d28fef Update src/Access/AccessControl.cpp 
Co-authored-by: Antonio Andelic <antonio2368@users.noreply.github.com>
 2022-03-16 12:03:09 +01:00
Alexander Tokmakov
9702b5177d Merge branch 'master' into mvcc_prototype 2022-03-14 21:45:38 +01:00
Vitaly Baranov
1eb2e8693e Fix code style and other minor corrections after implementing allow_no_password. 2022-03-14 20:55:34 +01:00
Maksim Kita
e14cfd5dcd Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
Vitaly Baranov
4af61fb9d3
Merge pull request #34738 from DevTeamBK/Issue-33953 
New setting in Server Configuration to on/off AuthType Plaintext_password and No_password
 2022-03-14 17:09:46 +01:00
HeenaBansal2009
3f031df225 Code refactoring 2022-03-10 22:22:51 -08:00
Alexander Tokmakov
7f47f20aba add kill transaction query 2022-03-10 22:29:58 +01:00
HeenaBansal2009
3ce9397246 Added Suggestions from Code review 2022-03-09 20:35:01 -08:00
Vitaly Baranov
115c0c2aba
Merge pull request #34855 from vitlibar/ignore-obsolete-grants-in-attach-grants 
Ignore obsolete grants in ATTACH GRANT statements
 2022-03-04 12:50:09 +01:00
Maksim Kita
1f5837359e clang-tidy check performance-noexcept-move-constructor fix 2022-03-02 18:15:27 +00:00
HeenaBansal2009
c14c60f1d3 Merge branch 'master' into Issue-33953 2022-02-28 11:12:54 -08:00
HeenaBansal2009
aa8494a808 Fix: System Reload Config Failure 2022-02-28 10:51:49 -08:00
Vitaly Baranov
b7817b4cea Ignore obsolete grants in ATTACH GRANT statements. 2022-02-24 07:30:40 +03:00
Vitaly Baranov
aee67a6693
Merge pull request #31484 from eungenue/Implement-SSL-X509-certificate-authentication 
Implement ssl x509 certificate authentication
 2022-02-21 11:30:52 +03:00
Vitaly Baranov
cb66a63aa4 Rename header and config setting for consistency. 2022-02-21 07:41:06 +03:00
Vitaly Baranov
765d136d2a A few improvements in the implementation of SSL certificate authentication. 2022-02-21 07:41:02 +03:00
Vitaly Baranov
0d377de5f0 Support syntax CREATE USER IDENTIFIED WITH ssl_certificate CN ... 2022-02-21 07:01:00 +03:00
Vitaly Baranov
7b97c986cb
Revert "Allow restrictive row policies without permissive" 2022-02-21 06:54:28 +03:00
HeenaBansal2009
1b263f0c15 Added FT testcase 2022-02-18 12:58:46 -08:00
HeenaBansal2009
d16cae53b4 Initial Commit for Plaintext password feature 2022-02-17 21:25:18 -08:00
Vitaly Baranov
a4ef274aa1 Improve restrictive policies without permissive ones: in this case the result filter won't be calculated as False always anymore. 2022-02-17 14:18:15 +07:00
Vitaly Baranov
2de6e8e575 Change type of RowPolicyKind: bool -> enum. 2022-02-17 14:18:10 +07:00
Vitaly Baranov
e148b43a29 Privileges CREATE/ALTER/DROP ROW POLICY now can be granted on a table or on database.* as well as globally *.* 2022-02-11 12:35:52 +07:00
Maksim Kita
47412c9619 Fixed unit tests 2022-02-10 19:31:02 +00:00
Maksim Kita
3e21ebeb02 For SQLUserDefinedFunctions change access type from DATABASE to GLOBAL 2022-02-10 10:27:11 +00:00
cmsxbc
a33bd4c623
Merge branch 'master' into addressToLineWithInlines 2022-02-08 08:54:15 +08:00
Maksim Kita
bc6328e573 Fixed tests 2022-02-04 20:56:49 +00:00
cmsxbc
9f9fce07e2 Merge branch 'master' into addressToLineWithInlines 2022-02-04 20:43:00 +08:00
Vitaly Baranov
30557aebfb Add helper class to cache the result of checking access. 2022-02-02 22:22:41 +07:00
mergify[bot]
61ac72ca32
Merge branch 'master' into addressToLineWithInlines 2022-01-27 12:02:56 +00:00
Vitaly Baranov
cc38fe3fb6 Fix checking access for the SYSTEM command. 2022-01-25 18:54:59 +07:00
cmsxbc
58dd1a2d5c
add function addressToLineWithInlines 2022-01-25 19:13:47 +08:00
alexey-milovidov
3a196a118f
Merge pull request #33689 from traceon/fix-ldap-krb-config-handling 
Fix LDAP and Kerberos config handling
 2022-01-21 01:39:25 +03:00
Eugene Galkin
f46dca4793 support x509 ssl certificate authentication 2022-01-17 15:01:38 +03:00
Vitaly Baranov
bb620a93af
Merge pull request #33574 from vitlibar/fix-multiple-ldap-storages-in-same-config 
Fix using multiple LDAP storages in the same config.
 2022-01-17 13:58:12 +07:00
Vitaly Baranov
f707eb5531
Merge pull request #33401 from IlyaTsoi/master 
Fixed crash of the LDAP authorization process if there are parentheses in the user_dn variable
 2022-01-17 13:53:45 +07:00
Denis Glazachev
28bc286d8b Do not allow ldap servers with the same name 
Reset the set of ldap servers when config is re-read
 2022-01-17 00:31:10 +04:00
Denis Glazachev
0288967538 Disable kerberos if parsing the config failed 2022-01-17 00:30:03 +04:00
IlyaTsoi
7a08e1c0c4
Update LDAPClient.cpp 
Change volume of reserved memory for variable
 2022-01-14 15:29:57 +03:00
Vitaly Baranov
f818baf8f3
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:17:14 +07:00
Vitaly Baranov
7084099958
Update src/Access/LDAPAccessStorage.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:16:10 +07:00
huzhichengdd
1e0f867961
Update ContextAccess.cpp 2022-01-14 18:16:19 +08:00
huzhichengdd
71871c16db
Update ContextAccess.cpp 2022-01-14 18:04:55 +08:00
huzhichengdd
106f2fea86
Update ContextAccess.cpp 2022-01-14 18:04:26 +08:00
huzhichengdd
4a02d96af4
Update ContextAccess.cpp 2022-01-14 09:46:51 +08:00
IlyaTsoi
83f360c808
Update LDAPClient.cpp 
rename function escapeForLDAP to escapeForDN
 2022-01-13 22:28:19 +03:00
IlyaTsoi
dea356e3db
Update LDAPClient.cpp 
use escapeForFilter when assigning value to const final_search_filter
 2022-01-13 21:33:04 +03:00
IlyaTsoi
b3c4073aae
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:15:07 +03:00
IlyaTsoi
6a26eccc5b
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:14:07 +03:00
IlyaTsoi
f4af86b39e
Update src/Access/LDAPClient.cpp 
Remove trailing spaces:

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:59 +03:00
IlyaTsoi
900d5af9aa
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:00 +03:00
IlyaTsoi
f11d2b7188
Update src/Access/LDAPClient.cpp 
escape all special chars

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:10:12 +03:00
Vitaly Baranov
80cdfa5ec6 Fix using multiple LDAP storages in the same config. 2022-01-13 20:01:50 +07:00
huzhichengdd
33348454e2
Update ContextAccess.h 2022-01-13 15:21:09 +08:00
IlyaTsoi
e302cf5fdc Revert "Update LDAPClient.cpp" 
This reverts commit 30ef16ab58.
 2022-01-12 22:55:58 +03:00
IlyaTsoi
8be5e25239 Revert "The most minimalistic solution" 
This reverts commit 9472669dd5.
 2022-01-12 22:55:35 +03:00
huzhichengdd
d06486584b
Update ContextAccess.cpp 2022-01-12 17:03:55 +08:00
huzhichengdd
430bb12a35
Update ContextAccess.cpp 2022-01-12 17:01:58 +08:00
huzhichengdd
929c1a10b5
Apply suggestions from code review 
Co-authored-by: Vitaly Baranov <vitbar@yandex-team.ru>
 2022-01-12 17:00:54 +08:00
huzhichengdd
5be2ecd27b
Update ContextAccess.cpp 2022-01-12 16:46:39 +08:00