Commit Graph

163 Commits

Author SHA1 Message Date
Filatenkov Artur
c23fe5baf6
Improve codec for encr 19896 (#27476)
* change syntax of encrypted command

* commit all encrypted changes

* correct encryption

* correct config for test

* add tests and correct code style and typos

* correct test

* fix unbundled build

* add log warning messages

* improve code according to review comments

* correct nonce

* correct errors found by fuzzing

* improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation

* Update CompressionCodecEncrypted.h

* Update 01683_codec_encrypted.sql

* correct compression factory after changes in master

* correct behavior with wrong key in data

* correct fuzzer

* add connection for fuzzer with fix for compression_encrypted

* refactor code

* add load from config with throwing errors on server start

* fix typos and check style

* Update Server.cpp

* correct loading and reading

* refactor code. fix uninitialized value

* refactor code

* move defines from server to cpp file

* correct build

* remove repeated code

* correct namespace

* fix code style
2021-09-13 11:25:36 +03:00
Maksim Kita
c76d404432 Fix compiled_expression_cache_size setting default value in configuration files 2021-09-09 21:36:15 +03:00
Vitaly Baranov
70c6623036
Merge branch 'master' into governance/session_log 2021-09-07 10:12:54 +03:00
alesapin
497c225203 Test log level for CI 2021-09-03 13:07:40 +03:00
Vasily Nemkov
c902afddde Added system.session_log table
Which logs all the info about LogIn, LogOut and LogIn Failure events.
Additional info that is logged:
- User name
- event type (LogIn, LogOut, LoginFailure)
- Event date\time\time with microseconds
- authentication type (same as for IDENTIFIED BY of CREATE USER statement)
- array of active settings profiles upon login
- array of active roles upon login
- array of changed settings with corresponding values
- client address and port
- interface (TCP\HTTP\MySQL\PostgreSQL, etc.)
- client info (name, version info)
- optional LoginFailure reason text message.

Added some tests to verify that events are properly saved with all necessary info via following interfaces:
- TCP
- HTTP
- MySQL

Known limitations
- Not tested against named HTTP sessions, PostgreSQL and gRPC, hence those are not guaranteed to work 100% properly.
2021-08-30 18:28:28 +03:00
Denis Zhuravlev
c83551ef8e enable part_log by default 2021-08-12 21:10:20 -03:00
Raúl Marín
9f32ecca89 Merge remote-tracking branch 'blessed/master' into materialization_log 2021-08-02 16:21:10 +02:00
PHO
6425dd001a
Add a codec AES_128_GCM_SIV for encrypting columns on disk (#19896)
* Add a codec Encrypted() for encrypting columns on disk

While this is implemented as a compression codec, it does not actually compress data. It instead encrypts data on disk. The key is obtained by executing a user-specified command at the server startup, or if it's not specified the codec refuses to process any data. For now the only supported cipher is 'AES-128-GCM-SIV'.
2021-07-30 12:12:33 +03:00
Raúl Marín
4a09c54a04 Merge remote-tracking branch 'blessed/master' into materialization_log 2021-07-28 10:38:47 +02:00
Raúl Marín
ab05fc12e2 Docs and settings 2021-07-27 16:29:33 +02:00
Raúl Marín
6b9ec2a62e WIP 2021-07-27 16:28:28 +02:00
Raúl Marín
ea5c02a605 WIP 2021-07-27 16:26:27 +02:00
Azat Khuzhin
8ef677b15f Add ability to set any rocksdb option via config.xml
v2: Cover rocksdb options in ClickHouse config
v3: add missing __init__.py
v4: Rework rocksdb options from config
v5: add column_family_options support
2021-07-27 08:40:50 +03:00
Alexey Milovidov
c059d0a0ee More metrics 2021-07-05 01:41:09 +03:00
cn-ds
aa98d6be3a
Improve documentation about <remote_url_allow_hosts>
Adding an example in the comments about the xml tag to use to specify allowed host

https://github.com/ClickHouse/ClickHouse/issues/24836
2021-06-03 14:21:42 +02:00
Vitaliy Zakaznikov
03ebd18d01 Merge branch 'master' of https://github.com/ClickHouse/ClickHouse into ldap-user-dn-detection 2021-05-18 14:08:28 -04:00
Maksim Kita
4cd097b983 Fixed config.xml 2021-05-08 17:39:35 +03:00
Maksim Kita
6dc0dcdfa4 Fixed code review issues 2021-05-08 17:39:35 +03:00
alexey-milovidov
98091a0434
Update config.xml 2021-05-08 03:43:06 +03:00
Zhichun Wu
ff305b2b1e
Add JDBC bridge instructions
Add JDBC bridge configuration and instructions for installation.
2021-05-08 07:56:20 +08:00
Denis Glazachev
902d519b40 Merge branch 'master' into ldap-user-dn-detection
* master: (694 commits)
  Fix integration test test_storage_kafka failed error
  Fix test 00163_column_oriented_formats failed error
  Read ORC file by stripe to reduce memory cost
  Function toDateTime decimal overflow ubsan fix
  Revert "[RFC] Fix memory tracking with min_bytes_to_use_mmap_io"
  Zlib use attribute constructor for functable initialization
  Translate to Russian (clickhouse-client documentation)
  Simple key dictionary primary key wrong order fix
  Disable hedged requests
  Added integration test
  Revert "Function `arrayFold` for folding over array with accumulator"
  Fix documentation for the GRANT command.
  Added system query reload model
  Make function `unhex` case insensitive for compatibility
  Improve documentation for CREATE ROW POLICY command #2.
  Add exception message
  Fix tidy
  Fix waiting for all connections closed on shutdown.
  Disable postgresql_port in perf tests
  Mark 01605_adaptive_granularity_block_borders as long
  ...
2021-04-19 18:36:07 +04:00
alexey-milovidov
786f340256
Merge pull request #22755 from kssenii/postgresql-protocol-with-row-policy
Allow row policy in postgresql protocol
2021-04-17 01:55:30 +03:00
Azat Khuzhin
e8b1aa09b5 Slifghtly improve information about available logger levels. 2021-04-14 23:15:31 +03:00
kssenii
3420cf9142 Add setting to config 2021-04-07 14:02:54 +00:00
Denis Glazachev
9a5032585f Merge branch 'master' into ldap-user-dn-detection
* master: (860 commits)
  Update version_date.tsv after release 21.2.8.31
  Update version_date.tsv after release 21.3.5.42
  Fixed typos
  Add metric to track how much time is spend during waiting for Buffer layer lock
  Safer SCOPE_EXIT
  Add SCOPE_EXIT_SAFE/SCOPE_EXIT_MEMORY_SAFE helpers
  Lock MEMORY_LIMIT_EXCEEDED in ThreadStatus::detachQuery()
  Update CHANGELOG.md
  Reset timeouts to default
  Add Third party service info
  Disable table function view in expression (#21465)
  fix test 01702_system_query_log
  Remove strange fsync on coordination logs rotation
  add test
  MemoryStorage sync comments and code
  Fix typos
  Support alter setting
  Handle not plain where tree in StorageMerge modifySelect
  Updated test
  Change Aggregatingmergetree to AggregatingMergeTree in docs
  ...
2021-04-07 16:27:52 +04:00
Denis Glazachev
0762e1a890 Implement config parsing and actual support for user_dn_detection section and user_dn placeholder substitution
Refactor some config parsing code
Rename some arguments to better reflect their meaning
Add documentation for user_dn_detection section and user_dn placeholder in config.xml and in docs
2021-03-29 02:23:20 +04:00
Alexey Milovidov
2a8ac01cdb Rename as suggested by Kita 2021-03-28 22:24:28 +03:00
Alexey Milovidov
6f9f7d118d Fixes 2021-03-28 04:27:26 +03:00
Alexey Milovidov
50f712e198 Integrate mmap cache to the infrastructure 2021-03-28 04:10:30 +03:00
alexey-milovidov
9e0d53c0e6
Merge pull request #20058 from excitoon-favorites/remotehostfilterdisallowall
Fixed open behavior of remote host filter in case when there is `remote_url_allow_hosts` section in configuration but no entries there
2021-03-12 11:14:15 +03:00
Denis Glazachev
290a6d273e
Add Kerberos support for authenticating existing users when accessing over HTTP 2021-03-11 23:41:10 +03:00
Azat Khuzhin
0e68fc67aa Add other distributed_ddl settings into config.xml as an example 2021-02-28 05:45:12 +03:00
alexey-milovidov
4390cb3d73
Update config.xml 2021-02-20 09:49:02 +03:00
Alexey Milovidov
ddb2cbcf6d Merge branch 'master' into in-memory-compression 2021-02-14 04:32:41 +03:00
Alexey Milovidov
58f1d4d910 Add comment to config 2021-02-11 16:41:21 +03:00
Azat Khuzhin
935870b2c2 Add separate config directive for Buffer profile
If you push data via Buffer engine then all your queries will be done
from one user, however this is not always desired behavior, since this
will not allow to limit queries with max_concurrent_queries_for_user and
similar.
2021-02-10 21:40:26 +03:00
Vladimir Chebotarev
f106d58c05 Minor fix. 2021-02-04 10:41:47 +03:00
Denis Glazachev
30ab2830e0 Merge branch 'master' into ldap-role-mapping
* master: (605 commits)
  DOCSUP-4710: Added support numeric parameters in number and string data types (#18696)
  DOCSUP-5604: Edit and translate to Russian (#18929)
  Update version_date.tsv after release 21.1.2.15
  Usability improvement of clickhouse-test
  Update jit_large_requests.xml
  Update README.md
  Update images.json
  Make symbolizers available in fuzzer Docker image
  Update Dragonbox
  Speed up aggregate function sum
  Fix MSan report in Kerberos library
  Fix MSan error in rocksdb #19213
  Add more Fuzzer tasks
  Fixes
  Update comment for curl dependency for aws
  Disable curl for mariadb-connector-c (it is not required)
  Fix TSan
  Skip test for ANTLR
  DistributedBlockOutputStream: add more comments
  DistributedBlockOutputStream: Remove superfluous brackets for string construction
  ...
2021-01-18 22:55:05 +04:00
Alexey Milovidov
6dcc779978 Merge branch 'master' into spongedu-complete_sysemlog_table_doc 2021-01-07 22:27:37 +03:00
Denis Glazachev
8893fbcf8e Rename {username} to {user_name}
Add caching/checking of search_params
Adjust comments/doc
Use special authentication logic from ExternalAuthenticators::checkLDAPCredentials
2021-01-06 07:40:47 +04:00
Denis Glazachev
c8cf51b81e Merge branch 'master' into ldap-role-mapping
* master: (620 commits)
  Add test for some possible ambiguities in syntax
  Update PushingToViewsBlockOutputStream.h
  [For #18707] MySQL compatibility: support DIV and MOD operators
  Mark another flaky test
  Remove some headers
  Mark some TestFlows as flaky
  Fix error
  Fix errors
  One more test
  Arcadia does not support distributed queries
  Add a test for #14974
  Added a test from #15641
  More robust stateful test
  Update tests
  Remove bad code in HashJoin
  Update test
  Don't allow conversion between UUID and numeric types
  Remove pink screen with confusing questions about Kerberos
  Do not throw from Parser
  Fix the unexpected behaviour of show tables when antlr parser enabled (#18431)
  ...

# Conflicts:
#	programs/server/config.xml
#	src/Access/Authentication.cpp
#	src/Access/Authentication.h
2021-01-06 03:42:02 +04:00
Alexey Milovidov
063360511a Remove obsolete "incl" from /etc/metrika.xml; correct links in config 2021-01-04 21:01:17 +03:00
Vitaliy Zakaznikov
c12695ceed Merge branch 'master' of https://github.com/traceon/ClickHouse into ldap-role-mapping 2020-12-23 09:38:08 -05:00
Vitaliy Zakaznikov
26ca04c92d Merge branch 'master' of https://github.com/traceon/ClickHouse into ldap-cache-login 2020-12-23 08:17:12 -05:00
alexey-milovidov
6a5ce2eea7
Update config.xml 2020-12-18 07:58:56 +03:00
alexey-milovidov
b4a59aecfe
Update config.xml 2020-12-18 06:39:21 +03:00
Alexey Milovidov
92d8840ae5 Better config: example ports, security advices 2020-12-18 00:31:09 +03:00
Denis Glazachev
53db7e564c Do transformations based on prefix only 2020-12-17 18:29:05 +04:00
Azat Khuzhin
840a21d073 Add top_level_domains_path for easier overriding 2020-12-09 21:08:31 +03:00
Azat Khuzhin
916cbd6610 Add ability to use custom TLD list
v2: Add a note that top_level_domains_lists aren not applied w/o restart
v3: Remove ExtractFirstSignificantSubdomain{Default,Custom}Lookup.h headers
v4: TLDListsHolder: remove FIXME for dense_hash_map (this is not significant)
2020-12-09 21:08:22 +03:00