Vitaly Baranov
30e3d61b01
Fix calculating implicit access rights.
2020-07-10 17:16:43 +03:00
Denis Glazachev
9effacfbc1
Merge branch 'master' into ldap-per-user-authentication
...
* master: (1102 commits)
Update README.md
Update README.md
Update README.md
Update index.md
[docs] add intrdocution for statements page (#12189 )
Revert "Run perf tests with memory sampling (for allocations >1M)"
Sanitize LINK_LIBRARIES property for the directories (#12160 )
[docs] refactor Domains overview (#12186 )
DOCS-647: toStartOfSecond (#12190 )
[docs] add intrdocution for commercial page (#12187 )
DOCSUP-1348 Russian translation for new functions (#133 ) (#12194 )
changelog fixes
Update index.md (#12191 )
Update zh kafka.md title (#12192 )
Added test for #3767
style fix for #12152
Tests for fixed issues #10846 and #7347
changelog fixes
[docs] introduction for special table engines (#12170 )
[docs] introduction for third-party interfaces (#12175 )
...
# Conflicts:
# src/Access/ya.make
# src/Common/ErrorCodes.cpp
2020-07-08 00:42:09 +04:00
Vitaly Baranov
03b36c262e
Improve REVOKE command: now it requires only grant/admin option for only
...
access which will be revoked.
REVOKE ALL FROM user1 now revokes all granted roles.
2020-07-02 12:54:24 +03:00
Vitaly Baranov
c39eb8f71b
Fix partial revokes (complex cases).
2020-06-30 18:47:02 +03:00
Vitaly Baranov
eb27814fbe
Fix access rights: cannot grant INTROSPECTION when allow_introspection_functions=0.
2020-06-29 16:43:31 +03:00
Vitaly Baranov
f3f005d5b9
Merge pull request #12015 from vitlibar/fix-access-rights-allow-ddl-0
...
Fix calculation of access rights when allow_ddl = 0
2020-06-29 15:14:22 +03:00
Vitaly Baranov
bd72bd6e10
Fix access rights: cannot grant DDL when allow_ddl=0
2020-06-28 21:38:14 +03:00
alesapin
11f88340a5
Merge branch 'mongo' of https://github.com/ageraab/ClickHouse into storage_mongodb
2020-06-26 16:03:06 +03:00
sundy-li
0a4af8f0a7
add SYSTEM DROP REPLICA
2020-06-23 12:12:30 +08:00
Denis Glazachev
5db60202b6
Merge branch 'master' into ldap-per-user-authentication
2020-06-19 00:11:08 +04:00
Denis Glazachev
7317acb609
Silently reject empty passwords. Empty user names are rejected verbosely.
2020-06-18 23:33:59 +04:00
Vitaly Baranov
9fe47df2e8
Support multiple users/roles in SHOW CREATE USER(ROLE, etc.) and SHOW GRANTS FOR commands.
...
Support syntax "SHOW CREATE USER ALL" and "SHOW GRANTS FOR ALL".
2020-06-15 22:07:47 +03:00
Vitaly Baranov
4bd00b02e2
Improve syntax of CREATE QUOTA. Now resource types and key types could be written with underscores.
...
Also rename columns key_type=>keys and source=>storage in table system.quotas.
2020-06-15 20:10:34 +03:00
Vitaly Baranov
7d1951a79b
Improve messages for errors in access storages.
2020-06-15 20:10:34 +03:00
Vitaly Baranov
92b9f4a88d
Rename ExtendedRoleSet => RolesOrUsersSet.
2020-06-15 20:10:34 +03:00
Vitaly Baranov
9f31184d76
Support for multiple names in one CREATE/ALTER command.
2020-06-15 20:10:28 +03:00
Vitaly Baranov
3ffcb8e790
Fix casting values of settings while reading profiles from users.xml.
2020-06-15 01:44:25 +03:00
Vitaly Baranov
ca2fb59321
Fix calculating full names of row policies.
2020-06-15 01:44:25 +03:00
Denis Glazachev
276fcd8903
Add/rename parameters that control TLS
2020-06-12 21:59:47 +04:00
Denis Glazachev
04f222f85b
Tell OpenLDAP too create a new SSL/TLS context for each connection
2020-06-12 16:48:00 +04:00
Denis Glazachev
9e3a28a6b8
Merge branch 'master' into ldap-per-user-authentication
...
* master: (414 commits)
Update file.md
Update merge.md
Update dictionary.md
Update external-data.md
Update distributed.md
Update null.md
Update set.md
Update join.md
Update url.md
Update view.md
Update materializedview.md
Update memory.md
Update buffer.md
Update generate.md
removed a sentence about global lock during rename (#11577 )
greatCircleAngle en translation (#11584 )
Update configuration-files.md
try fix flacky test
Update why.html
Update rich.html
...
# Conflicts:
# src/Common/ErrorCodes.cpp
# utils/ci/jobs/quick-build/run.sh
2020-06-11 03:06:17 +04:00
Denis Glazachev
848330b37a
Expect <ldap_servers> in main config.xml
2020-06-11 02:48:15 +04:00
tavplubix
686c0539db
Merge pull request #11487 from ClickHouse/improve_dns_cache
...
Use DNSResolver to check if user is allowed to connect from an address
2020-06-07 19:55:03 +03:00
Alexander Tokmakov
0cf8015f4a
use DNSResolver to check if user is allowed to connect
2020-06-07 00:02:29 +03:00
Denis Glazachev
0197627f3f
Added checks for empty server name
2020-06-03 22:52:12 +04:00
Alexander Kuzmenkov
1c33918f07
style
2020-06-03 17:17:41 +03:00
Alexander Kuzmenkov
07e4bb7050
Remove assorted synonyms of LOGICAL_ERROR.
...
We don't need any special handling for them on the client, and, on the
contrary, have to handle them as logical errors in tests.
2020-06-03 16:18:42 +03:00
Denis Glazachev
b28def8f4c
Stylistic changes
2020-06-03 15:20:53 +04:00
Denis Glazachev
48f3d4094a
Remove irrelevant stuff
2020-06-03 01:06:44 +04:00
Denis Glazachev
c427524bc8
Simplefy ExternalAuthenticators exposure to isCorrectPassword()
2020-06-03 01:02:31 +04:00
Denis Glazachev
b7caa154e2
Add ARCADIA_BUILD check
2020-06-03 00:37:14 +04:00
Denis Glazachev
6ff0550e4e
Move parseExternalAuthenticators functionality into the c-tor of ExternalAuthenticators
2020-06-02 13:37:02 +04:00
Denis Glazachev
c61cbe8e98
Merge branch 'master' into ldap-per-user-authentication
...
* master: (114 commits)
Update PushingToViewsBlockOutputStream.cpp
Update PushingToViewsBlockOutputStream.cpp
make clang-10 happy
Fix sync_async test (remove timeout)
CLICKHOUSEDOCS-631: temporary_files_codec, join_on_disk_max_files_to_merge settings. (#11242 )
Suppress output of cancelled queries in clickhouse-client #9473
Better log messages in ConfigReloader
fix select from StorageJoin
Fix unit tests under MSan
Added test.
Fix build.
Fix arguments for AggregateFunctionQuantile/
Update style.md
Add a guide on error messages.
Report dictionary name on dictionary load errors.
more types in ASOF JOIN (#11301 )
Fix part_log test
Update test.
Add perftest.
Parallel processing for PushingToViewsBlockOutputStream::writeSuffix
...
2020-06-02 12:42:29 +04:00
Denis Glazachev
e8144976fe
Merge branch 'master' into ldap-per-user-authentication
2020-05-31 15:09:16 +04:00
Denis Glazachev
165dc4e109
Disable system static OpenLDAP linking support (due to fPIC mismatch)
2020-05-31 15:04:56 +04:00
Alexey Milovidov
25f941020b
Remove namespace pollution
2020-05-31 00:57:37 +03:00
Denis Glazachev
246900c1ac
Compilation fix
2020-05-29 18:33:50 +04:00
alexey-milovidov
304c6a1ee3
Merge pull request #11278 from vitlibar/fix-crash-set-default-role-with-wrong-args
...
Fix crash when SET DEFAULT ROLE is called with wrong arguments.
2020-05-29 16:24:42 +03:00
Denis Glazachev
9fb0a95c75
Compilation fix: add missing "/include"
...
Style fix
2020-05-29 16:14:42 +04:00
Denis Glazachev
d9ca9cd9b2
Compilation fix
...
Typo fix
2020-05-29 14:00:12 +04:00
Denis Glazachev
f1cfc7b472
Rename LDAP_PASSWORD to LDAP_SERVER and use "ldap_server" as a string key
...
Some refactoring
2020-05-29 11:47:01 +04:00
Vitaly Baranov
2d12b4d3ac
Fix crash when SET DEFAULT ROLE is called with wrong arguments.
2020-05-29 09:54:27 +03:00
Denis Glazachev
f9d4136792
Merge branch 'master' into ldap-per-user-authentication
2020-05-29 10:52:44 +04:00
Vitaly Baranov
d7cc703233
Merge pull request #11080 from vitlibar/add-authentication-type-to-system-users
...
Show authentication type in system.users table
2020-05-28 20:20:41 +03:00
Vitaly Baranov
98172deffc
Show authentication type in table system.users and while executing SHOW CREATE USER query.
2020-05-28 08:34:10 +03:00
Denis Glazachev
d4fd018715
Fix linking errors in parser-related test executables
2020-05-28 02:54:14 +04:00
Denis Glazachev
2863de750e
Merge branch 'master' into ldap-per-user-authentication
2020-05-28 01:30:52 +04:00
Denis Glazachev
d74f1357d4
Add LDAP authentication support
2020-05-28 01:06:33 +04:00
Maxim Akhmedov
e09bcb4290
Make possible adding nested storages to MultipleAccessStorage in run-time.
2020-05-26 17:05:06 +03:00
Vitaly Baranov
2c8a355f19
Merge pull request #11081 from vitlibar/fix-no-password-mode
...
Fix settings NO_PASSWORD authentication mode in users.xml.
2020-05-26 14:20:34 +03:00
Vitaly Baranov
eeb4cbc433
Fix settings NO_PASSWORD authentication mode in users.xml.
2020-05-25 11:35:26 +03:00
Alexey Milovidov
7e1813825b
Return old names of macros
2020-05-24 01:24:01 +03:00
Alexey Milovidov
9d24908e53
Progress on task
2020-05-23 20:52:11 +03:00
Alexey Milovidov
241f8c5431
find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" \+ [^+]+ \+ "[^"]+"\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" \+ ([^+]+) \+ "([^"]+)"\);/\1_FORMATTED(\2, "\3{}\5", \4);/'
2020-05-23 20:10:21 +03:00
Alexey Milovidov
f69cbdcbfc
find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" \+ [^+]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" \+ ([^+]+)\);/\1_FORMATTED(\2, "\3{}", \4);/'
2020-05-23 20:09:37 +03:00
Alexey Milovidov
f68d1ceb4f
find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" << [^<]+ << "[^"]+" << [^<]+ << "[^"]+" << [^<]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+)\);/\1_FORMATTED(\2, "\3{}\5{}\7{}", \4, \6, \8);/'
2020-05-23 20:02:09 +03:00
Alexey Milovidov
8042e5febe
find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" << [^<]+ << "[^"]+" << [^<]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+)\);/\1_FORMATTED(\2, "\3{}\5{}", \4, \6);/'
2020-05-23 19:58:15 +03:00
Alexey Milovidov
8d2e80a5e2
find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+"\)' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+, "[^"]+")\)/\1_FORMATTED(\2)/'
2020-05-23 19:42:39 +03:00
ageraab
cb24d47472
Merge branch 'master' into mongo
2020-05-16 02:56:22 +03:00
bobrovskij artemij
95677432e5
MongoDB engine (read-only)
2020-05-14 23:59:03 +03:00
Vitaly Baranov
bf2f38881d
Fix compilation.
2020-05-14 14:12:20 +03:00
Vitaly Baranov
c30587196a
Add system tables for users, roles and grants.
2020-05-14 14:12:20 +03:00
Vitaly Baranov
a14f322723
Add system tables for settings profiles.
2020-05-14 14:12:15 +03:00
Vitaly Baranov
5b84121d81
Improve system tables for quotas. Remove function currentQuota().
2020-05-13 19:40:48 +03:00
Vitaly Baranov
e64e2ebdf6
Improve system table for row policies. Remove function currentRowPolicies().
2020-05-13 19:40:48 +03:00
Vitaly Baranov
dd8b29b4fb
Use enum Type instead of std::type_index to represent the type of IAccessEntity.
...
This change simplifies handling of access entities in access storages.
2020-05-13 19:40:48 +03:00
Vitaly Baranov
b6fe726777
Rename row policy's 'name' to 'short_name', 'full_name' to 'name'.
...
This change simplifies the interface of IAccesEntity.
2020-05-13 19:40:48 +03:00
Vitaly Baranov
6f15a0d443
Improve the function range() to allow iterating through enum values.
2020-05-13 19:40:48 +03:00
Vitaly Baranov
c7213ab607
Use boost::flat_set instead of vector to store current and enabled roles.
2020-05-13 19:40:48 +03:00
Vitaly Baranov
b93a15ef36
Refactoring of settings profiles to store setting_index instead of setting_name.
2020-05-13 19:40:48 +03:00
Vitaly Baranov
66e348a93f
Refactoring of getting information about access rights.
2020-05-13 19:40:33 +03:00
Alexander Tokmakov
9ca144cab9
drop access cache on DROP DNS CACHE
2020-05-01 01:29:47 +03:00
Alexey Milovidov
be22a4b94e
Checkpoint
2020-04-22 08:39:31 +03:00
alexey-milovidov
17e7d4d88a
Merge pull request #10307 from abyss7/arcadia-4
...
Changes for auto-sync with Arcadia
2020-04-17 05:08:34 +03:00
Ivan Lezhankin
e230632645
Changes required for auto-sync with Arcadia
2020-04-16 15:31:57 +03:00
Alexey Milovidov
cdeda4ab91
Fix usage of max_parser_depth setting; remove harmful default function arguments
2020-04-16 04:06:10 +03:00
Alexey Milovidov
a4c2e9a599
Whitespace
2020-04-15 05:12:50 +03:00
Vitaly Baranov
2e55d44e57
Fix using the current database for access checking when the database isn't specified.
2020-04-11 20:13:56 +03:00
Vitaly Baranov
4d93577791
PREWHERE can be used now by user without row filtering.
2020-04-09 10:22:51 +03:00
Vitaly Baranov
23ac1ee87c
readonly user now can execute SHOW CREATE for access entities.
2020-04-09 10:22:51 +03:00
Vitaly Baranov
e573549945
Rework access rights for table functions.
2020-04-07 23:31:59 +03:00
Vitaly Baranov
42b8ed3ec6
Implement "ON CLUSTER" clause for access control SQL.
2020-04-07 23:31:59 +03:00
Vitaly Baranov
b77e0a5b4e
Avoid writing "HOST ANY" if the host is any by default.
2020-04-07 23:31:59 +03:00
Vitaly Baranov
d064ddfe13
Disable MemoryAccessStorage.
2020-04-07 23:31:59 +03:00
Vitaly Baranov
423fa5087a
Add SHOW_USERS(SHOW ROLES, etc.) privileges.
2020-04-07 23:20:38 +03:00
Vitaly Baranov
b4d7ef390c
Rename some access types: add ALTER and SYSTEM prefixes.
2020-04-07 23:20:38 +03:00
Vitaly Baranov
f53b4ad3a8
Replace access types "TRUNCATE_VIEW" and "TRUNCATE_TABLE" with "TRUNCATE".
2020-04-07 23:20:38 +03:00
Vitaly Baranov
e5d8f05251
Rename sql command "CREATE POLICY" -> "CREATE ROW POLICY", "CREATE POLICY" is now an alias.
2020-04-07 23:20:38 +03:00
Vitaly Baranov
c2f5e3c4ad
Improve declaration of access rights: single place in code instead of three.
2020-04-07 23:20:38 +03:00
alesapin
1cb072d58a
Merge branch 'master' into alter_rename_column
2020-04-06 11:40:27 +03:00
Ivan Lezhankin
06446b4f08
dbms/ → src/
2020-04-03 18:14:31 +03:00