Commit Graph

221 Commits

Author SHA1 Message Date
Vasily Nemkov
c902afddde Added system.session_log table
Which logs all the info about LogIn, LogOut and LogIn Failure events.
Additional info that is logged:
- User name
- event type (LogIn, LogOut, LoginFailure)
- Event date\time\time with microseconds
- authentication type (same as for IDENTIFIED BY of CREATE USER statement)
- array of active settings profiles upon login
- array of active roles upon login
- array of changed settings with corresponding values
- client address and port
- interface (TCP\HTTP\MySQL\PostgreSQL, etc.)
- client info (name, version info)
- optional LoginFailure reason text message.

Added some tests to verify that events are properly saved with all necessary info via following interfaces:
- TCP
- HTTP
- MySQL

Known limitations
- Not tested against named HTTP sessions, PostgreSQL and gRPC, hence those are not guaranteed to work 100% properly.
2021-08-30 18:28:28 +03:00
Anton Popov
c3c3a06078 Merge remote-tracking branch 'upstream/master' into HEAD 2021-08-20 01:45:38 +03:00
Denis Zhuravlev
c83551ef8e enable part_log by default 2021-08-12 21:10:20 -03:00
Anton Popov
16ed0f6ed4 Merge remote-tracking branch 'upstream/master' into HEAD 2021-08-02 17:55:17 +03:00
Raúl Marín
9f32ecca89 Merge remote-tracking branch 'blessed/master' into materialization_log 2021-08-02 16:21:10 +02:00
PHO
6425dd001a
Add a codec AES_128_GCM_SIV for encrypting columns on disk (#19896)
* Add a codec Encrypted() for encrypting columns on disk

While this is implemented as a compression codec, it does not actually compress data. It instead encrypts data on disk. The key is obtained by executing a user-specified command at the server startup, or if it's not specified the codec refuses to process any data. For now the only supported cipher is 'AES-128-GCM-SIV'.
2021-07-30 12:12:33 +03:00
Raúl Marín
4a09c54a04 Merge remote-tracking branch 'blessed/master' into materialization_log 2021-07-28 10:38:47 +02:00
Raúl Marín
ab05fc12e2 Docs and settings 2021-07-27 16:29:33 +02:00
Raúl Marín
6b9ec2a62e WIP 2021-07-27 16:28:28 +02:00
Raúl Marín
ea5c02a605 WIP 2021-07-27 16:26:27 +02:00
Azat Khuzhin
8ef677b15f Add ability to set any rocksdb option via config.xml
v2: Cover rocksdb options in ClickHouse config
v3: add missing __init__.py
v4: Rework rocksdb options from config
v5: add column_family_options support
2021-07-27 08:40:50 +03:00
Anton Popov
14168b11f2 Merge remote-tracking branch 'upstream/master' into HEAD 2021-07-07 17:05:11 +03:00
Alexey Milovidov
c059d0a0ee More metrics 2021-07-05 01:41:09 +03:00
Anton Popov
b3b29be02f Merge remote-tracking branch 'upstream/master' into HEAD 2021-06-07 19:03:24 +03:00
cn-ds
aa98d6be3a
Improve documentation about <remote_url_allow_hosts>
Adding an example in the comments about the xml tag to use to specify allowed host

https://github.com/ClickHouse/ClickHouse/issues/24836
2021-06-03 14:21:42 +02:00
Anton Popov
3e92c7f61a Merge remote-tracking branch 'upstream/master' into HEAD 2021-05-25 21:45:19 +03:00
Vitaliy Zakaznikov
03ebd18d01 Merge branch 'master' of https://github.com/ClickHouse/ClickHouse into ldap-user-dn-detection 2021-05-18 14:08:28 -04:00
Anton Popov
d8df0903b9 Merge remote-tracking branch 'upstream/master' into HEAD 2021-05-14 23:38:16 +03:00
Maksim Kita
4cd097b983 Fixed config.xml 2021-05-08 17:39:35 +03:00
Maksim Kita
6dc0dcdfa4 Fixed code review issues 2021-05-08 17:39:35 +03:00
alexey-milovidov
98091a0434
Update config.xml 2021-05-08 03:43:06 +03:00
Zhichun Wu
ff305b2b1e
Add JDBC bridge instructions
Add JDBC bridge configuration and instructions for installation.
2021-05-08 07:56:20 +08:00
Anton Popov
aea93d9ae5 Merge remote-tracking branch 'upstream/master' into HEAD 2021-04-20 15:16:12 +03:00
Denis Glazachev
902d519b40 Merge branch 'master' into ldap-user-dn-detection
* master: (694 commits)
  Fix integration test test_storage_kafka failed error
  Fix test 00163_column_oriented_formats failed error
  Read ORC file by stripe to reduce memory cost
  Function toDateTime decimal overflow ubsan fix
  Revert "[RFC] Fix memory tracking with min_bytes_to_use_mmap_io"
  Zlib use attribute constructor for functable initialization
  Translate to Russian (clickhouse-client documentation)
  Simple key dictionary primary key wrong order fix
  Disable hedged requests
  Added integration test
  Revert "Function `arrayFold` for folding over array with accumulator"
  Fix documentation for the GRANT command.
  Added system query reload model
  Make function `unhex` case insensitive for compatibility
  Improve documentation for CREATE ROW POLICY command #2.
  Add exception message
  Fix tidy
  Fix waiting for all connections closed on shutdown.
  Disable postgresql_port in perf tests
  Mark 01605_adaptive_granularity_block_borders as long
  ...
2021-04-19 18:36:07 +04:00
alexey-milovidov
786f340256
Merge pull request #22755 from kssenii/postgresql-protocol-with-row-policy
Allow row policy in postgresql protocol
2021-04-17 01:55:30 +03:00
Anton Popov
6ce875175b Merge remote-tracking branch 'upstream/master' into HEAD 2021-04-16 02:08:20 +03:00
Azat Khuzhin
e8b1aa09b5 Slifghtly improve information about available logger levels. 2021-04-14 23:15:31 +03:00
kssenii
3420cf9142 Add setting to config 2021-04-07 14:02:54 +00:00
Denis Glazachev
9a5032585f Merge branch 'master' into ldap-user-dn-detection
* master: (860 commits)
  Update version_date.tsv after release 21.2.8.31
  Update version_date.tsv after release 21.3.5.42
  Fixed typos
  Add metric to track how much time is spend during waiting for Buffer layer lock
  Safer SCOPE_EXIT
  Add SCOPE_EXIT_SAFE/SCOPE_EXIT_MEMORY_SAFE helpers
  Lock MEMORY_LIMIT_EXCEEDED in ThreadStatus::detachQuery()
  Update CHANGELOG.md
  Reset timeouts to default
  Add Third party service info
  Disable table function view in expression (#21465)
  fix test 01702_system_query_log
  Remove strange fsync on coordination logs rotation
  add test
  MemoryStorage sync comments and code
  Fix typos
  Support alter setting
  Handle not plain where tree in StorageMerge modifySelect
  Updated test
  Change Aggregatingmergetree to AggregatingMergeTree in docs
  ...
2021-04-07 16:27:52 +04:00
Anton Popov
372a1b1fe7 Merge remote-tracking branch 'upstream/master' into HEAD 2021-03-29 19:57:49 +03:00
Denis Glazachev
0762e1a890 Implement config parsing and actual support for user_dn_detection section and user_dn placeholder substitution
Refactor some config parsing code
Rename some arguments to better reflect their meaning
Add documentation for user_dn_detection section and user_dn placeholder in config.xml and in docs
2021-03-29 02:23:20 +04:00
Alexey Milovidov
2a8ac01cdb Rename as suggested by Kita 2021-03-28 22:24:28 +03:00
Alexey Milovidov
6f9f7d118d Fixes 2021-03-28 04:27:26 +03:00
Alexey Milovidov
50f712e198 Integrate mmap cache to the infrastructure 2021-03-28 04:10:30 +03:00
alexey-milovidov
9e0d53c0e6
Merge pull request #20058 from excitoon-favorites/remotehostfilterdisallowall
Fixed open behavior of remote host filter in case when there is `remote_url_allow_hosts` section in configuration but no entries there
2021-03-12 11:14:15 +03:00
Denis Glazachev
290a6d273e
Add Kerberos support for authenticating existing users when accessing over HTTP 2021-03-11 23:41:10 +03:00
Anton Popov
f7c7c5a9c7 Revert "refactoring of serializations"
This reverts commit df6663dcb6.
2021-03-09 20:25:23 +03:00
Anton Popov
df6663dcb6 refactoring of serializations 2021-03-09 20:02:26 +03:00
Anton Popov
bc417cf54a refactoring of serializations 2021-03-09 17:46:52 +03:00
Azat Khuzhin
0e68fc67aa Add other distributed_ddl settings into config.xml as an example 2021-02-28 05:45:12 +03:00
alexey-milovidov
4390cb3d73
Update config.xml 2021-02-20 09:49:02 +03:00
Alexey Milovidov
ddb2cbcf6d Merge branch 'master' into in-memory-compression 2021-02-14 04:32:41 +03:00
Alexey Milovidov
58f1d4d910 Add comment to config 2021-02-11 16:41:21 +03:00
Azat Khuzhin
935870b2c2 Add separate config directive for Buffer profile
If you push data via Buffer engine then all your queries will be done
from one user, however this is not always desired behavior, since this
will not allow to limit queries with max_concurrent_queries_for_user and
similar.
2021-02-10 21:40:26 +03:00
Vladimir Chebotarev
f106d58c05 Minor fix. 2021-02-04 10:41:47 +03:00
Denis Glazachev
30ab2830e0 Merge branch 'master' into ldap-role-mapping
* master: (605 commits)
  DOCSUP-4710: Added support numeric parameters in number and string data types (#18696)
  DOCSUP-5604: Edit and translate to Russian (#18929)
  Update version_date.tsv after release 21.1.2.15
  Usability improvement of clickhouse-test
  Update jit_large_requests.xml
  Update README.md
  Update images.json
  Make symbolizers available in fuzzer Docker image
  Update Dragonbox
  Speed up aggregate function sum
  Fix MSan report in Kerberos library
  Fix MSan error in rocksdb #19213
  Add more Fuzzer tasks
  Fixes
  Update comment for curl dependency for aws
  Disable curl for mariadb-connector-c (it is not required)
  Fix TSan
  Skip test for ANTLR
  DistributedBlockOutputStream: add more comments
  DistributedBlockOutputStream: Remove superfluous brackets for string construction
  ...
2021-01-18 22:55:05 +04:00
Alexey Milovidov
6dcc779978 Merge branch 'master' into spongedu-complete_sysemlog_table_doc 2021-01-07 22:27:37 +03:00
Denis Glazachev
8893fbcf8e Rename {username} to {user_name}
Add caching/checking of search_params
Adjust comments/doc
Use special authentication logic from ExternalAuthenticators::checkLDAPCredentials
2021-01-06 07:40:47 +04:00
Denis Glazachev
c8cf51b81e Merge branch 'master' into ldap-role-mapping
* master: (620 commits)
  Add test for some possible ambiguities in syntax
  Update PushingToViewsBlockOutputStream.h
  [For #18707] MySQL compatibility: support DIV and MOD operators
  Mark another flaky test
  Remove some headers
  Mark some TestFlows as flaky
  Fix error
  Fix errors
  One more test
  Arcadia does not support distributed queries
  Add a test for #14974
  Added a test from #15641
  More robust stateful test
  Update tests
  Remove bad code in HashJoin
  Update test
  Don't allow conversion between UUID and numeric types
  Remove pink screen with confusing questions about Kerberos
  Do not throw from Parser
  Fix the unexpected behaviour of show tables when antlr parser enabled (#18431)
  ...

# Conflicts:
#	programs/server/config.xml
#	src/Access/Authentication.cpp
#	src/Access/Authentication.h
2021-01-06 03:42:02 +04:00
Alexey Milovidov
063360511a Remove obsolete "incl" from /etc/metrika.xml; correct links in config 2021-01-04 21:01:17 +03:00
Vitaliy Zakaznikov
c12695ceed Merge branch 'master' of https://github.com/traceon/ClickHouse into ldap-role-mapping 2020-12-23 09:38:08 -05:00
Vitaliy Zakaznikov
26ca04c92d Merge branch 'master' of https://github.com/traceon/ClickHouse into ldap-cache-login 2020-12-23 08:17:12 -05:00
alexey-milovidov
6a5ce2eea7
Update config.xml 2020-12-18 07:58:56 +03:00
alexey-milovidov
b4a59aecfe
Update config.xml 2020-12-18 06:39:21 +03:00
Alexey Milovidov
92d8840ae5 Better config: example ports, security advices 2020-12-18 00:31:09 +03:00
Denis Glazachev
53db7e564c Do transformations based on prefix only 2020-12-17 18:29:05 +04:00
Azat Khuzhin
840a21d073 Add top_level_domains_path for easier overriding 2020-12-09 21:08:31 +03:00
Azat Khuzhin
916cbd6610 Add ability to use custom TLD list
v2: Add a note that top_level_domains_lists aren not applied w/o restart
v3: Remove ExtractFirstSignificantSubdomain{Default,Custom}Lookup.h headers
v4: TLDListsHolder: remove FIXME for dense_hash_map (this is not significant)
2020-12-09 21:08:22 +03:00
Vitaly Baranov
f6f336ac78
Merge pull request #17888 from vitlibar/retrieve-logs-from-grpc
Retrieve logs from grpc
2020-12-08 20:54:02 +03:00
Vitaly Baranov
559afe028f Retrieve logs from grpc library and pass them to our logging system. 2020-12-07 23:39:55 +03:00
Vitaly Baranov
76afe58bbf Fix commenting in the server config. 2020-12-07 21:50:55 +03:00
spongedc
5914e6e451 Refine documents for system log table, and fix a link error in config.xml 2020-12-07 16:04:29 +08:00
Alexey Milovidov
3e2447391b Support for PROXY protocol 2020-12-03 00:05:51 +03:00
Alexander Kuzmenkov
6e1512304c
no TTL by default, as before 2020-12-01 15:59:31 +03:00
spongedc
9e995d9756 1.make ttl option more generic 2. add check if engine specified for system log 2020-12-01 00:29:36 +08:00
spongedc
d96600678d Merge remote-tracking branch 'origin/master' into add_ttl_option_for_syslog 2020-11-30 22:53:52 +08:00
Alexey Milovidov
24bd2e8e8e GRPC: better config 2020-11-28 08:44:16 +03:00
Nikita Mikhaylov
0b6f5c75b9
Merge pull request #17435 from vitlibar/grpc-protocol-2
Implement GRPC protocol (corrections)
2020-11-27 15:19:50 +03:00
felixxdu
17e83cbb8d Merge remote-tracking branch 'origin/master' into add_ttl_option_for_syslog 2020-11-27 10:02:57 +08:00
Denis Glazachev
81280072df Merge branch 'master' into ldap-role-mapping
* master: (207 commits)
  Update RadixSort.h
  rerun tests to be sure
  Update date_time_short perf test for toUnixTimestamp(Date())
  update test
  remove comments
  better
  fix tests
  style
  update copy pasted test
  better
  comments
  better merge
  new interface for the function
  better
  Fix comments
  Add missing file
  Make the code less bad
  initial
  test added
  style
  ...
2020-11-26 18:29:13 +04:00
felixxdu
4cc6594cb8 Support configure Ssystem log table's ttl in config.xml 2020-11-26 17:37:42 +08:00
Vitaly Baranov
1fc43b3c93 Remove trailing whitespaces in config.xml 2020-11-26 10:27:04 +03:00
Vitaly Baranov
49cf980761 Use port 9100 for grpc by default. 2020-11-26 10:14:27 +03:00
Nikolai Kochetov
729272391f
Merge branch 'master' into ip-dict-no-trie 2020-11-25 23:07:19 +03:00
Vitaly Baranov
eab3006a4d Support SSL and compression when using gRPC protocol. 2020-11-24 17:55:02 +03:00
Denis Glazachev
a367abb88f Merge branch 'master' into ldap-cache-login
* master: (70 commits)
  Update documentation-issue.md
  Add an option to use existing tables to perf.py
  DOCSUP-4280: Update the SELECT query (#17231)
  DOCSUP-3584 edit and translate (#17176)
  Fixed flaky test_storage_s3::test_custom_auth_headers
  Update 01560_merge_distributed_join.sql
  Minor improvements
  Slightly more correct
  Auto version update to [20.13.1.1] [54444]
  Auto version update to [20.12.1.5236] [54443]
  Update roadmap
  Add favicon; add loading indicator
  Fix race condition; history and sharing capabilities
  Update bitmap-functions.md
  Fix exception message
  Use default value for read-only flag in metadata for Disk3.
  ISSUES-16605 try fix review comment
  trigger CI
  ISSUES-16605 try fix integration failure
  ISSUES-16605 try fix integration test failure
  ...
2020-11-24 02:55:20 +04:00
Denis Glazachev
b02f2cf1ca Merge branch 'master' into ldap-role-mapping
* master: (50 commits)
  Update documentation-issue.md
  Add an option to use existing tables to perf.py
  DOCSUP-4280: Update the SELECT query (#17231)
  DOCSUP-3584 edit and translate (#17176)
  Fixed flaky test_storage_s3::test_custom_auth_headers
  Update 01560_merge_distributed_join.sql
  Minor improvements
  Slightly more correct
  Auto version update to [20.13.1.1] [54444]
  Auto version update to [20.12.1.5236] [54443]
  Update roadmap
  Add favicon; add loading indicator
  Fix race condition; history and sharing capabilities
  Update bitmap-functions.md
  Fix exception message
  Use default value for read-only flag in metadata for Disk3.
  ISSUES-16605 try fix review comment
  trigger CI
  ISSUES-16605 try fix integration failure
  ISSUES-16605 try fix integration test failure
  ...
2020-11-24 02:53:26 +04:00
Denis Glazachev
c12e6ae7c5 Actualize
Add role_mapping documentation (comments)
2020-11-21 00:49:29 +04:00
Azat Khuzhin
8a7376247b Add a comment about rotation policy into server config 2020-11-19 01:07:09 +03:00
vdimir
a67f5b780f
Use sorted ip array instead of trie in TrieDictionary 2020-11-08 19:19:04 +03:00
Vitaliy Zakaznikov
e6d04b4780 Merge branch 'master' of https://github.com/traceon/ClickHouse into ldap-cache-login 2020-11-03 16:53:23 -05:00
Alexander Kuzmenkov
6509f1eb39
Merge branch 'master' into minumum 2020-10-27 21:38:23 +03:00
Mikhail Filimonov
41971e073a
Fix typos reported by codespell 2020-10-27 12:04:03 +01:00
Alexander Kuzmenkov
5a70e26c70 Merge remote-tracking branch 'origin/master' into HEAD 2020-10-26 19:21:13 +03:00
Denis Glazachev
f2a6696362 Implement verification_cooldown LDAP server connection param 2020-10-26 16:44:36 +04:00
Azat Khuzhin
edc8d6e5e7 Fix async Distributed INSERT w/ prefer_localhost_replica=0 and internal_replication 2020-10-25 14:27:06 +03:00
Alexander Kuzmenkov
5cbf645de4 Merge remote-tracking branch 'origin/master' into tmp 2020-10-22 19:48:02 +03:00
Alexander Kuzmenkov
145e2b012f cleanup 2020-10-22 19:47:20 +03:00
alexey-milovidov
2b00b5391a
Merge pull request #11844 from Enmk/AES_encrypt_decrypt
encrypt and decrypt functions
2020-10-20 22:57:35 +03:00
Alexey Milovidov
5e502c52b3 Merge branch 'master' into AES_encrypt_decrypt 2020-10-14 16:30:23 +03:00
Alexander Kuzmenkov
626c2a3e28 microsecond precision for start/finish time 2020-09-30 19:16:33 +03:00
Alexander Kuzmenkov
7b64ca33b1 Merge remote-tracking branch 'origin/master' into tmp 2020-09-22 14:02:20 +03:00
Alexander Kuzmenkov
bfc3be9e43 Merge remote-tracking branch 'origin/aku/tcp-versio' into tmp 2020-09-22 14:02:15 +03:00
Denis Glazachev
442b1407cf Merge branch 'master' into ldap-any-user-authentication
* master: (375 commits)
  Update type-conversion-functions.md
  Update maxmap.md
  Update maxmap.md
  Update maxmap.md
  Update single_fixed_string_groupby.xml
  Alter remove column properties and TTLs (#14742)
  better fixed string group by support
  Fix incorrect key condition of fixed strings.
  constant output order
  more tests for  #14646
  Maybe fix MSan report in base64
  Proper exception message for wrong number of arguments of CAST
  Added a test
  Fix buffer overflow in "bar" function
  Update convertMySQLDataType.cpp
  Fix clang-tidy
  Remove obsolete code from performance test
  Slightly better code
  Even more
  Even more
  ...

# Conflicts:
#	src/Interpreters/Context.cpp
2020-09-21 00:31:04 +04:00
alexey-milovidov
988b20a32c
Merge pull request #14684 from azat/parallel-distributed_ddl
Allow parallel execution of distributed DDL
2020-09-18 22:18:17 +03:00
Alexey Milovidov
799a675b5d Merge branch 'master' into AES_encrypt_decrypt 2020-09-17 21:42:51 +03:00
Vitaly Baranov
3356d75b23
Merge pull request #13156 from azat/cluster-secure
Secure inter-cluster query execution (with initial_user as current query user) [v3]
2020-09-17 17:11:00 +03:00
Alexander Kuzmenkov
6217dd77b5 Merge remote-tracking branch 'origin/master' into tmp 2020-09-17 12:35:10 +03:00
Azat Khuzhin
0159c74f21 Secure inter-cluster query execution (with initial_user as current query user) [v3]
Add inter-server cluster secret, it is used for Distributed queries
inside cluster, you can configure in the configuration file:

  <remote_servers>
      <logs>
          <shard>
              <secret>foobar</secret> <!-- empty -- works as before -->
              ...
          </shard>
      </logs>
  </remote_servers>

And this will allow clickhouse to make sure that the query was not
faked, and was issued from the node that knows the secret. And since
trust appeared it can use initial_user for query execution, this will
apply correct *_for_user (since with inter-server secret enabled, the
query will be executed from the same user on the shards as on initator,
unlike "default" user w/o it).

v2: Change user to the initial_user for Distributed queries if secret match
v3: Add Protocol::Cluster package
v4: Drop Protocol::Cluster and use plain Protocol::Hello + user marker
v5: Do not use user from Hello for cluster-secure (superfluous)
2020-09-15 01:36:28 +03:00
Alexey Milovidov
2ac88ab47d Added config option 2020-09-14 21:08:09 +03:00