thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-18 20:32:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
100,398 Commits 9,336 Branches 1,783 Tags 2.2 GiB
e78861ad1c
Commit Graph

657 Commits

Author SHA1 Message Date
Roman Vasin
344fbe8de4 Fix code style 2022-06-15 20:26:42 +03:00
Roman Vasin
89a659e738 Move krb header files from KerberosInit.h to KerberosInit.cpp 2022-06-15 20:08:16 +03:00
Roman Vasin
1c26424371 Change message in StorageKafka; Code style correction 2022-06-15 19:35:21 +03:00
Roman Vasin
dd5b0ee065 Add kerberosInit() function to call KeberosInit 2022-06-15 17:02:53 +03:00
Antonio Andelic
dded528d13
Merge pull request #36424 from PolyProgrammist/r1unfreeze 
SYSTEM UNFREEZE query that deletes the whole backup
 2022-06-14 08:44:45 +02:00
Nikita Mikhaylov
fc626b2897
Update SettingsProfilesCache.cpp 2022-06-14 00:16:28 +02:00
Vitaly Baranov
241b51c7d4
Add implicit grants with grant option too. (#38017) 2022-06-14 00:09:51 +02:00
Nicolae Vartolomei
9555153f95 Throw exception when xml user profile does not exist 
Closes #26086
 2022-06-13 13:29:08 +00:00
Roman Vasin
4c560584c7 Code cleanup in KerberosInit and kafka integration tests 2022-06-10 12:38:39 +03:00
Roman Vasin
d1d6d87432 Cleanup code in KerberosInit 2022-06-09 11:51:15 +03:00
Roman Vasin
3cfea6e76f Cleanup code in KerberosInit, HDFSCommon and StorageKafka; update English and Russian documentation. 2022-06-08 17:57:45 +03:00
Vadim Volodin
637d293fbd Add SYSTEM UNFREEZE query 2022-06-08 15:21:14 +03:00
Roman Vasin
2b76d0c6a9 Add new integration test for kerberized Kafka; remove old kinit code from HDFSCommon 2022-06-08 12:26:35 +03:00
Roman Vasin
a156a77890 Add KerberosInit into StorageKafka 2022-06-07 14:59:46 +03:00
Vitaly Baranov
d199478169
Merge pull request #37303 from ClickHouse/fix_trash 
Try to fix some trash
 2022-06-07 10:17:39 +02:00
Roman Vasin
323835f51d Add renew/init logic in KerberosInit 2022-06-06 11:34:10 +03:00
Roman Vasin
8b5bf02927 Add support of cache commands in KerberosInit 2022-06-03 18:07:18 +03:00
Roman Vasin
82ce2d76c3 Add KerberosInit class; add kerberos_init console example; modify HDFSCommon.cpp 2022-06-03 12:06:31 +03:00
Alexander Tokmakov
cce9057eef fix style check 2022-06-02 15:27:32 +02:00
Alexander Tokmakov
3d346c766a better code 2022-06-01 16:49:26 +02:00
Maksim Kita
d1a4550b4f Fix create or drop of sql user defined functions in readonly mode 2022-05-31 17:23:41 +02:00
Alexander Tokmakov
4e52f45695 Merge branch 'master' into fix_trash 2022-05-28 19:43:19 +02:00
Alexander Tokmakov
eb71dd4c78
Merge pull request #37547 from ClickHouse/followup_37398 
Follow-up to #37398
 2022-05-26 20:29:41 +03:00
Alexander Tokmakov
e8f33fb0d9 fix flaky tests 2022-05-26 14:17:05 +02:00
Alexander Tokmakov
779e6ea0b9 make it better, fix on cluster queries 2022-05-25 20:17:49 +02:00
Alexander Tokmakov
4618429201 fixes 2022-05-24 18:53:52 +02:00
Alexander Tokmakov
dbde63d275 fixes 2022-05-24 14:24:03 +02:00
Alexander Tokmakov
d0f998fb88 Merge branch 'master' into fix_trash 2022-05-23 21:25:56 +02:00
Vitaly Baranov
9ec3b35cf2 Use AccessExpireCache instead of ExpireCache. 2022-05-21 10:15:44 +02:00
Vitaly Baranov
58f4a86ec7 Rework notifications used in access management. 2022-05-21 10:15:39 +02:00
Alexander Tokmakov
c48410b574 fix trash in my code 2022-05-21 02:05:02 +02:00
Alexander Tokmakov
9772924d06 Merge branch 'master' into fix_trash 2022-05-18 17:27:54 +02:00
Alexander Tokmakov
dea39d8175 fix some trash 2022-05-17 18:22:52 +02:00
Vitaly Baranov
f34a5cdee2
Merge branch 'master' into ON_CLUSTER-grant 2022-05-17 13:21:20 +02:00
Kseniia Sumarokova
94683786dc
Merge branch 'master' into MeiliSearch 2022-05-16 22:42:09 +02:00
Azat Khuzhin
01e1c5345a Add separate CLUSTER grant 
In case you have different roles for the same user on multiple clusters,
ON CLUSTER query can help to overcome some limitations.

Consider the following example:
- cluster_with_data, dev_user (readonly=2)
- stage_cluster, dev_user (readonly=0)

So when you will execute the following query from stage_cluster, it will
be successfully executed, since ON CLUSTER queries has different system
profile:

    DROP DATABASE default ON CLUSTER cluster_with_data

This is not 100% safe, but at least something.

Note, that right now only ON CLUSTER query it self is supported, but
separate clusters are not (i.e. GRANT CLUSTER some_cluster_name TO
default), since right now grants sticked to database+.

v2: on_cluster_queries_require_cluster_grant
v3: fix test and process flags as bit mask
Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
 2022-05-16 13:57:45 +03:00
Robert Schulze
e3cfec5b09
Merge remote-tracking branch 'origin/master' into clangtidies 2022-05-16 10:12:50 +02:00
Marcelo Rodriguez
3b733ec8eb Update Exception Message for allowed auth types 
update error message per this commit:
cb66a63aa4

the xml tag changed from `<certificates>` to `<ssl_certificates>`

will also submit a correction to the following doc page:
https://clickhouse.com/docs/en/operations/external-authenticators/ssl-x509
 2022-05-11 10:56:12 -06:00
mergify[bot]
0e2a86dcee
Merge branch 'master' into MeiliSearch 2022-05-11 08:49:19 +00:00
Kruglov Pavel
23bd9390a6
Merge pull request #36997 from vitlibar/users-without-assigned-policies-can-view-rows 
Users without assigned row policies can view rows
 2022-05-09 12:04:50 +02:00
Robert Schulze
1b81bb49b4
Enable clang-tidy modernize-deprecated-headers & hicpp-deprecated-headers 
Official docs:

  Some headers from C library were deprecated in C++ and are no longer
  welcome in C++ codebases. Some have no effect in C++. For more details
  refer to the C++ 14 Standard [depr.c.headers] section. This check
  replaces C standard library headers with their C++ alternatives and
  removes redundant ones.
 2022-05-09 08:23:33 +02:00
Vitaly Baranov
69bec2f377 Users without assigned row policies can view rows now. 2022-05-07 14:50:24 +02:00
Robert Schulze
330212e0f4
Remove inherited create() method + disallow copying 
The original motivation for this commit was that shared_ptr_helper used
std::shared_ptr<>() which does two heap allocations instead of
make_shared<>() which does a single allocation. Turned out that
1. the affected code (--> Storages/) is not on a hot path (rendering the
performance argument moot ...)
2. yet copying Storage objects is potentially dangerous and was
   previously allowed.

Hence, this change

- removes shared_ptr_helper and as a result all inherited create() methods,

- instead, Storage objects are now created using make_shared<>() by the
  caller (for that to work, many constructors had to be made public), and

- all Storage classes were marked as noncopyable using boost::noncopyable.

In sum, we are (likely) not making things faster but the code becomes
cleaner and harder to misuse.
 2022-05-02 08:46:52 +02:00
Mikhail Artemenko
cf48390cb9
Merge branch 'master' into MeiliSearch 2022-05-02 00:28:42 +03:00
Nikita Mikhaylov
93a65463d0
Added SYSTEM SYNC DATABASE query (#35944) 2022-05-01 15:40:18 +02:00
Mikhail Artemenko
41f657d8ed
Merge branch 'master' into MeiliSearch 2022-05-01 10:01:56 +03:00
Alexey Milovidov
1ddb04b992
Merge pull request #36715 from amosbird/refactorbase 
Reorganize source files so that base won't depend on Common
 2022-04-30 09:40:58 +03:00
mergify[bot]
288b68c86e
Merge branch 'master' into followup_password_hash_salt 2022-04-29 08:17:05 +00:00
Amos Bird
4a5e4274f0
base should not depend on Common 2022-04-29 10:26:35 +08:00
Yakov Olkhovskiy
f966d69791 error processing for RAND_bytes, style issue 2022-04-21 13:07:44 -04:00
Yakov Olkhovskiy
85df222f15 refactoring ParserAttachAccessEntity 2022-04-20 22:57:44 -04:00
larryluogit
46a9226bf6
Merge branch 'ClickHouse:master' into feature-password 2022-04-20 07:57:21 -04:00
Rajkumar
419970cc1c moved class definition to header 2022-04-20 04:05:23 -07:00
Robert Schulze
118e94523c
Activate clang-tidy warning "readability-container-contains" 
This check suggests replacing <Container>.count() by
<Container>.contains() which is more speaking and in case of
multimaps/multisets also faster.
 2022-04-18 23:53:11 +02:00
larryluogit
393fd88d95
Merge branch 'ClickHouse:master' into feature-password 2022-04-18 11:39:40 -04:00
Alexey Milovidov
294efeccfe Fix clang-tidy-14 (part 1) 2022-04-16 04:54:04 +02:00
Mikhail Artemenko
2fd86cc564
Merge branch 'master' into MeiliSearch 2022-04-13 12:05:46 +03:00
Rajkumar
c711e42b62 argument changed to const ref 2022-04-12 09:31:32 -07:00
Rajkumar
14cb87e3ef password hash salt feature 2022-04-12 07:30:09 -07:00
Mikhail Artemenko
151eeb1a27
Merge branch 'master' into MeiliSearch 2022-04-06 17:07:55 +03:00
Alexander Tokmakov
a2167f12b8 Merge branch 'master' into mvcc_prototype 2022-04-04 14:24:23 +02:00
Alexey Milovidov
5a47958744
Merge pull request #35736 from CurtizJ/quota-written-bytes 
Add quota for written bytes
 2022-04-03 05:26:49 +03:00
Anton Popov
687942ce70 more strict quota for written bytes 2022-04-01 15:02:49 +00:00
Alexander Tokmakov
6591d1ceb7 Merge branch 'master' into mvcc_prototype 2022-04-01 15:38:46 +02:00
Anton Popov
caacc7d385 add quota for written bytes 2022-03-29 18:21:29 +00:00
taiyang-li
67c3c0be3d Merge branch 'master' into improve_access_type 2022-03-29 20:42:57 +08:00
Alexander Tokmakov
208b242188 Merge branch 'master' into mvcc_prototype 2022-03-28 19:58:06 +02:00
Alexey Milovidov
bb35184da1 Add metric about size of async INSERTs 2022-03-28 02:04:19 +02:00
Alexander Tokmakov
3c762f566d Merge branch 'master' into mvcc_prototype 2022-03-21 20:16:29 +01:00
Alexey Milovidov
0ce4696c49
Revert "[WIP] New row policies" 2022-03-21 08:41:33 +03:00
taiyang-li
7d50bd1eb3 add access type hive 2022-03-21 11:19:45 +08:00
Alexander Tokmakov
9e05b12d2c Merge branch 'master' into mvcc_prototype 2022-03-20 22:42:26 +01:00
Vitaly Baranov
afe6a1003a Add new row policy kind: simple 2022-03-20 17:34:59 +01:00
Vitaly Baranov
3e950d79b3 Add new setting rbac_version. 2022-03-17 15:28:51 +01:00
Vitaly Baranov
470582e262 Change type of RowPolicyKind: bool -> enum. 2022-03-17 15:28:05 +01:00
Alexander Tokmakov
4b3e13a4fe Merge branch 'master' into mvcc_prototype 2022-03-16 21:06:19 +01:00
Vitaly Baranov
39614e6e15
Merge pull request #35276 from vitlibar/fix-code-style-and-minor-corrections-after-allow-no-password 
Fix code style and other minor corrections after implementing allow_no_password.
 2022-03-16 18:55:05 +01:00
Vitaly Baranov
e690d28fef Update src/Access/AccessControl.cpp 
Co-authored-by: Antonio Andelic <antonio2368@users.noreply.github.com>
 2022-03-16 12:03:09 +01:00
Alexander Tokmakov
9702b5177d Merge branch 'master' into mvcc_prototype 2022-03-14 21:45:38 +01:00
Vitaly Baranov
1eb2e8693e Fix code style and other minor corrections after implementing allow_no_password. 2022-03-14 20:55:34 +01:00
Maksim Kita
e14cfd5dcd Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
Vitaly Baranov
4af61fb9d3
Merge pull request #34738 from DevTeamBK/Issue-33953 
New setting in Server Configuration to on/off AuthType Plaintext_password and No_password
 2022-03-14 17:09:46 +01:00
HeenaBansal2009
3f031df225 Code refactoring 2022-03-10 22:22:51 -08:00
Alexander Tokmakov
7f47f20aba add kill transaction query 2022-03-10 22:29:58 +01:00
HeenaBansal2009
3ce9397246 Added Suggestions from Code review 2022-03-09 20:35:01 -08:00
Vitaly Baranov
115c0c2aba
Merge pull request #34855 from vitlibar/ignore-obsolete-grants-in-attach-grants 
Ignore obsolete grants in ATTACH GRANT statements
 2022-03-04 12:50:09 +01:00
Maksim Kita
1f5837359e clang-tidy check performance-noexcept-move-constructor fix 2022-03-02 18:15:27 +00:00
HeenaBansal2009
c14c60f1d3 Merge branch 'master' into Issue-33953 2022-02-28 11:12:54 -08:00
HeenaBansal2009
aa8494a808 Fix: System Reload Config Failure 2022-02-28 10:51:49 -08:00
Vitaly Baranov
b7817b4cea Ignore obsolete grants in ATTACH GRANT statements. 2022-02-24 07:30:40 +03:00
Vitaly Baranov
aee67a6693
Merge pull request #31484 from eungenue/Implement-SSL-X509-certificate-authentication 
Implement ssl x509 certificate authentication
 2022-02-21 11:30:52 +03:00
Vitaly Baranov
cb66a63aa4 Rename header and config setting for consistency. 2022-02-21 07:41:06 +03:00
Vitaly Baranov
765d136d2a A few improvements in the implementation of SSL certificate authentication. 2022-02-21 07:41:02 +03:00
Vitaly Baranov
0d377de5f0 Support syntax CREATE USER IDENTIFIED WITH ssl_certificate CN ... 2022-02-21 07:01:00 +03:00
Vitaly Baranov
7b97c986cb
Revert "Allow restrictive row policies without permissive" 2022-02-21 06:54:28 +03:00
HeenaBansal2009
1b263f0c15 Added FT testcase 2022-02-18 12:58:46 -08:00
HeenaBansal2009
d16cae53b4 Initial Commit for Plaintext password feature 2022-02-17 21:25:18 -08:00
Vitaly Baranov
a4ef274aa1 Improve restrictive policies without permissive ones: in this case the result filter won't be calculated as False always anymore. 2022-02-17 14:18:15 +07:00
Vitaly Baranov
2de6e8e575 Change type of RowPolicyKind: bool -> enum. 2022-02-17 14:18:10 +07:00
Vitaly Baranov
e148b43a29 Privileges CREATE/ALTER/DROP ROW POLICY now can be granted on a table or on database.* as well as globally *.* 2022-02-11 12:35:52 +07:00
Maksim Kita
47412c9619 Fixed unit tests 2022-02-10 19:31:02 +00:00
Maksim Kita
3e21ebeb02 For SQLUserDefinedFunctions change access type from DATABASE to GLOBAL 2022-02-10 10:27:11 +00:00
cmsxbc
a33bd4c623
Merge branch 'master' into addressToLineWithInlines 2022-02-08 08:54:15 +08:00
Maksim Kita
bc6328e573 Fixed tests 2022-02-04 20:56:49 +00:00
cmsxbc
9f9fce07e2 Merge branch 'master' into addressToLineWithInlines 2022-02-04 20:43:00 +08:00
Vitaly Baranov
30557aebfb Add helper class to cache the result of checking access. 2022-02-02 22:22:41 +07:00
mergify[bot]
61ac72ca32
Merge branch 'master' into addressToLineWithInlines 2022-01-27 12:02:56 +00:00
Vitaly Baranov
cc38fe3fb6 Fix checking access for the SYSTEM command. 2022-01-25 18:54:59 +07:00
cmsxbc
58dd1a2d5c
add function addressToLineWithInlines 2022-01-25 19:13:47 +08:00
alexey-milovidov
3a196a118f
Merge pull request #33689 from traceon/fix-ldap-krb-config-handling 
Fix LDAP and Kerberos config handling
 2022-01-21 01:39:25 +03:00
Eugene Galkin
f46dca4793 support x509 ssl certificate authentication 2022-01-17 15:01:38 +03:00
Vitaly Baranov
bb620a93af
Merge pull request #33574 from vitlibar/fix-multiple-ldap-storages-in-same-config 
Fix using multiple LDAP storages in the same config.
 2022-01-17 13:58:12 +07:00
Vitaly Baranov
f707eb5531
Merge pull request #33401 from IlyaTsoi/master 
Fixed crash of the LDAP authorization process if there are parentheses in the user_dn variable
 2022-01-17 13:53:45 +07:00
Denis Glazachev
28bc286d8b Do not allow ldap servers with the same name 
Reset the set of ldap servers when config is re-read
 2022-01-17 00:31:10 +04:00
Denis Glazachev
0288967538 Disable kerberos if parsing the config failed 2022-01-17 00:30:03 +04:00
IlyaTsoi
7a08e1c0c4
Update LDAPClient.cpp 
Change volume of reserved memory for variable
 2022-01-14 15:29:57 +03:00
Vitaly Baranov
f818baf8f3
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:17:14 +07:00
Vitaly Baranov
7084099958
Update src/Access/LDAPAccessStorage.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:16:10 +07:00
huzhichengdd
1e0f867961
Update ContextAccess.cpp 2022-01-14 18:16:19 +08:00
huzhichengdd
71871c16db
Update ContextAccess.cpp 2022-01-14 18:04:55 +08:00
huzhichengdd
106f2fea86
Update ContextAccess.cpp 2022-01-14 18:04:26 +08:00
huzhichengdd
4a02d96af4
Update ContextAccess.cpp 2022-01-14 09:46:51 +08:00
IlyaTsoi
83f360c808
Update LDAPClient.cpp 
rename function escapeForLDAP to escapeForDN
 2022-01-13 22:28:19 +03:00
IlyaTsoi
dea356e3db
Update LDAPClient.cpp 
use escapeForFilter when assigning value to const final_search_filter
 2022-01-13 21:33:04 +03:00
IlyaTsoi
b3c4073aae
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:15:07 +03:00
IlyaTsoi
6a26eccc5b
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:14:07 +03:00
IlyaTsoi
f4af86b39e
Update src/Access/LDAPClient.cpp 
Remove trailing spaces:

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:59 +03:00
IlyaTsoi
900d5af9aa
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:00 +03:00
IlyaTsoi
f11d2b7188
Update src/Access/LDAPClient.cpp 
escape all special chars

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:10:12 +03:00
Vitaly Baranov
80cdfa5ec6 Fix using multiple LDAP storages in the same config. 2022-01-13 20:01:50 +07:00
huzhichengdd
33348454e2
Update ContextAccess.h 2022-01-13 15:21:09 +08:00
IlyaTsoi
e302cf5fdc Revert "Update LDAPClient.cpp" 
This reverts commit 30ef16ab58.
 2022-01-12 22:55:58 +03:00
IlyaTsoi
8be5e25239 Revert "The most minimalistic solution" 
This reverts commit 9472669dd5.
 2022-01-12 22:55:35 +03:00
huzhichengdd
d06486584b
Update ContextAccess.cpp 2022-01-12 17:03:55 +08:00
huzhichengdd
430bb12a35
Update ContextAccess.cpp 2022-01-12 17:01:58 +08:00
huzhichengdd
929c1a10b5
Apply suggestions from code review 
Co-authored-by: Vitaly Baranov <vitbar@yandex-team.ru>
 2022-01-12 17:00:54 +08:00
huzhichengdd
5be2ecd27b
Update ContextAccess.cpp 2022-01-12 16:46:39 +08:00
huzhichengdd
4e94b1a2cb
Update ContextAccess.cpp 2022-01-12 16:44:37 +08:00
huzhichengdd
11a3a7889b
Update ContextAccess.h 2022-01-12 16:44:02 +08:00
huzhichengdd
4bff38a3bd
Update ContextAccess.cpp 2022-01-12 16:43:28 +08:00
huzhichengdd
f5eada7ec7
Update AccessControl.cpp 2022-01-12 16:42:33 +08:00
huzhichengdd
9cbb3586c6
Update ContextAccess.cpp 2022-01-12 16:28:41 +08:00
huzhichengdd
4ffc898063
Update ContextAccess.h 2022-01-12 15:37:16 +08:00
huzhichengdd
0864549c4c
Update ContextAccess.cpp 2022-01-12 15:35:40 +08:00
huzhichengdd
3111ce3e71
Update AccessControl.cpp 2022-01-12 15:34:05 +08:00
Vitaly Baranov
5528ddc545
Update AccessControl.cpp 
Tabs are not allowed, replaced with spaces
 2022-01-10 23:31:11 +07:00
huzhichengdd
a59354b820
Update AccessControl.cpp 2022-01-10 10:42:58 +08:00
huzhichengdd
5ffa16a8a6 fix ContextAccess constructor to avoid coredump 2022-01-10 02:31:55 +00:00
IlyaTsoi
9472669dd5
The most minimalistic solution 
You can simply add parentheses to the switch statement to escapeForLDAP function and apply it when assigning a value to the final_user_dn variable. This fixes the error, I checked
 2022-01-07 23:59:36 +03:00
IlyaTsoi
30ef16ab58
Update LDAPClient.cpp 
refactoring of escapeForLDAPFilter function
 2022-01-07 12:02:48 +03:00