Commit Graph

543 Commits

Author SHA1 Message Date
Denis Glazachev
3e68368b59 Refactor ExternalAuthenticators configuration process 2020-07-11 21:06:01 +04:00
Denis Glazachev
af98e74afd Gracefully handle the case when ExternalAuthenticators instance is not created (yet) 2020-07-11 02:42:48 +04:00
Vitaly Baranov
30e3d61b01 Fix calculating implicit access rights. 2020-07-10 17:16:43 +03:00
Denis Glazachev
9effacfbc1 Merge branch 'master' into ldap-per-user-authentication
* master: (1102 commits)
  Update README.md
  Update README.md
  Update README.md
  Update index.md
  [docs] add intrdocution for statements page (#12189)
  Revert "Run perf tests with memory sampling (for allocations >1M)"
  Sanitize LINK_LIBRARIES property for the directories (#12160)
  [docs] refactor Domains overview (#12186)
  DOCS-647: toStartOfSecond (#12190)
  [docs] add intrdocution for commercial page (#12187)
  DOCSUP-1348 Russian translation for new functions (#133) (#12194)
  changelog fixes
  Update index.md (#12191)
  Update zh kafka.md title (#12192)
  Added test for #3767
  style fix for #12152
  Tests for fixed issues #10846 and #7347
  changelog fixes
  [docs] introduction for special table engines (#12170)
  [docs] introduction for third-party interfaces (#12175)
  ...

# Conflicts:
#	src/Access/ya.make
#	src/Common/ErrorCodes.cpp
2020-07-08 00:42:09 +04:00
Vitaly Baranov
03b36c262e Improve REVOKE command: now it requires only grant/admin option for only
access which will be revoked.
REVOKE ALL FROM user1 now revokes all granted roles.
2020-07-02 12:54:24 +03:00
Vitaly Baranov
c39eb8f71b Fix partial revokes (complex cases). 2020-06-30 18:47:02 +03:00
Vitaly Baranov
eb27814fbe Fix access rights: cannot grant INTROSPECTION when allow_introspection_functions=0. 2020-06-29 16:43:31 +03:00
Vitaly Baranov
f3f005d5b9
Merge pull request #12015 from vitlibar/fix-access-rights-allow-ddl-0
Fix calculation of access rights when allow_ddl = 0
2020-06-29 15:14:22 +03:00
Vitaly Baranov
bd72bd6e10 Fix access rights: cannot grant DDL when allow_ddl=0 2020-06-28 21:38:14 +03:00
alesapin
11f88340a5 Merge branch 'mongo' of https://github.com/ageraab/ClickHouse into storage_mongodb 2020-06-26 16:03:06 +03:00
sundy-li
0a4af8f0a7 add SYSTEM DROP REPLICA 2020-06-23 12:12:30 +08:00
Denis Glazachev
5db60202b6 Merge branch 'master' into ldap-per-user-authentication 2020-06-19 00:11:08 +04:00
Denis Glazachev
7317acb609 Silently reject empty passwords. Empty user names are rejected verbosely. 2020-06-18 23:33:59 +04:00
Vitaly Baranov
9fe47df2e8 Support multiple users/roles in SHOW CREATE USER(ROLE, etc.) and SHOW GRANTS FOR commands.
Support syntax "SHOW CREATE USER ALL" and "SHOW GRANTS FOR ALL".
2020-06-15 22:07:47 +03:00
Vitaly Baranov
4bd00b02e2 Improve syntax of CREATE QUOTA. Now resource types and key types could be written with underscores.
Also rename columns key_type=>keys and source=>storage in table system.quotas.
2020-06-15 20:10:34 +03:00
Vitaly Baranov
7d1951a79b Improve messages for errors in access storages. 2020-06-15 20:10:34 +03:00
Vitaly Baranov
92b9f4a88d Rename ExtendedRoleSet => RolesOrUsersSet. 2020-06-15 20:10:34 +03:00
Vitaly Baranov
9f31184d76 Support for multiple names in one CREATE/ALTER command. 2020-06-15 20:10:28 +03:00
Vitaly Baranov
3ffcb8e790 Fix casting values of settings while reading profiles from users.xml. 2020-06-15 01:44:25 +03:00
Vitaly Baranov
ca2fb59321 Fix calculating full names of row policies. 2020-06-15 01:44:25 +03:00
Denis Glazachev
276fcd8903 Add/rename parameters that control TLS 2020-06-12 21:59:47 +04:00
Denis Glazachev
04f222f85b Tell OpenLDAP too create a new SSL/TLS context for each connection 2020-06-12 16:48:00 +04:00
Denis Glazachev
9e3a28a6b8 Merge branch 'master' into ldap-per-user-authentication
* master: (414 commits)
  Update file.md
  Update merge.md
  Update dictionary.md
  Update external-data.md
  Update distributed.md
  Update null.md
  Update set.md
  Update join.md
  Update url.md
  Update view.md
  Update materializedview.md
  Update memory.md
  Update buffer.md
  Update generate.md
  removed a sentence about global lock during rename (#11577)
  greatCircleAngle en translation (#11584)
  Update configuration-files.md
  try fix flacky test
  Update why.html
  Update rich.html
  ...

# Conflicts:
#	src/Common/ErrorCodes.cpp
#	utils/ci/jobs/quick-build/run.sh
2020-06-11 03:06:17 +04:00
Denis Glazachev
848330b37a Expect <ldap_servers> in main config.xml 2020-06-11 02:48:15 +04:00
tavplubix
686c0539db
Merge pull request #11487 from ClickHouse/improve_dns_cache
Use DNSResolver to check if user is allowed to connect from an address
2020-06-07 19:55:03 +03:00
Alexander Tokmakov
0cf8015f4a use DNSResolver to check if user is allowed to connect 2020-06-07 00:02:29 +03:00
Denis Glazachev
0197627f3f Added checks for empty server name 2020-06-03 22:52:12 +04:00
Alexander Kuzmenkov
1c33918f07 style 2020-06-03 17:17:41 +03:00
Alexander Kuzmenkov
07e4bb7050 Remove assorted synonyms of LOGICAL_ERROR.
We don't need any special handling for them on the client, and, on the
contrary, have to handle them as logical errors in tests.
2020-06-03 16:18:42 +03:00
Denis Glazachev
b28def8f4c Stylistic changes 2020-06-03 15:20:53 +04:00
Denis Glazachev
48f3d4094a Remove irrelevant stuff 2020-06-03 01:06:44 +04:00
Denis Glazachev
c427524bc8 Simplefy ExternalAuthenticators exposure to isCorrectPassword() 2020-06-03 01:02:31 +04:00
Denis Glazachev
b7caa154e2 Add ARCADIA_BUILD check 2020-06-03 00:37:14 +04:00
Denis Glazachev
6ff0550e4e Move parseExternalAuthenticators functionality into the c-tor of ExternalAuthenticators 2020-06-02 13:37:02 +04:00
Denis Glazachev
c61cbe8e98 Merge branch 'master' into ldap-per-user-authentication
* master: (114 commits)
  Update PushingToViewsBlockOutputStream.cpp
  Update PushingToViewsBlockOutputStream.cpp
  make clang-10 happy
  Fix sync_async test (remove timeout)
  CLICKHOUSEDOCS-631: temporary_files_codec, join_on_disk_max_files_to_merge settings. (#11242)
  Suppress output of cancelled queries in clickhouse-client #9473
  Better log messages in ConfigReloader
  fix select from StorageJoin
  Fix unit tests under MSan
  Added test.
  Fix build.
  Fix arguments for AggregateFunctionQuantile/
  Update style.md
  Add a guide on error messages.
  Report dictionary name on dictionary load errors.
  more types in ASOF JOIN (#11301)
  Fix part_log test
  Update test.
  Add perftest.
  Parallel processing for PushingToViewsBlockOutputStream::writeSuffix
  ...
2020-06-02 12:42:29 +04:00
Denis Glazachev
e8144976fe Merge branch 'master' into ldap-per-user-authentication 2020-05-31 15:09:16 +04:00
Denis Glazachev
165dc4e109 Disable system static OpenLDAP linking support (due to fPIC mismatch) 2020-05-31 15:04:56 +04:00
Alexey Milovidov
25f941020b Remove namespace pollution 2020-05-31 00:57:37 +03:00
Denis Glazachev
246900c1ac Compilation fix 2020-05-29 18:33:50 +04:00
alexey-milovidov
304c6a1ee3
Merge pull request #11278 from vitlibar/fix-crash-set-default-role-with-wrong-args
Fix crash when SET DEFAULT ROLE is called with wrong arguments.
2020-05-29 16:24:42 +03:00
Denis Glazachev
9fb0a95c75 Compilation fix: add missing "/include"
Style fix
2020-05-29 16:14:42 +04:00
Denis Glazachev
d9ca9cd9b2 Compilation fix
Typo fix
2020-05-29 14:00:12 +04:00
Denis Glazachev
f1cfc7b472 Rename LDAP_PASSWORD to LDAP_SERVER and use "ldap_server" as a string key
Some refactoring
2020-05-29 11:47:01 +04:00
Vitaly Baranov
2d12b4d3ac Fix crash when SET DEFAULT ROLE is called with wrong arguments. 2020-05-29 09:54:27 +03:00
Denis Glazachev
f9d4136792 Merge branch 'master' into ldap-per-user-authentication 2020-05-29 10:52:44 +04:00
Vitaly Baranov
d7cc703233
Merge pull request #11080 from vitlibar/add-authentication-type-to-system-users
Show authentication type in system.users table
2020-05-28 20:20:41 +03:00
Vitaly Baranov
98172deffc Show authentication type in table system.users and while executing SHOW CREATE USER query. 2020-05-28 08:34:10 +03:00
Denis Glazachev
d4fd018715 Fix linking errors in parser-related test executables 2020-05-28 02:54:14 +04:00
Denis Glazachev
2863de750e Merge branch 'master' into ldap-per-user-authentication 2020-05-28 01:30:52 +04:00
Denis Glazachev
d74f1357d4 Add LDAP authentication support 2020-05-28 01:06:33 +04:00
Maxim Akhmedov
e09bcb4290 Make possible adding nested storages to MultipleAccessStorage in run-time. 2020-05-26 17:05:06 +03:00
Vitaly Baranov
2c8a355f19
Merge pull request #11081 from vitlibar/fix-no-password-mode
Fix settings NO_PASSWORD authentication mode in users.xml.
2020-05-26 14:20:34 +03:00
Vitaly Baranov
eeb4cbc433 Fix settings NO_PASSWORD authentication mode in users.xml. 2020-05-25 11:35:26 +03:00
Alexey Milovidov
7e1813825b Return old names of macros 2020-05-24 01:24:01 +03:00
Alexey Milovidov
9d24908e53 Progress on task 2020-05-23 20:52:11 +03:00
Alexey Milovidov
241f8c5431 find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" \+ [^+]+ \+ "[^"]+"\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" \+ ([^+]+) \+ "([^"]+)"\);/\1_FORMATTED(\2, "\3{}\5", \4);/' 2020-05-23 20:10:21 +03:00
Alexey Milovidov
f69cbdcbfc find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" \+ [^+]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" \+ ([^+]+)\);/\1_FORMATTED(\2, "\3{}", \4);/' 2020-05-23 20:09:37 +03:00
Alexey Milovidov
f68d1ceb4f find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" << [^<]+ << "[^"]+" << [^<]+ << "[^"]+" << [^<]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+)\);/\1_FORMATTED(\2, "\3{}\5{}\7{}", \4, \6, \8);/' 2020-05-23 20:02:09 +03:00
Alexey Milovidov
8042e5febe find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+" << [^<]+ << "[^"]+" << [^<]+\);' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+), "([^"]+)" << ([^<]+) << "([^"]+)" << ([^<]+)\);/\1_FORMATTED(\2, "\3{}\5{}", \4, \6);/' 2020-05-23 19:58:15 +03:00
Alexey Milovidov
8d2e80a5e2 find {base,src,programs} -name '*.h' -or -name '*.cpp' | xargs grep -l -P 'LOG_\w+\([^,]+, "[^"]+"\)' | xargs sed -i -r -e 's/(LOG_\w+)\(([^,]+, "[^"]+")\)/\1_FORMATTED(\2)/' 2020-05-23 19:42:39 +03:00
ageraab
cb24d47472
Merge branch 'master' into mongo 2020-05-16 02:56:22 +03:00
bobrovskij artemij
95677432e5 MongoDB engine (read-only) 2020-05-14 23:59:03 +03:00
Vitaly Baranov
bf2f38881d Fix compilation. 2020-05-14 14:12:20 +03:00
Vitaly Baranov
c30587196a Add system tables for users, roles and grants. 2020-05-14 14:12:20 +03:00
Vitaly Baranov
a14f322723 Add system tables for settings profiles. 2020-05-14 14:12:15 +03:00
Vitaly Baranov
5b84121d81 Improve system tables for quotas. Remove function currentQuota(). 2020-05-13 19:40:48 +03:00
Vitaly Baranov
e64e2ebdf6 Improve system table for row policies. Remove function currentRowPolicies(). 2020-05-13 19:40:48 +03:00
Vitaly Baranov
dd8b29b4fb Use enum Type instead of std::type_index to represent the type of IAccessEntity.
This change simplifies handling of access entities in access storages.
2020-05-13 19:40:48 +03:00
Vitaly Baranov
b6fe726777 Rename row policy's 'name' to 'short_name', 'full_name' to 'name'.
This change simplifies the interface of IAccesEntity.
2020-05-13 19:40:48 +03:00
Vitaly Baranov
6f15a0d443 Improve the function range() to allow iterating through enum values. 2020-05-13 19:40:48 +03:00
Vitaly Baranov
c7213ab607 Use boost::flat_set instead of vector to store current and enabled roles. 2020-05-13 19:40:48 +03:00
Vitaly Baranov
b93a15ef36 Refactoring of settings profiles to store setting_index instead of setting_name. 2020-05-13 19:40:48 +03:00
Vitaly Baranov
66e348a93f Refactoring of getting information about access rights. 2020-05-13 19:40:33 +03:00
Alexander Tokmakov
9ca144cab9 drop access cache on DROP DNS CACHE 2020-05-01 01:29:47 +03:00
Alexey Milovidov
be22a4b94e Checkpoint 2020-04-22 08:39:31 +03:00
alexey-milovidov
17e7d4d88a
Merge pull request #10307 from abyss7/arcadia-4
Changes for auto-sync with Arcadia
2020-04-17 05:08:34 +03:00
Ivan Lezhankin
e230632645 Changes required for auto-sync with Arcadia 2020-04-16 15:31:57 +03:00
Alexey Milovidov
cdeda4ab91 Fix usage of max_parser_depth setting; remove harmful default function arguments 2020-04-16 04:06:10 +03:00
Alexey Milovidov
a4c2e9a599 Whitespace 2020-04-15 05:12:50 +03:00
Vitaly Baranov
2e55d44e57 Fix using the current database for access checking when the database isn't specified. 2020-04-11 20:13:56 +03:00
Vitaly Baranov
4d93577791 PREWHERE can be used now by user without row filtering. 2020-04-09 10:22:51 +03:00
Vitaly Baranov
23ac1ee87c readonly user now can execute SHOW CREATE for access entities. 2020-04-09 10:22:51 +03:00
Vitaly Baranov
e573549945 Rework access rights for table functions. 2020-04-07 23:31:59 +03:00
Vitaly Baranov
42b8ed3ec6 Implement "ON CLUSTER" clause for access control SQL. 2020-04-07 23:31:59 +03:00
Vitaly Baranov
b77e0a5b4e Avoid writing "HOST ANY" if the host is any by default. 2020-04-07 23:31:59 +03:00
Vitaly Baranov
d064ddfe13 Disable MemoryAccessStorage. 2020-04-07 23:31:59 +03:00
Vitaly Baranov
423fa5087a Add SHOW_USERS(SHOW ROLES, etc.) privileges. 2020-04-07 23:20:38 +03:00
Vitaly Baranov
b4d7ef390c Rename some access types: add ALTER and SYSTEM prefixes. 2020-04-07 23:20:38 +03:00
Vitaly Baranov
f53b4ad3a8 Replace access types "TRUNCATE_VIEW" and "TRUNCATE_TABLE" with "TRUNCATE". 2020-04-07 23:20:38 +03:00
Vitaly Baranov
e5d8f05251 Rename sql command "CREATE POLICY" -> "CREATE ROW POLICY", "CREATE POLICY" is now an alias. 2020-04-07 23:20:38 +03:00
Vitaly Baranov
c2f5e3c4ad Improve declaration of access rights: single place in code instead of three. 2020-04-07 23:20:38 +03:00
alesapin
1cb072d58a Merge branch 'master' into alter_rename_column 2020-04-06 11:40:27 +03:00
Ivan Lezhankin
06446b4f08 dbms/ → src/ 2020-04-03 18:14:31 +03:00