thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-04 13:32:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
89,858 Commits 9,179 Branches 1,782 Tags 2.3 GiB
f281199588
Commit Graph

543 Commits

Author SHA1 Message Date
Anton Popov
caacc7d385 add quota for written bytes 2022-03-29 18:21:29 +00:00
taiyang-li
67c3c0be3d Merge branch 'master' into improve_access_type 2022-03-29 20:42:57 +08:00
Alexander Tokmakov
208b242188 Merge branch 'master' into mvcc_prototype 2022-03-28 19:58:06 +02:00
Alexey Milovidov
bb35184da1 Add metric about size of async INSERTs 2022-03-28 02:04:19 +02:00
Alexander Tokmakov
3c762f566d Merge branch 'master' into mvcc_prototype 2022-03-21 20:16:29 +01:00
Alexey Milovidov
0ce4696c49
Revert "[WIP] New row policies" 2022-03-21 08:41:33 +03:00
taiyang-li
7d50bd1eb3 add access type hive 2022-03-21 11:19:45 +08:00
Alexander Tokmakov
9e05b12d2c Merge branch 'master' into mvcc_prototype 2022-03-20 22:42:26 +01:00
Vitaly Baranov
afe6a1003a Add new row policy kind: simple 2022-03-20 17:34:59 +01:00
Vitaly Baranov
3e950d79b3 Add new setting rbac_version. 2022-03-17 15:28:51 +01:00
Vitaly Baranov
470582e262 Change type of RowPolicyKind: bool -> enum. 2022-03-17 15:28:05 +01:00
Alexander Tokmakov
4b3e13a4fe Merge branch 'master' into mvcc_prototype 2022-03-16 21:06:19 +01:00
Vitaly Baranov
39614e6e15
Merge pull request #35276 from vitlibar/fix-code-style-and-minor-corrections-after-allow-no-password 
Fix code style and other minor corrections after implementing allow_no_password.
 2022-03-16 18:55:05 +01:00
Vitaly Baranov
e690d28fef Update src/Access/AccessControl.cpp 
Co-authored-by: Antonio Andelic <antonio2368@users.noreply.github.com>
 2022-03-16 12:03:09 +01:00
Alexander Tokmakov
9702b5177d Merge branch 'master' into mvcc_prototype 2022-03-14 21:45:38 +01:00
Vitaly Baranov
1eb2e8693e Fix code style and other minor corrections after implementing allow_no_password. 2022-03-14 20:55:34 +01:00
Maksim Kita
e14cfd5dcd Fix clang-tidy warnings in Access folder 2022-03-14 18:17:35 +00:00
Vitaly Baranov
4af61fb9d3
Merge pull request #34738 from DevTeamBK/Issue-33953 
New setting in Server Configuration to on/off AuthType Plaintext_password and No_password
 2022-03-14 17:09:46 +01:00
HeenaBansal2009
3f031df225 Code refactoring 2022-03-10 22:22:51 -08:00
Alexander Tokmakov
7f47f20aba add kill transaction query 2022-03-10 22:29:58 +01:00
HeenaBansal2009
3ce9397246 Added Suggestions from Code review 2022-03-09 20:35:01 -08:00
Vitaly Baranov
115c0c2aba
Merge pull request #34855 from vitlibar/ignore-obsolete-grants-in-attach-grants 
Ignore obsolete grants in ATTACH GRANT statements
 2022-03-04 12:50:09 +01:00
Maksim Kita
1f5837359e clang-tidy check performance-noexcept-move-constructor fix 2022-03-02 18:15:27 +00:00
HeenaBansal2009
c14c60f1d3 Merge branch 'master' into Issue-33953 2022-02-28 11:12:54 -08:00
HeenaBansal2009
aa8494a808 Fix: System Reload Config Failure 2022-02-28 10:51:49 -08:00
Vitaly Baranov
b7817b4cea Ignore obsolete grants in ATTACH GRANT statements. 2022-02-24 07:30:40 +03:00
Vitaly Baranov
aee67a6693
Merge pull request #31484 from eungenue/Implement-SSL-X509-certificate-authentication 
Implement ssl x509 certificate authentication
 2022-02-21 11:30:52 +03:00
Vitaly Baranov
cb66a63aa4 Rename header and config setting for consistency. 2022-02-21 07:41:06 +03:00
Vitaly Baranov
765d136d2a A few improvements in the implementation of SSL certificate authentication. 2022-02-21 07:41:02 +03:00
Vitaly Baranov
0d377de5f0 Support syntax CREATE USER IDENTIFIED WITH ssl_certificate CN ... 2022-02-21 07:01:00 +03:00
Vitaly Baranov
7b97c986cb
Revert "Allow restrictive row policies without permissive" 2022-02-21 06:54:28 +03:00
HeenaBansal2009
1b263f0c15 Added FT testcase 2022-02-18 12:58:46 -08:00
HeenaBansal2009
d16cae53b4 Initial Commit for Plaintext password feature 2022-02-17 21:25:18 -08:00
Vitaly Baranov
a4ef274aa1 Improve restrictive policies without permissive ones: in this case the result filter won't be calculated as False always anymore. 2022-02-17 14:18:15 +07:00
Vitaly Baranov
2de6e8e575 Change type of RowPolicyKind: bool -> enum. 2022-02-17 14:18:10 +07:00
Vitaly Baranov
e148b43a29 Privileges CREATE/ALTER/DROP ROW POLICY now can be granted on a table or on database.* as well as globally *.* 2022-02-11 12:35:52 +07:00
Maksim Kita
47412c9619 Fixed unit tests 2022-02-10 19:31:02 +00:00
Maksim Kita
3e21ebeb02 For SQLUserDefinedFunctions change access type from DATABASE to GLOBAL 2022-02-10 10:27:11 +00:00
cmsxbc
a33bd4c623
Merge branch 'master' into addressToLineWithInlines 2022-02-08 08:54:15 +08:00
Maksim Kita
bc6328e573 Fixed tests 2022-02-04 20:56:49 +00:00
cmsxbc
9f9fce07e2 Merge branch 'master' into addressToLineWithInlines 2022-02-04 20:43:00 +08:00
Vitaly Baranov
30557aebfb Add helper class to cache the result of checking access. 2022-02-02 22:22:41 +07:00
mergify[bot]
61ac72ca32
Merge branch 'master' into addressToLineWithInlines 2022-01-27 12:02:56 +00:00
Vitaly Baranov
cc38fe3fb6 Fix checking access for the SYSTEM command. 2022-01-25 18:54:59 +07:00
cmsxbc
58dd1a2d5c
add function addressToLineWithInlines 2022-01-25 19:13:47 +08:00
alexey-milovidov
3a196a118f
Merge pull request #33689 from traceon/fix-ldap-krb-config-handling 
Fix LDAP and Kerberos config handling
 2022-01-21 01:39:25 +03:00
Eugene Galkin
f46dca4793 support x509 ssl certificate authentication 2022-01-17 15:01:38 +03:00
Vitaly Baranov
bb620a93af
Merge pull request #33574 from vitlibar/fix-multiple-ldap-storages-in-same-config 
Fix using multiple LDAP storages in the same config.
 2022-01-17 13:58:12 +07:00
Vitaly Baranov
f707eb5531
Merge pull request #33401 from IlyaTsoi/master 
Fixed crash of the LDAP authorization process if there are parentheses in the user_dn variable
 2022-01-17 13:53:45 +07:00
Denis Glazachev
28bc286d8b Do not allow ldap servers with the same name 
Reset the set of ldap servers when config is re-read
 2022-01-17 00:31:10 +04:00
Denis Glazachev
0288967538 Disable kerberos if parsing the config failed 2022-01-17 00:30:03 +04:00
IlyaTsoi
7a08e1c0c4
Update LDAPClient.cpp 
Change volume of reserved memory for variable
 2022-01-14 15:29:57 +03:00
Vitaly Baranov
f818baf8f3
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:17:14 +07:00
Vitaly Baranov
7084099958
Update src/Access/LDAPAccessStorage.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:16:10 +07:00
huzhichengdd
1e0f867961
Update ContextAccess.cpp 2022-01-14 18:16:19 +08:00
huzhichengdd
71871c16db
Update ContextAccess.cpp 2022-01-14 18:04:55 +08:00
huzhichengdd
106f2fea86
Update ContextAccess.cpp 2022-01-14 18:04:26 +08:00
huzhichengdd
4a02d96af4
Update ContextAccess.cpp 2022-01-14 09:46:51 +08:00
IlyaTsoi
83f360c808
Update LDAPClient.cpp 
rename function escapeForLDAP to escapeForDN
 2022-01-13 22:28:19 +03:00
IlyaTsoi
dea356e3db
Update LDAPClient.cpp 
use escapeForFilter when assigning value to const final_search_filter
 2022-01-13 21:33:04 +03:00
IlyaTsoi
b3c4073aae
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:15:07 +03:00
IlyaTsoi
6a26eccc5b
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:14:07 +03:00
IlyaTsoi
f4af86b39e
Update src/Access/LDAPClient.cpp 
Remove trailing spaces:

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:59 +03:00
IlyaTsoi
900d5af9aa
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:00 +03:00
IlyaTsoi
f11d2b7188
Update src/Access/LDAPClient.cpp 
escape all special chars

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:10:12 +03:00
Vitaly Baranov
80cdfa5ec6 Fix using multiple LDAP storages in the same config. 2022-01-13 20:01:50 +07:00
huzhichengdd
33348454e2
Update ContextAccess.h 2022-01-13 15:21:09 +08:00
IlyaTsoi
e302cf5fdc Revert "Update LDAPClient.cpp" 
This reverts commit 30ef16ab58.
 2022-01-12 22:55:58 +03:00
IlyaTsoi
8be5e25239 Revert "The most minimalistic solution" 
This reverts commit 9472669dd5.
 2022-01-12 22:55:35 +03:00
huzhichengdd
d06486584b
Update ContextAccess.cpp 2022-01-12 17:03:55 +08:00
huzhichengdd
430bb12a35
Update ContextAccess.cpp 2022-01-12 17:01:58 +08:00
huzhichengdd
929c1a10b5
Apply suggestions from code review 
Co-authored-by: Vitaly Baranov <vitbar@yandex-team.ru>
 2022-01-12 17:00:54 +08:00
huzhichengdd
5be2ecd27b
Update ContextAccess.cpp 2022-01-12 16:46:39 +08:00
huzhichengdd
4e94b1a2cb
Update ContextAccess.cpp 2022-01-12 16:44:37 +08:00
huzhichengdd
11a3a7889b
Update ContextAccess.h 2022-01-12 16:44:02 +08:00
huzhichengdd
4bff38a3bd
Update ContextAccess.cpp 2022-01-12 16:43:28 +08:00
huzhichengdd
f5eada7ec7
Update AccessControl.cpp 2022-01-12 16:42:33 +08:00
huzhichengdd
9cbb3586c6
Update ContextAccess.cpp 2022-01-12 16:28:41 +08:00
huzhichengdd
4ffc898063
Update ContextAccess.h 2022-01-12 15:37:16 +08:00
huzhichengdd
0864549c4c
Update ContextAccess.cpp 2022-01-12 15:35:40 +08:00
huzhichengdd
3111ce3e71
Update AccessControl.cpp 2022-01-12 15:34:05 +08:00
Vitaly Baranov
5528ddc545
Update AccessControl.cpp 
Tabs are not allowed, replaced with spaces
 2022-01-10 23:31:11 +07:00
huzhichengdd
a59354b820
Update AccessControl.cpp 2022-01-10 10:42:58 +08:00
huzhichengdd
5ffa16a8a6 fix ContextAccess constructor to avoid coredump 2022-01-10 02:31:55 +00:00
IlyaTsoi
9472669dd5
The most minimalistic solution 
You can simply add parentheses to the switch statement to escapeForLDAP function and apply it when assigning a value to the final_user_dn variable. This fixes the error, I checked
 2022-01-07 23:59:36 +03:00
IlyaTsoi
30ef16ab58
Update LDAPClient.cpp 
refactoring of escapeForLDAPFilter function
 2022-01-07 12:02:48 +03:00
IlyaTsoi
a116495471
Update LDAPClient.cpp 
Create a function escapeForLDAPFilter and use it to escape characters '(' and ')' in a variable that we receive from the LDAP server. This is necessary if these characters are present in the user's DN. Otherwise, the entire LDAP authorization process crashes with the error "Bad serach filter"
 2022-01-05 01:09:36 +03:00
Alexey Milovidov
d547fddf22 Add missing access control to some system commands 2021-12-30 21:37:21 +03:00
Mikhail Artemenko
c9d63454a5 add select implementation for MeiliSearch 2021-12-26 12:00:58 +03:00
alesapin
df0af75864 Fix clang tidy 2021-12-24 10:36:39 +03:00
Vitaly Baranov
b9090029e6
Merge pull request #32662 from vitlibar/improve-exceptions-usage-in-access-control 
Improve exceptions usage in access control
 2021-12-23 06:48:28 +03:00
Vitaly Baranov
c9b9c90615 Don't throw in unexceptional cases: authenticate(). 2021-12-23 01:17:50 +03:00
Vitaly Baranov
61bfe930db When trying to update readonly and non-readonly access storages in one query, throw after updating non-readonly ones. 2021-12-23 01:17:45 +03:00
alexey-milovidov
04fb8aeaa5
Merge pull request #32946 from antonio2368/feature/hints-for-settings 
Hints for invalid settings in query and HTTP requests
 2021-12-21 00:52:42 +03:00
Vitaly Baranov
be44743ebe Don't throw in unexceptional cases: update(). 2021-12-20 23:10:46 +03:00
Vitaly Baranov
ed94c640fa Don't throw in unexceptional cases: remove(). 2021-12-20 23:10:43 +03:00
Vitaly Baranov
551fcc55e8 Don't throw in unexceptional cases: insert(). 2021-12-20 23:09:55 +03:00
Vitaly Baranov
8c4e689da3 Don't throw in unexceptional cases: read() & readName() 2021-12-20 21:26:35 +03:00
Vitaly Baranov
a87f0b483e Replace function IAccessStorage::canInsert() with isReadOnly(). 2021-12-20 21:26:35 +03:00
Vitaly Baranov
6721060649 Rename function IAccessStorage::login() -> IAccessStorage::authenticate(). 
Remove functions IAccessStorage::hasSubscriptionImpl() and IAccessStorage::existsImpl().
 2021-12-20 21:26:27 +03:00