Commit Graph

95 Commits

Author SHA1 Message Date
Alexey Milovidov
184e6f840e Remove useless header files 2023-11-06 03:49:55 +01:00
Aleksei Filatov
0a1f3f205c
Add external HTTP Basic authenticator (#55199) 2023-10-20 19:24:19 +02:00
George Gamezardashvili
0ce30ab6d5
SSH keys authentication (#41109)
Added new type of authentication based on SSH keys. It works only for Native TCP protocol.

Co-authored-by: Nikita Mikhaylov <nikitamikhaylov@clickhouse.com>
Co-authored-by: Robert Schulze <robert@clickhouse.com>
2023-09-26 17:50:19 +02:00
kssenii
185e3819ac Fix 2023-08-30 13:41:18 +02:00
Austin Kothig
6b42975d33
Change BE-UUID to work the same as LE-UUID. Included high and low getters to provide cleaner code when accessing undertype. 2023-08-18 08:19:46 -07:00
Mike Kot
062b1c464c watch for certificate file updates in configreloader 2023-07-11 10:04:43 +00:00
kssenii
6c776f4483 Better 2023-06-13 12:40:53 +02:00
pufit
dbd3766f5f Specify roles in users.xml 2023-05-30 20:42:49 -04:00
pufit
04a829b554 Fix PR issues 2023-05-05 22:41:44 -04:00
pufit
309032fb67 Check if grantees are empty 2023-05-04 13:42:14 -04:00
pufit
2964ca5c84 Specify grants for users in users.xml 2023-05-01 20:24:02 -04:00
kssenii
03c9eeb106 Fix tests 2023-02-27 14:29:20 +01:00
kssenii
9a7c71b78e Allow to hide only values from system.named_collections 2023-02-21 18:07:57 +01:00
Alexander Tokmakov
70d1adfe4b
Better formatting for exception messages (#45449)
* save format string for NetException

* format exceptions

* format exceptions 2

* format exceptions 3

* format exceptions 4

* format exceptions 5

* format exceptions 6

* fix

* format exceptions 7

* format exceptions 8

* Update MergeTreeIndexGin.cpp

* Update AggregateFunctionMap.cpp

* Update AggregateFunctionMap.cpp

* fix
2023-01-24 00:13:58 +03:00
serxa
1b5b43ec87 fix checks on CREATE + added resolveSetting.h + improved system table 2022-12-06 19:09:18 +00:00
kssenii
5323c51176 Restrict access to system.named_collections 2022-11-17 13:40:03 +01:00
Sergei Trifonov
cf2db48c29
Merge pull request #40631 from ClickHouse/readonly-settings-allow
Allow to modify constrained settings in readonly mode
2022-09-20 02:18:14 +02:00
Vitaly Baranov
5365b105cc Add SYSTEM RELOAD USERS command. 2022-09-18 12:44:00 +02:00
Sergei Trifonov
c31818260f renames and refactoring 2022-09-12 21:03:06 +02:00
Sergei Trifonov
77ee4c04aa fix stateless tests 2022-09-06 20:28:50 +02:00
Sergei Trifonov
014d109175 fix build, fix docs, fix comments, logical fixes, test are still to be fixed and new test are to be added 2022-09-02 16:20:09 +02:00
Sergei Trifonov
c5d1bbf680 reimplement with <allow> tag 2022-08-26 21:20:00 +02:00
Sergei Trifonov
856a2f5956 Allow to modify constrained settings in readonly mode 2022-08-25 17:24:24 +02:00
Vitaly Baranov
1a71e44b28
Merge pull request #38024 from nvartolomei/nv/error-if-profile-does-not-exist
Throw exception when xml user profile does not exist
2022-07-03 11:26:08 +02:00
Vitaly Baranov
8195aa768b Move checking if parent profile is allowed to UsersConfigAccessStorage. 2022-07-01 14:46:35 +02:00
Vitaly Baranov
115be82440 DiskAccessStorage is now allowed to backup by default. 2022-06-19 13:16:36 +02:00
Vitaly Baranov
a0c558a17e Implement backup/restore for ACL system tables (system.users, system.roles, etc.) 2022-06-17 18:14:31 +02:00
Nicolae Vartolomei
9555153f95 Throw exception when xml user profile does not exist
Closes #26086
2022-06-13 13:29:08 +00:00
Vitaly Baranov
58f4a86ec7 Rework notifications used in access management. 2022-05-21 10:15:39 +02:00
Marcelo Rodriguez
3b733ec8eb Update Exception Message for allowed auth types
update error message per this commit:
cb66a63aa4

the xml tag changed from `<certificates>` to `<ssl_certificates>`

will also submit a correction to the following doc page:
https://clickhouse.com/docs/en/operations/external-authenticators/ssl-x509
2022-05-11 10:56:12 -06:00
Vitaly Baranov
69bec2f377 Users without assigned row policies can view rows now. 2022-05-07 14:50:24 +02:00
Amos Bird
4a5e4274f0
base should not depend on Common 2022-04-29 10:26:35 +08:00
Vitaly Baranov
1eb2e8693e Fix code style and other minor corrections after implementing allow_no_password. 2022-03-14 20:55:34 +01:00
HeenaBansal2009
3f031df225 Code refactoring 2022-03-10 22:22:51 -08:00
HeenaBansal2009
3ce9397246 Added Suggestions from Code review 2022-03-09 20:35:01 -08:00
HeenaBansal2009
c14c60f1d3 Merge branch 'master' into Issue-33953 2022-02-28 11:12:54 -08:00
HeenaBansal2009
aa8494a808 Fix: System Reload Config Failure 2022-02-28 10:51:49 -08:00
Vitaly Baranov
cb66a63aa4 Rename header and config setting for consistency. 2022-02-21 07:41:06 +03:00
Vitaly Baranov
0d377de5f0 Support syntax CREATE USER IDENTIFIED WITH ssl_certificate CN ... 2022-02-21 07:01:00 +03:00
HeenaBansal2009
1b263f0c15 Added FT testcase 2022-02-18 12:58:46 -08:00
HeenaBansal2009
d16cae53b4 Initial Commit for Plaintext password feature 2022-02-17 21:25:18 -08:00
Eugene Galkin
f46dca4793 support x509 ssl certificate authentication 2022-01-17 15:01:38 +03:00
Vitaly Baranov
b9090029e6
Merge pull request #32662 from vitlibar/improve-exceptions-usage-in-access-control
Improve exceptions usage in access control
2021-12-23 06:48:28 +03:00
Vitaly Baranov
61bfe930db When trying to update readonly and non-readonly access storages in one query, throw after updating non-readonly ones. 2021-12-23 01:17:45 +03:00
Vitaly Baranov
be44743ebe Don't throw in unexceptional cases: update(). 2021-12-20 23:10:46 +03:00
Vitaly Baranov
ed94c640fa Don't throw in unexceptional cases: remove(). 2021-12-20 23:10:43 +03:00
Vitaly Baranov
551fcc55e8 Don't throw in unexceptional cases: insert(). 2021-12-20 23:09:55 +03:00
Vitaly Baranov
8c4e689da3 Don't throw in unexceptional cases: read() & readName() 2021-12-20 21:26:35 +03:00
Vitaly Baranov
6721060649 Rename function IAccessStorage::login() -> IAccessStorage::authenticate().
Remove functions IAccessStorage::hasSubscriptionImpl() and IAccessStorage::existsImpl().
2021-12-20 21:26:27 +03:00
Vitaly Baranov
2f8c829395 Stop all periodic reloading of all the configuration files on shutdown earlier. 2021-11-22 12:26:05 +03:00