thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-12-15 02:41:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
91,087 Commits 9,328 Branches 1,783 Tags 2.1 GiB
fb5d133269
Commit Graph

543 Commits

Author SHA1 Message Date
Denis Glazachev
0288967538 Disable kerberos if parsing the config failed 2022-01-17 00:30:03 +04:00
IlyaTsoi
7a08e1c0c4
Update LDAPClient.cpp 
Change volume of reserved memory for variable
 2022-01-14 15:29:57 +03:00
Vitaly Baranov
f818baf8f3
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:17:14 +07:00
Vitaly Baranov
7084099958
Update src/Access/LDAPAccessStorage.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-14 19:16:10 +07:00
huzhichengdd
1e0f867961
Update ContextAccess.cpp 2022-01-14 18:16:19 +08:00
huzhichengdd
71871c16db
Update ContextAccess.cpp 2022-01-14 18:04:55 +08:00
huzhichengdd
106f2fea86
Update ContextAccess.cpp 2022-01-14 18:04:26 +08:00
huzhichengdd
4a02d96af4
Update ContextAccess.cpp 2022-01-14 09:46:51 +08:00
IlyaTsoi
83f360c808
Update LDAPClient.cpp 
rename function escapeForLDAP to escapeForDN
 2022-01-13 22:28:19 +03:00
IlyaTsoi
dea356e3db
Update LDAPClient.cpp 
use escapeForFilter when assigning value to const final_search_filter
 2022-01-13 21:33:04 +03:00
IlyaTsoi
b3c4073aae
Update src/Access/LDAPClient.cpp 
Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:15:07 +03:00
IlyaTsoi
6a26eccc5b
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:14:07 +03:00
IlyaTsoi
f4af86b39e
Update src/Access/LDAPClient.cpp 
Remove trailing spaces:

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:59 +03:00
IlyaTsoi
900d5af9aa
Update src/Access/LDAPClient.cpp 
rename function

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:11:00 +03:00
IlyaTsoi
f11d2b7188
Update src/Access/LDAPClient.cpp 
escape all special chars

Co-authored-by: Denis Glazachev <traceon@users.noreply.github.com>
 2022-01-13 21:10:12 +03:00
Vitaly Baranov
80cdfa5ec6 Fix using multiple LDAP storages in the same config. 2022-01-13 20:01:50 +07:00
huzhichengdd
33348454e2
Update ContextAccess.h 2022-01-13 15:21:09 +08:00
IlyaTsoi
e302cf5fdc Revert "Update LDAPClient.cpp" 
This reverts commit 30ef16ab58.
 2022-01-12 22:55:58 +03:00
IlyaTsoi
8be5e25239 Revert "The most minimalistic solution" 
This reverts commit 9472669dd5.
 2022-01-12 22:55:35 +03:00
huzhichengdd
d06486584b
Update ContextAccess.cpp 2022-01-12 17:03:55 +08:00
huzhichengdd
430bb12a35
Update ContextAccess.cpp 2022-01-12 17:01:58 +08:00
huzhichengdd
929c1a10b5
Apply suggestions from code review 
Co-authored-by: Vitaly Baranov <vitbar@yandex-team.ru>
 2022-01-12 17:00:54 +08:00
huzhichengdd
5be2ecd27b
Update ContextAccess.cpp 2022-01-12 16:46:39 +08:00
huzhichengdd
4e94b1a2cb
Update ContextAccess.cpp 2022-01-12 16:44:37 +08:00
huzhichengdd
11a3a7889b
Update ContextAccess.h 2022-01-12 16:44:02 +08:00
huzhichengdd
4bff38a3bd
Update ContextAccess.cpp 2022-01-12 16:43:28 +08:00
huzhichengdd
f5eada7ec7
Update AccessControl.cpp 2022-01-12 16:42:33 +08:00
huzhichengdd
9cbb3586c6
Update ContextAccess.cpp 2022-01-12 16:28:41 +08:00
huzhichengdd
4ffc898063
Update ContextAccess.h 2022-01-12 15:37:16 +08:00
huzhichengdd
0864549c4c
Update ContextAccess.cpp 2022-01-12 15:35:40 +08:00
huzhichengdd
3111ce3e71
Update AccessControl.cpp 2022-01-12 15:34:05 +08:00
Vitaly Baranov
5528ddc545
Update AccessControl.cpp 
Tabs are not allowed, replaced with spaces
 2022-01-10 23:31:11 +07:00
huzhichengdd
a59354b820
Update AccessControl.cpp 2022-01-10 10:42:58 +08:00
huzhichengdd
5ffa16a8a6 fix ContextAccess constructor to avoid coredump 2022-01-10 02:31:55 +00:00
IlyaTsoi
9472669dd5
The most minimalistic solution 
You can simply add parentheses to the switch statement to escapeForLDAP function and apply it when assigning a value to the final_user_dn variable. This fixes the error, I checked
 2022-01-07 23:59:36 +03:00
IlyaTsoi
30ef16ab58
Update LDAPClient.cpp 
refactoring of escapeForLDAPFilter function
 2022-01-07 12:02:48 +03:00
IlyaTsoi
a116495471
Update LDAPClient.cpp 
Create a function escapeForLDAPFilter and use it to escape characters '(' and ')' in a variable that we receive from the LDAP server. This is necessary if these characters are present in the user's DN. Otherwise, the entire LDAP authorization process crashes with the error "Bad serach filter"
 2022-01-05 01:09:36 +03:00
Alexey Milovidov
d547fddf22 Add missing access control to some system commands 2021-12-30 21:37:21 +03:00
Mikhail Artemenko
c9d63454a5 add select implementation for MeiliSearch 2021-12-26 12:00:58 +03:00
alesapin
df0af75864 Fix clang tidy 2021-12-24 10:36:39 +03:00
Vitaly Baranov
b9090029e6
Merge pull request #32662 from vitlibar/improve-exceptions-usage-in-access-control 
Improve exceptions usage in access control
 2021-12-23 06:48:28 +03:00
Vitaly Baranov
c9b9c90615 Don't throw in unexceptional cases: authenticate(). 2021-12-23 01:17:50 +03:00
Vitaly Baranov
61bfe930db When trying to update readonly and non-readonly access storages in one query, throw after updating non-readonly ones. 2021-12-23 01:17:45 +03:00
alexey-milovidov
04fb8aeaa5
Merge pull request #32946 from antonio2368/feature/hints-for-settings 
Hints for invalid settings in query and HTTP requests
 2021-12-21 00:52:42 +03:00
Vitaly Baranov
be44743ebe Don't throw in unexceptional cases: update(). 2021-12-20 23:10:46 +03:00
Vitaly Baranov
ed94c640fa Don't throw in unexceptional cases: remove(). 2021-12-20 23:10:43 +03:00
Vitaly Baranov
551fcc55e8 Don't throw in unexceptional cases: insert(). 2021-12-20 23:09:55 +03:00
Vitaly Baranov
8c4e689da3 Don't throw in unexceptional cases: read() & readName() 2021-12-20 21:26:35 +03:00
Vitaly Baranov
a87f0b483e Replace function IAccessStorage::canInsert() with isReadOnly(). 2021-12-20 21:26:35 +03:00
Vitaly Baranov
6721060649 Rename function IAccessStorage::login() -> IAccessStorage::authenticate(). 
Remove functions IAccessStorage::hasSubscriptionImpl() and IAccessStorage::existsImpl().
 2021-12-20 21:26:27 +03:00
Vitaly Baranov
c01d0f95c3 Remove the function IAccessStorage::getIDOfLoggedUser() and move its functionality to login(AlwaysAllowCredentials). 2021-12-20 21:24:38 +03:00
Antonio Andelic
25f88356e4 Add hints for SET query and HTTP request param settings 2021-12-20 16:57:09 +01:00
Maksim Kita
51477adf1b Updated additional cases 2021-12-20 15:55:07 +03:00
Vitaly Baranov
eea269a829 Improve quota's end-of-interval calculations. 2021-12-11 13:56:38 +03:00
Vitaly Baranov
bf80b04e43
Merge branch 'master' into fix-use-quota-bug 2021-12-10 16:08:13 +03:00
Vitaly Baranov
84320f7ba9 Fix first time calculations of the ends of quota intervals. 2021-12-10 12:54:33 +03:00
liyang830
ff01b97fb5 feat: modify need_reset_counters simple method 2021-12-06 15:32:12 +08:00
Raúl Marín
ac6ccf7d9a Reduce IParser.h dependencies and dependents 
533 -> 500 objects on change
Less direct dependencies
 2021-11-26 17:19:47 +01:00
liyang830
a18b031376 fix quota fist used bug 2021-11-23 14:33:32 +08:00
Vitaly Baranov
2f8c829395 Stop all periodic reloading of all the configuration files on shutdown earlier. 2021-11-22 12:26:05 +03:00
Vitaly Baranov
57ac39f99e Add more information to exceptions raised by UsersConfigAccessStorage. 2021-11-20 12:10:45 +03:00
Alexey Milovidov
9ca5c960b7 Remove useless code 2021-11-20 10:06:28 +03:00
Alexey Milovidov
334535a4c4 Better exception message when users.xml cannot be loaded due to bad password hash 2021-11-20 10:06:20 +03:00
Vitaly Baranov
940b5edbd7
Merge pull request #31509 from vitlibar/split-row-policy-and-quota-headers 
Split row policy and quota headers
 2021-11-20 10:01:18 +03:00
Vitaly Baranov
0684b28377
Merge pull request #31337 from sunny19930321/fix-use-quota-bug 
fix: quota limit was not reached, but the limit was exceeded
 2021-11-20 09:52:24 +03:00
Vitaly Baranov
af56b20da7 Rename IAccessEntity::Type -> AccessEntityType and move it to Access/Common. 2021-11-19 02:48:00 +03:00
Vitaly Baranov
06077a2952 Rename Quota::KeyType -> QuotaKeyType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
6634fcbac7 Rename Quota::ResourceType -> QuotaType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
33ea7a7262 Rename RowPolicy::ConditionType -> RowPolicyFilterType and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
2883ca012e Rename RowPolicy::NameParts -> RowPolicyName and move it to Access/Common. 2021-11-19 00:14:23 +03:00
Vitaly Baranov
f4b5d5a0d7
Update src/Access/EnabledQuota.cpp 2021-11-18 21:49:36 +03:00
liyang830
8fbd46f958 change need_reset_counters method 2021-11-17 15:44:03 +08:00
Kruglov Pavel
051a9e7c69
Merge pull request #31249 from vitlibar/fix-show-grants 
Fix SHOW GRANTS when partial revokes are used.
 2021-11-12 15:49:12 +03:00
liyang830
7b88c956c8 fix: quota limit was not reached, but the limit was exceeded 2021-11-12 18:22:55 +08:00
Vitaly Baranov
db5ac1ed06 Initial user's roles are used now to find row policies. 2021-11-10 22:21:50 +03:00
Vitaly Baranov
b74999b6bd Fix SHOW GRANTS when partial revokes are used. 2021-11-10 17:03:02 +03:00
Vitaly Baranov
cb05c0504e Move more implementations from headers to cpp. 2021-11-02 22:38:32 +03:00
Vitaly Baranov
afe2c9c040 Rename AccessControlManager -> AccessControl. 2021-11-02 14:06:20 +03:00
Vitaly Baranov
a0c38a3dfd Rename AuthenticationType::MAX_TYPE. 2021-11-02 12:02:22 +03:00
Vitaly Baranov
ab01b9afc8 Split Authentication.h to common and main parts. 2021-11-01 19:13:49 +03:00
Vitaly Baranov
3ed7f8f0b3 Move access-rights' source files needed for parser to a separate target. 2021-11-01 19:13:49 +03:00
Alexey Milovidov
8b4a6a2416 Remove cruft 2021-10-28 02:10:39 +03:00
mergify[bot]
ce88a84e88
Merge branch 'master' into nv/parts-uuid-move-shard-kill 2021-10-26 11:09:19 +00:00
Maksim Kita
04047f76c7 Fixed tests 2021-10-14 00:33:18 +03:00
Maksim Kita
c9b6c2661b Refactor ConcurrentBoundedQueue 2021-10-14 00:33:18 +03:00
mergify[bot]
3b1f49aac7
Merge branch 'master' into nv/parts-uuid-move-shard-kill 2021-10-05 12:36:02 +00:00
Vitaly Baranov
17fe76709f
Merge pull request #28331 from vitlibar/mysql-authentication-cleanup 
Clean up MySQL authentication.
 2021-10-04 11:11:45 +03:00
Vitaly Baranov
30b9b8fd58 Clean up MySQL authentication. 2021-10-03 23:40:08 +03:00
Mike Kot
57e2744264 Fixing other imports 2021-10-02 21:47:35 +02:00
Mike Kot
65e6e211b4 Merge remote-tracking branch 'upstream/master' into improvement/fn-traits 2021-10-02 21:37:50 +02:00
Alexey Milovidov
fe6b7c77c7 Rename "common" to "base" 2021-10-02 10:13:14 +03:00
Mike Kot
38b02b121a Merge remote-tracking branch 'upstream/master' into improvement/fn-traits 2021-10-01 16:55:28 +02:00
Mike Kot
7670ea50c1 Replacing std::function to Fn in some places 
to avoid dynamic allocating while keeping desired function signature
clear.
Simplifying SimpleCache (CachedFn) using C++20
 2021-09-29 13:09:39 +02:00
Nikolai Kochetov
236d71ea94
Merge pull request #28582 from ClickHouse/rewrite-pushing-to-views 
Rewrite PushingToViews
 2021-09-27 21:19:11 +03:00
alesapin
ddd80c8e72
Merge pull request #29264 from Enmk/governance/table_comment_update 
Implemented modifying table comments with `ALTER TABLE t MODIFY COMMENT 'value'`
 2021-09-27 18:02:14 +03:00
Vladimir C
70dc43a72d
Merge pull request #29388 from aiven/kmichel-fix-replicated-storage-reload 2021-09-27 12:41:24 +03:00
Nikolai Kochetov
78a7665f43 Merge branch 'master' into rewrite-pushing-to-views 2021-09-27 10:56:50 +03:00
Kevin Michel
13db65f47c
Fix ReplicatedAccessStorage shutdown without startup 
If ReplicatedAccessStorage startup was not executing or if it
failed before completing (for instance when ZooKeeper was not configured),
its destructor would call shutdown and try to join a missing thread.
 2021-09-26 19:50:29 +02:00
Alexey Milovidov
cd7f9d981c Remove ya.make 2021-09-25 04:22:54 +03:00
Vasily Nemkov
cb1ca9b33e Implemented modifying table comments with ALTER TABLE t MODIFY COMMENT 'value' 2021-09-23 01:14:00 +03:00
Nikolai Kochetov
a790d391c0 Merge branch 'master' into rewrite-pushing-to-views 2021-09-20 19:43:15 +03:00
alesapin
a249dcc5f5
Merge pull request #28301 from kssenii/materialized-postgresql 
MaterializedPostgreSQL: allow dynamically adding/deleting tables, altering settings
 2021-09-20 14:16:29 +03:00
Nicolae Vartolomei
9a02061d9c
Rewrite part movement between shards logic and add kill support 
See https://github.com/ClickHouse/ClickHouse/pull/24585#issuecomment-857735081
for extra context about the current implementation.
 2021-09-17 18:11:32 +01:00
Maksim Kita
85a4d4bb50 Added user defined executable functions to system.functions 2021-09-17 18:43:00 +03:00
Nikolai Kochetov
e616732743 Small refactoring. 2021-09-15 22:35:48 +03:00
kssenii
904cf74159 Merge branch 'master' of github.com:ClickHouse/ClickHouse into materialized-postgresql 2021-09-09 15:26:20 +03:00
tavplubix
341a6c51d6
Merging #24866 (#28691) 
* Add StorageSystemISTables.cpp/.h

* Another attempt

* Columns and Views

* Add information schema db and fix information schema 'tables' table

* fix build

* remove copy-paste, add views to system tables

* add test

* fix

* fix_tests

Co-authored-by: Damir Petrov <petrovdamir2235@gmail.com>
Co-authored-by: Damir Petrov <0442a403@verstehen.sas.yp-c.yandex.net>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
 2021-09-09 12:37:51 +03:00
kssenii
797f858bc6 Merge branch 'master' of github.com:ClickHouse/ClickHouse into materialized-postgresql 2021-09-08 22:52:48 +03:00
Vitaly Baranov
70c6623036
Merge branch 'master' into governance/session_log 2021-09-07 10:12:54 +03:00
Vitaly Baranov
bcc31f1f3e Remove unnecessary changes. 2021-09-07 01:37:28 +03:00
kssenii
d0113743c9 Merge branch 'master' of github.com:ClickHouse/ClickHouse into materialized-postgresql 2021-09-05 01:07:31 +03:00
kssenii
f17d1bc7a5 Merge branch 'master' of https://github.com/ClickHouse/ClickHouse into materialized-postgresql 2021-09-03 09:03:48 +00:00
Vasily Nemkov
c902afddde Added system.session_log table 
Which logs all the info about LogIn, LogOut and LogIn Failure events.
Additional info that is logged:
- User name
- event type (LogIn, LogOut, LoginFailure)
- Event date\time\time with microseconds
- authentication type (same as for IDENTIFIED BY of CREATE USER statement)
- array of active settings profiles upon login
- array of active roles upon login
- array of changed settings with corresponding values
- client address and port
- interface (TCP\HTTP\MySQL\PostgreSQL, etc.)
- client info (name, version info)
- optional LoginFailure reason text message.

Added some tests to verify that events are properly saved with all necessary info via following interfaces:
- TCP
- HTTP
- MySQL

Known limitations
- Not tested against named HTTP sessions, PostgreSQL and gRPC, hence those are not guaranteed to work 100% properly.
 2021-08-30 18:28:28 +03:00
Vladimir Chebotarev
ce0850007f 1. Draw some circles. 2021-08-30 11:49:26 +03:00
Dmitrii Kovalkov
9871ad70ff Exclude fuzzers 2021-08-30 11:12:25 +03:00
kssenii
378e1f74aa Fix tests 2021-08-28 19:51:04 +03:00
kssenii
4cd62227cf Almost done 2021-08-28 17:34:23 +03:00
Maksim Kita
5f2b28639f Merge branch 'master' into create-user-defined-lambda-function 2021-08-20 11:53:08 +03:00
Vitaly Baranov
fabd7193bd Code cleanups and improvements. 2021-08-18 14:24:52 +03:00
Vitaly Baranov
fd33f2a2fe
Merge pull request #27426 from aiven/kmichel-replicated-access-storage 
ZooKeeper replication for users, roles, row policies, quotas and profiles.
 2021-08-18 10:37:25 +03:00
Kevin Michel
e33a2bf7bc
Add ReplicatedAccessStorage 
This stores Access Entities in ZooKeeper and replicates them across an entire cluster.

This can be enabled by using the following configuration :

    <user_directories>
        <replicated>
            <zookeeper_path>/clickhouse/access/</zookeeper_path>
        </replicated>
    </user_directories>
 2021-08-18 00:00:18 +02:00
Kevin Michel
d346d19942
Extract AccessEntity parsing from DiskAccessStorage 2021-08-17 16:26:28 +02:00
Realist007
63dfa8559f
Merge branch 'master' into feature/create-simple-lambda-function 2021-08-16 16:56:49 +03:00
Vitaly Baranov
178d0f9ba9 Fix checking GRANT OPTION while executing GRANT with REPLACE OPTION. 2021-08-15 16:20:05 +03:00
Nikolai Kochetov
5e5a6ff654 Merge branch 'master' into qoega-fix-access-gtest-in-arcadia 2021-08-12 12:02:15 +03:00
Misko Lee
7abec83d5b add from IP on login fail error message, it's helpful detect traffic source on error message. 2021-08-10 13:36:28 +08:00
Yatsishin Ilya
e939dc0b9c fix 2021-08-03 20:30:05 +03:00
Vitaly Baranov
99929981ab
Merge pull request #25687 from MaxWk/profile-default-database 
add setting profile_default_database
 2021-07-31 08:37:02 +03:00
万康
0c203dd43d add missing changes 2021-07-28 14:05:22 +08:00
kevin wan
a56a3c793c
Merge branch 'master' into profile-default-database 2021-07-27 21:08:08 +08:00
Nikolai Kochetov
61d8f880cd Rename some files. 2021-07-26 19:48:25 +03:00
Vitaly Baranov
22728cbca0 Add new functions currentRoles(), enabledRoles(), defaultRoles(). 2021-07-24 23:20:40 +03:00
alexey-milovidov
967fe89917
Merge pull request #26730 from vitlibar/set-profile-applies-constraints-too 
SET PROFILE applies constraints too.
 2021-07-24 18:53:36 +03:00
Vitaly Baranov
249ccd879e SET PROFILE applies constraints too. 2021-07-23 23:28:55 +03:00
Vitaly Baranov
c68c74634d
Merge pull request #26707 from vitlibar/fix-set-role 
Fix SET ROLE
 2021-07-23 23:16:15 +03:00
Vitaly Baranov
67d4da224a
Merge pull request #26384 from Cas-pian/grant_by_replace 
add grant by replace support
 2021-07-23 14:40:47 +03:00
Vitaly Baranov
19d5a6ab2f
Merge pull request #26714 from vitlibar/new-function-current-profiles 
New functions currentProfiles(), enabledProfiles(), defaultProfiles().
 2021-07-23 09:10:29 +03:00
Vitaly Baranov
7afcc65060 Add new functions currentProfiles(), enabledProfiles(), defaultProfiles(). 2021-07-22 22:20:53 +03:00
Vitaly Baranov
9117e12a9b Substitute profiles in reversive order. 2021-07-22 18:50:22 +03:00
Vitaly Baranov
d0412994a2 Fix SET ROLE. 2021-07-22 17:41:52 +03:00
Nikolai Kochetov
f38de35b14 Rename some constants. 2021-07-21 19:13:17 +03:00
Realist007
31e26862b5
Merge branch 'master' into feature/create-simple-lambda-function 2021-07-21 10:33:53 +03:00
ANDREI STAROVEROV
b5b69b0255 Fix unit tests 2021-07-21 10:33:04 +03:00
Caspian
7c6dc56bcd
Merge branch 'master' into grant_by_replace 2021-07-20 17:41:12 +08:00
ANDREI STAROVEROV
6ce203504b Add access rights 2021-07-20 02:34:04 +03:00
Vasily Nemkov
41278db6c3 Added support for getting current profiles at start. 
This is required to add system.session_log table.
 2021-07-19 11:50:41 +03:00
万康
d826115f2a fix code style 2021-07-18 14:56:26 +08:00
Vitaly Baranov
427813071d
Merge pull request #26363 from vitlibar/fix-crash-login-as-dropped-user 
Fix possible crash when login as dropped user
 2021-07-16 09:47:35 +03:00
caspian
6a05a7d51a just drop old privileges and assign new 2021-07-16 14:39:14 +08:00
Vitaly Baranov
02fd365485 Fix calculating of intersection of access rights. 2021-07-16 00:29:27 +03:00