#pragma once #include #include #include #include #include namespace Poco { namespace Net { class IPAddress; } namespace Util { class AbstractConfiguration; } } namespace DB { /// Allow to check that address matches a pattern. class IAddressPattern { public: virtual bool contains(const Poco::Net::IPAddress & addr) const = 0; virtual ~IAddressPattern() {} }; class AddressPatterns { private: using Container = std::vector>; Container patterns; public: bool contains(const Poco::Net::IPAddress & addr) const; void addFromConfig(const String & config_elem, Poco::Util::AbstractConfiguration & config); }; /** User and ACL. */ struct User { String name; /// Required password. Could be stored in plaintext or in SHA256. String password; String password_sha256_hex; String profile; String quota; AddressPatterns addresses; /// List of allowed databases. using DatabaseSet = std::unordered_set; DatabaseSet databases; User(const String & name_, const String & config_elem, Poco::Util::AbstractConfiguration & config); }; /// Known users. class Users { private: using Container = std::map; Container cont; public: void loadFromConfig(Poco::Util::AbstractConfiguration & config); /// Find user and make authorize checks const User & get(const String & user_name, const String & password, const Poco::Net::IPAddress & address) const; /// Just find user const User & get(const String & user_name); /// Check if the user has access to the database. bool isAllowedDatabase(const String & user_name, const String & database_name) const; }; }