Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adapter: Prevent login to mz_system externally #14093

Merged
merged 14 commits into from
Aug 15, 2022
Merged

adapter: Prevent login to mz_system externally #14093

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
1c8a30c
mz_system is the system user that is responsible for executing commands
jkosh44 Aug 8, 2022
330430e
Clean up code
jkosh44 Aug 11, 2022
8c30970
Change method name
jkosh44 Aug 11, 2022
80826de
Fix auth logic
jkosh44 Aug 12, 2022
4230a90
Remove http builtin role
jkosh44 Aug 12, 2022
48848ec
Move auth out of the adapter crate
jkosh44 Aug 12, 2022
53935c6
Fix tests
jkosh44 Aug 12, 2022
d05f40f
Fix tests
jkosh44 Aug 12, 2022
9eff207
Add error for missing username
jkosh44 Aug 15, 2022
799d2c0
Merge branch 'main' of github.com:MaterializeInc/materialize into mz-…
jkosh44 Aug 15, 2022
e087c15
Fix merge conflict
jkosh44 Aug 15, 2022
eb23b31
Fix create user logic
jkosh44 Aug 15, 2022
dbf4f15
Clean up imports and fix test
jkosh44 Aug 15, 2022
a1e5ace
Add tests for system user
jkosh44 Aug 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Change method name
  • Loading branch information
@jkosh44
jkosh44 committed Aug 11, 2022
commit 8c309708dec0a7122e76376524134fc10c5d816b
6 changes: 3 additions & 3 deletions src/adapter/src/client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ impl ConnClient {
session: Session,
create_user_if_not_exists: bool,
) -> Result<(SessionClient, StartupResponse), AdapterError> {
self.validate_user(session.user())?;
self.is_user_disallowed_by_client_type(session.user())?;

// Cancellation works by creating a watch channel (which remembers only
// the last value sent to it) and sharing it between the coordinator and
Expand Down Expand Up @@ -200,8 +200,8 @@ impl ConnClient {
}
}

/// Validate that the user is allowed to login.
fn validate_user(&self, user: &str) -> Result<(), AdapterError> {
/// Returns an error if the user is not permitted to log in to the ClientType.
fn is_user_disallowed_by_client_type(&self, user: &str) -> Result<(), AdapterError> {
match (&self.inner.client_type, user) {
(ClientType::Internal, SYSTEM_USER) => Ok(()),
(ClientType::Internal, _) => Err(AdapterError::UnauthorizedLogin(user.to_string())),
Expand Down