Code cleanups and improvements.

Author: Vitaly Baranov

programs/local/LocalServer.cpp

@@ -9,7 +9,6 @@
 #include <Databases/DatabaseMemory.h>
 #include <Storages/System/attachSystemTables.h>
 #include <Interpreters/ProcessList.h>
-#include <Interpreters/Session.h>
 #include <Interpreters/executeQuery.h>
 #include <Interpreters/loadMetadata.h>
 #include <Interpreters/DatabaseCatalog.h>
@@ -377,11 +376,13 @@ void LocalServer::processQueries()
 
     /// we can't mutate global global_context (can lead to races, as it was already passed to some background threads)
     /// so we can't reuse it safely as a query context and need a copy here
-    Session session(global_context, ClientInfo::Interface::TCP);
-    session.setUser("default", "", Poco::Net::SocketAddress{});
+    auto context = Context::createCopy(global_context);
 
-    auto context = session.makeQueryContext("");
+    context->makeSessionContext();
+    context->makeQueryContext();
 
+    context->authenticate("default", "", Poco::Net::SocketAddress{});
+    context->setCurrentQueryId("");
     applyCmdSettings(context);
 
     /// Use the same query_id (and thread group) for all queries

programs/server/Server.cpp

@@ -47,13 +47,13 @@
 #include <Interpreters/ExternalDictionariesLoader.h>
 #include <Interpreters/ExternalModelsLoader.h>
 #include <Interpreters/ProcessList.h>
-#include <Interpreters/Session.h>
 #include <Interpreters/loadMetadata.h>
 #include <Interpreters/DatabaseCatalog.h>
 #include <Interpreters/DNSCacheUpdater.h>
 #include <Interpreters/ExternalLoaderXMLConfigRepository.h>
 #include <Interpreters/InterserverCredentials.h>
 #include <Interpreters/JIT/CompiledExpressionCache.h>
+#include <Interpreters/Session.h>
 #include <Access/AccessControlManager.h>
 #include <Storages/StorageReplicatedMergeTree.h>
 #include <Storages/System/attachSystemTables.h>
@@ -1429,7 +1429,7 @@ if (ThreadFuzzer::instance().isEffective())
 
         /// Must be done after initialization of `servers`, because async_metrics will access `servers` variable from its thread.
         async_metrics.start();
-        Session::enableNamedSessions();
+        Session::startupNamedSessions();
 
         {
             String level_str = config().getString("text_log.level", "");

src/Access/ContextAccess.h

@@ -70,6 +70,7 @@ class ContextAccess
     /// Returns the current user. The function can return nullptr.
     UserPtr getUser() const;
     String getUserName() const;
+    std::optional<UUID> getUserID() const { return getParams().user_id; }
 
     /// Returns information about current and enabled roles.
     std::shared_ptr<const EnabledRolesInfo> getRolesInfo() const;

src/Access/Credentials.h

@@ -26,6 +26,8 @@ class Credentials
     String user_name;
 };
 
+/// Does not check the password/credentials and that the specified host is allowed.
+/// (Used only internally in cluster, if the secret matches)
 class AlwaysAllowCredentials
     : public Credentials
 {

src/Bridge/IBridgeHelper.cpp

@@ -5,6 +5,7 @@
 #include <Poco/Net/HTTPRequest.h>
 #include <Poco/URI.h>
 #include <filesystem>
+#include <thread>
 
 namespace fs = std::filesystem;
 

src/Core/MySQL/Authentication.cpp

@@ -2,8 +2,6 @@
 #include <Core/MySQL/PacketsConnection.h>
 #include <Poco/RandomStream.h>
 #include <Poco/SHA1Engine.h>
-#include <Access/User.h>
-#include <Access/AccessControlManager.h>
 #include <Interpreters/Session.h>
 
 #include <common/logger_useful.h>
@@ -74,7 +72,7 @@ Native41::Native41(const String & password, const String & auth_plugin_data)
 }
 
 void Native41::authenticate(
-    const String & user_name, std::optional<String> auth_response, Session & session,
+    const String & user_name, Session & session, std::optional<String> auth_response,
     std::shared_ptr<PacketEndpoint> packet_endpoint, bool, const Poco::Net::SocketAddress & address)
 {
     if (!auth_response)
@@ -87,7 +85,7 @@ void Native41::authenticate(
 
     if (auth_response->empty())
     {
-        session.setUser(user_name, "", address);
+        session.authenticate(user_name, "", address);
         return;
     }
 
@@ -97,9 +95,7 @@ void Native41::authenticate(
                 + " bytes, received: " + std::to_string(auth_response->size()) + " bytes.",
             ErrorCodes::UNKNOWN_EXCEPTION);
 
-    const auto user_authentication = session.getUserAuthentication(user_name);
-
-    Poco::SHA1Engine::Digest double_sha1_value = user_authentication.getPasswordDoubleSHA1();
+    Poco::SHA1Engine::Digest double_sha1_value = session.getPasswordDoubleSHA1(user_name);
     assert(double_sha1_value.size() == Poco::SHA1Engine::DIGEST_SIZE);
 
     Poco::SHA1Engine engine;
@@ -112,7 +108,7 @@ void Native41::authenticate(
     {
         password_sha1[i] = digest[i] ^ static_cast<unsigned char>((*auth_response)[i]);
     }
-    session.setUser(user_name, password_sha1, address);
+    session.authenticate(user_name, password_sha1, address);
 }
 
 #if USE_SSL
@@ -137,7 +133,7 @@ Sha256Password::Sha256Password(RSA & public_key_, RSA & private_key_, Poco::Logg
 }
 
 void Sha256Password::authenticate(
-    const String & user_name, std::optional<String> auth_response, Session & session,
+    const String & user_name, Session & session, std::optional<String> auth_response,
     std::shared_ptr<PacketEndpoint> packet_endpoint, bool is_secure_connection, const Poco::Net::SocketAddress & address)
 {
     if (!auth_response)
@@ -232,7 +228,7 @@ void Sha256Password::authenticate(
         password.pop_back();
     }
 
-    session.setUser(user_name, password, address);
+    session.authenticate(user_name, password, address);
 }
 
 #endif

src/Core/MySQL/Authentication.h

@@ -15,6 +15,7 @@
 
 namespace DB
 {
+class Session;
 
 namespace MySQLProtocol
 {
@@ -32,7 +33,7 @@ class IPlugin
     virtual String getAuthPluginData() = 0;
 
     virtual void authenticate(
-        const String & user_name, std::optional<String> auth_response, Session & session,
+        const String & user_name, Session & session, std::optional<String> auth_response,
         std::shared_ptr<PacketEndpoint> packet_endpoint, bool is_secure_connection, const Poco::Net::SocketAddress & address) = 0;
 };
 
@@ -49,7 +50,7 @@ class Native41 : public IPlugin
     String getAuthPluginData() override { return scramble; }
 
     void authenticate(
-        const String & user_name, std::optional<String> auth_response, Session & session,
+        const String & user_name, Session & session, std::optional<String> auth_response,
         std::shared_ptr<PacketEndpoint> packet_endpoint, bool /* is_secure_connection */, const Poco::Net::SocketAddress & address) override;
 
 private:
@@ -69,7 +70,7 @@ class Sha256Password : public IPlugin
     String getAuthPluginData() override { return scramble; }
 
     void authenticate(
-        const String & user_name, std::optional<String> auth_response, Session & session,
+        const String & user_name, Session & session, std::optional<String> auth_response,
         std::shared_ptr<PacketEndpoint> packet_endpoint, bool is_secure_connection, const Poco::Net::SocketAddress & address) override;
 
 private:

src/Core/PostgreSQLProtocol.h

@@ -1,14 +1,11 @@
 #pragma once
 
-#include <Access/AccessControlManager.h>
-#include <Access/User.h>
 #include <functional>
-#include <Interpreters/Session.h>
-#include <Interpreters/Context.h>
 #include <IO/ReadBuffer.h>
 #include <IO/ReadHelpers.h>
 #include <IO/WriteBuffer.h>
 #include <IO/WriteHelpers.h>
+#include <Interpreters/Session.h>
 #include <common/logger_useful.h>
 #include <Poco/Format.h>
 #include <Poco/RegularExpression.h>
@@ -808,8 +805,9 @@ class AuthenticationMethod
         Messaging::MessageTransport & mt,
         const Poco::Net::SocketAddress & address)
     {
-        try {
-            session.setUser(user_name, password, address);
+        try
+        {
+            session.authenticate(user_name, password, address);
         }
         catch (const Exception &)
         {
@@ -841,7 +839,7 @@ class NoPasswordAuth : public AuthenticationMethod
         Messaging::MessageTransport & mt,
         const Poco::Net::SocketAddress & address) override
     {
-        setPassword(user_name, "", session, mt, address);
+        return setPassword(user_name, "", session, mt, address);
     }
 
     Authentication::Type getType() const override
@@ -865,7 +863,7 @@ class CleartextPasswordAuth : public AuthenticationMethod
         if (type == Messaging::FrontMessageType::PASSWORD_MESSAGE)
         {
             std::unique_ptr<Messaging::PasswordMessage> password = mt.receive<Messaging::PasswordMessage>();
-            setPassword(user_name, password->password, session, mt, address);
+            return setPassword(user_name, password->password, session, mt, address);
         }
         else
             throw Exception(
@@ -902,16 +900,7 @@ class AuthenticationManager
         Messaging::MessageTransport & mt,
         const Poco::Net::SocketAddress & address)
     {
-        Authentication::Type user_auth_type;
-        try
-        {
-            user_auth_type = session.getUserAuthentication(user_name).getType();
-        }
-        catch (const std::exception & e)
-        {
-            session.onLogInFailure(user_name, e);
-            throw;
-        }
+        Authentication::Type user_auth_type = session.getAuthenticationType(user_name);
 
         if (type_to_method.find(user_auth_type) != type_to_method.end())
         {

src/Dictionaries/ClickHouseDictionarySource.cpp

@@ -255,7 +255,7 @@ void registerDictionarySourceClickHouse(DictionarySourceFactory & factory)
         /// We should set user info even for the case when the dictionary is loaded in-process (without TCP communication).
         if (configuration.is_local)
         {
-            context_copy->setUser(configuration.user, configuration.password, Poco::Net::SocketAddress("127.0.0.1", 0));
+            context_copy->authenticate(configuration.user, configuration.password, Poco::Net::SocketAddress("127.0.0.1", 0));
             context_copy = copyContextAndApplySettings(config_prefix, context_copy, config);
         }
 

src/IO/ReadBufferFromFileDescriptor.cpp

@@ -12,6 +12,7 @@
 #include <Common/UnicodeBar.h>
 #include <Common/TerminalSize.h>
 #include <IO/Operators.h>
+#include <IO/Progress.h>
 
 
 namespace ProfileEvents