mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-09-20 00:30:49 +00:00
Support build without libssh for fastcheck
This commit is contained in:
parent
d1386a5500
commit
7118f7a1e1
@ -111,9 +111,9 @@
|
||||
#if USE_SSL
|
||||
# include <Poco/Net/SecureServerSocket.h>
|
||||
# include <Server/CertificateReloader.h>
|
||||
# include <Server/SSHPtyHandlerFactory.h>
|
||||
# include "Server/SSH/LibSSHInitializer.h"
|
||||
# include "Server/SSH/LibSSHLogger.h"
|
||||
# include <Server/SSH/SSHPtyHandlerFactory.h>
|
||||
# include <Common/SSH/LibSSHInitializer.h>
|
||||
# include <Common/SSH/LibSSHLogger.h>
|
||||
#endif
|
||||
|
||||
#if USE_GRPC
|
||||
@ -2256,7 +2256,7 @@ void Server::createServers(
|
||||
new Poco::Net::TCPServerParams));
|
||||
#else
|
||||
UNUSED(port);
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSL support for TCP protocol is disabled because Poco library was built without NetSSL support.");
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH protocol is disabled for ClickHouse, as it has been built without OpenSSL");
|
||||
#endif
|
||||
});
|
||||
|
||||
|
@ -132,10 +132,6 @@
|
||||
-->
|
||||
<tcp_port>9000</tcp_port>
|
||||
|
||||
<tcp_port_ssh>9022</tcp_port_ssh>
|
||||
<ssh>
|
||||
<host_rsa_key>ssh_host_rsa_key</host_rsa_key>
|
||||
</ssh>
|
||||
<!-- Compatibility with MySQL protocol.
|
||||
ClickHouse will pretend to be MySQL for applications connecting to this port.
|
||||
-->
|
||||
|
@ -14,6 +14,7 @@ namespace DB
|
||||
namespace ErrorCodes
|
||||
{
|
||||
extern const int NOT_IMPLEMENTED;
|
||||
extern const int SUPPORT_IS_DISABLED;
|
||||
}
|
||||
|
||||
namespace
|
||||
@ -97,7 +98,11 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
|
||||
throw Authentication::Require<BasicCredentials>("ClickHouse X.509 Authentication");
|
||||
|
||||
case AuthenticationType::SSH_KEY:
|
||||
#if USE_SSL
|
||||
throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
|
||||
#else
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
|
||||
#endif
|
||||
|
||||
case AuthenticationType::MAX:
|
||||
break;
|
||||
@ -127,7 +132,11 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
|
||||
throw Authentication::Require<BasicCredentials>("ClickHouse X.509 Authentication");
|
||||
|
||||
case AuthenticationType::SSH_KEY:
|
||||
#if USE_SSL
|
||||
throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
|
||||
#else
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
|
||||
#endif
|
||||
|
||||
case AuthenticationType::MAX:
|
||||
break;
|
||||
@ -163,7 +172,11 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
|
||||
return checkPasswordBcrypt(basic_credentials->getPassword(), auth_data.getPasswordHashBinary());
|
||||
|
||||
case AuthenticationType::SSH_KEY:
|
||||
#if USE_SSL
|
||||
throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
|
||||
#else
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
|
||||
#endif
|
||||
|
||||
case AuthenticationType::MAX:
|
||||
break;
|
||||
@ -189,13 +202,18 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
|
||||
return auth_data.getSSLCertificateCommonNames().contains(ssl_certificate_credentials->getCommonName());
|
||||
|
||||
case AuthenticationType::SSH_KEY:
|
||||
#if USE_SSL
|
||||
throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
|
||||
#else
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
|
||||
#endif
|
||||
|
||||
case AuthenticationType::MAX:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
#if USE_SSL
|
||||
if (const auto * ssh_key_credentials = typeid_cast<const SSHKeyPlainCredentials *>(&credentials))
|
||||
{
|
||||
switch (auth_data.getType())
|
||||
@ -225,6 +243,7 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if ([[maybe_unused]] const auto * always_allow_credentials = typeid_cast<const AlwaysAllowCredentials *>(&credentials))
|
||||
return true;
|
||||
|
@ -104,7 +104,10 @@ bool operator ==(const AuthenticationData & lhs, const AuthenticationData & rhs)
|
||||
return (lhs.type == rhs.type) && (lhs.password_hash == rhs.password_hash)
|
||||
&& (lhs.ldap_server_name == rhs.ldap_server_name) && (lhs.kerberos_realm == rhs.kerberos_realm)
|
||||
&& (lhs.ssl_certificate_common_names == rhs.ssl_certificate_common_names)
|
||||
&& (lhs.ssh_keys == rhs.ssh_keys);
|
||||
#if USE_SSL
|
||||
&& (lhs.ssh_keys == rhs.ssh_keys)
|
||||
#endif
|
||||
;
|
||||
}
|
||||
|
||||
|
||||
@ -321,10 +324,14 @@ std::shared_ptr<ASTAuthenticationData> AuthenticationData::toAST() const
|
||||
}
|
||||
case AuthenticationType::SSH_KEY:
|
||||
{
|
||||
#if USE_SSL
|
||||
for (const auto & key : getSshKeys())
|
||||
node->children.push_back(std::make_shared<ASTLiteral>(key.getBase64Representation()));
|
||||
|
||||
break;
|
||||
#else
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
|
||||
#endif
|
||||
}
|
||||
|
||||
case AuthenticationType::NO_PASSWORD: [[fallthrough]];
|
||||
|
@ -6,7 +6,10 @@
|
||||
|
||||
#include <base/types.h>
|
||||
#include <boost/container/flat_set.hpp>
|
||||
#include "Access/SSHPublicKey.h"
|
||||
#include "config.h"
|
||||
#if USE_SSL
|
||||
#include <Access/SSH/SSHPublicKey.h>
|
||||
#endif
|
||||
#include <vector>
|
||||
|
||||
namespace DB
|
||||
@ -58,8 +61,10 @@ public:
|
||||
const boost::container::flat_set<String> & getSSLCertificateCommonNames() const { return ssl_certificate_common_names; }
|
||||
void setSSLCertificateCommonNames(boost::container::flat_set<String> common_names_);
|
||||
|
||||
#if USE_SSL
|
||||
const std::vector<ssh::SSHPublicKey> & getSshKeys() const { return ssh_keys; }
|
||||
void setSshKeys(std::vector<ssh::SSHPublicKey> && ssh_keys_) { ssh_keys = std::move(ssh_keys_); }
|
||||
#endif
|
||||
|
||||
friend bool operator ==(const AuthenticationData & lhs, const AuthenticationData & rhs);
|
||||
friend bool operator !=(const AuthenticationData & lhs, const AuthenticationData & rhs) { return !(lhs == rhs); }
|
||||
@ -87,7 +92,9 @@ private:
|
||||
String kerberos_realm;
|
||||
boost::container::flat_set<String> ssl_certificate_common_names;
|
||||
String salt;
|
||||
#if USE_SSL
|
||||
std::vector<ssh::SSHPublicKey> ssh_keys;
|
||||
#endif
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -1,7 +1,10 @@
|
||||
#pragma once
|
||||
|
||||
#include <base/types.h>
|
||||
#include "Access/SSHPublicKey.h"
|
||||
#include "config.h"
|
||||
#if USE_SSL
|
||||
#include <Access/SSH/SSHPublicKey.h>
|
||||
#endif
|
||||
#include <memory>
|
||||
|
||||
|
||||
@ -87,6 +90,7 @@ class MySQLNative41Credentials : public CredentialsWithScramble
|
||||
using CredentialsWithScramble::CredentialsWithScramble;
|
||||
};
|
||||
|
||||
#if USE_SSL
|
||||
// Credentials, which contain just user and its public key.
|
||||
// The validness of the key must be checked before.
|
||||
class SSHKeyPlainCredentials : public Credentials
|
||||
@ -102,5 +106,6 @@ public:
|
||||
private:
|
||||
ssh::SSHPublicKey key;
|
||||
};
|
||||
#endif
|
||||
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include <stdexcept>
|
||||
#include <Access/SSHPublicKey.h>
|
||||
#include <Server/SSH/clibssh.h>
|
||||
#include <Access/SSH/SSHPublicKey.h>
|
||||
#include <Common/SSH/clibssh.h>
|
||||
|
||||
namespace ssh
|
||||
{
|
@ -12,7 +12,6 @@
|
||||
#include <Common/StringUtils/StringUtils.h>
|
||||
#include <Common/quoteString.h>
|
||||
#include <Common/TransformEndianness.hpp>
|
||||
#include "Access/SSHPublicKey.h"
|
||||
#include <Core/Settings.h>
|
||||
#include <Interpreters/executeQuery.h>
|
||||
#include <Parsers/Access/ASTGrantQuery.h>
|
||||
@ -28,6 +27,11 @@
|
||||
#include <filesystem>
|
||||
#include <base/FnTraits.h>
|
||||
|
||||
#include "config.h"
|
||||
#if USE_SSL
|
||||
#include <Access/SSH/SSHPublicKey.h>
|
||||
#endif
|
||||
|
||||
|
||||
namespace DB
|
||||
{
|
||||
@ -37,6 +41,7 @@ namespace ErrorCodes
|
||||
extern const int UNKNOWN_ADDRESS_PATTERN_TYPE;
|
||||
extern const int THERE_IS_NO_PROFILE;
|
||||
extern const int NOT_IMPLEMENTED;
|
||||
extern const int SUPPORT_IS_DISABLED;
|
||||
}
|
||||
|
||||
namespace
|
||||
@ -204,6 +209,7 @@ namespace
|
||||
}
|
||||
else if (has_ssh_keys)
|
||||
{
|
||||
#if USE_SSL
|
||||
user->auth_data = AuthenticationData{AuthenticationType::SSH_KEY};
|
||||
|
||||
// User can specify multiple public keys, that can be used for authentication
|
||||
@ -232,6 +238,9 @@ namespace
|
||||
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Unknown ssh_key entry pattern type: {}", entry);
|
||||
}
|
||||
user->auth_data.setSshKeys(std::move(keys));
|
||||
#else
|
||||
throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as clickhouse was built without openssl");
|
||||
#endif
|
||||
}
|
||||
|
||||
auto auth_type = user->auth_data.getType();
|
||||
|
@ -82,7 +82,9 @@ add_subdirectory (Formats)
|
||||
|
||||
add_headers_and_sources(clickhouse_common_io Common)
|
||||
add_headers_and_sources(clickhouse_common_io Common/HashTable)
|
||||
add_headers_and_sources(clickhouse_common_io Common/SSH)
|
||||
if (TARGET ch_contrib::ssh)
|
||||
add_headers_and_sources(clickhouse_common_io Common/SSH)
|
||||
endif()
|
||||
add_headers_and_sources(clickhouse_common_io IO)
|
||||
add_headers_and_sources(clickhouse_common_io IO/Archives)
|
||||
add_headers_and_sources(clickhouse_common_io IO/Resource)
|
||||
@ -186,6 +188,9 @@ macro(add_object_library name common_path)
|
||||
endmacro()
|
||||
|
||||
add_object_library(clickhouse_access Access)
|
||||
if (TARGET ch_contrib::ssh)
|
||||
add_object_library(clickhouse_access_ssh Access/SSH)
|
||||
endif()
|
||||
add_object_library(clickhouse_backups Backups)
|
||||
add_object_library(clickhouse_core Core)
|
||||
add_object_library(clickhouse_core_mysql Core/MySQL)
|
||||
@ -217,7 +222,9 @@ add_object_library(clickhouse_client Client)
|
||||
add_object_library(clickhouse_bridge BridgeHelper)
|
||||
add_object_library(clickhouse_server Server)
|
||||
add_object_library(clickhouse_server_http Server/HTTP)
|
||||
add_object_library(clickhouse_server_ssh Server/SSH)
|
||||
if (TARGET ch_contrib::ssh)
|
||||
add_object_library(clickhouse_server_ssh Server/SSH)
|
||||
endif()
|
||||
add_object_library(clickhouse_server_embedded_client Server/EmbeddedClient)
|
||||
add_object_library(clickhouse_formats Formats)
|
||||
add_object_library(clickhouse_processors Processors)
|
||||
@ -340,7 +347,9 @@ if (TARGET ch_contrib::crc32-vpmsum)
|
||||
target_link_libraries(clickhouse_common_io PUBLIC ch_contrib::crc32-vpmsum)
|
||||
endif()
|
||||
|
||||
target_link_libraries(clickhouse_common_io PUBLIC ch_contrib::ssh)
|
||||
if (TARGET ch_contrib::ssh)
|
||||
target_link_libraries(clickhouse_common_io PUBLIC ch_contrib::ssh)
|
||||
endif()
|
||||
|
||||
dbms_target_link_libraries(PUBLIC ch_contrib::abseil_swiss_tables)
|
||||
target_link_libraries (clickhouse_common_io PUBLIC ch_contrib::abseil_swiss_tables)
|
||||
|
@ -570,7 +570,7 @@ try
|
||||
flags |= O_CREAT;
|
||||
|
||||
out_file_buf = wrapWriteBufferWithCompressionMethod(
|
||||
std::make_unique<WriteBufferFromFile>(out_file, flags),
|
||||
std::make_unique<WriteBufferFromFile>(out_file, DBMS_DEFAULT_BUFFER_SIZE, flags),
|
||||
compression_method,
|
||||
static_cast<int>(compression_level)
|
||||
);
|
||||
|
@ -1,4 +1,5 @@
|
||||
#include <cstdlib>
|
||||
#include <cstring>
|
||||
#include <fcntl.h>
|
||||
#include <termios.h>
|
||||
#include <unistd.h>
|
||||
|
@ -1,7 +1,7 @@
|
||||
#include "SSHBind.h"
|
||||
#include <stdexcept>
|
||||
#include <fmt/format.h>
|
||||
#include "clibssh.h"
|
||||
#include <Common/SSH/clibssh.h>
|
||||
|
||||
namespace ssh
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include "SSHChannel.h"
|
||||
#include <stdexcept>
|
||||
#include "clibssh.h"
|
||||
#include <Common/SSH/clibssh.h>
|
||||
|
||||
namespace ssh
|
||||
{
|
||||
|
@ -1,6 +1,6 @@
|
||||
#include "SSHEvent.h"
|
||||
#include <stdexcept>
|
||||
#include "clibssh.h"
|
||||
#include <Common/SSH/clibssh.h>
|
||||
|
||||
namespace ssh
|
||||
{
|
||||
|
@ -1,8 +1,8 @@
|
||||
#include <atomic>
|
||||
#include <stdexcept>
|
||||
#include <Server/EmbeddedClient/openpty.h>
|
||||
#include <Server/SSH/clibssh.h>
|
||||
#include <Server/SSHPtyHandler.h>
|
||||
#include <Common/SSH/clibssh.h>
|
||||
#include <Server/SSH/SSHPtyHandler.h>
|
||||
#include <boost/iostreams/device/file_descriptor.hpp>
|
||||
#include <boost/iostreams/stream.hpp>
|
||||
#include <sys/poll.h>
|
||||
@ -10,7 +10,7 @@
|
||||
#include <Poco/Pipe.h>
|
||||
#include "Access/Common/AuthenticationType.h"
|
||||
#include "Access/Credentials.h"
|
||||
#include "Access/SSHPublicKey.h"
|
||||
#include "Access/SSH/SSHPublicKey.h"
|
||||
#include "Core/Names.h"
|
||||
#include "Server/EmbeddedClient/EmbeddedClientRunner.h"
|
||||
#include "Server/EmbeddedClient/IClientDescriptorSet.h"
|
@ -1,12 +1,12 @@
|
||||
#pragma once
|
||||
#include <Server/SSHPtyHandler.h>
|
||||
#include <Server/SSH/SSHPtyHandler.h>
|
||||
#include <Server/TCPServer.h>
|
||||
#include <Server/TCPServerConnectionFactory.h>
|
||||
#include <Poco/Util/AbstractConfiguration.h>
|
||||
#include "Common/Exception.h"
|
||||
#include <Common/logger_useful.h>
|
||||
#include "Server/IServer.h"
|
||||
#include "Server/SSH/LibSSHLogger.h"
|
||||
#include "Common/SSH/LibSSHLogger.h"
|
||||
#include "Server/SSH/SSHBind.h"
|
||||
#include "Server/SSH/SSHSession.h"
|
||||
|
@ -1,7 +1,7 @@
|
||||
#include "SSHSession.h"
|
||||
#include <stdexcept>
|
||||
#include <fmt/format.h>
|
||||
#include "clibssh.h"
|
||||
#include <Common/SSH/clibssh.h>
|
||||
|
||||
namespace ssh
|
||||
{
|
||||
|
@ -1117,7 +1117,7 @@ CREATE TABLE system.users
|
||||
`name` String,
|
||||
`id` UUID,
|
||||
`storage` String,
|
||||
`auth_type` Enum8('no_password' = 0, 'plaintext_password' = 1, 'sha256_password' = 2, 'double_sha1_password' = 3, 'ldap' = 4, 'kerberos' = 5, 'ssl_certificate' = 6, 'bcrypt_password' = 7),
|
||||
`auth_type` Enum8('no_password' = 0, 'plaintext_password' = 1, 'sha256_password' = 2, 'double_sha1_password' = 3, 'ldap' = 4, 'kerberos' = 5, 'ssl_certificate' = 6, 'bcrypt_password' = 7, 'ssh_key' = 8),
|
||||
`auth_params` String,
|
||||
`host_ip` Array(String),
|
||||
`host_names` Array(String),
|
||||
|
Loading…
Reference in New Issue
Block a user