Support build without libssh for fastcheck

programs/server/Server.cpp

@@ -111,9 +111,9 @@
 #if USE_SSL
 #    include <Poco/Net/SecureServerSocket.h>
 #    include <Server/CertificateReloader.h>
-#    include <Server/SSHPtyHandlerFactory.h>
-#    include "Server/SSH/LibSSHInitializer.h"
-#    include "Server/SSH/LibSSHLogger.h"
+#    include <Server/SSH/SSHPtyHandlerFactory.h>
+#    include <Common/SSH/LibSSHInitializer.h>
+#    include <Common/SSH/LibSSHLogger.h>
 #endif
 
 #if USE_GRPC
@@ -2256,7 +2256,7 @@ void Server::createServers(
                         new Poco::Net::TCPServerParams));
 #else
             UNUSED(port);
-            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSL support for TCP protocol is disabled because Poco library was built without NetSSL support.");
+            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH protocol is disabled for ClickHouse, as it has been built without OpenSSL");
 #endif
             });
 

programs/server/config.xml

@@ -132,10 +132,6 @@
     -->
     <tcp_port>9000</tcp_port>
 
-    <tcp_port_ssh>9022</tcp_port_ssh>
-    <ssh>
-        <host_rsa_key>ssh_host_rsa_key</host_rsa_key>
-    </ssh>
     <!-- Compatibility with MySQL protocol.
          ClickHouse will pretend to be MySQL for applications connecting to this port.
     -->

src/Access/Authentication.cpp

@@ -14,6 +14,7 @@ namespace DB
 namespace ErrorCodes
 {
     extern const int NOT_IMPLEMENTED;
+    extern const int SUPPORT_IS_DISABLED;
 }
 
 namespace
@@ -97,7 +98,11 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
                 throw Authentication::Require<BasicCredentials>("ClickHouse X.509 Authentication");
 
             case AuthenticationType::SSH_KEY:
+#if USE_SSL
                 throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
+#else
+            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
+#endif
 
             case AuthenticationType::MAX:
                 break;
@@ -127,7 +132,11 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
                 throw Authentication::Require<BasicCredentials>("ClickHouse X.509 Authentication");
 
             case AuthenticationType::SSH_KEY:
+#if USE_SSL
                 throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
+#else
+            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
+#endif
 
             case AuthenticationType::MAX:
                 break;
@@ -163,7 +172,11 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
                 return checkPasswordBcrypt(basic_credentials->getPassword(), auth_data.getPasswordHashBinary());
 
             case AuthenticationType::SSH_KEY:
+#if USE_SSL
                 throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
+#else
+            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
+#endif
 
             case AuthenticationType::MAX:
                 break;
@@ -189,13 +202,18 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
                 return auth_data.getSSLCertificateCommonNames().contains(ssl_certificate_credentials->getCommonName());
 
             case AuthenticationType::SSH_KEY:
+#if USE_SSL
                 throw Authentication::Require<SSHKeyPlainCredentials>("ClickHouse SSH Keys Authentication");
+#else
+            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
+#endif
 
             case AuthenticationType::MAX:
                 break;
         }
     }
 
+#if USE_SSL
     if (const auto * ssh_key_credentials = typeid_cast<const SSHKeyPlainCredentials *>(&credentials))
     {
         switch (auth_data.getType())
@@ -225,6 +243,7 @@ bool Authentication::areCredentialsValid(const Credentials & credentials, const
                 break;
         }
     }
+#endif
 
     if ([[maybe_unused]] const auto * always_allow_credentials = typeid_cast<const AlwaysAllowCredentials *>(&credentials))
         return true;

src/Access/AuthenticationData.cpp

@@ -104,7 +104,10 @@ bool operator ==(const AuthenticationData & lhs, const AuthenticationData & rhs)
     return (lhs.type == rhs.type) && (lhs.password_hash == rhs.password_hash)
         && (lhs.ldap_server_name == rhs.ldap_server_name) && (lhs.kerberos_realm == rhs.kerberos_realm)
         && (lhs.ssl_certificate_common_names == rhs.ssl_certificate_common_names)
-        && (lhs.ssh_keys == rhs.ssh_keys);
+#if USE_SSL
+        && (lhs.ssh_keys == rhs.ssh_keys)
+#endif
+        ;
 }
 
 
@@ -321,10 +324,14 @@ std::shared_ptr<ASTAuthenticationData> AuthenticationData::toAST() const
         }
         case AuthenticationType::SSH_KEY:
         {
+#if USE_SSL
             for (const auto & key : getSshKeys())
                 node->children.push_back(std::make_shared<ASTLiteral>(key.getBase64Representation()));
 
             break;
+#else
+            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as ClickHouse was built without OpenSSL");
+#endif
         }
 
         case AuthenticationType::NO_PASSWORD: [[fallthrough]];

src/Access/AuthenticationData.h

@@ -6,7 +6,10 @@
 
 #include <base/types.h>
 #include <boost/container/flat_set.hpp>
-#include "Access/SSHPublicKey.h"
+#include "config.h"
+#if USE_SSL
+    #include <Access/SSH/SSHPublicKey.h>
+#endif
 #include <vector>
 
 namespace DB
@@ -58,8 +61,10 @@ public:
     const boost::container::flat_set<String> & getSSLCertificateCommonNames() const { return ssl_certificate_common_names; }
     void setSSLCertificateCommonNames(boost::container::flat_set<String> common_names_);
 
+#if USE_SSL
     const std::vector<ssh::SSHPublicKey> & getSshKeys() const { return ssh_keys; }
     void setSshKeys(std::vector<ssh::SSHPublicKey> && ssh_keys_) { ssh_keys = std::move(ssh_keys_); }
+#endif
 
     friend bool operator ==(const AuthenticationData & lhs, const AuthenticationData & rhs);
     friend bool operator !=(const AuthenticationData & lhs, const AuthenticationData & rhs) { return !(lhs == rhs); }
@@ -87,7 +92,9 @@ private:
     String kerberos_realm;
     boost::container::flat_set<String> ssl_certificate_common_names;
     String salt;
+#if USE_SSL
     std::vector<ssh::SSHPublicKey> ssh_keys;
+#endif
 };
 
 }

src/Access/Credentials.h

@@ -1,7 +1,10 @@
 #pragma once
 
 #include <base/types.h>
-#include "Access/SSHPublicKey.h"
+#include "config.h"
+#if USE_SSL
+    #include <Access/SSH/SSHPublicKey.h>
+#endif
 #include <memory>
 
 
@@ -87,6 +90,7 @@ class MySQLNative41Credentials : public CredentialsWithScramble
     using CredentialsWithScramble::CredentialsWithScramble;
 };
 
+#if USE_SSL
 // Credentials, which contain just user and its public key.
 // The validness of the key must be checked before.
 class SSHKeyPlainCredentials : public Credentials
@@ -102,5 +106,6 @@ public:
 private:
     ssh::SSHPublicKey key;
 };
+#endif
 
 }

src/Access/SSH/SSHPublicKey.cpp

@@ -1,6 +1,6 @@
 #include <stdexcept>
-#include <Access/SSHPublicKey.h>
-#include <Server/SSH/clibssh.h>
+#include <Access/SSH/SSHPublicKey.h>
+#include <Common/SSH/clibssh.h>
 
 namespace ssh
 {

src/Access/UsersConfigAccessStorage.cpp

@@ -12,7 +12,6 @@
 #include <Common/StringUtils/StringUtils.h>
 #include <Common/quoteString.h>
 #include <Common/TransformEndianness.hpp>
-#include "Access/SSHPublicKey.h"
 #include <Core/Settings.h>
 #include <Interpreters/executeQuery.h>
 #include <Parsers/Access/ASTGrantQuery.h>
@@ -28,6 +27,11 @@
 #include <filesystem>
 #include <base/FnTraits.h>
 
+#include "config.h"
+#if USE_SSL
+    #include <Access/SSH/SSHPublicKey.h>
+#endif
+
 
 namespace DB
 {
@@ -37,6 +41,7 @@ namespace ErrorCodes
     extern const int UNKNOWN_ADDRESS_PATTERN_TYPE;
     extern const int THERE_IS_NO_PROFILE;
     extern const int NOT_IMPLEMENTED;
+    extern const int SUPPORT_IS_DISABLED;
 }
 
 namespace
@@ -204,6 +209,7 @@ namespace
         }
         else if (has_ssh_keys)
         {
+#if USE_SSL
             user->auth_data = AuthenticationData{AuthenticationType::SSH_KEY};
 
             // User can specify multiple public keys, that can be used for authentication
@@ -232,6 +238,9 @@ namespace
                     throw Exception(ErrorCodes::BAD_ARGUMENTS, "Unknown ssh_key entry pattern type: {}", entry);
             }
             user->auth_data.setSshKeys(std::move(keys));
+#else
+            throw Exception(ErrorCodes::SUPPORT_IS_DISABLED, "SSH support disabled as clickhouse was built without openssl");
+#endif
     }
 
         auto auth_type = user->auth_data.getType();

src/CMakeLists.txt

@@ -82,7 +82,9 @@ add_subdirectory (Formats)
 
 add_headers_and_sources(clickhouse_common_io Common)
 add_headers_and_sources(clickhouse_common_io Common/HashTable)
-add_headers_and_sources(clickhouse_common_io Common/SSH)
+if (TARGET ch_contrib::ssh)
+    add_headers_and_sources(clickhouse_common_io Common/SSH)
+endif()
 add_headers_and_sources(clickhouse_common_io IO)
 add_headers_and_sources(clickhouse_common_io IO/Archives)
 add_headers_and_sources(clickhouse_common_io IO/Resource)
@@ -186,6 +188,9 @@ macro(add_object_library name common_path)
 endmacro()
 
 add_object_library(clickhouse_access Access)
+if (TARGET ch_contrib::ssh)
+    add_object_library(clickhouse_access_ssh Access/SSH)
+endif()
 add_object_library(clickhouse_backups Backups)
 add_object_library(clickhouse_core Core)
 add_object_library(clickhouse_core_mysql Core/MySQL)
@@ -217,7 +222,9 @@ add_object_library(clickhouse_client Client)
 add_object_library(clickhouse_bridge BridgeHelper)
 add_object_library(clickhouse_server Server)
 add_object_library(clickhouse_server_http Server/HTTP)
-add_object_library(clickhouse_server_ssh Server/SSH)
+if (TARGET ch_contrib::ssh)
+    add_object_library(clickhouse_server_ssh Server/SSH)
+endif()
 add_object_library(clickhouse_server_embedded_client Server/EmbeddedClient)
 add_object_library(clickhouse_formats Formats)
 add_object_library(clickhouse_processors Processors)
@@ -340,7 +347,9 @@ if (TARGET ch_contrib::crc32-vpmsum)
     target_link_libraries(clickhouse_common_io PUBLIC ch_contrib::crc32-vpmsum)
  endif()
 
-target_link_libraries(clickhouse_common_io PUBLIC ch_contrib::ssh)
+if (TARGET ch_contrib::ssh)
+    target_link_libraries(clickhouse_common_io PUBLIC ch_contrib::ssh)
+endif()
 
 dbms_target_link_libraries(PUBLIC ch_contrib::abseil_swiss_tables)
 target_link_libraries (clickhouse_common_io PUBLIC ch_contrib::abseil_swiss_tables)

src/Client/ClientCore.cpp

@@ -570,7 +570,7 @@ try
                     flags |= O_CREAT;
 
                 out_file_buf = wrapWriteBufferWithCompressionMethod(
-                    std::make_unique<WriteBufferFromFile>(out_file, flags),
+                    std::make_unique<WriteBufferFromFile>(out_file, DBMS_DEFAULT_BUFFER_SIZE, flags),
                     compression_method,
                     static_cast<int>(compression_level)
                 );

src/Server/EmbeddedClient/openpty.cpp

@@ -1,4 +1,5 @@
 #include <cstdlib>
+#include <cstring>
 #include <fcntl.h>
 #include <termios.h>
 #include <unistd.h>

src/Server/SSH/SSHBind.cpp

@@ -1,7 +1,7 @@
 #include "SSHBind.h"
 #include <stdexcept>
 #include <fmt/format.h>
-#include "clibssh.h"
+#include <Common/SSH/clibssh.h>
 
 namespace ssh
 {

src/Server/SSH/SSHChannel.cpp

@@ -1,6 +1,6 @@
 #include "SSHChannel.h"
 #include <stdexcept>
-#include "clibssh.h"
+#include <Common/SSH/clibssh.h>
 
 namespace ssh
 {

src/Server/SSH/SSHEvent.cpp

@@ -1,6 +1,6 @@
 #include "SSHEvent.h"
 #include <stdexcept>
-#include "clibssh.h"
+#include <Common/SSH/clibssh.h>
 
 namespace ssh
 {

src/Server/SSH/SSHPtyHandler.cpp

@@ -1,8 +1,8 @@
 #include <atomic>
 #include <stdexcept>
 #include <Server/EmbeddedClient/openpty.h>
-#include <Server/SSH/clibssh.h>
-#include <Server/SSHPtyHandler.h>
+#include <Common/SSH/clibssh.h>
+#include <Server/SSH/SSHPtyHandler.h>
 #include <boost/iostreams/device/file_descriptor.hpp>
 #include <boost/iostreams/stream.hpp>
 #include <sys/poll.h>
@@ -10,7 +10,7 @@
 #include <Poco/Pipe.h>
 #include "Access/Common/AuthenticationType.h"
 #include "Access/Credentials.h"
-#include "Access/SSHPublicKey.h"
+#include "Access/SSH/SSHPublicKey.h"
 #include "Core/Names.h"
 #include "Server/EmbeddedClient/EmbeddedClientRunner.h"
 #include "Server/EmbeddedClient/IClientDescriptorSet.h"

src/Server/SSH/SSHPtyHandlerFactory.h

@@ -1,12 +1,12 @@
 #pragma once
-#include <Server/SSHPtyHandler.h>
+#include <Server/SSH/SSHPtyHandler.h>
 #include <Server/TCPServer.h>
 #include <Server/TCPServerConnectionFactory.h>
 #include <Poco/Util/AbstractConfiguration.h>
 #include "Common/Exception.h"
 #include <Common/logger_useful.h>
 #include "Server/IServer.h"
-#include "Server/SSH/LibSSHLogger.h"
+#include "Common/SSH/LibSSHLogger.h"
 #include "Server/SSH/SSHBind.h"
 #include "Server/SSH/SSHSession.h"
 

src/Server/SSH/SSHSession.cpp

@@ -1,7 +1,7 @@
 #include "SSHSession.h"
 #include <stdexcept>
 #include <fmt/format.h>
-#include "clibssh.h"
+#include <Common/SSH/clibssh.h>
 
 namespace ssh
 {

tests/queries/0_stateless/02117_show_create_table_system.reference

@@ -1117,7 +1117,7 @@ CREATE TABLE system.users
     `name` String,
     `id` UUID,
     `storage` String,
-    `auth_type` Enum8('no_password' = 0, 'plaintext_password' = 1, 'sha256_password' = 2, 'double_sha1_password' = 3, 'ldap' = 4, 'kerberos' = 5, 'ssl_certificate' = 6, 'bcrypt_password' = 7),
+    `auth_type` Enum8('no_password' = 0, 'plaintext_password' = 1, 'sha256_password' = 2, 'double_sha1_password' = 3, 'ldap' = 4, 'kerberos' = 5, 'ssl_certificate' = 6, 'bcrypt_password' = 7, 'ssh_key' = 8),
     `auth_params` String,
     `host_ip` Array(String),
     `host_names` Array(String),