sync with upstream

gojimmypi · Jan 30, 2024 · 52f085d · 52f085d
2 parents 3dd413b + 710e6e0
commit 52f085d
Show file tree

Hide file tree

Showing 19 changed files with 468 additions and 65 deletions.
diff --git a/.github/workflows/sshd-test.yml b/.github/workflows/sshd-test.yml
@@ -28,5 +28,5 @@ jobs:
  - name: make check
  run: make check
  - name: run wolfSSHd tests
- run: sudo ./run_all_sshd_tests.sh
+ run: sudo ./run_all_sshd_tests.sh root
  working-directory: ./apps/wolfsshd/test
diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
@@ -66,10 +66,10 @@ jobs:
 
  - name: Install zephyr SDK
  run: |
- wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
- tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
+ wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+ tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
  cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
- ./setup.sh -h -c
+ ./setup.sh -h -c -t x86_64-zephyr-elf
 
  - name: Run wolfssh tests
  id: wolfssh-test

diff --git a/apps/wolfssh/wolfssh.c b/apps/wolfssh/wolfssh.c
@@ -162,12 +162,26 @@ static void modes_clear(void)
 {
  WOLFSSH_TERMIOS term = oldTerm;
 
- term.c_lflag &= ~(ICANON | ISIG | IEXTEN | ECHO | ECHOE | ECHOK
- | ECHONL | ECHOPRT | NOFLSH | TOSTOP | FLUSHO
- | PENDIN | EXTPROC);
+ term.c_lflag &= ~(ICANON | ISIG | IEXTEN | ECHO | ECHOE
+ | ECHOK | ECHONL | NOFLSH | TOSTOP);
 
- term.c_iflag &= ~(ISTRIP | INLCR | ICRNL | IGNCR | IXON | IXOFF
- | IXANY | IGNBRK | INPCK | PARMRK);
+ /* check macros set for some BSD dependent and missing on
+ * QNX flags */
+#ifdef ECHOPRT
+ term.c_lflag &= ~(ECHOPRT);
+#endif
+#ifdef FLUSHO
+ term.c_lflag &= ~(FLUSHO);
+#endif
+#ifdef PENDIN
+ term.c_lflag &= ~(PENDIN);
+#endif
+#ifdef EXTPROC
+ term.c_lflag &= ~(EXTPROC);
+#endif
+
+ term.c_iflag &= ~(ISTRIP | INLCR | ICRNL | IGNCR | IXON
+ | IXOFF | IXANY | IGNBRK | INPCK | PARMRK);
 #ifdef IUCLC
  term.c_iflag &= ~IUCLC;
 #endif
@@ -178,8 +192,10 @@ static void modes_clear(void)
  term.c_oflag &= ~OLCUC;
 #endif
 
- term.c_cflag &= ~(CSTOPB | PARENB | PARODD | CLOCAL | CRTSCTS);
-
+ term.c_cflag &= ~(CSTOPB | PARENB | PARODD | CLOCAL);
+#ifdef CRTSCTS
+ term.c_cflag &= ~(CRTSCTS);
+#endif
  tcsetattr(STDIN_FILENO, TCSANOW, &term);
 }
 

diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
@@ -380,6 +380,8 @@ static int CheckPasswordUnix(const char* usr, const byte* pw, word32 pwSz, WOLFS
  if (pwInfo == NULL) {
  /* user name not found on system */
  ret = WS_FATAL_ERROR;
+ wolfSSH_Log(WS_LOG_ERROR,
+ "[SSHD] User name not found on system");
  }
  }
 
@@ -412,6 +414,8 @@ static int CheckPasswordUnix(const char* usr, const byte* pw, word32 pwSz, WOLFS
  if (ret == WS_SUCCESS) {
  storedHashCpy = WSTRDUP(storedHash, NULL, DYNTYPE_STRING);
  if (storedHash == NULL) {
+ wolfSSH_Log(WS_LOG_ERROR,
+ "[SSHD] Error getting stored hash copy");
  ret = WS_MEMORY_E;
  }
  }

diff --git a/apps/wolfsshd/test/create_sshd_config.sh b/apps/wolfsshd/test/create_sshd_config.sh
@@ -26,11 +26,15 @@ PermitEmptyPasswords no
 UsePrivilegeSeparation no
 UseDNS no
 
-TrustedUserCAKeys $PWD/ca-cert-ecc.pem 
-HostKey $PWD/server-key.pem 
-HostCertificate $PWD/server-cert.pem
+TrustedUserCAKeys $PWD/../../../keys/ca-cert-ecc.pem 
+HostKey $PWD/../../../keys/server-key.pem 
+HostCertificate $PWD/../../../keys/server-cert.pem
 
 EOF
 
+cd ../../../keys/
+./renewcerts.sh $1
+cd ../apps/wolfsshd/test/
+
 exit 0
 
diff --git a/apps/wolfsshd/test/error_return.sh b/apps/wolfsshd/test/error_return.sh
@@ -13,7 +13,7 @@ PUBLIC_KEY="./keys/hansel-key-ecc.pub"
 if [ -z "$1" ] || [ -z "$2" ]; then
  echo "expecting host and port as arguments"
  echo "./error_return.sh 127.0.0.1 22222"
- exit -1
+ exit 1
 fi
 
 echo "$TEST_CLIENT -c 'bash -c \"(exit 2)\"' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\""

diff --git a/apps/wolfsshd/test/run_all_sshd_tests.sh b/apps/wolfsshd/test/run_all_sshd_tests.sh
@@ -2,15 +2,22 @@
 
 echo "Running all wolfSSHd tests"
 
-TEST_HOST=$1
-TEST_PORT=$2
+if [ -z "$1" ]; then
+ USER=$USER
+else
+ USER=$1
+fi
+
+TEST_HOST=$2
+TEST_PORT=$3
+
 TOTAL=0
 SKIPPED=0
 
 # setup
 set -e
 ./create_authorized_test_file.sh
-./create_sshd_config.sh
+./create_sshd_config.sh $USER
 set +e
 
 if [ ! -z "$TEST_HOST" ] && [ ! -z "$TEST_PORT" ]; then
@@ -31,7 +38,7 @@ fi
 
 run_test() {
  printf "$1 ... "
- ./"$1" "$TEST_HOST" "$TEST_PORT" &> stdout.txt
+ ./"$1" "$TEST_HOST" "$TEST_PORT" "$USER" &> stdout.txt
  RESULT=$?
  TOTAL=$((TOTAL+1))
  if [ "$RESULT" == 77 ]; then
@@ -73,6 +80,16 @@ else
  SKIPPED=$((SKIPPED+1))
 fi
 
+# these tests run with X509 sshd-config loaded
+if [ "$USING_LOCAL_HOST" == 1 ]; then
+ start_wolfsshd "sshd_config_test_x509"
+fi
+run_test "sshd_x509_test.sh"
+if [ "$USING_LOCAL_HOST" == 1 ]; then
+ printf "Shutting down test wolfSSHd\n"
+ stop_wolfsshd
+fi
+
 printf "All tests ran, $TOTAL passed, $SKIPPED skipped\n"
 
 exit 0
diff --git a/apps/wolfsshd/test/sshd_exec_test.sh b/apps/wolfsshd/test/sshd_exec_test.sh
@@ -13,7 +13,7 @@ PUBLIC_KEY="./keys/hansel-key-ecc.pub"
 if [ -z "$1" ] || [ -z "$2" ]; then
  echo "expecting host and port as arguments"
  echo "./sshd_exec_test.sh 127.0.0.1 22222"
- exit -1
+ exit 1
 fi
 
 set -e

diff --git a/apps/wolfsshd/test/sshd_forcedcmd_test.sh b/apps/wolfsshd/test/sshd_forcedcmd_test.sh
@@ -5,7 +5,7 @@
 if [ -z "$1" ] || [ -z "$2" ]; then
  echo "expecting host and port as arguments"
  echo "./sshd_exec_test.sh 127.0.0.1 22222"
- exit -1
+ exit 1
 fi
 
 PWD=`pwd`
@@ -42,7 +42,7 @@ cat $RESULT | grep bob
 RESULT=$?
 if [ "$RESULT" == 0 ]; then
  echo "Shell login should fail with forced command"
- exit -1
+ exit 1
 fi
 
 set -e

diff --git a/apps/wolfsshd/test/sshd_x509_test.sh b/apps/wolfsshd/test/sshd_x509_test.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# sshd local test
+
+PWD=`pwd`
+cd ../../..
+
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
+ echo "expecting host, port and user as arguments"
+ echo "./sshd_x509_text.sh 127.0.0.1 22222 user"
+ exit 1
+fi
+
+TEST_CLIENT="./examples/client/client"
+PRIVATE_KEY="./keys/$3-key.der"
+PUBLIC_KEY="./keys/$3-cert.der"
+CA_CERT="./keys/ca-cert-ecc.der"
+
+set -e
+echo "$TEST_CLIENT -c 'pwd' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\""
+$TEST_CLIENT -c 'pwd' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2"
+set +e
+
+rm -f error.txt
+echo "$TEST_CLIENT -c 'ls error' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\" 2> error.txt"
+$TEST_CLIENT -c 'ls error' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" 2> error.txt
+
+# check stderr output was caught
+if [ ! -s error.txt ]; then
+ echo "No stderr data was found when expected!!"
+ cd $PWD
+ exit 1
+fi
+rm -f error.txt
+
+cd $PWD
+exit 0
+
+