Merge branch 'master' of https://github.com/wolfSSL/wolfssh into comp…

…onent-manager

.github/workflows/sshd-test.yml

@@ -22,11 +22,11 @@ jobs:
     - name: autogen
       run: ./autogen.sh
     - name: configure
-      run: ./configure --enable-all CPPFLAGS=-DWOLFSSH_NO_FPKI
+      run: ./configure --enable-all CPPFLAGS="-DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000"
     - name: make
       run: make
     - name: make check
       run: make check
     - name: run wolfSSHd tests
-      run: sudo ./run_all_sshd_tests.sh
+      run: sudo ./run_all_sshd_tests.sh root
       working-directory: ./apps/wolfsshd/test

.github/workflows/windows-check.yml

@@ -0,0 +1,66 @@
+name: Windows Build Test
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+env:
+  WOLFSSL_SOLUTION_FILE_PATH: wolfssl64.sln
+  SOLUTION_FILE_PATH: wolfssh.sln
+  USER_SETTINGS_H_NEW: wolfssh/ide/winvs/user_settings.h
+  USER_SETTINGS_H: wolfssl/IDE/WIN/user_settings.h
+  INCLUDE_DIR: wolfssh
+
+  # Configuration type to build.
+  # You can convert this to a build matrix if you need coverage of multiple configuration types.
+  # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+  WOLFSSL_BUILD_CONFIGURATION: Release
+  WOLFSSH_BUILD_CONFIGURATION: Release
+  BUILD_PLATFORM: x64
+  TARGET_PLATFORM: 10
+
+jobs:
+  build:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+    - uses: actions/checkout@master
+      with:
+        path: wolfssh
+
+    - name: Add MSBuild to PATH
+      uses: microsoft/setup-msbuild@v1
+
+    - name: Restore wolfSSL NuGet packages
+      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl
+      run: nuget restore ${{env.WOLFSSL_SOLUTION_FILE_PATH}}
+
+    - name: updated user_settings.h for sshd and x509
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: cp ${{env.USER_SETTINGS_H_NEW}} ${{env.USER_SETTINGS_H}}
+
+    - name: replace wolfSSL user_settings.h with wolfSSH user_settings.h
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: get-content ${{env.USER_SETTINGS_H_NEW}} | %{$_ -replace "if 0","if 1"}
+
+    - name: Build wolfssl library
+      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.WOLFSSL_BUILD_CONFIGURATION}} /t:wolfssl ${{env.WOLFSSL_SOLUTION_FILE_PATH}}
+
+    - name: Restore NuGet packages
+      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh\ide\winvs
+      run: nuget restore ${{env.SOLUTION_FILE_PATH}}
+
+    - name: Build wolfssh
+      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh\ide\winvs
+      # Add additional options to the MSBuild command line here (like platform or verbosity level).
+      # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:WindowsTargetPlatformVersion=${{env.TARGET_PLATFORM}} /p:Configuration=${{env.WOLFSSH_BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+

.github/workflows/zephyr.yml

@@ -66,10 +66,10 @@ jobs:
 
       - name: Install zephyr SDK
         run: |
-          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
-          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
+          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
           cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
-          ./setup.sh -h -c
+          ./setup.sh -h -c -t x86_64-zephyr-elf
 
       - name: Run wolfssh tests
         id: wolfssh-test

apps/wolfssh/wolfssh.c

@@ -162,12 +162,26 @@ static void modes_clear(void)
 {
     WOLFSSH_TERMIOS term = oldTerm;
 
-    term.c_lflag &= ~(ICANON | ISIG | IEXTEN | ECHO | ECHOE | ECHOK
-            | ECHONL | ECHOPRT | NOFLSH | TOSTOP | FLUSHO
-            | PENDIN | EXTPROC);
+    term.c_lflag &= ~(ICANON | ISIG | IEXTEN | ECHO | ECHOE
+        | ECHOK | ECHONL | NOFLSH | TOSTOP);
 
-    term.c_iflag &= ~(ISTRIP | INLCR | ICRNL | IGNCR | IXON | IXOFF
-            | IXANY | IGNBRK | INPCK | PARMRK);
+    /* check macros set for some BSD dependent and missing on
+     * QNX flags */
+#ifdef ECHOPRT
+    term.c_lflag &= ~(ECHOPRT);
+#endif
+#ifdef FLUSHO
+    term.c_lflag &= ~(FLUSHO);
+#endif
+#ifdef PENDIN
+    term.c_lflag &= ~(PENDIN);
+#endif
+#ifdef EXTPROC
+    term.c_lflag &= ~(EXTPROC);
+#endif
+
+    term.c_iflag &= ~(ISTRIP | INLCR | ICRNL | IGNCR | IXON
+        | IXOFF | IXANY | IGNBRK | INPCK | PARMRK);
 #ifdef IUCLC
     term.c_iflag &= ~IUCLC;
 #endif
@@ -178,8 +192,10 @@ static void modes_clear(void)
     term.c_oflag &= ~OLCUC;
 #endif
 
-    term.c_cflag &= ~(CSTOPB | PARENB | PARODD | CLOCAL | CRTSCTS);
-
+    term.c_cflag &= ~(CSTOPB | PARENB | PARODD | CLOCAL);
+#ifdef CRTSCTS
+    term.c_cflag &= ~(CRTSCTS);
+#endif
     tcsetattr(STDIN_FILENO, TCSANOW, &term);
 }
 
@@ -1104,6 +1120,11 @@ static THREAD_RETURN WOLFSSH_THREAD wolfSSH_Client(void* args)
         }
     }
     WCLOSESOCKET(sockFd);
+
+#if defined(WOLFSSH_TERM) || defined(WOLFSSH_SHELL)
+    ((func_args*)args)->return_code = wolfSSH_GetExitStatus(ssh);
+#endif
+
     wolfSSH_free(ssh);
     wolfSSH_CTX_free(ctx);
     if (ret != WS_SUCCESS && ret != WS_SOCKET_ERROR_E)

apps/wolfsshd/auth.c

@@ -380,6 +380,8 @@ static int CheckPasswordUnix(const char* usr, const byte* pw, word32 pwSz, WOLFS
         if (pwInfo == NULL) {
             /* user name not found on system */
             ret = WS_FATAL_ERROR;
+            wolfSSH_Log(WS_LOG_ERROR,
+                    "[SSHD] User name not found on system");
         }
     }
 
@@ -412,6 +414,8 @@ static int CheckPasswordUnix(const char* usr, const byte* pw, word32 pwSz, WOLFS
     if (ret == WS_SUCCESS) {
         storedHashCpy = WSTRDUP(storedHash, NULL, DYNTYPE_STRING);
         if (storedHash == NULL) {
+            wolfSSH_Log(WS_LOG_ERROR,
+                    "[SSHD] Error getting stored hash copy");
             ret = WS_MEMORY_E;
         }
     }

apps/wolfsshd/test/create_sshd_config.sh

@@ -26,11 +26,15 @@ PermitEmptyPasswords no
 UsePrivilegeSeparation no
 UseDNS no
 
-TrustedUserCAKeys $PWD/ca-cert-ecc.pem     
-HostKey $PWD/server-key.pem                
-HostCertificate $PWD/server-cert.pem
+TrustedUserCAKeys $PWD/../../../keys/ca-cert-ecc.pem     
+HostKey $PWD/../../../keys/server-key.pem                
+HostCertificate $PWD/../../../keys/server-cert.pem
 
 EOF
 
+cd ../../../keys/
+./renewcerts.sh $1
+cd ../apps/wolfsshd/test/
+
 exit 0
 

apps/wolfsshd/test/error_return.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+# sshd local test
+
+PWD=`pwd`
+cd ../../..
+
+TEST_CLIENT="./examples/client/client"
+USER=`whoami`
+PRIVATE_KEY="./keys/hansel-key-ecc.der"
+PUBLIC_KEY="./keys/hansel-key-ecc.pub"
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+    echo "expecting host and port as arguments"
+    echo "./error_return.sh 127.0.0.1 22222"
+    exit 1
+fi
+
+echo "$TEST_CLIENT -c 'bash -c \"(exit 2)\"' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\""
+$TEST_CLIENT -c 'bash -c "(exit 2)"' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h "$1" -p "$2"
+RESULT=$?
+if [ "$RESULT" != 2 ]; then
+    echo "Expecting error return value of 2 for failed ls command, found $RESULT"
+    cd $PWD
+    exit 1
+fi
+
+cd $PWD
+exit 0
+
+

apps/wolfsshd/test/run_all_sshd_tests.sh

@@ -2,15 +2,22 @@
 
 echo "Running all wolfSSHd tests"
 
-TEST_HOST=$1
-TEST_PORT=$2
+if [ -z "$1" ]; then
+    USER=$USER
+else
+    USER=$1
+fi
+
+TEST_HOST=$2
+TEST_PORT=$3
+
 TOTAL=0
 SKIPPED=0
 
 # setup
 set -e
 ./create_authorized_test_file.sh
-./create_sshd_config.sh
+./create_sshd_config.sh $USER
 set +e
 
 if [ ! -z "$TEST_HOST" ] && [ ! -z "$TEST_PORT" ]; then
@@ -31,7 +38,7 @@ fi
 
 run_test() {
     printf "$1 ... "
-    ./"$1" "$TEST_HOST" "$TEST_PORT" &> stdout.txt
+    ./"$1" "$TEST_HOST" "$TEST_PORT" "$USER" &> stdout.txt
     RESULT=$?
     TOTAL=$((TOTAL+1))
     if [ "$RESULT" == 77 ]; then
@@ -52,6 +59,11 @@ run_test() {
 
 run_test "sshd_exec_test.sh"
 run_test "sshd_term_size_test.sh"
+run_test "sshd_large_sftp_test.sh"
+
+#Github actions needs resolved for these test cases
+#run_test "error_return.sh"
+#run_test "sshd_login_grace_test.sh"
 
 # add aditional tests here, check on var USING_LOCAL_HOST if can make sshd
 # server start/restart with changes
@@ -69,6 +81,16 @@ else
     SKIPPED=$((SKIPPED+1))
 fi
 
+# these tests run with X509 sshd-config loaded
+if [ "$USING_LOCAL_HOST" == 1 ]; then
+    start_wolfsshd "sshd_config_test_x509"
+fi
+run_test "sshd_x509_test.sh"
+if [ "$USING_LOCAL_HOST" == 1 ]; then
+    printf "Shutting down test wolfSSHd\n"
+    stop_wolfsshd
+fi
+
 printf "All tests ran, $TOTAL passed, $SKIPPED skipped\n"
 
 exit 0

apps/wolfsshd/test/sshd_exec_test.sh

@@ -13,7 +13,7 @@ PUBLIC_KEY="./keys/hansel-key-ecc.pub"
 if [ -z "$1" ] || [ -z "$2" ]; then
     echo "expecting host and port as arguments"
     echo "./sshd_exec_test.sh 127.0.0.1 22222"
-    exit -1
+    exit 1
 fi
 
 set -e

apps/wolfsshd/test/sshd_forcedcmd_test.sh

@@ -5,7 +5,7 @@
 if [ -z "$1" ] || [ -z "$2" ]; then
     echo "expecting host and port as arguments"
     echo "./sshd_exec_test.sh 127.0.0.1 22222"
-    exit -1
+    exit 1
 fi
 
 PWD=`pwd`
@@ -42,7 +42,7 @@ cat $RESULT | grep bob
 RESULT=$?
 if [ "$RESULT" == 0 ]; then
     echo "Shell login should fail with forced command"
-    exit -1
+    exit 1
 fi
 
 set -e

apps/wolfsshd/test/sshd_large_sftp_test.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# sshd local test
+
+PWD=`pwd`
+cd ../../..
+
+TEST_SFTP_CLIENT="./examples/sftpclient/wolfsftp"
+USER=`whoami`
+PRIVATE_KEY="./keys/hansel-key-ecc.der"
+PUBLIC_KEY="./keys/hansel-key-ecc.pub"
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+    echo "expecting host and port as arguments"
+    echo "./sshd_exec_test.sh 127.0.0.1 22222"
+    exit 1
+fi
+
+
+# create a large file with random data (larger than word32 max value)
+head -c 4400000010 < /dev/random > large-random.txt
+
+set -e
+echo "$TEST_SFTP_CLIENT -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -g -l large-random.txt -r `pwd`/large-random-2.txt -h \"$1\" -p \"$2\""
+$TEST_SFTP_CLIENT -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -g -l large-random.txt -r `pwd`/large-random-2.txt -h "$1" -p "$2"
+
+cmp large-random.txt large-random-2.txt
+RESULT=$?
+if [ "$RESULT" != "0" ]; then
+    echo "files did not match when compared"
+    exit 1
+fi
+rm -f large-random.txt
+rm -f large-random-2.txt
+
+set +e
+
+cd $PWD
+exit 0
+

apps/wolfsshd/test/sshd_x509_test.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# sshd local test
+
+PWD=`pwd`
+cd ../../..
+
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
+    echo "expecting host, port and user as arguments"
+    echo "./sshd_x509_text.sh 127.0.0.1 22222 user"
+    exit 1
+fi
+
+TEST_CLIENT="./examples/client/client"
+PRIVATE_KEY="./keys/$3-key.der"
+PUBLIC_KEY="./keys/$3-cert.der"
+CA_CERT="./keys/ca-cert-ecc.der"
+
+set -e
+echo "$TEST_CLIENT -c 'pwd' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\""
+$TEST_CLIENT -c 'pwd' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2"
+set +e
+
+rm -f error.txt
+echo "$TEST_CLIENT -c 'ls error' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\" 2> error.txt"
+$TEST_CLIENT -c 'ls error' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" 2> error.txt
+
+# check stderr output was caught
+if [ ! -s error.txt ]; then
+    echo "No stderr data was found when expected!!"
+    cd $PWD
+    exit 1
+fi
+rm -f error.txt
+
+cd $PWD
+exit 0
+
+