From 93f981cb07b0ad7491334431396a093a368144bb Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 16 Jul 2024 15:43:17 -0500 Subject: [PATCH] Merge pull request #720 from ejohnstown/sshd-banner SSHD Banners --- apps/wolfsshd/configuration.c | 7 ++++- apps/wolfsshd/wolfsshd.c | 53 ++++++++++++++++++++++------------- src/internal.c | 19 ++----------- 3 files changed, 41 insertions(+), 38 deletions(-) diff --git a/apps/wolfsshd/configuration.c b/apps/wolfsshd/configuration.c index aef6a1ffb..473b0e280 100644 --- a/apps/wolfsshd/configuration.c +++ b/apps/wolfsshd/configuration.c @@ -349,9 +349,10 @@ enum { OPT_HOST_CERT = 20, OPT_TRUSTED_USER_CA_KEYS = 21, OPT_PIDFILE = 22, + OPT_BANNER = 23, }; enum { - NUM_OPTIONS = 23 + NUM_OPTIONS = 24 }; static const CONFIG_OPTION options[NUM_OPTIONS] = { @@ -378,6 +379,7 @@ static const CONFIG_OPTION options[NUM_OPTIONS] = { {OPT_HOST_CERT, "HostCertificate"}, {OPT_TRUSTED_USER_CA_KEYS, "TrustedUserCAKeys"}, {OPT_PIDFILE, "PidFile"}, + {OPT_BANNER, "Banner"}, }; /* returns WS_SUCCESS on success */ @@ -1022,6 +1024,9 @@ static int HandleConfigOption(WOLFSSHD_CONFIG** conf, int opt, case OPT_PIDFILE: ret = SetFileString(&(*conf)->pidFile, value, (*conf)->heap); break; + case OPT_BANNER: + ret = SetFileString(&(*conf)->banner, value, (*conf)->heap); + break; default: break; } diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c index c71dae845..f5082c396 100644 --- a/apps/wolfsshd/wolfsshd.c +++ b/apps/wolfsshd/wolfsshd.c @@ -103,7 +103,6 @@ static WFILE* logFile = NULL; /* catch interrupts and close down gracefully */ static volatile byte quit = 0; -static const char defaultBanner[] = "wolfSSHD\n"; /* Initial connection information to pass on to threads/forks */ typedef struct WOLFSSHD_CONNECTION { @@ -216,16 +215,6 @@ static void wolfSSHDLoggingCb(enum wolfSSH_LogLevel lvl, const char *const str) } -/* Frees up the WOLFSSH_CTX struct */ -static void CleanupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx) -{ - if (ctx != NULL && *ctx != NULL) { - wolfSSH_CTX_free(*ctx); - *ctx = NULL; - } - (void)conf; -} - #ifndef NO_FILESYSTEM static void freeBufferFromFile(byte* buf, void* heap) { @@ -259,7 +248,8 @@ static byte* getBufferFromFile(const char* fileName, word32* bufSz, void* heap) WFREE(buf, heap, DYNTYPE_SSHD); return NULL; } - *bufSz = readSz; + if (bufSz) + *bufSz = readSz; WFCLOSE(NULL, file); } @@ -273,13 +263,30 @@ static int UserAuthResult(byte result, WS_UserAuthData* authData, void* userAuthResultCtx); +/* Frees up the WOLFSSH_CTX struct */ +static void CleanupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx, + byte** banner) +{ + if (banner != NULL && *banner != NULL) { +#ifndef NO_FILESYSTEM + freeBufferFromFile(*banner, NULL); +#endif + *banner = NULL; + } + if (ctx != NULL && *ctx != NULL) { + wolfSSH_CTX_free(*ctx); + *ctx = NULL; + } + (void)conf; +} + /* Initializes and sets up the WOLFSSH_CTX struct based on the configure options * return WS_SUCCESS on success */ -static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx) +static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx, + byte** banner) { int ret = WS_SUCCESS; - const char* banner; DerBuffer* der = NULL; byte* privBuf; word32 privBufSz; @@ -304,11 +311,13 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx) /* set banner to display on connection */ if (ret == WS_SUCCESS) { - banner = wolfSSHD_ConfigGetBanner(conf); - if (banner == NULL) { - banner = defaultBanner; +#ifndef NO_FILESYSTEM + *banner = getBufferFromFile(wolfSSHD_ConfigGetBanner(conf), + NULL, heap); +#endif + if (*banner) { + wolfSSH_CTX_SetBanner(*ctx, (char*)*banner); } - wolfSSH_CTX_SetBanner(*ctx, banner); } /* Load in host private key */ @@ -2101,6 +2110,7 @@ static int StartSSHD(int argc, char** argv) const char* configFile = "/etc/ssh/sshd_config"; const char* hostKeyFile = NULL; + byte* banner = NULL; logFile = stderr; wolfSSH_SetLoggingCb(wolfSSHDLoggingCb); @@ -2275,7 +2285,7 @@ static int StartSSHD(int argc, char** argv) if (ret == WS_SUCCESS) { wolfSSH_Log(WS_LOG_INFO, "[SSHD] Starting wolfSSH SSHD application"); - ret = SetupCTX(conf, &ctx); + ret = SetupCTX(conf, &ctx, &banner); } if (ret == WS_SUCCESS) { @@ -2511,7 +2521,10 @@ static int StartSSHD(int argc, char** argv) } #endif - CleanupCTX(conf, &ctx); + CleanupCTX(conf, &ctx, &banner); + if (banner) { + WFREE(banner, NULL, DYNTYPE_STRING); + } wolfSSHD_ConfigFree(conf); wolfSSHD_AuthFreeUser(auth); wolfSSH_Cleanup(); diff --git a/src/internal.c b/src/internal.c index 140f25cac..6688b561b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -658,19 +658,6 @@ INLINE static int IsMessageAllowed(WOLFSSH *ssh, byte msg) } -#ifdef DEBUG_WOLFSSH - -static const char cannedBanner[] = - "CANNED BANNER\r\n" - "This server is an example test server. " - "It should have its own banner, but\r\n" - "it is currently using a canned one in " - "the library. Be happy or not.\r\n"; -static const word32 cannedBannerSz = (word32)sizeof(cannedBanner) - 1; - -#endif /* DEBUG_WOLFSSH */ - - static const char cannedKexAlgoNames[] = #if !defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256) "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org," @@ -823,10 +810,8 @@ WOLFSSH_CTX* CtxInit(WOLFSSH_CTX* ctx, byte side, void* heap) ctx->scpRecvCb = wsScpRecvCallback; ctx->scpSendCb = wsScpSendCallback; #endif /* WOLFSSH_SCP */ -#ifdef DEBUG_WOLFSSH - ctx->banner = cannedBanner; - ctx->bannerSz = cannedBannerSz; -#endif /* DEBUG_WOLFSSH */ + ctx->banner = NULL; + ctx->bannerSz = 0; #ifdef WOLFSSH_CERTS ctx->certMan = wolfSSH_CERTMAN_new(ctx->heap); if (ctx->certMan == NULL)