wolfSSL · ejohnstown · Jan 29, 2024 · Nov 6, 2023 · Nov 6, 2023 · Nov 7, 2023
diff --git a/.github/workflows/sshd-test.yml b/.github/workflows/sshd-test.yml
@@ -28,5 +28,5 @@ jobs:
     - name: make check
       run: make check
     - name: run wolfSSHd tests
-      run: sudo ./run_all_sshd_tests.sh
+      run: sudo ./run_all_sshd_tests.sh root
       working-directory: ./apps/wolfsshd/test
diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml
@@ -66,10 +66,10 @@ jobs:
 
       - name: Install zephyr SDK
         run: |
-          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
-          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
+          wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
+          tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
           cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
-          ./setup.sh -h -c
+          ./setup.sh -h -c -t x86_64-zephyr-elf
 
       - name: Run wolfssh tests
         id: wolfssh-test

diff --git a/apps/wolfssh/wolfssh.c b/apps/wolfssh/wolfssh.c
@@ -162,12 +162,26 @@ static void modes_clear(void)
 {
     WOLFSSH_TERMIOS term = oldTerm;
 
-    term.c_lflag &= ~(ICANON | ISIG | IEXTEN | ECHO | ECHOE | ECHOK
-            | ECHONL | ECHOPRT | NOFLSH | TOSTOP | FLUSHO
-            | PENDIN | EXTPROC);
+    term.c_lflag &= ~(ICANON | ISIG | IEXTEN | ECHO | ECHOE
+        | ECHOK | ECHONL | NOFLSH | TOSTOP);
 
-    term.c_iflag &= ~(ISTRIP | INLCR | ICRNL | IGNCR | IXON | IXOFF
-            | IXANY | IGNBRK | INPCK | PARMRK);
+    /* check macros set for some BSD dependent and missing on
+     * QNX flags */
+#ifdef ECHOPRT
+    term.c_lflag &= ~(ECHOPRT);
+#endif
+#ifdef FLUSHO
+    term.c_lflag &= ~(FLUSHO);
+#endif
+#ifdef PENDIN
+    term.c_lflag &= ~(PENDIN);
+#endif
+#ifdef EXTPROC
+    term.c_lflag &= ~(EXTPROC);
+#endif
+
+    term.c_iflag &= ~(ISTRIP | INLCR | ICRNL | IGNCR | IXON
+        | IXOFF | IXANY | IGNBRK | INPCK | PARMRK);
 #ifdef IUCLC
     term.c_iflag &= ~IUCLC;
 #endif
@@ -178,8 +192,10 @@ static void modes_clear(void)
     term.c_oflag &= ~OLCUC;
 #endif
 
-    term.c_cflag &= ~(CSTOPB | PARENB | PARODD | CLOCAL | CRTSCTS);
-
+    term.c_cflag &= ~(CSTOPB | PARENB | PARODD | CLOCAL);
+#ifdef CRTSCTS
+    term.c_cflag &= ~(CRTSCTS);
+#endif
     tcsetattr(STDIN_FILENO, TCSANOW, &term);
 }
 

diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
@@ -380,6 +380,8 @@ static int CheckPasswordUnix(const char* usr, const byte* pw, word32 pwSz, WOLFS
         if (pwInfo == NULL) {
             /* user name not found on system */
             ret = WS_FATAL_ERROR;
+            wolfSSH_Log(WS_LOG_ERROR,
+                    "[SSHD] User name not found on system");
         }
     }
 
@@ -412,6 +414,8 @@ static int CheckPasswordUnix(const char* usr, const byte* pw, word32 pwSz, WOLFS
     if (ret == WS_SUCCESS) {
         storedHashCpy = WSTRDUP(storedHash, NULL, DYNTYPE_STRING);
         if (storedHash == NULL) {
+            wolfSSH_Log(WS_LOG_ERROR,
+                    "[SSHD] Error getting stored hash copy");
             ret = WS_MEMORY_E;
         }
     }

diff --git a/apps/wolfsshd/test/create_sshd_config.sh b/apps/wolfsshd/test/create_sshd_config.sh
@@ -26,11 +26,15 @@ PermitEmptyPasswords no
 UsePrivilegeSeparation no
 UseDNS no
 
-TrustedUserCAKeys $PWD/ca-cert-ecc.pem     
-HostKey $PWD/server-key.pem                
-HostCertificate $PWD/server-cert.pem
+TrustedUserCAKeys $PWD/../../../keys/ca-cert-ecc.pem     
+HostKey $PWD/../../../keys/server-key.pem                
+HostCertificate $PWD/../../../keys/server-cert.pem
 
 EOF
 
+cd ../../../keys/
+./renewcerts.sh $1
+cd ../apps/wolfsshd/test/
+
 exit 0
 
diff --git a/apps/wolfsshd/test/run_all_sshd_tests.sh b/apps/wolfsshd/test/run_all_sshd_tests.sh
@@ -2,15 +2,22 @@
 
 echo "Running all wolfSSHd tests"
 
-TEST_HOST=$1
-TEST_PORT=$2
+if [ -z "$1" ]; then
+    USER=$USER
+else
+    USER=$1
+fi
+
+TEST_HOST=$2
+TEST_PORT=$3
+
 TOTAL=0
 SKIPPED=0
 
 # setup
 set -e
 ./create_authorized_test_file.sh
-./create_sshd_config.sh
+./create_sshd_config.sh $USER
 set +e
 
 if [ ! -z "$TEST_HOST" ] && [ ! -z "$TEST_PORT" ]; then
@@ -31,7 +38,7 @@ fi
 
 run_test() {
     printf "$1 ... "
-    ./"$1" "$TEST_HOST" "$TEST_PORT" &> stdout.txt
+    ./"$1" "$TEST_HOST" "$TEST_PORT" "$USER" &> stdout.txt
     RESULT=$?
     TOTAL=$((TOTAL+1))
     if [ "$RESULT" == 77 ]; then
@@ -73,6 +80,16 @@ else
     SKIPPED=$((SKIPPED+1))
 fi
 
+# these tests run with X509 sshd-config loaded
+if [ "$USING_LOCAL_HOST" == 1 ]; then
+    start_wolfsshd "sshd_config_test_x509"
+fi
+run_test "sshd_x509_test.sh"
+if [ "$USING_LOCAL_HOST" == 1 ]; then
+    printf "Shutting down test wolfSSHd\n"
+    stop_wolfsshd
+fi
+
 printf "All tests ran, $TOTAL passed, $SKIPPED skipped\n"
 
 exit 0
diff --git a/apps/wolfsshd/test/sshd_x509_test.sh b/apps/wolfsshd/test/sshd_x509_test.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# sshd local test
+
+PWD=`pwd`
+cd ../../..
+
+if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
+    echo "expecting host, port and user as arguments"
+    echo "./sshd_x509_text.sh 127.0.0.1 22222 user"
+    exit -1
+fi
+
+TEST_CLIENT="./examples/client/client"
+PRIVATE_KEY="./keys/$3-key.der"
+PUBLIC_KEY="./keys/$3-cert.der"
+CA_CERT="./keys/ca-cert-ecc.der"
+
+set -e
+echo "$TEST_CLIENT -c 'pwd' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\""
+$TEST_CLIENT -c 'pwd' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2"
+set +e
+
+rm -f error.txt
+echo "$TEST_CLIENT -c 'ls error' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\" 2> error.txt"
+$TEST_CLIENT -c 'ls error' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" 2> error.txt
+
+# check stderr output was caught
+if [ ! -s error.txt ]; then
+    echo "No stderr data was found when expected!!"
+    cd $PWD
+    exit 1
+fi
+rm -f error.txt
+
+cd $PWD
+exit 0
+
+