add look for libpam and adjust for QNX build

2022-07-15 16:05:54 -07:00 · 2022-07-15 16:05:54 -07:00 · 7b8ce149d7
parent e493d3aeb2
commit 7b8ce149d7
5 changed files with 84 additions and 15 deletions
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@ -24,7 +24,9 @@

 #ifdef WOLFSSH_SSHD

-#define _XOPEN_SOURCE
+#ifdef __linux__
+    #define _XOPEN_SOURCE
+#endif
 #include <unistd.h>

 #include <wolfssh/ssh.h>
@ -47,7 +49,6 @@
 #include <sys/types.h>
 #include <pwd.h>
 #include <shadow.h>
-#include <uuid/uuid.h>
 #include <errno.h>
 #endif

@ -274,6 +275,17 @@ static int CheckAuthKeysLine(char* line, word32 lineSz, const byte* key,
 }

 #ifndef _WIN32
+
+#ifdef WOLFSSH_USE_PAM
+static int CheckPasswordPAM(const byte* usr, const byte* pw, int pwSz)
+{
+    (void)usr;
+    (void)pw;
+    (void)pwSz;
+    return 0;
+}
+#else
+
 static int ExtractSalt(char* hash, char** salt, int saltSz)
 {
    int ret = WS_SUCCESS;
@ -327,6 +339,7 @@ static int ExtractSalt(char* hash, char** salt, int saltSz)
    return ret;
 }

+#ifdef WOLFSSH_HAVE_LIBCRYPT
 static int CheckPasswordHashUnix(const char* input, char* stored)
 {
    int ret = WSSHD_AUTH_SUCCESS;
@ -359,6 +372,7 @@ static int CheckPasswordHashUnix(const char* input, char* stored)

    return ret;
 }
+#endif /* WOLFSSH_HAVE_LIBCRYPT */

 static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)
 {
@ -384,7 +398,7 @@ static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)
            pwStr[pwSz] = 0;
        }
    }
-    
+
    pwInfo = getpwnam((const char*)usr);
    if (pwInfo == NULL) {
        /* user name not found on system */
@ -413,7 +427,12 @@ static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)
    }

    if (ret == WS_SUCCESS) {
+    #ifdef WOLFSSH_HAVE_LIBCRYPT
        ret = CheckPasswordHashUnix(pwStr, storedHashCpy);
+    #else
+        wolfSSH_Log(WS_LOG_ERROR, "[SSHD] No compiled in password check");
+        ret = WS_NOT_COMPILED;
+    #endif
    }

    if (pwStr != NULL) {
@ -425,6 +444,7 @@ static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)

    return ret;
 }
+#endif /* WOLFSSH_USE_PAM */
 #endif /* !_WIN32 */

 #ifndef _WIN32
@ -455,7 +475,7 @@ void SetAuthKeysPattern(const char* pattern)
 {
    if (pattern != NULL) {
        WMEMSET(authKeysPattern, 0, sizeof(authKeysPattern));
-        WSTRNCPY(authKeysPattern, pattern, sizeof(authKeysPattern));
+        WSTRNCPY(authKeysPattern, pattern, sizeof(authKeysPattern) - 1);
    }
 }

@ -501,7 +521,7 @@ static int CheckPublicKeyUnix(const byte* name, const byte* key, word32 keySz)
    int rc;
    struct passwd* pwInfo;
    char* authKeysFile = NULL;
-    XFILE f;
+    XFILE f = NULL;
    enum {
        /* TODO: Probably needs to be even bigger for larger key sizes. */
        MAX_LINE_SZ = 500,
@ -615,6 +635,8 @@ static int CheckPassword(const byte* usr, const byte* pw, int pwSz)
 {
 #ifdef _WIN32
    /* TODO: Add CheckPasswordWin. */
+#elif defined(WOLFSSH_USE_PAM)
+    return CheckPasswordPAM(usr, pw, pwSz);
 #else
    return CheckPasswordUnix(usr, pw, pwSz);
 #endif
--- a/apps/wolfsshd/config.c
+++ b/apps/wolfsshd/config.c
@ -157,7 +157,7 @@ static int wolfSSHD_ParseConfigLine(WOLFSSHD_CONFIG* conf, const char* l,
    if (lSz > sz && XSTRNCMP(l, privilegeSeparation, sz) == 0) {
        char* privType = NULL;
        ret = wolfSSHD_CreateString(&privType, l + sz, lSz - sz, conf->heap);
-        
+
        /* check if is an allowed option */
        if (XSTRNCMP(privType, "sandbox", 7) == 0) {
            wolfSSH_Log(WS_LOG_INFO, "[SSHD] Sandbox privilege separation");
@ -182,27 +182,42 @@ static int wolfSSHD_ParseConfigLine(WOLFSSHD_CONFIG* conf, const char* l,
    }

    if (XSTRNCMP(l, "Subsystem", 9) == 0) {
-
+        //@TODO
        ret = WS_SUCCESS;
    }

    if (XSTRNCMP(l, "ChallengeResponseAuthentication", 31) == 0) {
+        //@TODO
        ret = WS_SUCCESS;
    }

    if (XSTRNCMP(l, "UsePAM", 6) == 0) {
+        //@TODO
        ret = WS_SUCCESS;
    }

    if (XSTRNCMP(l, "X11Forwarding", 13) == 0) {
+        //@TODO
        ret = WS_SUCCESS;
    }

    if (XSTRNCMP(l, "PrintMotd", 9) == 0) {
+        //@TODO
        ret = WS_SUCCESS;
    }

    if (XSTRNCMP(l, "AcceptEnv", 9) == 0) {
+        //@TODO
+        ret = WS_SUCCESS;
+    }
+
+    if (XSTRNCMP(l, "Protocol", 8) == 0) {
+        //@TODO
+        ret = WS_SUCCESS;
+    }
+
+    if (XSTRNCMP(l, "LoginGraceTime", 14) == 0) {
+        //@TODO
        ret = WS_SUCCESS;
    }

--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@ -62,7 +62,12 @@
    #endif
    #include <pwd.h>
    #include <signal.h>
+#if defined(__QNX__) || defined(__QNXNTO__)
+    #include <errno.h>
+    #include <unix.h>
+#else
    #include <sys/errno.h>
+#endif

    static volatile int ChildRunning = 0;
    static void ChildSig(int sig)
@ -314,13 +319,6 @@ static int SFTP_Subsystem(WOLFSSH* ssh, WOLFSSHD_CONNECTION* conn)
 #endif


-#ifdef WOLFSSH_SCP
-int SCP_Subsystem()
-{
-
-}
-#endif
-
 #ifdef WOLFSSH_SHELL
 static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh)
 {
--- a/configure.ac
+++ b/configure.ac
@ -201,6 +201,12 @@ AC_ARG_ENABLE([smallstack],
    [AS_HELP_STRING([--enable-smallstack],[Enable small stack (default: disabled)])],
    [ENABLED_SMALLSTACK=$enableval],[ENABLED_SMALLSTACK=no])

+# use PAM lib
+AC_ARG_WITH([pam],
+    [AS_HELP_STRING([--with-pam=PATH],[PATH to directory with the PAM library])],
+    [PAM_LIB=$withval],
+    [PAM_LIB=""])
+
 # Enable All
 AC_ARG_ENABLE([all],
    [AS_HELP_STRING([--enable-all],[Enable all wolfSSH features (default: disabled)])],
@ -241,9 +247,31 @@ AS_IF([test "x$ENABLED_SSHD" = "xyes"],
       [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_SSHD"])

 if test "$ENABLED_SSHD" = "yes"; then
-    AC_CHECK_LIB([crypt], [crypt], [], [AC_MSG_ERROR([libcrypt is required for sshd])])
+    if test -n "$PAM_LIB"
+    then
+        AC_MSG_CHECKING([for directory $PAM_LIB])
+        if ! test -d "$PAM_LIB"
+        then
+            AC_MSG_ERROR([PAM lib dir $PAM_LIB not found.])
+        fi
+        AC_MSG_RESULT([yes])
+        AM_LDFLAGS="-L$PAM_LIB $AM_LDFLAGS"
+
+        LIBS="$LIBS -lpam"
+        AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_USE_PAM"
+        #TODO check on link to lib
+        #AC_CHECK_LIB([pam], [pam],
+        #    [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_USE_PAM"; LIBS="$LIBS -lpam"],
+        #    [AC_MSG_ERROR(libpam not found)])
+    else
+        AC_CHECK_LIB([crypt], [crypt],
+            [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_HAVE_LIBCRYPT";
+                LIBS="$LIBS -lcrypt"],
+            [AC_MSG_ERROR(libcrypt not found)])
+    fi
 fi

+
 # Set the automake conditionals.
 AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes"])
 AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@ -69,6 +69,12 @@
    #endif
    #include <pwd.h>
    #include <signal.h>
+#if defined(__QNX__) || defined(__QNXNTO__)
+    #include <errno.h>
+    #include <unix.h>
+#else
+    #include <sys/errno.h>
+#endif
 #endif /* WOLFSSH_SHELL */

 #ifdef WOLFSSH_AGENT