From 7b8ce149d76be94caa66cd394f8985aa7ade9e0e Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Fri, 15 Jul 2022 16:05:54 -0700
Subject: [PATCH] add look for libpam and adjust for QNX build

---
 apps/wolfsshd/auth.c             | 32 +++++++++++++++++++++++++++-----
 apps/wolfsshd/config.c           | 19 +++++++++++++++++--
 apps/wolfsshd/wolfsshd.c         | 12 +++++-------
 configure.ac                     | 30 +++++++++++++++++++++++++++++-
 examples/echoserver/echoserver.c |  6 ++++++
 5 files changed, 84 insertions(+), 15 deletions(-)

diff --git a/apps/wolfsshd/auth.c b/apps/wolfsshd/auth.c
index 5e7d8cde..e830e208 100644
--- a/apps/wolfsshd/auth.c
+++ b/apps/wolfsshd/auth.c
@@ -24,7 +24,9 @@
 
 #ifdef WOLFSSH_SSHD
 
-#define _XOPEN_SOURCE
+#ifdef __linux__
+    #define _XOPEN_SOURCE
+#endif
 #include <unistd.h>
 
 #include <wolfssh/ssh.h>
@@ -47,7 +49,6 @@
 #include <sys/types.h>
 #include <pwd.h>
 #include <shadow.h>
-#include <uuid/uuid.h>
 #include <errno.h>
 #endif
 
@@ -274,6 +275,17 @@ static int CheckAuthKeysLine(char* line, word32 lineSz, const byte* key,
 }
 
 #ifndef _WIN32
+
+#ifdef WOLFSSH_USE_PAM
+static int CheckPasswordPAM(const byte* usr, const byte* pw, int pwSz)
+{
+    (void)usr;
+    (void)pw;
+    (void)pwSz;
+    return 0;
+}
+#else
+
 static int ExtractSalt(char* hash, char** salt, int saltSz)
 {
     int ret = WS_SUCCESS;
@@ -327,6 +339,7 @@ static int ExtractSalt(char* hash, char** salt, int saltSz)
     return ret;
 }
 
+#ifdef WOLFSSH_HAVE_LIBCRYPT
 static int CheckPasswordHashUnix(const char* input, char* stored)
 {
     int ret = WSSHD_AUTH_SUCCESS;
@@ -359,6 +372,7 @@ static int CheckPasswordHashUnix(const char* input, char* stored)
 
     return ret;
 }
+#endif /* WOLFSSH_HAVE_LIBCRYPT */
 
 static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)
 {
@@ -384,7 +398,7 @@ static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)
             pwStr[pwSz] = 0;
         }
     }
-    
+
     pwInfo = getpwnam((const char*)usr);
     if (pwInfo == NULL) {
         /* user name not found on system */
@@ -413,7 +427,12 @@ static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)
     }
 
     if (ret == WS_SUCCESS) {
+    #ifdef WOLFSSH_HAVE_LIBCRYPT
         ret = CheckPasswordHashUnix(pwStr, storedHashCpy);
+    #else
+        wolfSSH_Log(WS_LOG_ERROR, "[SSHD] No compiled in password check");
+        ret = WS_NOT_COMPILED;
+    #endif
     }
 
     if (pwStr != NULL) {
@@ -425,6 +444,7 @@ static int CheckPasswordUnix(const byte* usr, const byte* pw, int pwSz)
 
     return ret;
 }
+#endif /* WOLFSSH_USE_PAM */
 #endif /* !_WIN32 */
 
 #ifndef _WIN32
@@ -455,7 +475,7 @@ void SetAuthKeysPattern(const char* pattern)
 {
     if (pattern != NULL) {
         WMEMSET(authKeysPattern, 0, sizeof(authKeysPattern));
-        WSTRNCPY(authKeysPattern, pattern, sizeof(authKeysPattern));
+        WSTRNCPY(authKeysPattern, pattern, sizeof(authKeysPattern) - 1);
     }
 }
 
@@ -501,7 +521,7 @@ static int CheckPublicKeyUnix(const byte* name, const byte* key, word32 keySz)
     int rc;
     struct passwd* pwInfo;
     char* authKeysFile = NULL;
-    XFILE f;
+    XFILE f = NULL;
     enum {
         /* TODO: Probably needs to be even bigger for larger key sizes. */
         MAX_LINE_SZ = 500,
@@ -615,6 +635,8 @@ static int CheckPassword(const byte* usr, const byte* pw, int pwSz)
 {
 #ifdef _WIN32
     /* TODO: Add CheckPasswordWin. */
+#elif defined(WOLFSSH_USE_PAM)
+    return CheckPasswordPAM(usr, pw, pwSz);
 #else
     return CheckPasswordUnix(usr, pw, pwSz);
 #endif
diff --git a/apps/wolfsshd/config.c b/apps/wolfsshd/config.c
index 7f19e4f3..5bf61571 100644
--- a/apps/wolfsshd/config.c
+++ b/apps/wolfsshd/config.c
@@ -157,7 +157,7 @@ static int wolfSSHD_ParseConfigLine(WOLFSSHD_CONFIG* conf, const char* l,
     if (lSz > sz && XSTRNCMP(l, privilegeSeparation, sz) == 0) {
         char* privType = NULL;
         ret = wolfSSHD_CreateString(&privType, l + sz, lSz - sz, conf->heap);
-        
+
         /* check if is an allowed option */
         if (XSTRNCMP(privType, "sandbox", 7) == 0) {
             wolfSSH_Log(WS_LOG_INFO, "[SSHD] Sandbox privilege separation");
@@ -182,27 +182,42 @@ static int wolfSSHD_ParseConfigLine(WOLFSSHD_CONFIG* conf, const char* l,
     }
 
     if (XSTRNCMP(l, "Subsystem", 9) == 0) {
-
+        //@TODO
         ret = WS_SUCCESS;
     }
 
     if (XSTRNCMP(l, "ChallengeResponseAuthentication", 31) == 0) {
+        //@TODO
         ret = WS_SUCCESS;
     }
 
     if (XSTRNCMP(l, "UsePAM", 6) == 0) {
+        //@TODO
         ret = WS_SUCCESS;
     }
 
     if (XSTRNCMP(l, "X11Forwarding", 13) == 0) {
+        //@TODO
         ret = WS_SUCCESS;
     }
 
     if (XSTRNCMP(l, "PrintMotd", 9) == 0) {
+        //@TODO
         ret = WS_SUCCESS;
     }
 
     if (XSTRNCMP(l, "AcceptEnv", 9) == 0) {
+        //@TODO
+        ret = WS_SUCCESS;
+    }
+
+    if (XSTRNCMP(l, "Protocol", 8) == 0) {
+        //@TODO
+        ret = WS_SUCCESS;
+    }
+
+    if (XSTRNCMP(l, "LoginGraceTime", 14) == 0) {
+        //@TODO
         ret = WS_SUCCESS;
     }
 
diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
index 97c108e8..0fcc64c5 100644
--- a/apps/wolfsshd/wolfsshd.c
+++ b/apps/wolfsshd/wolfsshd.c
@@ -62,7 +62,12 @@
     #endif
     #include <pwd.h>
     #include <signal.h>
+#if defined(__QNX__) || defined(__QNXNTO__)
+    #include <errno.h>
+    #include <unix.h>
+#else
     #include <sys/errno.h>
+#endif
 
     static volatile int ChildRunning = 0;
     static void ChildSig(int sig)
@@ -314,13 +319,6 @@ static int SFTP_Subsystem(WOLFSSH* ssh, WOLFSSHD_CONNECTION* conn)
 #endif
 
 
-#ifdef WOLFSSH_SCP
-int SCP_Subsystem()
-{
-
-}
-#endif
-
 #ifdef WOLFSSH_SHELL
 static int SHELL_Subsystem(WOLFSSHD_CONNECTION* conn, WOLFSSH* ssh)
 {
diff --git a/configure.ac b/configure.ac
index 9522eb1f..a159a908 100644
--- a/configure.ac
+++ b/configure.ac
@@ -201,6 +201,12 @@ AC_ARG_ENABLE([smallstack],
     [AS_HELP_STRING([--enable-smallstack],[Enable small stack (default: disabled)])],
     [ENABLED_SMALLSTACK=$enableval],[ENABLED_SMALLSTACK=no])
 
+# use PAM lib
+AC_ARG_WITH([pam],
+    [AS_HELP_STRING([--with-pam=PATH],[PATH to directory with the PAM library])],
+    [PAM_LIB=$withval],
+    [PAM_LIB=""])
+
 # Enable All
 AC_ARG_ENABLE([all],
     [AS_HELP_STRING([--enable-all],[Enable all wolfSSH features (default: disabled)])],
@@ -241,9 +247,31 @@ AS_IF([test "x$ENABLED_SSHD" = "xyes"],
        [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_SSHD"])
 
 if test "$ENABLED_SSHD" = "yes"; then
-    AC_CHECK_LIB([crypt], [crypt], [], [AC_MSG_ERROR([libcrypt is required for sshd])])
+    if test -n "$PAM_LIB"
+    then
+        AC_MSG_CHECKING([for directory $PAM_LIB])
+        if ! test -d "$PAM_LIB"
+        then
+            AC_MSG_ERROR([PAM lib dir $PAM_LIB not found.])
+        fi
+        AC_MSG_RESULT([yes])
+        AM_LDFLAGS="-L$PAM_LIB $AM_LDFLAGS"
+
+        LIBS="$LIBS -lpam"
+        AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_USE_PAM"
+        #TODO check on link to lib
+        #AC_CHECK_LIB([pam], [pam],
+        #    [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_USE_PAM"; LIBS="$LIBS -lpam"],
+        #    [AC_MSG_ERROR(libpam not found)])
+    else
+        AC_CHECK_LIB([crypt], [crypt],
+            [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSH_HAVE_LIBCRYPT";
+                LIBS="$LIBS -lcrypt"],
+            [AC_MSG_ERROR(libcrypt not found)])
+    fi
 fi
 
+
 # Set the automake conditionals.
 AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes"])
 AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 196f3140..6c4d3e36 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -69,6 +69,12 @@
     #endif
     #include <pwd.h>
     #include <signal.h>
+#if defined(__QNX__) || defined(__QNXNTO__)
+    #include <errno.h>
+    #include <unix.h>
+#else
+    #include <sys/errno.h>
+#endif
 #endif /* WOLFSSH_SHELL */
 
 #ifdef WOLFSSH_AGENT