Merge pull request #498 from JacobBarthelmeh/sshd-forcedcmd

remove leading tabs in config file while parsing, add force command test
2023-03-10 15:17:57 -08:00 · 2023-03-10 15:17:57 -08:00 · f8651c952b
parent 55f352781e f844683c13
commit f8651c952b
4 changed files with 69 additions and 4 deletions
--- a/apps/wolfsshd/configuration.c
+++ b/apps/wolfsshd/configuration.c
@ -1104,8 +1104,9 @@ int wolfSSHD_ConfigLoad(WOLFSSHD_CONFIG* conf, const char* filename)
    while ((current = XFGETS(buf, MAX_LINE_SIZE, f)) != NULL) {
        int currentSz = (int)XSTRLEN(current);

-        /* remove leading spaces */
-        while (currentSz > 0 && current[0] == ' ') {
+        /* remove leading spaces and tabs */
+        while (currentSz > 0 &&
+                (current[0] == ' ' || current[0] == '\t')) {
            currentSz = currentSz - 1;
            current   = current + 1;
        }
--- a/apps/wolfsshd/test/run_all_sshd_tests.sh
+++ b/apps/wolfsshd/test/run_all_sshd_tests.sh
@ -51,14 +51,23 @@ run_test() {
 }

 run_test "sshd_exec_test.sh"
+
 # add aditional tests here, check on var USING_LOCAL_HOST if can make sshd
 # server start/restart with changes

-
 if [ "$USING_LOCAL_HOST" == 1 ]; then
    printf "Shutting down test wolfSSHd\n"
    stop_wolfsshd
 fi
+
+# these tests require setting up an sshd
+if [ "$USING_LOCAL_HOST" == 1 ]; then
+    run_test "sshd_forcedcmd_test.sh"
+else
+    printf "Skipping tests that need to setup local SSHD\n"
+    SKIPPED=$((SKIPPED+1))
+fi
+
 printf "All tests ran, $TOTAL passed, $SKIPPED skipped\n"

 exit 0
--- a/apps/wolfsshd/test/sshd_forcedcmd_test.sh
+++ b/apps/wolfsshd/test/sshd_forcedcmd_test.sh
@ -0,0 +1,55 @@
+#!/bin/bash
+
+# sshd local test
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+    echo "expecting host and port as arguments"
+    echo "./sshd_exec_test.sh 127.0.0.1 22222"
+    exit -1
+fi
+
+PWD=`pwd`
+USER=`whoami`
+TEST_PORT="$2"
+TEST_HOST="$1"
+source ./start_sshd.sh
+cat <<EOF > sshd_config_test_forcedcmd
+Port $TEST_PORT
+Protocol 2
+LoginGraceTime 600
+PermitRootLogin yes
+PasswordAuthentication yes
+PermitEmptyPasswords no
+UsePrivilegeSeparation no
+UseDNS no
+HostKey $PWD/../../../keys/server-key.pem
+AuthorizedKeysFile $PWD/authorized_keys_test
+
+Match User $USER
+	ForceCommand internal-sftp
+EOF
+
+start_wolfsshd "sshd_config_test_forcedcmd"
+cd ../../..
+
+TEST_CLIENT="./examples/client/client"
+TEST_SFTP="./examples/sftpclient/wolfsftp"
+PRIVATE_KEY="./keys/hansel-key-ecc.der"
+PUBLIC_KEY="./keys/hansel-key-ecc.pub"
+
+RESULT=`$TEST_CLIENT -c 'echo bob' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT`
+cat $RESULT | grep bob
+RESULT=$?
+if [ "$RESULT" == 0 ]; then
+    echo "Shell login should fail with forced command"
+    exit -1
+fi
+
+set -e
+echo exit | $TEST_SFTP -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT
+
+cd $PWD
+stop_wolfsshd
+exit 0
+
+
--- a/examples/sftpclient/sftpclient.c
+++ b/examples/sftpclient/sftpclient.c
@ -352,7 +352,7 @@ static void ShowCommands(void)

 static void ShowUsage(void)
 {
-    printf("client %s\n", LIBWOLFSSH_VERSION_STRING);
+    printf("wolfsftp %s\n", LIBWOLFSSH_VERSION_STRING);
    printf(" -?            display this help and exit\n");
    printf(" -h <host>     host to connect to, default %s\n", wolfSshIp);
    printf(" -p <num>      port to connect on, default %d\n", wolfSshPort);