WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,901 Commits
1 Branch
29 Tags
37 MiB
Commit Graph

219 Commits (23dd6a80d1a084eea5ded02cf3ec2c9cb70ad4fd)

Author SHA1 Message Date
John Safranek c8bdf7d3d2
Merge pull request #441 from JacobBarthelmeh/sshd 
add chroot jailing to sshd
 2022-09-01 13:28:52 -07:00
JacobBarthelmeh 331753c776 fix up if statement after cherry pick 2022-09-01 13:08:05 -07:00
JacobBarthelmeh fb0d3ba3d1 fix for DIR with QNX 2022-09-01 12:56:50 -07:00
JacobBarthelmeh ee68ef9333 change default path with sftp and chroot 2022-09-01 12:39:36 -07:00
JacobBarthelmeh c4efae1f5d adjust chdir in the case of chroot 2022-09-01 10:18:01 -07:00
JacobBarthelmeh 887edc29e3 do not fail out on chdir if chroot is used 2022-08-31 13:27:10 -07:00
JacobBarthelmeh e1f72a00e1 chroot and reduce permissions after forkpty 2022-08-31 10:34:13 -07:00
Hayden Roche 8cda0c4cc9
Merge pull request #445 from ejohnstown/wildcard 2022-08-29 17:44:45 -07:00
John Safranek 76417aca88
Wildcard Config 
1. Modify HandleInclude() to have a single return point, and minimize
   the places where free() needs to be called.
2. Modify the config test wildcard include test file creation to return
   error similar other test functions.
3. Fix leak of the test configuration object in the wolfSSHd
   configuration test.
 2022-08-29 17:12:55 -07:00
David Garske 86360a4fe2
Merge pull request #415 from ejohnstown/cert 
Add support for X509 certificates
 2022-08-29 15:51:28 -07:00
John Safranek 4d43d8406e
Wildcard Config 
1. Update WMALLOCs to use the config's heap and proper DYNTYPE values.
2. Covert more STDC functions to use the wrapper macros.
3. Check some missed return values on mallocs, and make sure to free
   all allocated buffers.
 2022-08-29 13:45:45 -07:00
JacobBarthelmeh 0ef7ca2145 refactor chroot call 2022-08-29 13:17:26 -07:00
JacobBarthelmeh 8a286ad727 remove duplicate code and raise permissions for chroot 2022-08-29 09:27:42 -07:00
JacobBarthelmeh e1f0a67c38 add chroot jailing to sshd 2022-08-29 09:27:42 -07:00
JacobBarthelmeh 0830b56fab fix for permissions level seperation 2022-08-26 23:07:32 -07:00
John Safranek a01d31592c
Wildcard 
1. Revise to use the porting functions.
2. Add test cases to check the config wildcards.
3. Generate test files for the wildcard test, and delete them after.
 2022-08-26 12:41:00 -07:00
John Safranek c42f8fc2fe
Wildcard Config 
1. Process the included config files in strcmp order.
 2022-08-25 14:08:34 -07:00
John Safranek 85069b816e
Wildcard Config 
1. Fix the wildcard config file include.
2. Update the guard flags so macOS can also use wildcards.
3. Change the user priviledge separating setting to a bitfield.
4. Add test_configuration test to gitignore.
 2022-08-25 10:58:10 -07:00
JacobBarthelmeh 2abce6326e turn off FPKI if not enabled, check CERTMAN log in SSHD 2022-08-24 06:55:25 -07:00
JacobBarthelmeh 20ace73349 fix new scan-build warning 2022-08-22 18:09:07 -06:00
JacobBarthelmeh 3f52af5e45 g++ fix warning on define 2022-08-22 17:34:49 -06:00
JacobBarthelmeh 0a93923067 g++ warning fixes 2022-08-22 17:31:02 -06:00
Jacob Barthelmeh 5a1f42ba07 update copyright, wrap isspace, fix formating 2022-08-16 13:28:06 -06:00
Jacob Barthelmeh 387ac299b0 fix for compiler warnings 2022-08-12 10:22:18 -06:00
JacobBarthelmeh ebd0e51e53 handle basic absolute paths for authorized keys file 2022-08-11 15:40:22 -07:00
Jacob Barthelmeh 17f3a029e3 cast on values and adjust isspace check 2022-08-10 14:58:02 -06:00
Andrew Hutchings 97974e9af2 Better wildcard support for Include 
Check the prefix and postfix for a filename when a wildcard is used.
 2022-08-09 13:51:14 +01:00
Andrew Hutchings d2327d5acd Fix syslog priority 2022-08-08 16:12:35 +01:00
Andrew Hutchings b1f26c84d0 Add syslog support 
When going into daemon mode on a POSIX system, use syslog
 2022-08-08 15:43:17 +01:00
Andrew Hutchings bef771b693 Implement Include directive 
Includes single files or directories, only in POSIX for now.
 2022-08-08 14:48:02 +01:00
Jacob Barthelmeh 8f3cdc8230 infer fixes, clang build fixes, initial build on OSX 2022-08-05 12:05:07 -06:00
JacobBarthelmeh f51375802b add more comments and always print out error messages 2022-08-03 15:04:34 -07:00
JacobBarthelmeh 7d58486a42 QNX shell login as user 2022-07-30 01:26:56 -07:00
JacobBarthelmeh 87a9bd4325 cleanup some debug messages and start to actual daemon 2022-07-30 00:46:11 -07:00
JacobBarthelmeh 4d90993e16 stub UseDNS, add checking config UsePrivilegeSeparation, scan-build warning fixes 2022-07-29 23:08:19 -07:00
JacobBarthelmeh c978b83c28 add check for PermitRootLogin config 2022-07-29 16:32:39 -07:00
JacobBarthelmeh cd0213572c add parsing Protocol from sshd_config 2022-07-29 16:06:26 -07:00
JacobBarthelmeh 3af82ddb42 login as user with new shell 2022-07-29 09:51:04 -07:00
Andrew Hutchings 2e4d69e5ea Missed one function in PPC32 fix 2022-07-29 13:34:47 +01:00
Andrew Hutchings afdc1f4c67 Fix compiler errors for PPC32 2022-07-29 13:33:12 +01:00
Andrew Hutchings b6924ff604 Fix -p breaking everything 
Specifying a port set `ret` to the port number instead of `WS_SUCCESS`
which meant that everything after parameter passing failed silently.
 2022-07-29 10:14:34 +01:00
Hayden Roche ec873e1088 Rename wolfSSHD_NewConfig to wolfSSHD_ConfigNew, following pattern. 2022-07-28 13:34:14 -07:00
Hayden Roche f0caefcc33 Make HandlePort use GetConfigInt and add 0 port test. 2022-07-28 13:21:42 -07:00
Hayden Roche 90769af1f8 Add a test program, test_configuration.c, for testing sshd config. 
I wanted to be able to test ParseConfigLine directly, so I added some
preprocessor logic to expose this function (i.e. make it non-static) when
building test_configuration. I fixed a couple bugs discovered by this new
testing.
 2022-07-28 13:12:13 -07:00
Andrew Hutchings f7fad8b8d0 Fix compiling issues 2022-07-28 15:34:21 +01:00
Hayden Roche cef7e5065a Add support for Port config option and change default port back to 22. 2022-07-27 16:48:10 -07:00
Hayden Roche d62c1e0078 Fix GetConfigInt. 2022-07-27 16:47:14 -07:00
Hayden Roche e255679861 Add support for PasswordAuthentication config option. 2022-07-27 16:46:15 -07:00
Hayden Roche 48b627d70d Refactor various wolfSSHD code. 
- Move function declarations for WOLFSSHD_CONFIG from wolfsshd.h to a new
header, configuration.h. Change config.c to configuration.c. (using
"configuration" so as not to collide with autotools' config.h)
- Make the WOLFSSL_CONFIG* member of WOLFSSHD_AUTH const. At least at the
moment, it shouldn't be necessary for this member to be writable.
- Replace wolfSSHD_ConfigGetOption with functions to get specific members from
the config.
- Namespace all config functions with wolfSSHD_Config* and all auth functions
with wolfSSHD_Auth.
- Add const to function parameters, where possible.
- Remove wolfSSHD_ prefix from static functions. Just use PascalCase. These
don't need namespacing since they aren't visible outside their translation unit.
- Modify GetConfigInt to expect leading and trailing whitespace to have already
been removed. It will have been removed in the context this function is used in
configuration.c.
 2022-07-27 15:21:11 -07:00
Hayden Roche 477fb6c5c8 Add HostKey support and other config file code improvements. 
- hostKeyFile and authKeysFile members of the config are now dynamically
allocated strings owned by the config.
- Break out sshd_config option handling into more modular functions.
 2022-07-26 14:10:54 -07:00
JacobBarthelmeh 8d1d2fb633 add support for grace login timer 2022-07-26 10:56:30 -07:00
Hayden Roche 374f675553 Add support for PEM host keys. 2022-07-26 09:27:07 -07:00
JacobBarthelmeh 85109e66cf raise and lower permissions levels 2022-07-25 09:26:05 -07:00
JacobBarthelmeh d16f642734 pass full string in as salt 2022-07-21 16:26:26 -07:00
JacobBarthelmeh f8439af47e add support to handle PermitEmptyPasswords config 2022-07-21 16:23:01 -07:00
JacobBarthelmeh 311738d057 add link to liblogin with QNX for crypt 2022-07-21 14:43:43 -07:00
JacobBarthelmeh 11c1a3998d use function callbacks for auth 2022-07-21 13:31:22 -07:00
JacobBarthelmeh 7b8ce149d7 add look for libpam and adjust for QNX build 2022-07-21 13:31:22 -07:00
JacobBarthelmeh e493d3aeb2 assume sshd builds use shell, better support for routing session types after SSH accept 2022-07-21 13:31:22 -07:00
JacobBarthelmeh 2982ae88ee define for crypt use, set fd for shell, tie in sftp 2022-07-21 13:31:22 -07:00
Hayden Roche 76a17c9765 sshd improvements, get password auth working 2022-07-21 13:31:22 -07:00
Hayden Roche 787d5be900 Add more functionality to wolfsshd, other improvements. 
- Moved all wolfsshd source code into apps/wolfsshd/. Then future apps, e.g.
an ssh-keygen type utility, will get their own subdirectory under apps/.
- Rename wolfauth.(c|h) to auth.(c|h), rename wolfconfig.c to config.c.
- Add support for checking user public keys against an authorized keys file.
Doesn't support parsing options and comments in the key file, yet. Parsing
special tokens (e.g. %h) and absolute paths in the AuthorizedKeysFile string
are also not supported.
- Comment out currently unused USER_NODE code. Could be useful later on if
we integrate wolfsshd in an environment where the OS doesn't have its own
username service.
- Modify configure.ac to bring in libcrypt if wolfsshd is enabled.
 2022-07-21 13:31:22 -07:00
Jacob Barthelmeh 474527b89c add missing wolfauth header file 2022-07-21 13:31:22 -07:00
Jacob Barthelmeh 475ee1f113 add wolfauth file for peer auth 2022-07-21 13:31:22 -07:00
Jacob Barthelmeh 65dde05900 simple ssh connection and start of shell with sshd 2022-07-21 13:31:22 -07:00
JacobBarthelmeh 5410cf5690 add tcp select and port arg 2022-07-21 13:31:22 -07:00
Jacob Barthelmeh 757f3c6b2c expanding config parsing 2022-07-21 13:31:22 -07:00
Jacob Barthelmeh 27cf3d31b9 add initial reading of sshd_config file 2022-07-21 13:31:22 -07:00
Jacob Barthelmeh c81fcbca39 initial autotools sshd addition 2022-07-21 13:31:22 -07:00