1. Modified the ssh terminal size test to be agnostic to the version of
sed used.
2. Add some guards around the mode setting code for ioctl() availability
so it would build for Windows.
1. Prep the SHELL variable inherited by the new shell to be equal to the
user's shell.
2. Prep the new shell's $0 variable to be equal to the shell name
prefixed with a '-', ie "/bin/bash" becomes "-bash".
1. Rename the stashed window size values.
2. Set the terminal modes after the child process is running.
3. Decode the modes list from the pty-request message.
4. Store the modes list for later use.
1. Add a check for limits.h to configure.ac.
2. In wolfSSHd's configuration.c file, add an include of limits.h if
available. It is including the header indirectly while using it
directly.
1. Remove the grace period wolfSSHd test. It asks for a password, and
when running as an action it doesn't have stdin, so it fails. The
test works when stdin is available.
2. Remove the check for __uint128_t from configure. wolfSSL exports this
value, if present, in its options.h. After wolfSSL v5.6.4, wolfSSL
also exports this to options.h when building it with CMake. The check
in wolfSSH isn't necessary now.
1. Move setting a nul termination on the knownHosts data until after
checking the size is reasonable.
2. A temporary keySz variable was getting used to get the length of the
key type value, but it wasn't used to copy the value. Deleted it and
used the other sz value.
3. Fix the leaking of the known hosts filename.
1. Fix a few stdC function calls to use the porting wrappers.
2. Missing some error checking, added it.
3. Add some bounds checking to the sz usage when checking for the
server's key in the known hosts file.
4. Move the temp buffers from the stack to the heap.
5. Make sure to nul terminate the read known_hosts file.
1. Update the logic for checking the key name and key against the known
hosts file.
2. Key fingerprinting for user confirmation.
3. Add user confirmation of host key additions.
4. Remove old debugging for known hosts.
1. Added support to the wolfSSH client for a known hosts file.
2. In the client's common.c file, moved the functions ato32() and
load_der_file() around so the known hosts callback can uses them.
1. Move the KeySignature struct around in internal.c so it can be used
for a couple tasks.
2. Add decoder for the OpenSSH-format keys.
3. Add an identification function for the new key.
4. Update ReadKey to handle the new format.
1. Changed the function client_test()'s name to wolfSSH_Client().
2. Added "destination" to the usage text.
3. Improved the handling of the termios settings.
4. Remove the file names from the ClientFreeBuffers() function.
5. Changed ClientFreeBuffers() to free if the pointers aren't pointing
at the static buffers. They may not load because the file is bad, but
it will still have a file name.
6. Only try to load the public key or cert if loading the private key
was successful. Do not fail out if key cannot load, password may
still be possible.
1. Remove the global req test code.
2. Remove the check for having both both private key and public key
specified. It currently derives a public key name from the private
key name.
1. In the windowMonitor(), move the check for quit outside the
conditional build so it works for both macOS and Linux.
2. Removed a dead store in readPeer(). If the socket wants read, that's
fine. Don't need to override it.
3. When allocating memory for the hostname, don't forget the nul.
4. When parsing the command line and storing a copy of it to send to the
peer, stash it in the config.
5. When allocating memory for the username, add 1 for the nul outside
the strlen().
6. When canceling a thread, be sure to join it afterwards.
7. Added a read me document for wolfSSH client. Just a quick note. To be
replaced later with something more formal.
1. Remove stray print when the client isn't going to ask for a password.
2. Remove adding the CR to the end of the string sent to the server.
The appropriate solution is to fix the issue in the Windows build of
the server. For POSIX, the LF is converted to CR/LF, so we get a
CR/CR/LF in the end, which looks like the enter key double-striking.
1. Update to use a default public key based on the name of the private
key.
2. Stash the public key name in the config structure, removing it from
the list of globals.
1. Add quit parameter to the example client's thread_args structure.
This will be used to let the windowMonitor thread know the
application is quitting.
2. If the windowMonitor's quit flag is set, it will exit and not call
wait again.
3. Join the windowMonitor thread rather than cancel it.
1. Allocating the user and hostname separately, makes updates from
default to set value easier.
2. Set a default user name based and private key file name based on the
environment.
3. Changed the visibility of the client common functions to
WOLFSSL_LOCAL.
4. Removed the userEcc varible from the main loop, and from the client
utility functions. Key type should be figured from the key.
5. Removed the hardcoded default keys for fake user Hansel. The key
loading functions will error out if a file name isn't used.
1. Added a comment regarding the potential leak. It is confirmed NOT A
LEAK.
2. Fixed the connection fail. Added a check for WANT_READ and treat that
as a success.
3. Put back a couple things removed from the last commit regarding
agent.
4. Change ShowUsage to use basename(). (Linux build didn't have
basename_r().)
5. Add NULL for the fs context parameter of the file wrapper macros.
6. Printing config checks any pointers for null then uses a default
value.
7. Minor cleanups.
1. Since the base of the client is copied from the example client,
remove the command line options used by the client. Start populating
with a few of the options used by the other client, and decode the
destination and optional command from the command line.
2. Move parsing the command line to its own function. It is a member of
a set of functions for reading the command line options, the config
file, and the environment to config the client.
3. Trim out many includes. Some will be added back later. Some don't
need to be there.
4. The client will only use non-blocking sockets.
Note/Todo:
(a) The connection fails to start some of the time.
(b) The user name has the potential to leak.
JacobBarthelmeh
John Safranek
Fabio Alemagna
David Garske