diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 5db5697d4..aa745135c 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -10,15 +10,28 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -env: - WOLFSSL_REF: v5.7.0-stable - jobs: + create_matrix: + runs-on: ubuntu-latest + outputs: + versions: ${{ steps.json.outputs.versions }} + steps: + - name: Create wolfSSL version matrix + id: json + run: | + current=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -1` + last=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -2 | tail -1` + VERSIONS=$(echo "[ \"master\", \"$current\", \"$last\" ]") + echo "wolfSSL versions found: $VERSIONS" + echo "versions=$VERSIONS" >> $GITHUB_OUTPUT + build_wolfssl: + needs: create_matrix strategy: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest ] + wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }} name: Build wolfssl runs-on: ${{ matrix.os }} timeout-minutes: 4 @@ -28,25 +41,32 @@ jobs: id: cache-wolfssl with: path: build-dir/ - key: wolfssh-os-check-wolfssl-${{ env.WOLFSSL_REF }}-${{ matrix.os }} + key: wolfssh-os-check-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }} lookup-only: true + - name: debug + run: echo wolfssl version ${{ matrix.wolfssl }} + - name: Checkout, build, and install wolfssl if: steps.cache-wolfssl.outputs.cache-hit != 'true' uses: wolfSSL/actions-build-autotools-project@v1 with: repository: wolfssl/wolfssl - ref: ${{ env.WOLFSSL_REF }} + ref: ${{ matrix.wolfssl }} path: wolfssl configure: --enable-all check: false install: true build_wolfssh: + needs: + - build_wolfssl + - create_matrix strategy: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest ] + wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }} config: [ '', '--enable-all', @@ -57,13 +77,12 @@ jobs: name: Build wolfssh runs-on: ${{ matrix.os }} timeout-minutes: 4 - needs: build_wolfssl steps: - name: Checking cache for wolfssl uses: actions/cache@v4 with: path: build-dir/ - key: wolfssh-os-check-wolfssl-${{ env.WOLFSSL_REF }}-${{ matrix.os }} + key: wolfssh-os-check-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }} fail-on-cache-miss: true - name: Checkout, build, and test wolfssh diff --git a/.github/workflows/sshd-test.yml b/.github/workflows/sshd-test.yml index 1a715ccc5..a58db6ab3 100644 --- a/.github/workflows/sshd-test.yml +++ b/.github/workflows/sshd-test.yml @@ -6,27 +6,94 @@ on: pull_request: branches: [ '*' ] -jobs: - build: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +jobs: + create_matrix: runs-on: ubuntu-latest + outputs: + versions: ${{ steps.json.outputs.versions }} + steps: + - name: Create wolfSSL version matrix + id: json + run: | + current=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -1` + last=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -2 | tail -1` + VERSIONS=$(echo "[ \"master\", \"$current\", \"$last\" ]") + echo "wolfSSL versions found: $VERSIONS" + echo "versions=$VERSIONS" >> $GITHUB_OUTPUT + + build_wolfssl: + needs: create_matrix + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest ] + wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }} + name: Build wolfssl + runs-on: ${{ matrix.os }} + timeout-minutes: 4 + steps: + - name: Checking cache for wolfssl + uses: actions/cache@v4 + id: cache-wolfssl + with: + path: build-dir/ + key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }} + lookup-only: true + + - name: Checkout, build, and install wolfssl + if: steps.cache-wolfssl.outputs.cache-hit != 'true' + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: wolfssl/wolfssl + ref: ${{ matrix.wolfssl }} + path: wolfssl + configure: --enable-all + check: false + install: true + build_wolfssh: + needs: + - build_wolfssl + - create_matrix + strategy: + fail-fast: false + matrix: + os: [ ubuntu-latest ] + wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }} + name: Build and test wolfsshd + runs-on: ${{ matrix.os }} + timeout-minutes: 10 steps: - - uses: actions/checkout@v2 - with: - repository: wolfSSL/wolfssl.git - ref: master - - name: build wolfSSL - run: ./autogen.sh && ./configure --enable-all --prefix=/usr && make && sudo make install - - uses: actions/checkout@v2 - - name: autogen - run: ./autogen.sh - - name: configure - run: ./configure --enable-all CPPFLAGS="-DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000" - - name: make - run: make - - name: make check - run: make check - - name: run wolfSSHd tests - run: sudo ./run_all_sshd_tests.sh root - working-directory: ./apps/wolfsshd/test + - name: Checking cache for wolfssl + uses: actions/cache@v4 + with: + path: build-dir/ + key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }} + fail-on-cache-miss: true + + - uses: actions/checkout@v4 + with: + path: wolfssh/ + + - name: autogen + working-directory: ./wolfssh/ + run: ./autogen.sh + + - name: configure + working-directory: ./wolfssh/ + run : | + ./configure --enable-all LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include -DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000 -DMAX_PATH_SZ=120" + + - name: make check + working-directory: ./wolfssh/ + run: make check + + - name: Run wolfSSHd tests + working-directory: ./wolfssh/apps/wolfsshd/test + run: | + git log -3 + sudo ./run_all_sshd_tests.sh diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 26750fcc6..97c4ab405 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -14,7 +14,7 @@ jobs: config: - zephyr-ref: v3.4.0 zephyr-sdk: 0.16.1 - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. timeout-minutes: 20 steps: diff --git a/apps/wolfsshd/test/sshd_forcedcmd_test.sh b/apps/wolfsshd/test/sshd_forcedcmd_test.sh index 645307f26..a5c268a9f 100755 --- a/apps/wolfsshd/test/sshd_forcedcmd_test.sh +++ b/apps/wolfsshd/test/sshd_forcedcmd_test.sh @@ -4,7 +4,7 @@ if [ -z "$1" ] || [ -z "$2" ]; then echo "expecting host and port as arguments" - echo "./sshd_exec_test.sh 127.0.0.1 22222" + echo "$0 127.0.0.1 22222" exit 1 fi @@ -37,8 +37,9 @@ TEST_SFTP="./examples/sftpclient/wolfsftp" PRIVATE_KEY="./keys/hansel-key-ecc.der" PUBLIC_KEY="./keys/hansel-key-ecc.pub" -RESULT=`$TEST_CLIENT -c 'echo bob' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT` -cat $RESULT | grep bob +RESULT=$( $TEST_CLIENT -c 'echo bob' -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT ) +echo $RESULT +echo $RESULT | grep bob RESULT=$? if [ "$RESULT" == 0 ]; then echo "Shell login should fail with forced command" diff --git a/apps/wolfsshd/test/sshd_term_size_test.sh b/apps/wolfsshd/test/sshd_term_size_test.sh index 0a25fad54..b48ad5e6a 100755 --- a/apps/wolfsshd/test/sshd_term_size_test.sh +++ b/apps/wolfsshd/test/sshd_term_size_test.sh @@ -15,21 +15,36 @@ if [ -z "$1" ] || [ -z "$2" ]; then exit 1 fi -set -e +# Check if tmux is available +which tmux +RESULT=$? +if [ ${RESULT} = 1 ]; then + echo "tmux is not installed!!" + exit 1 +fi + echo "Creating tmux session at $PWD with command :" -tmux new-session -d -s test "$TEST_CLIENT -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"" +echo "tmux new-session -d -s test \"$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"\"" +tmux new-session -d -s test "$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"" +echo "Result of tmux new-session = $?" # give the command a second to establish SSH connection -sleep 0.5 +sleep 1 COL=`tmux display -p -t test '#{pane_width}'` ROW=`tmux display -p -t test '#{pane_height}'` +echo "tmux 'test' session has COL = ${COL} and ROW = ${ROW}" # get the terminals columns and lines tmux send-keys -t test 'echo;echo $COLUMNS $LINES;echo' tmux send-keys -t test 'ENTER' + +# give the command a second to run +sleep 1 + tmux capture-pane -t test RESULT=$(tmux show-buffer | grep '^[0-9]* [0-9]*$') +tmux show-buffer echo "$RESULT" echo "" @@ -55,25 +70,32 @@ fi # close down the SSH session tmux send-keys -t test 'exit' tmux send-keys -t test 'ENTER' -set +e # kill off the session if it's still running, but don't error out if the session # has already closed down tmux kill-session -t test set -e -tmux new-session -d -x 50 -y 10 -s test "$TEST_CLIENT -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"" +echo "Starting another session with a smaller window size" +echo "tmux new-session -d -x 50 -y 10 -s test \"$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"\"" +tmux new-session -d -x 50 -y 10 -s test "$TEST_CLIENT -q -t -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h \"$1\" -p \"$2\"" # give the command a second to establish SSH connection -sleep 0.5 +sleep 1 +echo "Sending keys to tmux session for displaying column/rows" tmux send-keys -t test 'echo;echo $COLUMNS $LINES;echo' tmux send-keys -t test 'ENTER' tmux capture-pane -t test RESULT=$(tmux show-buffer | grep '^[0-9]* [0-9]*$') -ROW_FOUND=$(echo "$RESULT" | sed -e 's/[0-9]* \([0-9]*\)/\1/') -COL_FOUND=$(echo "$RESULT" | sed -e 's/\([0-9]*\) [0-9]*/\1/') +ROW_FOUND=$( echo "$RESULT" | sed -e 's/[0-9]* \([0-9]*\)/\1/' ) +COL_FOUND=$( echo "$RESULT" | sed -e 's/\([0-9]*\) [0-9]*/\1/' ) + +#remove any newlines, tabs, or returns +ROW_FOUND=$( tr -d '\n\t\r ' <<<"$ROW_FOUND" ) +COL_FOUND=$( tr -d '\n\t\r ' <<<"$COL_FOUND" ) + if [ "50" != "$COL_FOUND" ]; then echo "Col found was $COL_FOUND which does not match expected 50" diff --git a/apps/wolfsshd/test/sshd_window_full_test.sh b/apps/wolfsshd/test/sshd_window_full_test.sh index 3262c2ecb..dd915d7a6 100755 --- a/apps/wolfsshd/test/sshd_window_full_test.sh +++ b/apps/wolfsshd/test/sshd_window_full_test.sh @@ -42,7 +42,11 @@ PUBLIC_KEY="./keys/hansel-key-ecc.pub" head -c 1G /dev/urandom > random-test.txt PWD=`pwd` -$TEST_CLIENT -c "cd $PWD; $TEST_CLIENT -c \"cat $PWD/random-test.txt\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT > random-test-result.txt +echo "$TEST_CLIENT -q -c \"cd $PWD; $TEST_CLIENT -q -c \"cat $PWD/random-test.txt\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT > random-test-result.txt" + +$TEST_CLIENT -q -c "cd $PWD; $TEST_CLIENT -q -c \"cat $PWD/random-test.txt\" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT" -u $USER -i $PRIVATE_KEY -j $PUBLIC_KEY -h $TEST_HOST -p $TEST_PORT > random-test-result.txt + +ls -la random-test* diff random-test.txt random-test-result.txt RESULT=$? diff --git a/apps/wolfsshd/test/sshd_x509_test.sh b/apps/wolfsshd/test/sshd_x509_test.sh index 991e5d849..d52b03c24 100755 --- a/apps/wolfsshd/test/sshd_x509_test.sh +++ b/apps/wolfsshd/test/sshd_x509_test.sh @@ -7,7 +7,7 @@ cd ../../.. if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then echo "expecting host, port and user as arguments" - echo "./sshd_x509_text.sh 127.0.0.1 22222 user" + echo "$0 127.0.0.1 22222 user" exit 1 fi @@ -17,13 +17,13 @@ PUBLIC_KEY="./keys/$3-cert.der" CA_CERT="./keys/ca-cert-ecc.der" set -e -echo "$TEST_CLIENT -c 'pwd' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\"" -$TEST_CLIENT -c 'pwd' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" +echo "$TEST_CLIENT -X -c 'pwd' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\"" +$TEST_CLIENT -X -c 'pwd' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" set +e rm -f error.txt -echo "$TEST_CLIENT -c 'ls error' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\" 2> error.txt" -$TEST_CLIENT -c 'ls error' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" 2> error.txt +echo "$TEST_CLIENT -X -c 'ls error' -u $3 -i $PRIVATE_KEY -J $PUBLIC_KEY -A $CA_CERT -h \"$1\" -p \"$2\" 2> error.txt" +$TEST_CLIENT -X -c 'ls error' -u $3 -i "$PRIVATE_KEY" -J "$PUBLIC_KEY" -A "$CA_CERT" -h "$1" -p "$2" 2> error.txt # check stderr output was caught if [ ! -s error.txt ]; then @@ -36,4 +36,3 @@ rm -f error.txt cd $PWD exit 0 - diff --git a/examples/client/client.c b/examples/client/client.c index c6c7ff0b4..c6cde31bc 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -120,6 +120,7 @@ static void ShowUsage(void) #endif printf(" -E List all possible algos\n"); printf(" -k set the list of key algos to use\n"); + printf(" -q turn off debugging output\n"); } @@ -658,7 +659,7 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) (void)keepOpen; - while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:XeEk:")) != -1) { + while ((ch = mygetopt(argc, argv, "?ac:h:i:j:p:tu:xzNP:RJ:A:XeEk:q")) != -1) { switch (ch) { case 'h': host = myoptarg; @@ -671,6 +672,10 @@ THREAD_RETURN WOLFSSH_THREAD client_test(void* args) #endif break; + case 'q': + wolfSSH_Debugging_OFF(); + break; + case 'e': userEcc = 1; break; diff --git a/keys/renewcerts.sh b/keys/renewcerts.sh index 5c630bdfe..3964fe520 100755 --- a/keys/renewcerts.sh +++ b/keys/renewcerts.sh @@ -6,7 +6,7 @@ else USER_NAME=$1 cp fred-key.der $USER_NAME-key.der cp fred-key.pem $USER_NAME-key.pem - sed -i "s/fred/$USER_NAME/g" renewcerts.cnf + sed -i.bak "s/fred/$USER_NAME/g" renewcerts.cnf fi # renew CA diff --git a/src/internal.c b/src/internal.c index 222682a33..0f99e8424 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14053,7 +14053,6 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authType, int addSig) payloadSz = MSG_ID_SZ + (LENGTH_SZ * 3) + ssh->userNameSz + serviceNameSz + authNameSz; - if (authId == ID_USERAUTH_PASSWORD) ret = PrepareUserAuthRequestPassword(ssh, &payloadSz, &authData); else if (authId == ID_USERAUTH_PUBLICKEY && !ssh->userAuthPkDone) {