Merge pull request wolfSSL#720 from ejohnstown/sshd-banner

SSHD Banners
ejohnstown · Jul 16, 2024 · 01c1aad · 01c1aad
2 parents e3bed88 + ff3e017
commit 01c1aad
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 38 deletions.
diff --git a/apps/wolfsshd/configuration.c b/apps/wolfsshd/configuration.c
@@ -349,9 +349,10 @@ enum {
     OPT_HOST_CERT               = 20,
     OPT_TRUSTED_USER_CA_KEYS    = 21,
     OPT_PIDFILE                 = 22,
+    OPT_BANNER                  = 23,
 };
 enum {
-    NUM_OPTIONS = 23
+    NUM_OPTIONS = 24
 };
 
 static const CONFIG_OPTION options[NUM_OPTIONS] = {
@@ -378,6 +379,7 @@ static const CONFIG_OPTION options[NUM_OPTIONS] = {
     {OPT_HOST_CERT,               "HostCertificate"},
     {OPT_TRUSTED_USER_CA_KEYS,    "TrustedUserCAKeys"},
     {OPT_PIDFILE,                 "PidFile"},
+    {OPT_BANNER,                  "Banner"},
 };
 
 /* returns WS_SUCCESS on success */
@@ -1022,6 +1024,9 @@ static int HandleConfigOption(WOLFSSHD_CONFIG** conf, int opt,
         case OPT_PIDFILE:
             ret = SetFileString(&(*conf)->pidFile, value, (*conf)->heap);
             break;
+        case OPT_BANNER:
+            ret = SetFileString(&(*conf)->banner, value, (*conf)->heap);
+            break;
         default:
             break;
     }

diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
@@ -103,7 +103,6 @@ static WFILE* logFile = NULL;
 
 /* catch interrupts and close down gracefully */
 static volatile byte quit = 0;
-static const char defaultBanner[] = "wolfSSHD\n";
 
 /* Initial connection information to pass on to threads/forks */
 typedef struct WOLFSSHD_CONNECTION {
@@ -216,16 +215,6 @@ static void wolfSSHDLoggingCb(enum wolfSSH_LogLevel lvl, const char *const str)
 }
 
 
-/* Frees up the WOLFSSH_CTX struct */
-static void CleanupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx)
-{
-    if (ctx != NULL && *ctx != NULL) {
-        wolfSSH_CTX_free(*ctx);
-        *ctx = NULL;
-    }
-    (void)conf;
-}
-
 #ifndef NO_FILESYSTEM
 static void freeBufferFromFile(byte* buf, void* heap)
 {
@@ -259,7 +248,8 @@ static byte* getBufferFromFile(const char* fileName, word32* bufSz, void* heap)
             WFREE(buf, heap, DYNTYPE_SSHD);
             return NULL;
         }
-        *bufSz = readSz;
+        if (bufSz)
+            *bufSz = readSz;
         WFCLOSE(NULL, file);
     }
 
@@ -273,13 +263,30 @@ static int UserAuthResult(byte result,
         WS_UserAuthData* authData, void* userAuthResultCtx);
 
 
+/* Frees up the WOLFSSH_CTX struct */
+static void CleanupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
+        byte** banner)
+{
+    if (banner != NULL && *banner != NULL) {
+#ifndef NO_FILESYSTEM
+        freeBufferFromFile(*banner, NULL);
+#endif
+        *banner = NULL;
+    }
+    if (ctx != NULL && *ctx != NULL) {
+        wolfSSH_CTX_free(*ctx);
+        *ctx = NULL;
+    }
+    (void)conf;
+}
+
 /* Initializes and sets up the WOLFSSH_CTX struct based on the configure options
  * return WS_SUCCESS on success
  */
-static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx)
+static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
+        byte** banner)
 {
     int ret = WS_SUCCESS;
-    const char* banner;
     DerBuffer* der = NULL;
     byte* privBuf;
     word32 privBufSz;
@@ -304,11 +311,13 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx)
 
     /* set banner to display on connection */
     if (ret == WS_SUCCESS) {
-        banner = wolfSSHD_ConfigGetBanner(conf);
-        if (banner == NULL) {
-            banner = defaultBanner;
+#ifndef NO_FILESYSTEM
+        *banner = getBufferFromFile(wolfSSHD_ConfigGetBanner(conf),
+                NULL, heap);
+#endif
+        if (*banner) {
+            wolfSSH_CTX_SetBanner(*ctx, (char*)*banner);
         }
-        wolfSSH_CTX_SetBanner(*ctx, banner);
     }
 
     /* Load in host private key */
@@ -2101,6 +2110,7 @@ static int StartSSHD(int argc, char** argv)
 
     const char* configFile = "/etc/ssh/sshd_config";
     const char* hostKeyFile = NULL;
+    byte* banner = NULL;
 
     logFile = stderr;
     wolfSSH_SetLoggingCb(wolfSSHDLoggingCb);
@@ -2275,7 +2285,7 @@ static int StartSSHD(int argc, char** argv)
 
     if (ret == WS_SUCCESS) {
         wolfSSH_Log(WS_LOG_INFO, "[SSHD] Starting wolfSSH SSHD application");
-        ret = SetupCTX(conf, &ctx);
+        ret = SetupCTX(conf, &ctx, &banner);
     }
 
     if (ret == WS_SUCCESS) {
@@ -2511,7 +2521,10 @@ static int StartSSHD(int argc, char** argv)
     }
 #endif
 
-    CleanupCTX(conf, &ctx);
+    CleanupCTX(conf, &ctx, &banner);
+    if (banner) {
+        WFREE(banner, NULL, DYNTYPE_STRING);
+    }
     wolfSSHD_ConfigFree(conf);
     wolfSSHD_AuthFreeUser(auth);
     wolfSSH_Cleanup();

diff --git a/src/internal.c b/src/internal.c
@@ -658,19 +658,6 @@ INLINE static int IsMessageAllowed(WOLFSSH *ssh, byte msg)
 }
 
 
-#ifdef DEBUG_WOLFSSH
-
-static const char cannedBanner[] =
-    "CANNED BANNER\r\n"
-    "This server is an example test server. "
-    "It should have its own banner, but\r\n"
-    "it is currently using a canned one in "
-    "the library. Be happy or not.\r\n";
-static const word32 cannedBannerSz = (word32)sizeof(cannedBanner) - 1;
-
-#endif /* DEBUG_WOLFSSH */
-
-
 static const char cannedKexAlgoNames[] =
 #if !defined(WOLFSSH_NO_ECDH_NISTP256_KYBER_LEVEL1_SHA256)
     "ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org,"
@@ -823,10 +810,8 @@ WOLFSSH_CTX* CtxInit(WOLFSSH_CTX* ctx, byte side, void* heap)
     ctx->scpRecvCb = wsScpRecvCallback;
     ctx->scpSendCb = wsScpSendCallback;
 #endif /* WOLFSSH_SCP */
-#ifdef DEBUG_WOLFSSH
-    ctx->banner = cannedBanner;
-    ctx->bannerSz = cannedBannerSz;
-#endif /* DEBUG_WOLFSSH */
+    ctx->banner = NULL;
+    ctx->bannerSz = 0;
 #ifdef WOLFSSH_CERTS
     ctx->certMan = wolfSSH_CERTMAN_new(ctx->heap);
     if (ctx->certMan == NULL)