SSHD Banners

1. Add getting the banner option from the configuration file. Per the sshd_config(5) manpage, this is supposed to be a filename. 2. Load the banner file and set the banner into the CTX.
ejohnstown · Jul 8, 2024 · 7fc63e8 · 7fc63e8
1 parent 4dabe1c
commit 7fc63e8
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 20 deletions.
diff --git a/apps/wolfsshd/configuration.c b/apps/wolfsshd/configuration.c
@@ -349,9 +349,10 @@ enum {
     OPT_HOST_CERT               = 20,
     OPT_TRUSTED_USER_CA_KEYS    = 21,
     OPT_PIDFILE                 = 22,
+    OPT_BANNER                  = 23,
 };
 enum {
-    NUM_OPTIONS = 23
+    NUM_OPTIONS = 24
 };
 
 static const CONFIG_OPTION options[NUM_OPTIONS] = {
@@ -378,6 +379,7 @@ static const CONFIG_OPTION options[NUM_OPTIONS] = {
     {OPT_HOST_CERT,               "HostCertificate"},
     {OPT_TRUSTED_USER_CA_KEYS,    "TrustedUserCAKeys"},
     {OPT_PIDFILE,                 "PidFile"},
+    {OPT_BANNER,                  "Banner"},
 };
 
 /* returns WS_SUCCESS on success */
@@ -1022,6 +1024,9 @@ static int HandleConfigOption(WOLFSSHD_CONFIG** conf, int opt,
         case OPT_PIDFILE:
             ret = SetFileString(&(*conf)->pidFile, value, (*conf)->heap);
             break;
+        case OPT_BANNER:
+            ret = SetFileString(&(*conf)->banner, value, (*conf)->heap);
+            break;
         default:
             break;
     }

diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
@@ -216,16 +216,6 @@ static void wolfSSHDLoggingCb(enum wolfSSH_LogLevel lvl, const char *const str)
 }
 
 
-/* Frees up the WOLFSSH_CTX struct */
-static void CleanupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx)
-{
-    if (ctx != NULL && *ctx != NULL) {
-        wolfSSH_CTX_free(*ctx);
-        *ctx = NULL;
-    }
-    (void)conf;
-}
-
 #ifndef NO_FILESYSTEM
 static void freeBufferFromFile(byte* buf, void* heap)
 {
@@ -259,7 +249,8 @@ static byte* getBufferFromFile(const char* fileName, word32* bufSz, void* heap)
             WFREE(buf, heap, DYNTYPE_SSHD);
             return NULL;
         }
-        *bufSz = readSz;
+        if (bufSz)
+            *bufSz = readSz;
         WFCLOSE(NULL, file);
     }
 
@@ -273,13 +264,30 @@ static int UserAuthResult(byte result,
         WS_UserAuthData* authData, void* userAuthResultCtx);
 
 
+/* Frees up the WOLFSSH_CTX struct */
+static void CleanupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
+        byte** banner)
+{
+    if (banner != NULL && *banner != NULL) {
+#ifndef NO_FILESYSTEM
+        freeBufferFromFile(*banner, NULL);
+#endif
+        *banner = NULL;
+    }
+    if (ctx != NULL && *ctx != NULL) {
+        wolfSSH_CTX_free(*ctx);
+        *ctx = NULL;
+    }
+    (void)conf;
+}
+
 /* Initializes and sets up the WOLFSSH_CTX struct based on the configure options
  * return WS_SUCCESS on success
  */
-static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx)
+static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
+        byte** banner)
 {
     int ret = WS_SUCCESS;
-    const char* banner;
     DerBuffer* der = NULL;
     byte* privBuf;
     word32 privBufSz;
@@ -304,11 +312,16 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx)
 
     /* set banner to display on connection */
     if (ret == WS_SUCCESS) {
-        banner = wolfSSHD_ConfigGetBanner(conf);
-        if (banner == NULL) {
-            banner = defaultBanner;
+#ifndef NO_FILESYSTEM
+        *banner = getBufferFromFile(wolfSSHD_ConfigGetBanner(conf),
+                NULL, heap);
+#endif
+        if (*banner) {
+            wolfSSH_CTX_SetBanner(*ctx, (char*)*banner);
+        }
+        else {
+            wolfSSH_CTX_SetBanner(*ctx, defaultBanner);
         }
-        wolfSSH_CTX_SetBanner(*ctx, banner);
     }
 
     /* Load in host private key */
@@ -2061,6 +2074,7 @@ static int StartSSHD(int argc, char** argv)
 
     const char* configFile = "/etc/ssh/sshd_config";
     const char* hostKeyFile = NULL;
+    byte* banner = NULL;
 
     logFile = stderr;
     wolfSSH_SetLoggingCb(wolfSSHDLoggingCb);
@@ -2235,7 +2249,7 @@ static int StartSSHD(int argc, char** argv)
 
     if (ret == WS_SUCCESS) {
         wolfSSH_Log(WS_LOG_INFO, "[SSHD] Starting wolfSSH SSHD application");
-        ret = SetupCTX(conf, &ctx);
+        ret = SetupCTX(conf, &ctx, &banner);
     }
 
     if (ret == WS_SUCCESS) {
@@ -2456,7 +2470,10 @@ static int StartSSHD(int argc, char** argv)
     }
 #endif
 
-    CleanupCTX(conf, &ctx);
+    CleanupCTX(conf, &ctx, &banner);
+    if (banner) {
+        WFREE(banner, NULL, DYNTYPE_STRING);
+    }
     wolfSSHD_ConfigFree(conf);
     wolfSSHD_AuthFreeUser(auth);
     wolfSSH_Cleanup();