sshd: plugin: work with _BUILTIN

The sshd example has gotten crufted a few different ways. Adapt the test-sshd protocol and callbacks to not collide with the plugin ssh-demo exports, for BUILTIN case. Do not build a static copy of ssh-base for test-sshd if PLUGINS_BUILTIN is going to provide it via lws import. Add pvo for ssh-base to enable it on to the test-sshd vhost. Banner staging in buf[] shared some of source and dest when it was copied in, move it up a bit to avoid this. Add note about rsa key disable workaround on Fedora. test-sshd uses CGI (and requires it enabled to build) because it predates lws_spawn... lws cgi was migrated to lws_spawn, really the test=sshd needs rewriting to use lws_spawn directly instead of cgi.
2025-03-09 00:00:04 +01:00 · 2021-11-06 15:33:25 +00:00 · 2021-11-06 15:33:25 +00:00 · 095798d5d9
commit 095798d5d9
parent 7c9f1ca0a6
5 changed files with 60 additions and 27 deletions
--- a/lib/roles/cgi/cgi-server.c
+++ b/lib/roles/cgi/cgi-server.c
@ -1063,7 +1063,7 @@ finish_him:
 struct lws *
 lws_cgi_get_stdwsi(struct lws *wsi, enum lws_enum_stdinouterr ch)
 {
-	if (!wsi->http.cgi)
+	if (!wsi->http.cgi || !wsi->http.cgi->lsp)
 		return NULL;

 	return wsi->http.cgi->lsp->stdwsi[ch];
--- a/lib/roles/cgi/ops-cgi.c
+++ b/lib/roles/cgi/ops-cgi.c
@ -34,11 +34,11 @@ rops_handle_POLLIN_cgi(struct lws_context_per_thread *pt, struct lws *wsi,

 	if (wsi->lsp_channel >= LWS_STDOUT &&
 	    !(pollfd->revents & pollfd->events & LWS_POLLIN))
-		return LWS_HPI_RET_HANDLED;
+		return LWS_HPI_RET_PLEASE_CLOSE_ME;

 	if (wsi->lsp_channel == LWS_STDIN &&
 	    !(pollfd->revents & pollfd->events & LWS_POLLOUT))
-		return LWS_HPI_RET_HANDLED;
+		return LWS_HPI_RET_PLEASE_CLOSE_ME;

 	if (wsi->lsp_channel == LWS_STDIN &&
 	    lws_change_pollfd(wsi, LWS_POLLOUT, 0)) {
--- a/plugins/CMakeLists.txt
+++ b/plugins/CMakeLists.txt
@ -83,6 +83,8 @@ if ((LWS_WITH_PLUGINS AND LWS_WITH_SHARED) OR LWS_WITH_PLUGINS_BUILTIN)
 			# let's just build the things into the lib

 			message("Building in plugin ${PLUGIN_NAME}")
+			list(APPEND LWS_BUILTIN_PLUGIN_NAMES "${PLUGIN_NAME}")
+			set(LWS_BUILTIN_PLUGIN_NAMES ${LWS_BUILTIN_PLUGIN_NAMES} PARENT_SCOPE)

 			if ("${PLUGIN_INCLUDE}" STREQUAL "")
 			else()
--- a/plugins/ssh-base/sshd.c
+++ b/plugins/ssh-base/sshd.c
@ -2246,12 +2246,12 @@ lws_callback_raw_sshd(struct lws *wsi, enum lws_callback_reasons reason,
 			pp = ps + 5;
 			*pp++ = SSH_MSG_USERAUTH_BANNER;
 			if (pss->vhd && pss->vhd->ops->banner)
-				n = (int)pss->vhd->ops->banner((char *)&buf[650],
+				n = (int)pss->vhd->ops->banner((char *)&buf[750],
 							  150 - 1,
 							  lang, (int)sizeof(lang));
 			lws_p32(pp, (uint32_t)n);
 			pp += 4;
-			strcpy((char *)pp, (char *)&buf[650]);
+			strcpy((char *)pp, (char *)&buf[750]);
 			pp += n;
 			if (lws_cstr(&pp, lang, sizeof(lang)))
 				goto bail;
@ -2622,7 +2622,7 @@ LWS_VISIBLE const lws_plugin_protocol_t lws_ssh_base = {
 	},

 	.protocols = lws_ssh_base_protocols,
-	.count_protocols = LWS_ARRAY_SIZE(lws_ssh_base_protocols),
+	.count_protocols = LWS_ARRAY_SIZE(lws_ssh_base_protocols) - 1,
 	.extensions = NULL,
 	.count_extensions = 0,
 };
--- a/test-apps/test-sshd.c
+++ b/test-apps/test-sshd.c
@ -1,7 +1,7 @@
 /*
 * Example embedded sshd server using libwebsockets sshd plugin
 *
- * Written in 2010-2019 by Andy Green <andy@warmcat.com>
+ * Written in 2010-2021 by Andy Green <andy@warmcat.com>
 *
 * This file is made available under the Creative Commons CC0 1.0
 * Universal Public Domain Dedication.
@ -18,14 +18,20 @@
 * Public Domain.
 *
 *
- * This test app listens on port 2200 for authorized ssh connections.  Run it
- * using
+ * This test app listens on port 2200 for authorized ssh connections, for which
+ * it spawns a shell similar to normal sshd.  Run it using
 *
 * $ sudo libwebsockets-test-sshd
 *
 * Connect to it using the test private key with:
 *
 * $ ssh -p 2200 -i /usr/local/share/libwebsockets-test-server/lws-ssh-test-keys anyuser@127.0.0.1
+ *
+ * If your OS doesn't allow rsa key connections any more, you can add
+ *
+ *     -o 'PubkeyAcceptedKeyTypes +ssh-rsa'
+ *
+ * to the above to enable it for that connection.
 */

 #include <sys/types.h>
@ -34,8 +40,16 @@
 #include <unistd.h>
 #include <signal.h>
 #include <errno.h>
+
+#include <libwebsockets.h>
+
+#if !defined(LWS_WITH_PLUGINS_BUILTIN)
 /* import the whole of lws-plugin-sshd-base statically */
 #include <lws-plugin-sshd-static-build-includes.h>
+#else
+/* if it's built-in, we can just use it from the library copy */
+#include <lws-ssh.h>
+#endif

 /*
 * We store the test server's own key here (will be created with a new
@ -589,7 +603,7 @@ ssh_ops_banner(char *buf, size_t max_len, char *lang, size_t max_lang_len)
 	int n = lws_snprintf(buf, max_len, "\n"
 		      " |\\---/|  lws-ssh Test Server\n"
 		      " | o_o |  SSH Terminal Server\n"
-		      "  \\_^_/   Copyright (C) 2017-2020 Crash Barrier Ltd\n\n");
+		      "  \\_^_/   Copyright (C) 2017-2021 Crash Barrier Ltd\n\n");

 	lws_snprintf(lang, max_lang_len, "en/US");

@ -635,13 +649,16 @@ static const struct lws_protocol_vhost_options pvo_ssh_ops = {
 	NULL,
 	"ops",
 	(void *)&ssh_ops
-};
-
-static const struct lws_protocol_vhost_options pvo_ssh = {
+}, pvo_ssh_base = {
 	NULL,
 	&pvo_ssh_ops,
 	"lws-ssh-base",
 	"" /* ignored, just matches the protocol name above */
+}, pvo_ssh = {
+	&pvo_ssh_base,
+	NULL,
+	"lws-sshd-demo1",
+	"" /* ignored, just matches the protocol name above */
 };

 void sighandler(int sig)
@ -651,7 +668,7 @@ void sighandler(int sig)
 }

 static int
-callback_lws_sshd_demo(struct lws *wsi, enum lws_callback_reasons reason,
+callback_lws_sshd_demo1(struct lws *wsi, enum lws_callback_reasons reason,
 		       void *user, void *in, size_t len)
 {
 	struct per_vhost_data__lws_sshd_demo *vhd =
@ -696,6 +713,8 @@ callback_lws_sshd_demo(struct lws *wsi, enum lws_callback_reasons reason,
 		break;

 	default:
+		if (!vhd)
+			break;
 		if (!vhd->ssh_base_protocol) {
 			vhd->ssh_base_protocol = lws_vhost_name_to_protocol(
 							lws_get_vhost(wsi),
@ -717,33 +736,45 @@ callback_lws_sshd_demo(struct lws *wsi, enum lws_callback_reasons reason,
 }


-const struct lws_protocols lws_sshd_demo_protocols[] = {
+const struct lws_protocols lws_sshd_demo_protocols1[] = {
 	{
-		"lws-sshd-demo",
-		callback_lws_sshd_demo,
+		"lws-sshd-demo1",
+		callback_lws_sshd_demo1,
 		0,
 		1024, /* rx buf size must be >= permessage-deflate rx size */
 		0, (void *)&ssh_ops, 0
-	}
-
+	},
+#if !defined(LWS_WITH_PLUGINS_BUILTIN)
+	/*
+	 * If we get ssh-base as a plugin, lws takes care of registering the
+	 * protocol(s) in the plugin.  If we statically built it ourselves, it's
+	 * our job
+	 */
+	LWS_PLUGIN_PROTOCOL_LWS_RAW_SSHD,
+#endif
+	LWS_PROTOCOL_LIST_TERM
 };


-int main()
+int
+main(int argc, const char **argv)
 {
+	int ret = 1, n, logs = LLL_ERR | LLL_WARN | LLL_NOTICE;
 	static struct lws_context_creation_info info;
 	struct lws_vhost *vh_sshd;
-	int ret = 1, n;
+	const char *p;

 	/* info is on the stack, it must be cleared down before use */
 	memset(&info, 0, sizeof(info));

-	signal(SIGINT, sighandler);
-	lws_set_log_level(LLL_ERR | LLL_WARN | LLL_NOTICE
-			/*| LLL_INFO */
-			/* | LLL_DEBUG */, NULL);
+	if ((p = lws_cmdline_option(argc, argv, "-d")))
+		logs = atoi(p);

-	lwsl_notice("lws test-sshd -- Copyright (C) 2017 <andy@warmcat.com>\n");
+	lws_set_log_level(logs, NULL);
+
+	signal(SIGINT, sighandler);
+
+	lwsl_notice("lws test-sshd -- Copyright (C) 2017-2021 <andy@warmcat.com>\n");

 	/* create the lws context */

@ -761,7 +792,7 @@ int main()
 	info.port = 2200;
 	info.options = LWS_SERVER_OPTION_ONLY_RAW;
 	info.vhost_name = "sshd";
-	info.protocols = lws_sshd_demo_protocols;
+	info.protocols = lws_sshd_demo_protocols1;
 	info.pvo = &pvo_ssh;

 	vh_sshd = lws_create_vhost(context, &info);