1
0
mirror of https://github.com/libssh2/libssh2.git synced 2025-07-29 13:01:14 +03:00

16 Commits

Author SHA1 Message Date
94b6bad3c8 example, tests: call WSACleanup() for each WSAStartup()
On Windows.

Closes #1283
2023-12-13 01:28:14 +00:00
afa6b86560 build: enable missing OpenSSF-recommended warnings, with fixes
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)

Enable new warnings:

- replace `-Wno-sign-conversion` with `-Wsign-conversion`.

  Fix them in example, tests and wincng. There remain about 360 of these
  warnings in `src`. Add a TODO item for those and disable `-Werror` for
  this particular warning.

- enable `-Wformat=2` for clang (in both cmake and autotools).

- enable `__attribute__((format))` for `_libssh2_debug()`,
  `_libssh2_snprintf()` and in tests for `run_command()`.

  `LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.

- enable `-Wimplicit-fallthrough`.

- enable `-Wtrampolines`.

Fix them:

- src: replace obsolete fall-through-comments with
  `__attribute__((fallthrough))`.

- wincng: fix `-Wsign-conversion` warnings.

- tests: fix `-Wsign-conversion` warnings.

- example: fix `-Wsign-conversion` warnings.

- src: fix `-Wformat` issues in trace calls.

  Also, where necessary fix `int` and `unsigned char` casts to
  `unsigned int` and adjust printf format strings. These were not
  causing compiler warnings.

  Cast large types to `long` to avoid dealing with printf masks for
  `size_t` and other C99 types. Existing code often used `int` for this.
  I'll update them to `long` in an upcoming commit.

- tests: fix `-Wformat` warning.

- silence `-Wformat-nonliteral` warnings.

- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
  in external header.

Closes #1257
2023-12-03 01:32:20 +00:00
eb996af851 tests: sync port number type with the rest of codebase
Tested via #1257
2023-12-02 09:53:55 +00:00
5326a5ce26 tests: fall back to $LOGNAME for username
If the `$USER` variable is empty, fall back to using `$LOGNAME` to
retrieve the logged-in username.

In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and
on some systems it may not be set. Without this value, tests were unable
to provide the correct username when logging into the SSH server running
under the active user's session.

Reported-by: Nicolas Mora
Suggested-by: Nicolas Mora
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348
Fixes #1240
Closes #1241
2023-11-24 15:14:00 +00:00
6fbc9505d8 windows: use built-in _WIN32 macro to detect Windows
Instead of `WIN32`.

The compiler defines `_WIN32`. Windows SDK headers or build env defines
`WIN32`, or we have to take care of it. The agreement seems to be that
`_WIN32` is the preferred practice here.

Minor downside is that CMake uses `WIN32` and we also adopted it in
`Makefile.mk`.

In public libssh2 headers we stick with accepting either `_WIN32` or
`WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them.

grepping for `WIN32` remains useful to detect Windows-specific code.

Closes #1195
2023-09-29 19:15:08 +00:00
f6aa31f48f provide SPDX identifiers
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK

Assisted-by: Viktor Szakats

Closes #1084
2023-06-07 08:18:55 +02:00
187d89bb07 copyright: remove years from copyright headers
Also:
- uppercase `(C)`.
- add missing 'All rights reserved.' lines.
- drop duplicate 'Author' lines.
- add copyright headers where missing.
- enable copyright header check in checksrc.

Reasons for deleting years (copied as-is from curl):
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

Closes #1082
2023-06-04 19:19:16 +00:00
003fb454c3 tidy-up: avoid exclamations, prefer single quotes, in outputs
Closes #1079
2023-06-03 12:51:56 +00:00
8270633eeb example, tests: fix ssh2 to correctly return failure
Before this patch ssh2 and test_ssh2 returned success even if the session
failed at `libssh2_session_handshake()` or after.

This patch depends on cda41f7cb8, that fixed
running test_ssh2 on Windows via sshd_fixture.

Cherry-picked from #1017
2023-05-03 13:07:13 +00:00
bc120a343b tests: retry KEX failures when using the WinCNG backend
Twice. This tests are flaky and we haven't figured out why. In the
meantime use this workaround to test and log these issues, but also
ensure that CI run aren't flagged red because of it.

Also:
- kex: add debug message when hostkey `sig_verify` fails,
  to help tracking WinCNG KEX failures.
- test_ssh2: also add retry logic.
  I'm not quite sure this is correct. Please let me know.
- session_fixture: bump up `src_path` slots to fit retries and show
  message when hitting the limit.
- session_fixture: clear `kbd_password` static variable after use.
- session_fixture: close and deinit socket after use.
- session_fixture: deinit libssh2 after use.

Ref: #804 #846 #979 #1012 #1015

Cherry-picked from #1017
Closes #1023
2023-05-03 12:30:38 +00:00
d70919fb00 example, test_ssh2: shutdown socket before close
Syncing them with `tests/session_fixture.c`.

Cherry-picked from #1017
2023-05-03 12:26:28 +00:00
cda41f7cb8 tests: teach to use the USERNAME envvar on Windows
Necessary to pick the correct local username when run on Windows.

Cherry-picked from #1017
2023-05-03 01:19:33 +00:00
3f3236eb08 test_ssh2: support FIXTURE_TRACE_ALL* envvars
Cherry-picked from #1017
2023-05-03 01:17:26 +00:00
a683133dfe tidy-up: C header use
- drop unused or duplicate C headers.
- add missing ones (that worked by chance).
  (`string.h`, `stdlib.h`)
- mention the functions that need certain headers.
- move some headers from crypto header to crypto C source.
- reorder headers in some places.
- simplify the #if tree for `sys/select.h` in `libssh2_priv.h`.
- move scp-specific macros next to their header to `scp.c`
  Follow-up to 5db836b2a8

Closes #999
2023-04-27 14:27:17 +00:00
a459a25302 tests: improve running tests
TL;DR: Sync test builds between autotools and CMake. Sync sshd
configuration between Docker and non-Docker fixtures. Bump up
sshd_config for recent OpenSSH releases.

This also opens up the path to have non-Docker tests that use a
local sshd process. Though sshd is practically unusable on Windows
CI machines out of the box, so this will need further efforts.

Details:

- cmake: run sshd fixture test just like autotool did already.

- sync tests and their order between autotools and CMake.

  It makes `test_aa_warmup` the first test with both.

- cmake: load test lists from `Makefile.am`.

  Needed to update the loader to throw away certain lines to keep the
  converted output conform CMake syntax. Using regexp might be an
  alternative way of doing this, but couldn't make it work.

- cmake: use the official way to configure test environment variables.
  Switch to syntax that's extendable.

- cmake: allow to run the same test both under Docker and sshd fixture.

  Useful for testing the sshd fixture runner, or how the same test
  behaves in each fixture.

- update test fixture to read the username from `USER` envvar instead of
  using the Dockfile-specific hardwired one, when running outside Docker.

- rework `ssh2.sh` into `sshd_fixture.sh`, to:

  - allow running any tests (not just `test_ssh2`).
  - configure Docker tests for running outside Docker.
  - fixup `SSHD` path when running on Windows (e.g. in AppVeyor CI).
    Fixes: `sshd re-exec requires execution with an absolute path`
  - allow overriding `PUBKEY` and `PRIVKEY` envvars.
  - allow overriding `ssh_config` via `SSHD_FIXTURE_CONFIG`.

- prepare support for running multiple tests via sshd_fixture.

  Add a TAP runner for autotools and extend CMake logic. The TAP runner
  loads the test list from `Makefile.am`.

  Notice however that on Windows, `sshd_fixture.sh` is very flaky with
  GitHub Actions. And consistently broken for subsequent tests in
  AppVeyor CI:
    'libssh2_session_handshake failed (-43): Failed getting banner'

  Another way to try is a single sshd instance serving all tests.
  For CMake this would probably mean using an external script.

- ed25519 test keys were identical for auth and host. Regenerate the
  auth keypair to make them distinct.

- sync the sshd environment between Docker and sshd_fixture.

  - use common via `openssh_server/sshd_config`.
  - accept same auth keys.
  - offer the same host keys.
  - sync TrustedUserCAKeys.
  - delete now unused keypairs: `etc/host*`, `etc/user*`.
  - bump up startup delay for Windows (randomly, to 5 secs, from 3).
  - delete `UsePrivilegeSeparation no` to avoid deprecation warnings.
    `command-line line 0: Deprecated option UsePrivilegeSeparation`
  - delete `Protocol 2` to avoid deprecation warnings.
    It has been the default since OpenSSH 3.0 (2001-11-06).
  - delete `StrictModes no` (CI tests work without it, Docker tests
    never used it).

- bump `Dockerfile` base image to `testing-slim` (from `bullseye-slim`).

  It needed `sshd_config` updates to keep things working with
  OpenSSH 9.2 (compared to bullseye's 8.4).

  - replace `ChallengeResponseAuthentication` alias with
    `KbdInteractiveAuthentication`.
    The former is no longer present in default `sshd_config` since
    OpenSSH 8.7 (2021-08-20). This broke the `Dockerfile` script.
    The new name is documented since OpenSSH 4.9 (2008-03-31)

  - add `PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss,ssh-rsa-cert-v01@openssh.com`
    and `HostKeyAlgorithms +ssh-rsa`.

    Original-patch-by: Eric van Gyzen (@vangyzen on github)
    Fixes #691

    There is a new name for `PubkeyAcceptedKeyTypes`:
       `PubkeyAcceptedAlgorithms`.
    It requires OpenSSH 8.5 (2021-03-03) and breaks some envs so we're
    not using it just yet.

- drop `rijndael-cbc@lysator.liu.se` tests and references from config.

  This is a draft alias for `aes256-cbc`. No need to test it twice.
  Also this alias is no longer recognized by OpenSSH 8.5 (2021-03-03).

- update `mansyntax.sh` and `sshd_fixture.sh` to not rely on `srcdir`.

  Hopefully this works with out-of-tree builds.

- fix `test_read_algos.test` to honor CRLF EOLs in their inputs
  (necessary when running on Windows.)

- fix `test_read_algos.test` to honor `EXEEXT`. Might be useful when
  running tests under cross-builds?

- `test_ssh2.c`:

  - use libssh2 API to set blocking mode. This makes it support all
    platforms.
  - adapt socket open timeout logic from `openssh_fixture.c`.
    Sadly this did not help fix flakiness on GHA Windows.

- tests: delete unused C headers and variable initialization.

- delete unused test files: `sshd_fixture.sh.in`, `sshdwrap`,
  `etc/sshd_config`.

  Ref: cf80f2f4b5

- autotools: delete stray `.c` test sources from `EXTRA_DIST` in tests.

- `tests/.gitignore`: drop two stray tests.

- autotools: fix passing `SSHD` containing space (Windows needs this).

- autotools: sort `EXTRA_DIST` in tests.

- cmake: fix to add `test_ssh2` to `TEST_TARGETS`.

- fix `authorized_key` order in `tests/gen_keys.sh`.

- silence shellcheck warning in `ci/checksrc.sh`.

- set `SSHD` for autotools on GitHub Actions Windows. [skipped]

  Auto-detection doesn't work (maybe because sshd is installed via
  Git for Windows and we're using MSYS2's shell.)

  It enables running sshd fixture (non-Docker) tests in these jobs.

  I did not include this in the final patch due to flakiness:
  ```
  Connection to 127.0.0.1:4711 attempt #0 failed: retrying...
  Connection to 127.0.0.1:4711 attempt #1 failed: retrying...
  Connection to 127.0.0.1:4711 attempt #2 failed: retrying...
  Failure establishing SSH session: -43
  ```

  Can be enabled with:
  `export SSHD='C:/Program Files/Git/usr/bin/sshd.exe'`

Closes #996
2023-04-24 21:28:28 +00:00
9ecb22daab tests: build improvements and more
- rename tests to have more succint names and a more useful natural
  order.

- rename `simple` and `ssh2` in tests to have the `test_` prefix.

  This avoids a name collisions with `ssh2` in examples.

- cmake: drop the `example-` prefix for generated examples.

  Bringing their names in sync with other build tools, like autotools.

- move common auth test code into the fixture and simplify tests by
  using that.

- move feature guards from CMake to preprocessor for auth tests.

  Now it works with all build tools and it's easier to keep it in sync
  with the lib itself.

  For this we need to include `libssh2_priv.h` in tests, which in turn
  needs tweaking on the trick we use to suppress extra MSVS warnings
  when building tests and examples.

- move mbedTLS blocklist for crypto tests from CMake to the test
  fixture.

- add ed25519 hostkey tests to `test_hostkey` and `test_hostkey_hash`.

- add shell script to regenerate all test keys used for our tests.

- alpha-sort tests.

- rename `signed_*` keys to begin with `key` like the rest of the keys
  do.

- whitespace fixes.

Closes #969
2023-04-16 22:50:01 +00:00