Enforce LoginGraceTime in wolfsshd on Windows and make the grace flag per connection

[yosuke-wolfssl]

Enforce LoginGraceTime in wolfsshd on Windows and make the grace flag per-connection

Summary

Two related fixes to LoginGraceTime handling in wolfsshd:

1. Close a fail-open default on Windows. The Windows build never armed a
   grace timer. LoginGraceTime was accepted from the config but only logged a
   "not enforced on this platform" warning, so an unauthenticated connection
   could stay open indefinitely. Windows now arms a one-shot threadpool timer
   that drops the connection at the deadline, matching the POSIX SIGALRM
   behavior.

2. Fix a latent shared-flag bug. The grace timeout was tracked in a single
   file-scope timeOut variable (static volatile int on Windows,
   __thread int elsewhere). POSIX always fork()s per connection so the flag
   was effectively per-process there, but Windows daemon connections run as
   threads via CreateThread, so one connection timing out could be observed by
   another. The flag now lives in WOLFSSHD_CONNECTION, making it
   per-connection on every platform.

Details

• Added timeOut (and, on Windows, a PTP_TIMER loginTimer) to
  WOLFSSHD_CONNECTION, initialized per connection in StartSSHD.
• POSIX: the SIGALRM handler sets a file-scope volatile sig_atomic_t loginGraceTimedOut (a signal handler may only touch a sig_atomic_t). After
  the accept loop, HandleConnection copies that flag into conn->timeOut so
  the logging and grace-period checks see it. The flag is cleared before
  alarm() is armed to avoid stale state from a reused process.
• Windows: CreateThreadpoolTimer schedules GraceTimeoutCb, which sets
  conn->timeOut at the deadline. CancelLoginTimer does
  SetThreadpoolTimer(NULL) -> WaitForThreadpoolTimerCallbacks(timer, TRUE) ->
  CloseThreadpoolTimer, and is NULL-guarded and idempotent. It is reached
  unconditionally when graceTime > 0, plus early on auth success.
• LoginGraceExpired() abstracts the read of the timeout state for the accept
  loop across both platforms.
• UserAuthResult now receives the connection via wolfSSH_SetUserAuthResultCtx
  and cancels the grace timer (CancelLoginTimer on Windows, alarm(0) on
  POSIX) as soon as authentication succeeds.
• The grace-failure log line is only emitted when authentication did not also
  complete in the same accept iteration, avoiding a misleading "Failed login
  within grace period" message on a timer-vs-success race.
• Logging callback now flushes after each line so a consumer reading the log
  while the daemon runs sees output immediately.

Tests

• Reworked the grace-time test from stalling on an interactive password prompt
  (which never stalled without a TTY in CI) to opening a raw TCP connection and
  measuring, behaviorally, when the daemon drops it relative to the grace
  deadline.
• Added a matching PowerShell test (sshd_login_grace_test.ps1) for the
  Windows path and wired it into the test runner.
• windows-check.yml now genuinely enables the sshd/sftp settings so the
  Windows build path is exercised.

[Copilot]

Pull request overview

This PR fixes a fail-open behavior in wolfsshd where LoginGraceTime was not enforced on Windows, and corrects the timeout bookkeeping so it is safe under the Windows thread-per-connection model. It also updates logging behavior and adds/reenables tests to prevent regressions across Unix and Windows CI.

Changes:

• Enforce LoginGraceTime on Windows using a per-connection threadpool timer and move the timeout flag into WOLFSSHD_CONNECTION.
• Adjust authentication result handling to cancel grace timers/alarms on successful authentication.
• Rework and expand tests (Bash + PowerShell) and extend Windows CI to exercise the Windows enforcement path.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
apps/wolfsshd/wolfsshd.c	Adds per-connection timeout state and Windows threadpool timer enforcement; logging flush behavior updated.
apps/wolfsshd/test/sshd_login_grace_test.sh	Makes grace-time test deterministic by stalling with a raw TCP connection; reorders logic accordingly.
apps/wolfsshd/test/sshd_login_grace_test.ps1	Adds Windows regression test for grace-time enforcement.
apps/wolfsshd/test/run_all_sshd_tests.sh	Re-enables the grace-time test in the SSHD test suite and updates skipped count.
.github/workflows/windows-check.yml	Adds a workflow step to locate wolfsshd.exe, stage wolfssl.dll, and run the new Windows grace-time test.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #1028

Scan targets checked: none
Failed targets: wolfssh-bugs, wolfssh-src

⚠️ Review incomplete — one or more scan targets failed before findings could be produced. See the Fenrir PR review detail page for logs.

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #1028

Scan targets checked: wolfssh-bugs, wolfssh-src

No new issues found in the changed files. ✅