Merge branch 'trunk' into gitbook

atsign-foundation · Nov 20, 2024 · 7ebc2fc · 7ebc2fc
2 parents 931d39a + 1b93542
commit 7ebc2fc
Show file tree

Hide file tree

Showing 15 changed files with 737 additions and 1,128 deletions.
diff --git a/packages/c/.clangd b/packages/c/.clangd
@@ -11,7 +11,7 @@ Index:
 Diagnostics:
   # IWYU for header files
   UnusedIncludes: Strict
-  # MissingIncludes: Strict
+  # MissingIncludes: Strict # not all versions of clangd support the appropriate pragmas to suppress warnings generated by this
   # Avoid running slow clang-tidy checks
   ClangTidy:
     FastCheckFilter: Loose
diff --git a/packages/c/srv/src/srv.c b/packages/c/srv/src/srv.c
@@ -190,17 +190,30 @@ int run_srv_daemon_side_multi(srv_params_t *params) {
                      "run_srv_daemon_side_multi\n Control socket received %s request - \n creating new socketToSocket "
                      "connection\n",
                      messagetype);
-        // start socket_to_socket connection
-        res = create_encrypter_and_decrypter(new_session_aes_key_string, new_session_aes_iv_string,
-                                             new_socket_encrypter, new_socket_decrypter);
+
+        bool no_encrypt =
+            strcmp(new_session_aes_key_string, "no") == 0 && strcmp("new_session_aes_iv_string", "encrypt") == 0;
+        if (no_encrypt) {
+          atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_WARN,
+                       "Socket connector requested no encryption!\n\tOnly disable encryption if you know what you "
+                       "are doing!\n");
+        }
+
+        if (!no_encrypt) {
+          // start socket_to_socket connection
+          res = create_encrypter_and_decrypter(new_session_aes_key_string, new_session_aes_iv_string,
+                                               new_socket_encrypter, new_socket_decrypter);
+        }
         atlogger_log(TAG, INFO, "Starting socket to socket srv\n");
 
         pthread_t sts_thread;
         socket_to_socket_params_t *sts_thread_params = malloc(sizeof(socket_to_socket_params_t));
         if (sts_thread_params == NULL) {
           atlogger_log(TAG, ERROR, "Failed to allocate memory for thread parameters\n");
-          free(new_socket_encrypter);
-          free(new_socket_decrypter);
+          if (!no_encrypt) {
+            free(new_socket_encrypter);
+            free(new_socket_decrypter);
+          }
           goto exit;
         }
 
@@ -213,8 +226,10 @@ int run_srv_daemon_side_multi(srv_params_t *params) {
         res = pthread_create(&sts_thread, NULL, run_socket_to_socket, (void *)sts_thread_params);
         if (res != 0) {
           atlogger_log(TAG, ERROR, "Failed to create thread: %d\n", res);
-          free(new_socket_encrypter);
-          free(new_socket_decrypter);
+          if (!no_encrypt) {
+            free(new_socket_encrypter);
+            free(new_socket_decrypter);
+          }
           free(sts_thread_params);
           goto exit;
         }

diff --git a/packages/c/sshnpd/include/sshnpd/background_jobs.h b/packages/c/sshnpd/include/sshnpd/background_jobs.h
@@ -17,6 +17,7 @@
 struct refresh_device_entry_params {
   atclient *atclient;
   pthread_mutex_t *atclient_lock;
+  pthread_cond_t *refresh_cond;
   const sshnpd_params *params;
   const char *payload;
   const char *username;

diff --git a/packages/c/sshnpd/include/sshnpd/handler_commons.h b/packages/c/sshnpd/include/sshnpd/handler_commons.h
@@ -1,11 +1,32 @@
 #ifndef HANDLER_COMMONS_H
 #define HANDLER_COMMONS_H
+#include "sshnpd/params.h"
+#include <atclient/cjson.h>
 #include <atclient/monitor.h>
 #include <pthread.h>
 
 #define BYTES(x) (sizeof(unsigned char) * x)
 
-int verify_envelope_signature(atchops_rsa_key_public_key publickey, const unsigned char *payload,
+int verify_envelope_signature_from(cJSON *envelope, char *requesting_atsign, atclient *atclient,
+                                   pthread_mutex_t *atclient_lock);
+int verify_envelope_signature(atchops_rsa_key_public_key *publickey, const unsigned char *payload,
                               unsigned char *signature, const char *hashing_algo, const char *signing_algo);
 
+enum payload_type { payload_type_ssh, payload_type_npt };
+
+cJSON *extract_envelope_from_notification(atclient_monitor_response *message);
+
+int verify_envelope_contents(cJSON *envelope, enum payload_type type);
+
+int verify_payload_contents(cJSON *payload, enum payload_type type);
+
+int create_rvd_auth_string(cJSON *payload, atchops_rsa_key_private_key *signing_key, char **rvd_auth_string);
+
+int setup_rvd_session_encryption(cJSON *payload, unsigned char **session_aes_key,
+                                 unsigned char **session_aes_key_base64, unsigned char **session_iv,
+                                 unsigned char **session_iv_base64);
+
+int send_success_payload(cJSON *payload, atclient *atclient, pthread_mutex_t *atclient_lock, sshnpd_params *params,
+                         unsigned char *session_aes_key_base64, unsigned char *session_iv_base64,
+                         atchops_rsa_key_private_key *signing_key, char *requesting_atsign);
 #endif
diff --git a/packages/c/sshnpd/src/background_jobs.c b/packages/c/sshnpd/src/background_jobs.c
@@ -48,7 +48,8 @@ void *refresh_device_entry(void *void_refresh_device_entry_params) {
   }
   ret = pthread_mutex_lock(params->atclient_lock);
   if (ret != 0) {
-    atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to lock the atclient\n");
+    atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR,
+                 "Failed to lock the atclient for initial device entry refresh\n");
     *params->should_run = 0;
     pthread_exit(NULL);
   }
@@ -130,9 +131,9 @@ void *refresh_device_entry(void *void_refresh_device_entry_params) {
     if (counter == 0) {
       ret = pthread_mutex_lock(params->atclient_lock);
       if (ret != 0) {
-        atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to get a lock on atclient\n");
-        *params->should_run = 0;
-        break;
+        atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR,
+                     "Failed to get a lock on atclient, will try again at next iteration\n");
+        continue;
       }
       // once an hour the counter will reset
       if (params->params->hide) {
@@ -158,7 +159,7 @@ void *refresh_device_entry(void *void_refresh_device_entry_params) {
 
       ret = pthread_mutex_unlock(params->atclient_lock);
       if (ret != 0) {
-        atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to release atclient lock\n");
+        atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Bad pthread state, exiting to prevent deadlock");
         *params->should_run = 0;
         break;
       }