Merge remote-tracking branch 'origin/fix-multi-highly-concurrent' int…

…o fix-multi-highly-concurrent
atsign-foundation · Nov 12, 2024 · 7a50522 · 7a50522
2 parents a352252 + 51c0ed8
commit 7a50522
Show file tree

Hide file tree

Showing 40 changed files with 266 additions and 111 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -50,7 +50,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           sarif_file: results.sarif
diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
@@ -42,6 +42,7 @@
 
 ## Product Information <a href="#reference" id="reference"></a>
 
+* [Managing Policies](reference/policy.md)
 * [FAQ](reference/faq.md)
 * [How It Works](reference/how-it-works.md)
 * [Under The Hood](reference/underthehood.md)

diff --git a/docs/reference/policy.md b/docs/reference/policy.md
@@ -0,0 +1,9 @@
+---
+icon: users-rectangle
+---
+
+# Managing Policies
+
+NoPorts has a flexible suite of tools for managing policies. You can use a standalone database for storing and managing your policies using our administration interface, or you can integrate it with your existing policy database or service.&#x20;
+
+The policy suite is currently in alpha status, further documentation and examples will come with the first GA release of our policy suite.
diff --git a/packages/c/.clangd b/packages/c/.clangd
@@ -11,7 +11,7 @@ Index:
 Diagnostics:
   # IWYU for header files
   UnusedIncludes: Strict
-  MissingIncludes: Strict
+  # MissingIncludes: Strict
   # Avoid running slow clang-tidy checks
   ClangTidy:
     FastCheckFilter: Loose
diff --git a/packages/c/cmake/atsdk.cmake b/packages/c/cmake/atsdk.cmake
@@ -3,7 +3,7 @@ if(NOT atsdk_FOUND)
   FetchContent_Declare(
     atsdk
     GIT_REPOSITORY https://github.com/atsign-foundation/at_c.git
-    GIT_TAG 0438b3c1752259605b96551806ec339fbaf17b53
+    GIT_TAG 6650e33ab80e9d873ede6d0213fa2999054fce7b
   )
   FetchContent_MakeAvailable(atsdk)
   install(TARGETS atclient atchops atlogger)

diff --git a/packages/c/srv/src/params.c b/packages/c/srv/src/params.c
@@ -13,6 +13,8 @@ void apply_default_values_to_srv_params(srv_params_t *params) {
 }
 
 int parse_srv_params(srv_params_t *params, int argc, const char **argv, srv_env_t *environment) {
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wmissing-field-initializers"
   struct argparse_option options[] = {
       OPT_BOOLEAN(0, "help", NULL, "show this help message and exit", argparse_help_cb, 0, OPT_NONEG),
       OPT_STRING('h', "host", &params->host, "rvd host"),
@@ -33,6 +35,7 @@ int parse_srv_params(srv_params_t *params, int argc, const char **argv, srv_env_
                   "How long to keep the socket connector open if there have been no connections"),
       OPT_END(),
   };
+#pragma clang diagnostic pop
 
   struct argparse argparse;
   argparse_init(&argparse, options, NULL, 0);

diff --git a/packages/c/srv/src/side.c b/packages/c/srv/src/side.c
@@ -8,7 +8,6 @@
 #include <srv/params.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/socket.h>
 #include <unistd.h>
 
 #define TAG "srv - side"
@@ -118,7 +117,8 @@ void *srv_side_handle(void *side) {
       }
       memset(buffer, 0, BUFFER_LEN * sizeof(unsigned char));
     }
-    if (output) free(output);
+    if (output)
+      free(output);
     free(buffer);
     mbedtls_net_close(&s->socket);
   } else {

diff --git a/packages/c/srv/src/srv.c b/packages/c/srv/src/srv.c
@@ -93,7 +93,7 @@ int run_srv_daemon_side_multi(srv_params_t *params) {
   // This socket will decrypt the messages comming from the other side
   // which provide the information to create new sockets
   side_t control_side;
-  side_hints_t hints_control = {1, 0, params->host, params->port};
+  side_hints_t hints_control = {1, 0, params->host, params->port, NULL};
   if (params->rv_e2ee) {
     hints_control.transformer = &decrypter;
   }
@@ -166,7 +166,7 @@ int run_srv_daemon_side_multi(srv_params_t *params) {
       goto exit;
     }
 
-    for (int i = 0; i < nrequests; i++) {
+    for (size_t i = 0; i < nrequests; i++) {
       // Now process each of those requests
       res = parse_control_message(requests[i], &messagetype, &new_session_aes_key_string, &new_session_aes_iv_string);
       if (res != 0) {
@@ -246,14 +246,13 @@ int run_srv_daemon_side_multi(srv_params_t *params) {
 int socket_to_socket(const srv_params_t *params, const char *auth_string, chunked_transformer_t *encrypter,
                      chunked_transformer_t *decrypter, bool is_srv_ready) {
   side_t sides[2];
-  side_hints_t hints_a = {1, 0, params->local_host, params->local_port};
-  side_hints_t hints_b = {0, 0, params->host, params->port};
+  side_hints_t hints_a = {1, 0, params->local_host, params->local_port, NULL};
+  side_hints_t hints_b = {0, 0, params->host, params->port, NULL};
 
   if (params->rv_e2ee) {
     hints_a.transformer = encrypter;
     hints_b.transformer = decrypter;
   }
-
   atlogger_log(TAG, INFO, "Initializing connection for side a\n");
   int res = srv_side_init(&hints_a, &sides[0]);
   if (res != 0) {
@@ -270,7 +269,8 @@ int socket_to_socket(const srv_params_t *params, const char *auth_string, chunke
 
   int fds[2], tidx;
   int exit_res = 0;
-  pthread_t threads[2], tid;
+  pthread_t threads[2];
+  pthread_t tid = NULL;
   pipe(fds);
 
   srv_link_sides(&sides[0], &sides[1], fds);
@@ -350,10 +350,13 @@ int socket_to_socket(const srv_params_t *params, const char *auth_string, chunke
   return 0;
 }
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wunused-parameter"
 int server_to_socket(const srv_params_t *params, const char *auth_string, chunked_transformer_t *encrypter,
                      chunked_transformer_t *decrypter) {
   return 0;
 }
+#pragma clang diagnostic pop
 
 int create_encrypter_and_decrypter(const char *session_aes_key_string, const char *session_aes_iv_string,
                                    chunked_transformer_t *encrypter, chunked_transformer_t *decrypter) {
@@ -438,7 +441,6 @@ int aes_ctr_crypt_stream(const chunked_transformer_t *self, size_t len, const un
 
 static int process_multiple_requests(char *original, char **requests[], size_t *num_out_requests) {
   int ret = -1;
-  int num_requests = 0;
 
   char *temp = NULL;
   char *saveptr = original;

diff --git a/packages/c/sshnpd/CHANGELOG.md b/packages/c/sshnpd/CHANGELOG.md
@@ -1,3 +1,12 @@
+## 0.2.4
+
+- fix: Disabled clang-tidy missing-includes, as it malformed header includes
+- fix: Restore the malformed headers
+
+## 0.2.3
+
+- Update to atSDK v0.3.1 with type fixes
+
 ## 0.2.2
 
 - Fix 32bit support for device_info

diff --git a/packages/c/sshnpd/include/sshnpd/handle_npt_request.h b/packages/c/sshnpd/include/sshnpd/handle_npt_request.h
@@ -5,6 +5,6 @@
 #include <pthread.h>
 
 void handle_npt_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshnpd_params *params,
-                        bool *is_child_process, atclient_monitor_response *message, char *home_dir, FILE *authkeys_file,
-                        char *authkeys_filename, atchops_rsa_key_private_key signing_key);
+                        bool *is_child_process, atclient_monitor_response *message,
+                        atchops_rsa_key_private_key signing_key);
 #endif
diff --git a/packages/c/sshnpd/include/sshnpd/handle_ssh_request.h b/packages/c/sshnpd/include/sshnpd/handle_ssh_request.h
@@ -5,7 +5,7 @@
 #include <pthread.h>
 
 void handle_ssh_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshnpd_params *params,
-                        bool *is_child_process, atclient_monitor_response *message, char *home_dir, FILE *authkeys_file,
-                        char *authkeys_filename, atchops_rsa_key_private_key signing_key);
+                        bool *is_child_process, atclient_monitor_response *message,
+                        atchops_rsa_key_private_key signing_key);
 
 #endif
diff --git a/packages/c/sshnpd/include/sshnpd/version.h b/packages/c/sshnpd/include/sshnpd/version.h
@@ -1,4 +1,4 @@
 #ifndef SSHNPD_VERSION_H
 #define SSHNPD_VERSION_H
-#define SSHNPD_VERSION "0.2.2"
+#define SSHNPD_VERSION "0.2.4"
 #endif
diff --git a/packages/c/sshnpd/src/background_jobs.c b/packages/c/sshnpd/src/background_jobs.c
@@ -53,7 +53,7 @@ void *refresh_device_entry(void *void_refresh_device_entry_params) {
     pthread_exit(NULL);
   }
 
-  int index;
+  size_t index;
   for (index = 0; index < num_managers; index++) {
     // device_info
     size_t buffer_len = strlen(params->params->manager_list[index]) + infokey_base_len;
@@ -144,7 +144,7 @@ void *refresh_device_entry(void *void_refresh_device_entry_params) {
 
       fflush(stdout);
 
-      for (int i = 0; i < num_managers; i++) {
+      for (size_t i = 0; i < num_managers; i++) {
         if (params->params->hide) {
           ret = atclient_delete(params->atclient, infokeys + i, NULL, NULL);
         } else {

diff --git a/packages/c/sshnpd/src/file_utils.c b/packages/c/sshnpd/src/file_utils.c
@@ -1,12 +1,12 @@
 #include "sshnpd/file_utils.h"
 #include <atlogger/atlogger.h>
+#include <errno.h>
 #include <pthread.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/errno.h>
 #include <unistd.h>
 
 int authorize_ssh_public_key(authkeys_params *params) {

diff --git a/packages/c/sshnpd/src/handle_npt_request.c b/packages/c/sshnpd/src/handle_npt_request.c
@@ -10,22 +10,21 @@
 #include <atclient/notify.h>
 #include <atclient/string_utils.h>
 #include <atlogger/atlogger.h>
+#include <errno.h>
 #include <pthread.h>
 #include <sshnpd/handle_ssh_request.h>
 #include <sshnpd/handler_commons.h>
 #include <sshnpd/run_srv_process.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/errno.h>
-#include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
 
 #define LOGGER_TAG "NPT_REQUEST"
 
 void handle_npt_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshnpd_params *params,
-                        bool *is_child_process, atclient_monitor_response *message, char *home_dir, FILE *authkeys_file,
-                        char *authkeys_filename, atchops_rsa_key_private_key signing_key) {
+                        bool *is_child_process, atclient_monitor_response *message,
+                        atchops_rsa_key_private_key signing_key) {
   int res = 0;
   if (!atclient_atnotification_is_from_initialized(&message->notification) && message->notification.from != NULL) {
     atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to initialize the from field of the notification\n");
@@ -512,7 +511,6 @@ void handle_npt_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshn
 
   pid_t pid = fork();
   int status;
-  bool free_envelope = true;
 
   if (pid == 0) {
     // child process

diff --git a/packages/c/sshnpd/src/handle_ssh_request.c b/packages/c/sshnpd/src/handle_ssh_request.c
@@ -9,22 +9,21 @@
 #include <atclient/notify.h>
 #include <atclient/string_utils.h>
 #include <atlogger/atlogger.h>
+#include <errno.h>
 #include <pthread.h>
 #include <sshnpd/handle_ssh_request.h>
 #include <sshnpd/handler_commons.h>
 #include <sshnpd/run_srv_process.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/errno.h>
-#include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
 
 #define LOGGER_TAG "SSH_REQUEST"
 
 void handle_ssh_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshnpd_params *params,
-                        bool *is_child_process, atclient_monitor_response *message, char *home_dir, FILE *authkeys_file,
-                        char *authkeys_filename, atchops_rsa_key_private_key signing_key) {
+                        bool *is_child_process, atclient_monitor_response *message,
+                        atchops_rsa_key_private_key signing_key) {
   int res = 0;
   if (!atclient_atnotification_is_from_initialized(&message->notification) && message->notification.from != NULL) {
     atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to initialize the from field of the notification\n");
@@ -498,7 +497,6 @@ void handle_ssh_request(atclient *atclient, pthread_mutex_t *atclient_lock, sshn
 
   pid_t pid = fork();
   int status;
-  bool free_envelope = true;
 
   if (pid == 0) {
     // child process

diff --git a/packages/c/sshnpd/src/handle_sshpublickey.c b/packages/c/sshnpd/src/handle_sshpublickey.c
@@ -20,7 +20,7 @@ void handle_sshpublickey(sshnpd_params *params, atclient_monitor_response *messa
   }
 
   char *ssh_key = (char *)message->notification.decrypted_value;
-  size_t ssh_key_len = strlen(ssh_key);
+  // size_t ssh_key_len = strlen(ssh_key);
 
   bool is_valid_prefix = false;
   for (int i = 1; i < SUPPORTED_KEY_PREFIX_LEN; i++) {

diff --git a/packages/c/sshnpd/src/handler_commons.c b/packages/c/sshnpd/src/handler_commons.c
@@ -7,7 +7,7 @@
 #define LOGGER_TAG "VERIFY_REQUEST_SIGNATURE"
 
 int verify_envelope_signature(atchops_rsa_key_public_key publickey, const unsigned char *payload,
-                              unsigned char *signature, const char *hashing_algo, const char *signing_algo) {
+                              unsigned char *signature, const char *hashing_algo) {
   int ret = 0;
 
   atchops_md_type mdtype;
@@ -19,7 +19,7 @@ int verify_envelope_signature(atchops_rsa_key_public_key publickey, const unsign
     return -1;
   }
 
-  ret = atchops_rsa_verify(&publickey, ATCHOPS_MD_SHA256, payload, strlen((char *)payload), signature);
+  ret = atchops_rsa_verify(&publickey, mdtype, payload, strlen((char *)payload), signature);
   if (ret != 0) {
     atlogger_log(LOGGER_TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "verify_envelope_signature (failed)\n");
     return -1;