Fix accessor functions for username and client id when used in plugin…

… auth check.

ChangeLog.txt

@@ -24,6 +24,8 @@ Broker:
 - Fix UNSUBACK messages not being logged. Closes #903.
 - Fix possible endian issue when reading the `memory_limit` option.
 - Fix building for libwebsockets < 1.6.
+- Fix accessor functions for username and client id when used in plugin auth
+ check.
 
 Library:
 - Fix some places where return codes were incorrect, including to the

src/handle_connect.c

@@ -497,7 +497,13 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
  }else{
 #endif /* WITH_TLS */
  if(username_flag){
+ /* FIXME - these ensure the mosquitto_client_id() and
+ * mosquitto_client_username() functions work, but is hacky */
+ context->id = client_id;
+ context->username = username;
  rc = mosquitto_unpwd_check(db, context, username, password);
+ context->username = NULL;
+ context->id = NULL;
  switch(rc){
  case MOSQ_ERR_SUCCESS:
  break;

test/broker/Makefile

@@ -5,11 +5,11 @@ include ../../config.mk
 
 all :
 
-clean : 
+clean :
  -rm -f *.vglog
  $(MAKE) -C c clean
 
-test-compile : 
+test-compile :
  $(MAKE) -C c
 
 ptest : test-compile
@@ -72,7 +72,7 @@ endif
  ./04-retain-upgrade-outgoing-qos.py
 
 05 :
- ./05-clean-session-qos1.py 
+ ./05-clean-session-qos1.py
 
 06 :
  ./06-bridge-reconnect-local-out.py
@@ -120,6 +120,7 @@ endif
  ./09-plugin-auth-defer-unpwd-success.py
  ./09-plugin-auth-defer-unpwd-fail.py
  ./09-plugin-auth-msg-params.py
+ ./09-plugin-auth-context-params.py
 
 10 :
  ./10-listener-mount-point.py

test/broker/c/Makefile

@@ -2,24 +2,27 @@
 
 CFLAGS=-I../../../lib -I../../../src -Wall -Werror
 
-all : auth_plugin.so auth_plugin_pwd.so auth_plugin_acl.so auth_plugin_v2.so auth_plugin_msg_params.so 08
+all : auth_plugin.so auth_plugin_pwd.so auth_plugin_acl.so auth_plugin_v2.so auth_plugin_msg_params.so auth_plugin_context_params.so 08
 
 08 : 08-tls-psk-pub.test 08-tls-psk-bridge.test
 
 auth_plugin.so : auth_plugin.c
- $(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+ $(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_pwd.so : auth_plugin_pwd.c
- $(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+ $(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_acl.so : auth_plugin_acl.c
- $(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+ $(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_v2.so : auth_plugin_v2.c
- $(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+ $(CC) ${CFLAGS} -fPIC -shared $^ -o $@
+
+auth_plugin_context_params.so : auth_plugin_context_params.c
+ $(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_msg_params.so : auth_plugin_msg_params.c
- $(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+ $(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 08-tls-psk-pub.test : 08-tls-psk-pub.c
  $(CC) ${CFLAGS} $^ -o $@ ../../../lib/libmosquitto.so.1

test/broker/c/auth_plugin_context_params.c

@@ -0,0 +1,91 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <mosquitto.h>
+#include <mosquitto_broker.h>
+#include <mosquitto_plugin.h>
+
+int mosquitto_auth_plugin_version(void)
+{
+ return MOSQ_AUTH_PLUGIN_VERSION;
+}
+
+int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_opt *auth_opts, int auth_opt_count)
+{
+ return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count)
+{
+ return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_security_init(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload)
+{
+ return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload)
+{
+ return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, const struct mosquitto_acl_msg *msg)
+{
+ return MOSQ_ERR_PLUGIN_DEFER;
+}
+
+int mosquitto_auth_unpwd_check(void *user_data, const struct mosquitto *client, const char *username, const char *password)
+{
+ const char *tmp;
+
+ tmp = mosquitto_client_address(client);
+ if(!tmp || strcmp(tmp, "127.0.0.1")){
+ return MOSQ_ERR_AUTH;
+ }
+
+ if(!mosquitto_client_clean_session(client)){
+ fprintf(stderr, "mosquitto_auth_unpwd_check clean_session error: %d\n", mosquitto_client_clean_session(client));
+ return MOSQ_ERR_AUTH;
+ }
+
+ tmp = mosquitto_client_id(client);
+ if(!tmp || strcmp(tmp, "client-params-test")){
+ fprintf(stderr, "mosquitto_auth_unpwd_check client_id error: %s\n", tmp);
+ return MOSQ_ERR_AUTH;
+ }
+
+ if(mosquitto_client_keepalive(client) != 42){
+ fprintf(stderr, "mosquitto_auth_unpwd_check keepalive error: %d\n", mosquitto_client_keepalive(client));
+ return MOSQ_ERR_AUTH;
+ }
+
+ if(!mosquitto_client_certificate(client)){
+ // FIXME
+ //return MOSQ_ERR_AUTH;
+ }
+
+ if(mosquitto_client_protocol(client) != 2){
+ fprintf(stderr, "mosquitto_auth_unpwd_check protocol error: %d\n", mosquitto_client_protocol(client));
+ return MOSQ_ERR_AUTH;
+ }
+
+ if(mosquitto_client_sub_count(client)){
+ fprintf(stderr, "mosquitto_auth_unpwd_check sub_count error: %d\n", mosquitto_client_sub_count(client));
+ return MOSQ_ERR_AUTH;
+ }
+
+ tmp = mosquitto_client_username(client);
+ if(!tmp || strcmp(tmp, "client-username")){
+ fprintf(stderr, "mosquitto_auth_unpwd_check username error: %s\n", tmp);
+ return MOSQ_ERR_AUTH;
+ }
+
+ return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_psk_key_get(void *user_data, const struct mosquitto *client, const char *hint, const char *identity, char *key, int max_key_len)
+{
+ return MOSQ_ERR_AUTH;
+}
+

test/broker/ptest.py

@@ -7,95 +7,96 @@
 max_running = 10
 tests = [
  #(ports required, 'path'),
- (1, './01-connect-success.py'),
- (1, './01-connect-invalid-protonum.py'),
- (1, './01-connect-invalid-id-0.py'),
- (1, './01-connect-invalid-id-0-311.py'),
- (1, './01-connect-invalid-id-missing.py'),
- (1, './01-connect-invalid-reserved.py'),
- (1, './01-connect-invalid-id-utf8.py'),
- (1, './01-connect-anon-denied.py'),
- (1, './01-connect-uname-no-password-denied.py'),
- (1, './01-connect-uname-password-denied.py'),
- (1, './01-connect-uname-password-success.py'),
- (1, './01-connect-uname-no-flag.py'),
- (1, './01-connect-uname-pwd-no-flag.py'),
- (1, './01-connect-uname-invalid-utf8.py'),
-
- (1, './02-subscribe-qos0.py'),
- (1, './02-subscribe-qos1.py'),
- (1, './02-subscribe-qos2.py'),
- (1, './02-subpub-qos0.py'),
- (1, './02-subpub-qos1.py'),
- (1, './02-subpub-qos2.py'),
- (1, './02-unsubscribe-qos0.py'),
- (1, './02-unsubscribe-qos1.py'),
- (1, './02-unsubscribe-qos2.py'),
- (1, './02-unsubscribe-invalid-no-topic.py'),
- (1, './02-subscribe-invalid-utf8.py'),
+ (1, './01-connect-success.py'),
+ (1, './01-connect-invalid-protonum.py'),
+ (1, './01-connect-invalid-id-0.py'),
+ (1, './01-connect-invalid-id-0-311.py'),
+ (1, './01-connect-invalid-id-missing.py'),
+ (1, './01-connect-invalid-reserved.py'),
+ (1, './01-connect-invalid-id-utf8.py'),
+ (1, './01-connect-anon-denied.py'),
+ (1, './01-connect-uname-no-password-denied.py'),
+ (1, './01-connect-uname-password-denied.py'),
+ (1, './01-connect-uname-password-success.py'),
+ (1, './01-connect-uname-no-flag.py'),
+ (1, './01-connect-uname-pwd-no-flag.py'),
+ (1, './01-connect-uname-invalid-utf8.py'),
+
+ (1, './02-subscribe-qos0.py'),
+ (1, './02-subscribe-qos1.py'),
+ (1, './02-subscribe-qos2.py'),
+ (1, './02-subpub-qos0.py'),
+ (1, './02-subpub-qos1.py'),
+ (1, './02-subpub-qos2.py'),
+ (1, './02-unsubscribe-qos0.py'),
+ (1, './02-unsubscribe-qos1.py'),
+ (1, './02-unsubscribe-qos2.py'),
+ (1, './02-unsubscribe-invalid-no-topic.py'),
+ (1, './02-subscribe-invalid-utf8.py'),
  (1, './02-subscribe-persistence-flipflop.py'),
  (1, './02-subhier-crash.py'),
 
- (1, './03-publish-qos1.py'),
- (1, './03-publish-qos2.py'),
- (1, './03-publish-b2c-disconnect-qos1.py'),
- (1, './03-publish-c2b-disconnect-qos2.py'),
- (1, './03-publish-b2c-disconnect-qos2.py'),
- (1, './03-pattern-matching.py'),
- #(1, './03-publish-qos1-queued-bytes.py'),
- (1, './03-publish-invalid-utf8.py'),
-
- (1, './04-retain-qos0.py'),
- (1, './04-retain-qos0-fresh.py'),
- (1, './04-retain-qos0-repeated.py'),
- (1, './04-retain-qos1-qos0.py'),
- (1, './04-retain-qos0-clear.py'),
- (1, './04-retain-upgrade-outgoing-qos.py'),
-
- (1, './05-clean-session-qos1.py'),
-
- (2, './06-bridge-reconnect-local-out.py'),
- (2, './06-bridge-br2b-disconnect-qos1.py'),
- (2, './06-bridge-br2b-disconnect-qos2.py'),
- (2, './06-bridge-b2br-disconnect-qos1.py'),
- (2, './06-bridge-b2br-disconnect-qos2.py'),
- (2, './06-bridge-fail-persist-resend-qos1.py'),
- (2, './06-bridge-fail-persist-resend-qos2.py'),
- (2, './06-bridge-b2br-remapping.py'),
- (2, './06-bridge-br2b-remapping.py'),
- (3, './06-bridge-per-listener-settings.py'),
-
- (1, './07-will-qos0.py'),
- (1, './07-will-null.py'),
- (1, './07-will-null-topic.py'),
- (1, './07-will-invalid-utf8.py'),
- (1, './07-will-no-flag.py'),
-
- (2, './08-ssl-connect-no-auth.py'),
- (2, './08-ssl-connect-no-auth-wrong-ca.py'),
- (2, './08-ssl-connect-cert-auth.py'),
- (2, './08-ssl-connect-cert-auth-without.py'),
- (2, './08-ssl-connect-cert-auth-expired.py'),
- (2, './08-ssl-connect-cert-auth-revoked.py'),
- (2, './08-ssl-connect-cert-auth-crl.py'),
- (2, './08-ssl-connect-identity.py'),
- (2, './08-ssl-connect-no-identity.py'),
- (2, './08-ssl-bridge.py'),
- (2, './08-tls-psk-pub.py'),
- (3, './08-tls-psk-bridge.py'),
-
- (1, './09-plugin-auth-unpwd-success.py'),
- (1, './09-plugin-auth-unpwd-fail.py'),
- (1, './09-plugin-auth-acl-sub.py'),
- (1, './09-plugin-auth-v2-unpwd-success.py'),
- (1, './09-plugin-auth-v2-unpwd-fail.py'),
- (1, './09-plugin-auth-defer-unpwd-success.py'),
- (1, './09-plugin-auth-defer-unpwd-fail.py'),
+ (1, './03-publish-qos1.py'),
+ (1, './03-publish-qos2.py'),
+ (1, './03-publish-b2c-disconnect-qos1.py'),
+ (1, './03-publish-c2b-disconnect-qos2.py'),
+ (1, './03-publish-b2c-disconnect-qos2.py'),
+ (1, './03-pattern-matching.py'),
+ #(1, './03-publish-qos1-queued-bytes.py'),
+ (1, './03-publish-invalid-utf8.py'),
+
+ (1, './04-retain-qos0.py'),
+ (1, './04-retain-qos0-fresh.py'),
+ (1, './04-retain-qos0-repeated.py'),
+ (1, './04-retain-qos1-qos0.py'),
+ (1, './04-retain-qos0-clear.py'),
+ (1, './04-retain-upgrade-outgoing-qos.py'),
+
+ (1, './05-clean-session-qos1.py'),
+
+ (2, './06-bridge-reconnect-local-out.py'),
+ (2, './06-bridge-br2b-disconnect-qos1.py'),
+ (2, './06-bridge-br2b-disconnect-qos2.py'),
+ (2, './06-bridge-b2br-disconnect-qos1.py'),
+ (2, './06-bridge-b2br-disconnect-qos2.py'),
+ (2, './06-bridge-fail-persist-resend-qos1.py'),
+ (2, './06-bridge-fail-persist-resend-qos2.py'),
+ (2, './06-bridge-b2br-remapping.py'),
+ (2, './06-bridge-br2b-remapping.py'),
+ (3, './06-bridge-per-listener-settings.py'),
+
+ (1, './07-will-qos0.py'),
+ (1, './07-will-null.py'),
+ (1, './07-will-null-topic.py'),
+ (1, './07-will-invalid-utf8.py'),
+ (1, './07-will-no-flag.py'),
+
+ (2, './08-ssl-connect-no-auth.py'),
+ (2, './08-ssl-connect-no-auth-wrong-ca.py'),
+ (2, './08-ssl-connect-cert-auth.py'),
+ (2, './08-ssl-connect-cert-auth-without.py'),
+ (2, './08-ssl-connect-cert-auth-expired.py'),
+ (2, './08-ssl-connect-cert-auth-revoked.py'),
+ (2, './08-ssl-connect-cert-auth-crl.py'),
+ (2, './08-ssl-connect-identity.py'),
+ (2, './08-ssl-connect-no-identity.py'),
+ (2, './08-ssl-bridge.py'),
+ (2, './08-tls-psk-pub.py'),
+ (3, './08-tls-psk-bridge.py'),
+
+ (1, './09-plugin-auth-unpwd-success.py'),
+ (1, './09-plugin-auth-unpwd-fail.py'),
+ (1, './09-plugin-auth-acl-sub.py'),
+ (1, './09-plugin-auth-v2-unpwd-success.py'),
+ (1, './09-plugin-auth-v2-unpwd-fail.py'),
+ (1, './09-plugin-auth-defer-unpwd-success.py'),
+ (1, './09-plugin-auth-defer-unpwd-fail.py'),
  (1, './09-plugin-auth-msg-params.py'),
+ (1, './09-plugin-auth-context-params.py'),
 
- (2, './10-listener-mount-point.py'),
+ (2, './10-listener-mount-point.py'),
 
- (1, './11-persistent-subscription.py'),
+ (1, './11-persistent-subscription.py'),
  ]
 
 minport = 1888