diff --git a/ChangeLog.txt b/ChangeLog.txt
index 57e2a42e37..ccc3807be5 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -16,7 +16,12 @@ Breaking changes:
If the broker is run as `mosquitto -c mosquitto.conf -p 1884`, and a
listener is defined in the configuration file, then the port defined on the
command line will be IGNORED, and no listener configured for it.
-
+- All listeners now default to `allow_anonymous false` unless explicitly set
+ to true in the configuration file. This means that when configuring a
+ listener the user must either configure an authentication and access control
+ method, or set `allow_anonymous true`. When the broker is run without a
+ configured listener, and so binds to the loopback interface, anonymous
+ connections are allowed.
Broker:
- When running as root, if dropping privileges to the "mosquitto" user fails,
diff --git a/man/mosquitto.conf.5.xml b/man/mosquitto.conf.5.xml
index 439184c6a9..30c6695180 100644
--- a/man/mosquitto.conf.5.xml
+++ b/man/mosquitto.conf.5.xml
@@ -171,13 +171,10 @@
connect. If set to false
then another means of connection should be created to
control authenticated client access.
- Defaults to true if no
- other security options are set. If
- or is set, or if an
- authentication plugin is loaded which implements
- username/password or TLS-PSK checks, then
- defaults to
- false.
+ Defaults to false,
+ unless no listeners are defined in the configuration
+ file, in which case it set to true,
+ but connections are only allowed from the local machine.
If is
true, this option applies to
@@ -186,6 +183,10 @@
false, this option applies
to all listeners.
+ In version 1.6.x and earlier, this option defaulted
+ to true unless there was another security
+ option set.
+
Reloaded on reload signal.
diff --git a/mosquitto.conf b/mosquitto.conf
index d901454158..520303515c 100644
--- a/mosquitto.conf
+++ b/mosquitto.conf
@@ -668,12 +668,10 @@
# false then a password file should be created (see the
# password_file option) to control authenticated client access.
#
-# Defaults to true if no other security options are set. If `password_file` or
-# `psk_file` is set, or if an authentication plugin is loaded which implements
-# username/password or TLS-PSK checks, then `allow_anonymous` defaults to
-# false.
-#
-#allow_anonymous true
+# Defaults to false, unless there are no listeners defined in the configuration
+# file, in which case it is set to true, but connections are only allowed from
+# the local machine.
+#allow_anonymous false
# -----------------------------------------------------------------
# Default authentication and topic access control
diff --git a/src/conf.c b/src/conf.c
index 06c1844a17..71cc18e4c4 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -137,6 +137,7 @@ static void config__init_reload(struct mosquitto_db *db, struct mosquitto__confi
config->listeners[i].security_options.auto_id_prefix_len = 0;
}
+ config->local_only = true;
config->allow_duplicate_messages = false;
mosquitto__free(config->security_options.acl_file);
@@ -240,12 +241,7 @@ void config__init(struct mosquitto_db *db, struct mosquitto__config *config)
config->daemon = false;
memset(&config->default_listener, 0, sizeof(struct mosquitto__listener));
- config->default_listener.max_connections = -1;
- config->default_listener.protocol = mp_mqtt;
- config->default_listener.security_options.allow_anonymous = -1;
- config->default_listener.security_options.allow_zero_length_clientid = true;
- config->default_listener.maximum_qos = 2;
- config->default_listener.max_topic_alias = 10;
+ listener__set_defaults(&config->default_listener);
}
void config__cleanup(struct mosquitto__config *config)
@@ -450,7 +446,6 @@ int config__parse_args(struct mosquitto_db *db, struct mosquitto__config *config
|| config->default_listener.security_options.password_file
|| config->default_listener.security_options.psk_file
|| config->default_listener.security_options.auth_plugin_config_count
- || config->default_listener.security_options.allow_anonymous != -1
|| config->default_listener.security_options.allow_zero_length_clientid != true
){
@@ -602,8 +597,7 @@ int config__read(struct mosquitto_db *db, struct mosquitto__config *config, bool
int len;
#endif
struct mosquitto__config config_reload;
- struct mosquitto__auth_plugin *plugin;
- int i, j;
+ int i;
if(reload){
memset(&config_reload, 0, sizeof(struct mosquitto__config));
@@ -641,69 +635,20 @@ int config__read(struct mosquitto_db *db, struct mosquitto__config *config, bool
}
/* If auth/access options are set and allow_anonymous not explicitly set, disallow anon. */
- if(config->per_listener_settings){
- for(i=0; ilistener_count; i++){
- if(config->listeners[i].security_options.allow_anonymous == -1){
+ if(config->local_only == true){
+ config->security_options.allow_anonymous = true;
+ }else{
+ if(config->per_listener_settings){
+ for(i=0; ilistener_count; i++){
/* Default option if no security options set */
- config->listeners[i].security_options.allow_anonymous = true;
-
- if(config->listeners[i].security_options.password_file
- || config->listeners[i].security_options.psk_file){
-
- /* allow_anonymous not set explicitly, some other security options
- * have been set - so disable allow_anonymous
- */
+ if(config->listeners[i].security_options.allow_anonymous == -1){
config->listeners[i].security_options.allow_anonymous = false;
}
-
- /* Check plugins loaded to see if they have username/password checks enabled */
- for(j=0; jlisteners[i].security_options.auth_plugin_config_count; j++){
- plugin = &config->listeners[i].security_options.auth_plugin_configs[j].plugin;
-
- if(plugin->version == 3 || plugin->version == 2){
- /* Version 2 and 3 always have username/password checks */
- config->listeners[i].security_options.allow_anonymous = false;
- break;
- }else{
- /* Version 4 has optional unpwd checks. */
- if(plugin->unpwd_check_v4 != NULL){
- config->listeners[i].security_options.allow_anonymous = false;
- break;
- }
- }
- }
}
- }
- }else{
- if(config->security_options.allow_anonymous == -1){
- /* Default option if no security options set */
- config->security_options.allow_anonymous = true;
-
- if(config->security_options.password_file
- || config->security_options.psk_file){
-
- /* allow_anonymous not set explicitly, some other security options
- * have been set - so disable allow_anonymous
- */
+ }else{
+ if(config->security_options.allow_anonymous == -1){
config->security_options.allow_anonymous = false;
}
-
- /* Check plugins loaded to see if they have username/password checks enabled */
- for(j=0; jsecurity_options.auth_plugin_config_count; j++){
- plugin = &config->security_options.auth_plugin_configs[j].plugin;
-
- if(plugin->version == 3 || plugin->version == 2){
- /* Version 2 and 3 always have username/password checks */
- config->security_options.allow_anonymous = false;
- break;
- }else{
- /* Version 4 has optional unpwd checks. */
- if(plugin->unpwd_check_v4 != NULL){
- config->security_options.allow_anonymous = false;
- break;
- }
- }
- }
}
}
#ifdef WITH_PERSISTENCE
@@ -949,6 +894,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
}else if(!strcmp(token, "autosave_on_changes")){
if(conf__parse_bool(&token, "autosave_on_changes", &config->autosave_on_changes, saveptr)) return MOSQ_ERR_INVAL;
}else if(!strcmp(token, "bind_address")){
+ config->local_only = false;
if(reload) continue; // Listener not valid for reloading.
if(conf__parse_string(&token, "default listener bind_address", &config->default_listener.host, saveptr)) return MOSQ_ERR_INVAL;
if(conf__attempt_resolve(config->default_listener.host, "bind_address", MOSQ_LOG_ERR, "Error")){
@@ -1374,6 +1320,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS support not available.");
#endif
}else if(!strcmp(token, "listener")){
+ config->local_only = false;
token = strtok_r(NULL, " ", &saveptr);
if(token){
tmp_int = atoi(token);
@@ -1436,12 +1383,8 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
memset(cur_listener, 0, sizeof(struct mosquitto__listener));
}
- cur_listener->security_options.allow_anonymous = -1;
- cur_listener->security_options.allow_zero_length_clientid = true;
- cur_listener->protocol = mp_mqtt;
+ listener__set_defaults(cur_listener);
cur_listener->port = tmp_int;
- cur_listener->maximum_qos = 2;
- cur_listener->max_topic_alias = 10;
mosquitto__free(cur_listener->host);
cur_listener->host = NULL;
@@ -1813,6 +1756,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, struct
if(reload) continue; // pid file not valid for reloading.
if(conf__parse_string(&token, "pid_file", &config->pid_file, saveptr)) return MOSQ_ERR_INVAL;
}else if(!strcmp(token, "port")){
+ config->local_only = false;
if(reload) continue; // Listener not valid for reloading.
if(config->default_listener.port){
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Default listener port specified multiple times. Only the latest will be used.");
diff --git a/src/handle_connect.c b/src/handle_connect.c
index c414bdecb7..c7b6b47394 100644
--- a/src/handle_connect.c
+++ b/src/handle_connect.c
@@ -771,44 +771,16 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
#ifdef FINAL_WITH_TLS_PSK
}
#endif /* FINAL_WITH_TLS_PSK */
- }else{
+ }else
#endif /* WITH_TLS */
+ {
/* FIXME - these ensure the mosquitto_client_id() and
* mosquitto_client_username() functions work, but is hacky */
context->username = username;
context->password = password;
username = NULL; /* Avoid free() in error: below. */
password = NULL;
-
- rc = mosquitto_unpwd_check(db, context);
- if(rc != MOSQ_ERR_SUCCESS){
- /* We must have context->id == NULL here so we don't later try and
- * remove the client from the by_id hash table */
- mosquitto__free(context->id);
- context->id = NULL;
- }
- switch(rc){
- case MOSQ_ERR_SUCCESS:
- break;
- case MOSQ_ERR_AUTH:
- if(context->protocol == mosq_p_mqtt5){
- send__connack(db, context, 0, MQTT_RC_NOT_AUTHORIZED, NULL);
- }else{
- send__connack(db, context, 0, CONNACK_REFUSED_NOT_AUTHORIZED, NULL);
- }
- context__disconnect(db, context);
- rc = 1;
- goto handle_connect_error;
- break;
- default:
- context__disconnect(db, context);
- rc = 1;
- goto handle_connect_error;
- break;
- }
-#ifdef WITH_TLS
}
-#endif
if(context->listener->use_username_as_clientid){
if(context->username){
@@ -862,6 +834,39 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
}
}
}else{
+#ifdef WITH_TLS
+ if(context->listener->ssl_ctx && (context->listener->use_identity_as_username || context->listener->use_subject_as_username)){
+ /* Authentication assumed to be cleared */
+ }else
+#endif
+ {
+ rc = mosquitto_unpwd_check(db, context);
+ if(rc != MOSQ_ERR_SUCCESS){
+ /* We must have context->id == NULL here so we don't later try and
+ * remove the client from the by_id hash table */
+ mosquitto__free(context->id);
+ context->id = NULL;
+ }
+ switch(rc){
+ case MOSQ_ERR_SUCCESS:
+ break;
+ case MOSQ_ERR_AUTH:
+ if(context->protocol == mosq_p_mqtt5){
+ send__connack(db, context, 0, MQTT_RC_NOT_AUTHORIZED, NULL);
+ }else{
+ send__connack(db, context, 0, CONNACK_REFUSED_NOT_AUTHORIZED, NULL);
+ }
+ context__disconnect(db, context);
+ rc = 1;
+ goto handle_connect_error;
+ break;
+ default:
+ context__disconnect(db, context);
+ rc = 1;
+ goto handle_connect_error;
+ break;
+ }
+ }
return connect__on_authorised(db, context, NULL, 0);
}
diff --git a/src/mosquitto.c b/src/mosquitto.c
index 7e54767f2c..8464b4c5b9 100644
--- a/src/mosquitto.c
+++ b/src/mosquitto.c
@@ -206,6 +206,17 @@ void mosquitto__daemonise(void)
}
+void listener__set_defaults(struct mosquitto__listener *listener)
+{
+ listener->security_options.allow_anonymous = -1;
+ listener->security_options.allow_zero_length_clientid = true;
+ listener->protocol = mp_mqtt;
+ listener->max_connections = -1;
+ listener->maximum_qos = 2;
+ listener->max_topic_alias = 10;
+}
+
+
int listeners__start_single_mqtt(struct mosquitto_db *db, mosq_sock_t **listensock, int *listensock_count, int *listensock_index, struct mosquitto__listener *listener)
{
int i;
@@ -244,12 +255,9 @@ int listeners__add_local(struct mosquitto_db *db, mosq_sock_t **listensock, int
db->config->listeners = listeners;
memset(&listeners[db->config->listener_count-1], 0, sizeof(struct mosquitto__listener));
- listeners[db->config->listener_count-1].security_options.allow_anonymous = -1;
- listeners[db->config->listener_count-1].security_options.allow_zero_length_clientid = true;
- listeners[db->config->listener_count-1].protocol = mp_mqtt;
+ listener__set_defaults(&listeners[db->config->listener_count-1]);
+ listeners[db->config->listener_count-1].security_options.allow_anonymous = true;
listeners[db->config->listener_count-1].port = port;
- listeners[db->config->listener_count-1].maximum_qos = 2;
- listeners[db->config->listener_count-1].max_topic_alias = 10;
listeners[db->config->listener_count-1].host = mosquitto__strdup(host);
if(listeners[db->config->listener_count-1].host == NULL){
return MOSQ_ERR_NOMEM;
diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h
index 051dd3750f..89b62e0de6 100644
--- a/src/mosquitto_broker_internal.h
+++ b/src/mosquitto_broker_internal.h
@@ -290,6 +290,7 @@ struct mosquitto__config {
struct mosquitto__listener default_listener;
struct mosquitto__listener *listeners;
int listener_count;
+ bool local_only;
int log_dest;
int log_facility;
unsigned int log_type;
@@ -759,6 +760,11 @@ int mux__wait(void);
int mux__handle(struct mosquitto_db *db, mosq_sock_t *listensock, int listensock_count);
int mux__cleanup(struct mosquitto_db *db);
+/* ============================================================
+ * Listener related functions
+ * ============================================================ */
+void listener__set_defaults(struct mosquitto__listener *listener);
+
/* ============================================================
* Property related functions
* ============================================================ */
diff --git a/src/security.c b/src/security.c
index 52e9793598..69b2f67be2 100644
--- a/src/security.c
+++ b/src/security.c
@@ -692,7 +692,6 @@ int mosquitto_unpwd_check(struct mosquitto_db *db, struct mosquitto *context)
opts = &db->config->security_options;
}
- rc = MOSQ_ERR_SUCCESS;
for(i=0; iauth_plugin_config_count; i++){
if(opts->auth_plugin_configs[i].plugin.version == 4
&& opts->auth_plugin_configs[i].plugin.unpwd_check_v4){
diff --git a/src/security_default.c b/src/security_default.c
index 3ce90b87e2..a88d698a3f 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -896,28 +896,55 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
int rc;
#endif
bool allow_anonymous;
+ char *password_file;
if(!db) return MOSQ_ERR_INVAL;
+ /*
+ * If allow_anonymous is true, and there is no password file defined, then
+ * all users are treated as being anonymous and can connect.
+ *
+ * If allow_anonymous is false and there is no password file defined, then
+ * we defer the decision to other plugins (this is a rejection if no other
+ * plugins are defined)
+ *
+ * If allow_anonymous is true, and there is a password file defined, then
+ * all users with a username must authenticate. All anonymous users are
+ * allowed to connect. This is a valid mode, because authenticated users
+ * can be assigned permissions that anonymous users are not.
+ *
+ * If allow_anonymous is false, and there is a password file defined, then
+ * all users with a username must authenticate. All anonymous users are
+ * defered to other plugins, (this is a rejection if no other plugins are
+ * defined).
+ */
if(db->config->per_listener_settings){
if(context->bridge) return MOSQ_ERR_SUCCESS;
if(!context->listener) return MOSQ_ERR_INVAL;
- if(context->listener->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
unpwd_ref = context->listener->security_options.unpwd;
+ password_file = context->listener->security_options.password_file;
allow_anonymous = context->listener->security_options.allow_anonymous;
}else{
- if(db->config->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
unpwd_ref = db->config->security_options.unpwd;
+ password_file = db->config->security_options.password_file;
allow_anonymous = db->config->security_options.allow_anonymous;
}
- if(context->username == NULL){
- /* Check must be made only after checking unpwd_ref.
- * This is DENY here, because in MQTT v5 username can be missing when
- * password is present, but we don't support that. */
- if(allow_anonymous == true){
+ if(context->username){
+ if(password_file != NULL){
+ /* Client must authenticate below */
+ }else{
+ if(allow_anonymous == true){
+ /* No password file, so treated as anonymous */
+ return MOSQ_ERR_SUCCESS;
+ }else{
+ return MOSQ_ERR_PLUGIN_DEFER;
+ }
+ }
+ }else{
+ if(allow_anonymous){
return MOSQ_ERR_SUCCESS;
}else{
- return MOSQ_ERR_AUTH;
+ return MOSQ_ERR_PLUGIN_DEFER;
}
}
diff --git a/test/broker/01-connect-allow-anonymous.py b/test/broker/01-connect-allow-anonymous.py
new file mode 100755
index 0000000000..985c0b804f
--- /dev/null
+++ b/test/broker/01-connect-allow-anonymous.py
@@ -0,0 +1,91 @@
+#!/usr/bin/env python3
+
+# Test whether an anonymous connection is correctly denied.
+
+from mosq_test_helper import *
+
+def write_config1(filename, port):
+ with open(filename, 'w') as f:
+ f.write("max_connections 10\n") # So the file isn't completely empty
+
+def write_config2(filename, port):
+ with open(filename, 'w') as f:
+ f.write("port %d\n" % (port))
+
+def write_config3(filename, port):
+ with open(filename, 'w') as f:
+ f.write("listener %d\n" % (port))
+
+def write_config4(filename, port):
+ with open(filename, 'w') as f:
+ f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
+
+def write_config5(filename, port):
+ with open(filename, 'w') as f:
+ f.write("listener %d\n" % (port))
+ f.write("allow_anonymous true\n")
+
+
+def do_test(use_conf, write_config, expect_success):
+ port = mosq_test.get_port()
+ if write_config is not None:
+ conf_file = os.path.basename(__file__).replace('.py', '.conf')
+ write_config(conf_file, port)
+
+ broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=use_conf, port=port)
+
+ try:
+ for proto_ver in [4, 5]:
+ rc = 1
+ keepalive = 10
+ connect_packet = mosq_test.gen_connect("connect-anon-test-%d" % (proto_ver), keepalive=keepalive, proto_ver=proto_ver)
+
+ if proto_ver == 5:
+ if expect_success == True:
+ connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver)
+ else:
+ connack_packet = mosq_test.gen_connack(rc=mqtt5_rc.MQTT_RC_NOT_AUTHORIZED, proto_ver=proto_ver, properties=None)
+ else:
+ if expect_success == True:
+ connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver)
+ else:
+ connack_packet = mosq_test.gen_connack(rc=5, proto_ver=proto_ver)
+
+
+ sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
+ sock.close()
+ rc = 0
+ except mosq_test.TestError:
+ pass
+ finally:
+ if write_config is not None:
+ os.remove(conf_file)
+ broker.terminate()
+ broker.wait()
+ (stdo, stde) = broker.communicate()
+ if rc:
+ print(stde.decode('utf-8'))
+ print("proto_ver=%d" % (proto_ver))
+ exit(rc)
+
+
+# No config file - allow_anonymous should be true
+do_test(use_conf=False, write_config=None, expect_success=True)
+
+# Config file but no listener - allow_anonymous should be true
+# Not possible right now because the test doesn't allow us to use a config file and -p at the same time.
+#do_test(use_conf=True, write_config=write_config1, expect_success=True)
+
+# Config file with "port" - allow_anonymous should be false
+do_test(use_conf=True, write_config=write_config2, expect_success=False)
+
+# Config file with "listener" - allow_anonymous should be false
+do_test(use_conf=True, write_config=write_config3, expect_success=False)
+
+# Config file with "port" - allow_anonymous explicitly true
+do_test(use_conf=True, write_config=write_config4, expect_success=True)
+
+# Config file with "listener" - allow_anonymous explicitly true
+do_test(use_conf=True, write_config=write_config5, expect_success=True)
+exit(0)
diff --git a/test/broker/01-connect-anon-denied.pwfile b/test/broker/01-connect-anon-denied.pwfile
deleted file mode 100644
index 0fec1e9628..0000000000
--- a/test/broker/01-connect-anon-denied.pwfile
+++ /dev/null
@@ -1 +0,0 @@
-user:$6$kyuI0x+unN8lbv9U$b6c3O8U/3fCJLEg7/qDHnE9oOE6gu8JqwBXNLAPBQInJuHhpB3teOaSxb3Lx9O+ukglIRPOI0NCENcincSPCvQ==
diff --git a/test/broker/01-connect-anon-denied.py b/test/broker/01-connect-anon-denied.py
deleted file mode 100755
index 8664920742..0000000000
--- a/test/broker/01-connect-anon-denied.py
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env python3
-
-# Test whether an anonymous connection is correctly denied.
-
-from mosq_test_helper import *
-
-def write_config(filename, port):
- with open(filename, 'w') as f:
- f.write("port %d\n" % (port))
- f.write("password_file %s\n" % (filename.replace('.conf', '.pwfile')))
- f.write("allow_anonymous false\n")
-
-
-def do_test(proto_ver):
- port = mosq_test.get_port()
- conf_file = os.path.basename(__file__).replace('.py', '.conf')
- write_config(conf_file, port)
-
- rc = 1
- keepalive = 10
- connect_packet = mosq_test.gen_connect("connect-anon-test", keepalive=keepalive, proto_ver=proto_ver)
-
- if proto_ver == 5:
- connack_packet = mosq_test.gen_connack(rc=mqtt5_rc.MQTT_RC_NOT_AUTHORIZED, proto_ver=proto_ver, properties=None)
- else:
- connack_packet = mosq_test.gen_connack(rc=5, proto_ver=proto_ver)
-
- broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
-
- try:
- sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
- sock.close()
- rc = 0
- except mosq_test.TestError:
- pass
- finally:
- os.remove(conf_file)
- broker.terminate()
- broker.wait()
- (stdo, stde) = broker.communicate()
- if rc:
- print(stde.decode('utf-8'))
- print("proto_ver=%d" % (proto_ver))
- exit(rc)
-
-
-do_test(proto_ver=4)
-do_test(proto_ver=5)
-exit(0)
diff --git a/test/broker/01-connect-uname-or-anon.pwfile b/test/broker/01-connect-uname-or-anon.pwfile
new file mode 100644
index 0000000000..fd4ac0a23f
--- /dev/null
+++ b/test/broker/01-connect-uname-or-anon.pwfile
@@ -0,0 +1 @@
+user:$6$Ut1cUS9PG8+gC3vn$tOjCfSJJDe1Alu9HktxxyyzwN4+6mAMSWGRAF9gmMN8pzcGTPVEYYMAZpCEp96Oz2ZRRz5YKM6lPMf1tUbb6zA==
diff --git a/test/broker/01-connect-uname-or-anon.py b/test/broker/01-connect-uname-or-anon.py
new file mode 100755
index 0000000000..55afa8364c
--- /dev/null
+++ b/test/broker/01-connect-uname-or-anon.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+
+# Test whether an anonymous connection is correctly denied.
+
+from mosq_test_helper import *
+
+def write_config(filename, port, allow_anonymous, password_file):
+ with open(filename, 'w') as f:
+ f.write("listener %d\n" % (port))
+ if allow_anonymous:
+ f.write("allow_anonymous true\n")
+ else:
+ f.write("allow_anonymous false\n")
+ if password_file:
+ f.write("password_file %s\n" % (filename.replace('.conf', '.pwfile')))
+
+def do_test(allow_anonymous, password_file, username, expect_success):
+ port = mosq_test.get_port()
+ conf_file = os.path.basename(__file__).replace('.py', '.conf')
+ write_config(conf_file, port, allow_anonymous, password_file)
+
+ broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
+
+ try:
+ for proto_ver in [4, 5]:
+ rc = 1
+ keepalive = 10
+ if username:
+ connect_packet = mosq_test.gen_connect("connect-test-%d" % (proto_ver), keepalive=keepalive, proto_ver=proto_ver, username="user", password="password")
+ else:
+ connect_packet = mosq_test.gen_connect("connect-test-%d" % (proto_ver), keepalive=keepalive, proto_ver=proto_ver)
+
+ if proto_ver == 5:
+ if expect_success == True:
+ connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver)
+ else:
+ connack_packet = mosq_test.gen_connack(rc=mqtt5_rc.MQTT_RC_NOT_AUTHORIZED, proto_ver=proto_ver, properties=None)
+ else:
+ if expect_success == True:
+ connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver)
+ else:
+ connack_packet = mosq_test.gen_connack(rc=5, proto_ver=proto_ver)
+
+
+ sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
+ sock.close()
+ rc = 0
+ except mosq_test.TestError:
+ pass
+ finally:
+ os.remove(conf_file)
+ broker.terminate()
+ broker.wait()
+ (stdo, stde) = broker.communicate()
+ if rc:
+ print(stde.decode('utf-8'))
+ print("proto_ver=%d, allow_anonymous=%d, password_file=%d, username=%d" % (proto_ver, allow_anonymous, password_file, username))
+ exit(rc)
+
+
+do_test(allow_anonymous=True, password_file=True, username=True, expect_success=True)
+do_test(allow_anonymous=True, password_file=True, username=False, expect_success=True)
+do_test(allow_anonymous=True, password_file=False, username=True, expect_success=True)
+do_test(allow_anonymous=True, password_file=False, username=False, expect_success=True)
+do_test(allow_anonymous=False, password_file=True, username=True, expect_success=True)
+do_test(allow_anonymous=False, password_file=True, username=False, expect_success=False)
+do_test(allow_anonymous=False, password_file=False, username=True, expect_success=False)
+do_test(allow_anonymous=False, password_file=False, username=False, expect_success=False)
+
+exit(0)
diff --git a/test/broker/01-connect-uname-password-success.pwfile b/test/broker/01-connect-uname-password-success.pwfile
deleted file mode 100644
index e516eb7776..0000000000
--- a/test/broker/01-connect-uname-password-success.pwfile
+++ /dev/null
@@ -1 +0,0 @@
-user:$6$LIg/OiUz2yPftClP$dQu0vVNqRHOcMOzDLuqv4e+5rTFW83DFm3s+C8fy9F7Ip73cdIGUlsNGBs4MtKWNjtMl8LnT+pIQZ7ic1ZttyQ==
diff --git a/test/broker/01-connect-uname-password-success.py b/test/broker/01-connect-uname-password-success.py
deleted file mode 100755
index 27c09c11b9..0000000000
--- a/test/broker/01-connect-uname-password-success.py
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/env python3
-
-# Test whether a connection is denied if it provides a correct username but
-# incorrect password.
-
-from mosq_test_helper import *
-
-def write_config(filename, port):
- with open(filename, 'w') as f:
- f.write("port %d\n" % (port))
- f.write("password_file %s\n" % (filename.replace('.conf', '.pwfile')))
- f.write("allow_anonymous false\n")
-
-
-def do_test(proto_ver):
- port = mosq_test.get_port()
- conf_file = os.path.basename(__file__).replace('.py', '.conf')
- write_config(conf_file, port)
-
- rc = 1
- keepalive = 10
- connect_packet = mosq_test.gen_connect("connect-uname-pwd-test", keepalive=keepalive, username="user", password="password", proto_ver=proto_ver)
- connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver)
-
- broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
-
- try:
- sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
- sock.close()
- rc = 0
-
- except mosq_test.TestError:
- pass
- finally:
- os.remove(conf_file)
- broker.terminate()
- broker.wait()
- (stdo, stde) = broker.communicate()
- if rc:
- print(stde.decode('utf-8'))
- print("proto_ver=%d" % (proto_ver))
- exit(rc)
-
-
-do_test(proto_ver=4)
-do_test(proto_ver=5)
-exit(0)
diff --git a/test/broker/01-connect-zero-length-id.py b/test/broker/01-connect-zero-length-id.py
index 8ad4721d0c..6f1897db39 100755
--- a/test/broker/01-connect-zero-length-id.py
+++ b/test/broker/01-connect-zero-length-id.py
@@ -10,10 +10,12 @@
def write_config(filename, port1, port2, per_listener, allow_zero):
with open(filename, 'w') as f:
f.write("per_listener_settings %s\n" % (per_listener))
- f.write("port %d\n" % (port2))
+ f.write("listener %d\n" % (port2))
+ f.write("allow_anonymous true\n")
if allow_zero != "":
f.write("allow_zero_length_clientid %s\n" % (allow_zero))
f.write("listener %d\n" % (port1))
+ f.write("allow_anonymous true\n")
if allow_zero != "":
f.write("allow_zero_length_clientid %s\n" % (allow_zero))
diff --git a/test/broker/03-publish-qos1-retain-disabled.py b/test/broker/03-publish-qos1-retain-disabled.py
index 44105e5efd..6acf578cb4 100755
--- a/test/broker/03-publish-qos1-retain-disabled.py
+++ b/test/broker/03-publish-qos1-retain-disabled.py
@@ -7,7 +7,8 @@
def write_config(filename, port):
with open(filename, 'w') as f:
- f.write("port %d\n" % (port))
+ f.write("listener %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("retain_available false\n")
diff --git a/test/broker/03-publish-qos2-max-inflight.py b/test/broker/03-publish-qos2-max-inflight.py
index 053d1b0820..81bf007391 100755
--- a/test/broker/03-publish-qos2-max-inflight.py
+++ b/test/broker/03-publish-qos2-max-inflight.py
@@ -8,6 +8,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("max_inflight_messages 1\n")
diff --git a/test/broker/04-retain-check-source-persist-diff-port.py b/test/broker/04-retain-check-source-persist-diff-port.py
index c7a41591d6..efe1cfbac9 100755
--- a/test/broker/04-retain-check-source-persist-diff-port.py
+++ b/test/broker/04-retain-check-source-persist-diff-port.py
@@ -11,10 +11,12 @@ def write_config(filename, port1, port2, per_listener):
f.write("per_listener_settings %s\n" % (per_listener))
f.write("check_retain_source true\n")
f.write("port %d\n" % (port1))
+ f.write("allow_anonymous true\n")
f.write("acl_file %s\n" % (filename.replace('.conf', '.acl')))
f.write("persistence true\n")
f.write("persistence_file %s\n" % (filename.replace('.conf', '.db')))
f.write("listener %d\n" % (port2))
+ f.write("allow_anonymous true\n")
def write_acl_1(filename, username):
with open(filename, 'w') as f:
diff --git a/test/broker/04-retain-check-source-persist.py b/test/broker/04-retain-check-source-persist.py
index 83ea97eeda..9e59441515 100755
--- a/test/broker/04-retain-check-source-persist.py
+++ b/test/broker/04-retain-check-source-persist.py
@@ -10,6 +10,7 @@ def write_config(filename, port, per_listener):
f.write("per_listener_settings %s\n" % (per_listener))
f.write("check_retain_source true\n")
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("acl_file %s\n" % (filename.replace('.conf', '.acl')))
f.write("persistence true\n")
f.write("persistence_file %s\n" % (filename.replace('.conf', '.db')))
diff --git a/test/broker/04-retain-check-source.py b/test/broker/04-retain-check-source.py
index 1a2b55606b..5a7ed298e4 100755
--- a/test/broker/04-retain-check-source.py
+++ b/test/broker/04-retain-check-source.py
@@ -10,6 +10,7 @@ def write_config(filename, port, per_listener):
f.write("per_listener_settings %s\n" % (per_listener))
f.write("check_retain_source true\n")
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("acl_file %s\n" % (filename.replace('.conf', '.acl')))
def write_acl_1(filename):
diff --git a/test/broker/04-retain-upgrade-outgoing-qos.py b/test/broker/04-retain-upgrade-outgoing-qos.py
index 2124c4c8a6..e2720bcfbb 100755
--- a/test/broker/04-retain-upgrade-outgoing-qos.py
+++ b/test/broker/04-retain-upgrade-outgoing-qos.py
@@ -8,6 +8,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("upgrade_outgoing_qos true\n")
diff --git a/test/broker/06-bridge-b2br-late-connection-retain.py b/test/broker/06-bridge-b2br-late-connection-retain.py
index 71b84a713e..4beeb7c2c3 100755
--- a/test/broker/06-bridge-b2br-late-connection-retain.py
+++ b/test/broker/06-bridge-b2br-late-connection-retain.py
@@ -7,6 +7,7 @@
def write_config1(filename, persistence_file, port1, port2):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("persistence true\n")
f.write("persistence_file %s\n" % (persistence_file))
@@ -14,6 +15,7 @@ def write_config1(filename, persistence_file, port1, port2):
def write_config2(filename, persistence_file, port1, port2, protocol_version):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_sample\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/06-bridge-b2br-late-connection.py b/test/broker/06-bridge-b2br-late-connection.py
index 63be7080d3..2ffe152461 100755
--- a/test/broker/06-bridge-b2br-late-connection.py
+++ b/test/broker/06-bridge-b2br-late-connection.py
@@ -7,6 +7,7 @@
def write_config(filename, port1, port2, protocol_version):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_sample\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/06-bridge-b2br-remapping.py b/test/broker/06-bridge-b2br-remapping.py
index dd9854f2e0..7d17edb48a 100755
--- a/test/broker/06-bridge-b2br-remapping.py
+++ b/test/broker/06-bridge-b2br-remapping.py
@@ -7,6 +7,7 @@
def write_config(filename, port1, port2, protocol_version):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_sample\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/06-bridge-br2b-disconnect-qos1.py b/test/broker/06-bridge-br2b-disconnect-qos1.py
index 269096d5d5..c84dd1d4ed 100755
--- a/test/broker/06-bridge-br2b-disconnect-qos1.py
+++ b/test/broker/06-bridge-br2b-disconnect-qos1.py
@@ -7,6 +7,7 @@
def write_config(filename, port1, port2, protocol_version):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_sample\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/06-bridge-br2b-disconnect-qos2.py b/test/broker/06-bridge-br2b-disconnect-qos2.py
index 3579bcf86b..5a219e3a21 100755
--- a/test/broker/06-bridge-br2b-disconnect-qos2.py
+++ b/test/broker/06-bridge-br2b-disconnect-qos2.py
@@ -7,6 +7,7 @@
def write_config(filename, port1, port2, protocol_version):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_sample\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/06-bridge-br2b-remapping.py b/test/broker/06-bridge-br2b-remapping.py
index 3f0fc4f096..0be760e7d8 100755
--- a/test/broker/06-bridge-br2b-remapping.py
+++ b/test/broker/06-bridge-br2b-remapping.py
@@ -7,6 +7,7 @@
def write_config(filename, port1, port2, protocol_version):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_sample\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/06-bridge-clean-session.py b/test/broker/06-bridge-clean-session.py
index c3408929ac..35d6c2f5d8 100755
--- a/test/broker/06-bridge-clean-session.py
+++ b/test/broker/06-bridge-clean-session.py
@@ -31,6 +31,7 @@ def tprint(*args, **kwargs):
def write_config_edge(filename, persistence_file, remote_port, listen_port, protocol_version, cs=False, lcs=None):
with open(filename, 'w') as f:
f.write("port %d\n" % (listen_port))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("persistence true\n")
f.write("persistence_file %s\n" % (persistence_file))
@@ -54,6 +55,7 @@ def write_config_edge(filename, persistence_file, remote_port, listen_port, prot
def write_config_core(filename, listen_port, persistence_file):
with open(filename, 'w') as f:
f.write("port %d\n" % (listen_port))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("persistence true\n")
f.write("persistence_file %s\n" % (persistence_file))
diff --git a/test/broker/06-bridge-outgoing-retain.py b/test/broker/06-bridge-outgoing-retain.py
index 2c59df65bd..9c4ec5996b 100755
--- a/test/broker/06-bridge-outgoing-retain.py
+++ b/test/broker/06-bridge-outgoing-retain.py
@@ -8,6 +8,7 @@
def write_config(filename, port1, port2, protocol_version, outgoing_retain):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_sample\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/06-bridge-reconnect-local-out.py b/test/broker/06-bridge-reconnect-local-out.py
index 1ccf435131..887470b686 100755
--- a/test/broker/06-bridge-reconnect-local-out.py
+++ b/test/broker/06-bridge-reconnect-local-out.py
@@ -8,6 +8,7 @@
def write_config(filename, port1, port2, protocol_version):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("persistence true\n")
f.write("persistence_file mosquitto-%d.db" % (port1))
diff --git a/test/broker/08-ssl-bridge.py b/test/broker/08-ssl-bridge.py
index 0db962d13b..c48e7de0bf 100755
--- a/test/broker/08-ssl-bridge.py
+++ b/test/broker/08-ssl-bridge.py
@@ -5,6 +5,7 @@
def write_config(filename, port1, port2):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge_test\n")
f.write("address 127.0.0.1:%d\n" % (port1))
diff --git a/test/broker/08-ssl-connect-cert-auth-crl.py b/test/broker/08-ssl-connect-cert-auth-crl.py
index 512729b286..6c348a3555 100755
--- a/test/broker/08-ssl-connect-cert-auth-crl.py
+++ b/test/broker/08-ssl-connect-cert-auth-crl.py
@@ -9,7 +9,9 @@
def write_config(filename, port1, port2):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("listener %d\n" % (port1))
+ f.write("allow_anonymous true\n")
f.write("cafile ../ssl/all-ca.crt\n")
f.write("certfile ../ssl/server.crt\n")
f.write("keyfile ../ssl/server.key\n")
diff --git a/test/broker/08-ssl-connect-cert-auth-revoked.py b/test/broker/08-ssl-connect-cert-auth-revoked.py
index f6570b9070..76788bc7ff 100755
--- a/test/broker/08-ssl-connect-cert-auth-revoked.py
+++ b/test/broker/08-ssl-connect-cert-auth-revoked.py
@@ -9,7 +9,9 @@
def write_config(filename, port1, port2):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("listener %d\n" % (port1))
+ f.write("allow_anonymous true\n")
f.write("cafile ../ssl/all-ca.crt\n")
f.write("certfile ../ssl/server.crt\n")
f.write("keyfile ../ssl/server.key\n")
diff --git a/test/broker/08-ssl-connect-cert-auth.py b/test/broker/08-ssl-connect-cert-auth.py
index bacdd6399b..bf7c67bb9d 100755
--- a/test/broker/08-ssl-connect-cert-auth.py
+++ b/test/broker/08-ssl-connect-cert-auth.py
@@ -11,7 +11,9 @@
def write_config(filename, port1, port2):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("listener %d\n" % (port1))
+ f.write("allow_anonymous true\n")
f.write("cafile ../ssl/all-ca.crt\n")
f.write("certfile ../ssl/server.crt\n")
f.write("keyfile ../ssl/server.key\n")
diff --git a/test/broker/08-ssl-connect-no-auth.py b/test/broker/08-ssl-connect-no-auth.py
index 4fb568bb67..8990afeb2f 100755
--- a/test/broker/08-ssl-connect-no-auth.py
+++ b/test/broker/08-ssl-connect-no-auth.py
@@ -11,8 +11,10 @@
def write_config(filename, port1, port2):
with open(filename, 'w') as f:
f.write("port %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("listener %d\n" % (port1))
+ f.write("allow_anonymous true\n")
f.write("cafile ../ssl/all-ca.crt\n")
f.write("certfile ../ssl/server.crt\n")
f.write("keyfile ../ssl/server.key\n")
diff --git a/test/broker/08-tls-psk-bridge.py b/test/broker/08-tls-psk-bridge.py
index 67559338c5..56d3c19656 100755
--- a/test/broker/08-tls-psk-bridge.py
+++ b/test/broker/08-tls-psk-bridge.py
@@ -20,6 +20,7 @@ def write_config1(filename, port1, port2):
def write_config2(filename, port2, port3):
with open(filename, 'w') as f:
f.write("port %d\n" % (port3))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("connection bridge-psk\n")
f.write("address localhost:%d\n" % (port2))
diff --git a/test/broker/09-acl-access-variants.py b/test/broker/09-acl-access-variants.py
index ea258c3359..08a4d0f75b 100755
--- a/test/broker/09-acl-access-variants.py
+++ b/test/broker/09-acl-access-variants.py
@@ -8,6 +8,7 @@ def write_config(filename, port, per_listener):
with open(filename, 'w') as f:
f.write("per_listener_settings %s\n" % (per_listener))
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("acl_file %s\n" % (filename.replace('.conf', '.acl')))
def write_acl(filename, global_en, user_en, pattern_en):
diff --git a/test/broker/09-acl-change.py b/test/broker/09-acl-change.py
index c9d2b720da..c85618a220 100755
--- a/test/broker/09-acl-change.py
+++ b/test/broker/09-acl-change.py
@@ -9,6 +9,7 @@ def write_config(filename, port, per_listener):
with open(filename, 'w') as f:
f.write("per_listener_settings %s\n" % (per_listener))
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("acl_file %s\n" % (filename.replace('.conf', '.acl')))
def write_acl(filename, en):
diff --git a/test/broker/09-acl-empty-file.py b/test/broker/09-acl-empty-file.py
index 0be4481b41..a36f148362 100755
--- a/test/broker/09-acl-empty-file.py
+++ b/test/broker/09-acl-empty-file.py
@@ -9,6 +9,7 @@ def write_config(filename, port, per_listener):
with open(filename, 'w') as f:
f.write("per_listener_settings %s\n" % (per_listener))
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("acl_file %s\n" % (filename.replace('.conf', '.acl')))
def write_acl(filename):
diff --git a/test/broker/09-extended-auth-change-username.py b/test/broker/09-extended-auth-change-username.py
index 313ece9b05..afcb5f36ed 100755
--- a/test/broker/09-extended-auth-change-username.py
+++ b/test/broker/09-extended-auth-change-username.py
@@ -8,6 +8,7 @@ def write_config(filename, acl_file, port, per_listener):
with open(filename, 'w') as f:
f.write("per_listener_settings %s\n" % (per_listener))
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("acl_file %s\n" % (acl_file))
f.write("auth_plugin c/auth_plugin_extended_single.so\n")
diff --git a/test/broker/09-extended-auth-multistep-reauth.py b/test/broker/09-extended-auth-multistep-reauth.py
index bf140c9cf9..fb55c9e1ed 100755
--- a/test/broker/09-extended-auth-multistep-reauth.py
+++ b/test/broker/09-extended-auth-multistep-reauth.py
@@ -5,6 +5,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("auth_plugin c/auth_plugin_extended_multiple.so\n")
port = mosq_test.get_port()
diff --git a/test/broker/10-listener-mount-point.py b/test/broker/10-listener-mount-point.py
index 6388156caa..273aec6000 100755
--- a/test/broker/10-listener-mount-point.py
+++ b/test/broker/10-listener-mount-point.py
@@ -5,8 +5,10 @@
def write_config(filename, port1, port2):
with open(filename, 'w') as f:
f.write("port %d\n" % (port1))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("listener %d\n" % (port2))
+ f.write("allow_anonymous true\n")
f.write("mount_point mount/\n")
f.write("\n")
f.write("log_type debug\n")
diff --git a/test/broker/11-message-expiry.py b/test/broker/11-message-expiry.py
index 70e4d3879c..6523e82746 100755
--- a/test/broker/11-message-expiry.py
+++ b/test/broker/11-message-expiry.py
@@ -14,6 +14,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("persistence true\n")
f.write("persistence_file mosquitto-%d.db\n" % (port))
diff --git a/test/broker/11-persistent-subscription-no-local.py b/test/broker/11-persistent-subscription-no-local.py
index ccc6132e68..350ba5cac6 100755
--- a/test/broker/11-persistent-subscription-no-local.py
+++ b/test/broker/11-persistent-subscription-no-local.py
@@ -8,6 +8,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("persistence true\n")
f.write("persistence_file mosquitto-%d.db\n" % (port))
diff --git a/test/broker/11-persistent-subscription-v5.py b/test/broker/11-persistent-subscription-v5.py
index 9d883d77dc..7cd9ae6ad4 100755
--- a/test/broker/11-persistent-subscription-v5.py
+++ b/test/broker/11-persistent-subscription-v5.py
@@ -7,6 +7,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("persistence true\n")
f.write("persistence_file mosquitto-%d.db\n" % (port))
diff --git a/test/broker/11-persistent-subscription.py b/test/broker/11-persistent-subscription.py
index f77ffb5104..2ec2871c94 100755
--- a/test/broker/11-persistent-subscription.py
+++ b/test/broker/11-persistent-subscription.py
@@ -7,6 +7,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("persistence true\n")
f.write("persistence_file mosquitto-%d.db\n" % (port))
diff --git a/test/broker/11-pub-props.py b/test/broker/11-pub-props.py
index 0a7fed3a83..1b76fa2502 100755
--- a/test/broker/11-pub-props.py
+++ b/test/broker/11-pub-props.py
@@ -7,6 +7,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("persistence true\n")
f.write("persistence_file mosquitto-%d.db\n" % (port))
diff --git a/test/broker/11-subscription-id.py b/test/broker/11-subscription-id.py
index 01b1c52948..ed17842535 100755
--- a/test/broker/11-subscription-id.py
+++ b/test/broker/11-subscription-id.py
@@ -7,6 +7,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("persistence true\n")
f.write("persistence_file mosquitto-%d.db\n" % (port))
diff --git a/test/broker/12-prop-maximum-packet-size-broker.py b/test/broker/12-prop-maximum-packet-size-broker.py
index dba8194942..52282b56ad 100755
--- a/test/broker/12-prop-maximum-packet-size-broker.py
+++ b/test/broker/12-prop-maximum-packet-size-broker.py
@@ -7,6 +7,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("max_packet_size 30\n")
port = mosq_test.get_port()
diff --git a/test/broker/12-prop-server-keepalive.py b/test/broker/12-prop-server-keepalive.py
index 25b7110773..08c1b0d7e7 100755
--- a/test/broker/12-prop-server-keepalive.py
+++ b/test/broker/12-prop-server-keepalive.py
@@ -8,6 +8,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("port %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("\n")
f.write("max_keepalive 60\n")
diff --git a/test/broker/13-malformed-publish-v5.py b/test/broker/13-malformed-publish-v5.py
index 881aaf21a3..d48b9cd412 100755
--- a/test/broker/13-malformed-publish-v5.py
+++ b/test/broker/13-malformed-publish-v5.py
@@ -10,6 +10,7 @@
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("listener %d\n" % (port))
+ f.write("allow_anonymous true\n")
f.write("maximum_qos 1\n")
f.write("retain_available false\n")
diff --git a/test/broker/Makefile b/test/broker/Makefile
index 55de882e6f..13b7279820 100644
--- a/test/broker/Makefile
+++ b/test/broker/Makefile
@@ -20,7 +20,7 @@ ptest : test-compile
test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
01 :
- ./01-connect-anon-denied.py
+ ./01-connect-allow-anonymous.py
./01-connect-bad-packet.py
./01-connect-disconnect-v5.py
./01-connect-duplicate.py
@@ -33,14 +33,10 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
./01-connect-uname-invalid-utf8.py
./01-connect-uname-no-flag.py
./01-connect-uname-no-password-denied.py
+ ./01-connect-uname-or-anon.py
./01-connect-uname-password-denied-no-will.py
./01-connect-uname-password-denied.py
./01-connect-uname-pwd-no-flag.py
-ifeq ($(WITH_TLS),yes)
- ./01-connect-uname-password-success.py
-else
- ./01-connect-uname-password-success-no-tls.py
-endif
./01-connect-zero-length-id.py
diff --git a/test/broker/test.py b/test/broker/test.py
index 22b8e6ce25..52a8112403 100755
--- a/test/broker/test.py
+++ b/test/broker/test.py
@@ -5,7 +5,7 @@
tests = [
#(ports required, 'path'),
- (1, './01-connect-anon-denied.py'),
+ (1, './01-connect-allow-anonymous.py'),
(1, './01-connect-bad-packet.py'),
(1, './01-connect-disconnect-v5.py'),
(1, './01-connect-duplicate.py'),
@@ -18,9 +18,9 @@
(1, './01-connect-uname-invalid-utf8.py'),
(1, './01-connect-uname-no-flag.py'),
(1, './01-connect-uname-no-password-denied.py'),
+ (1, './01-connect-uname-or-anon.py'),
(1, './01-connect-uname-password-denied-no-will.py'),
(1, './01-connect-uname-password-denied.py'),
- (1, './01-connect-uname-password-success.py'),
(1, './01-connect-uname-pwd-no-flag.py'),
(2, './01-connect-zero-length-id.py'),