-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add trivial basic authentication plugin based on IP.
- Loading branch information
Showing
5 changed files
with
124 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
DIRS= \ | ||
auth-by-ip \ | ||
dynamic-security \ | ||
message-timestamp \ | ||
payload-modification | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include | ||
${STDBOOL_H_PATH} ${STDINT_H_PATH}) | ||
|
||
add_library(mosquitto_auth_by_ip SHARED mosquitto_auth_by_ip.c) | ||
set_target_properties(mosquitto_auth_by_ip PROPERTIES | ||
POSITION_INDEPENDENT_CODE 1 | ||
) | ||
set_target_properties(mosquitto_auth_by_ip PROPERTIES PREFIX "") | ||
|
||
# Don't install, these are example plugins only. | ||
#install(TARGETS mosquitto_auth_by_ip RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
include ../../config.mk | ||
|
||
.PHONY : all binary check clean reallyclean test install uninstall | ||
|
||
PLUGIN_NAME=mosquitto_auth_by_ip | ||
|
||
all : binary | ||
|
||
binary : ${PLUGIN_NAME}.so | ||
|
||
${PLUGIN_NAME}.so : ${PLUGIN_NAME}.c | ||
$(CROSS_COMPILE)$(CC) $(PLUGIN_CPPFLAGS) $(PLUGIN_CFLAGS) $(PLUGIN_LDFLAGS) -fPIC -shared $< -o $@ | ||
|
||
reallyclean : clean | ||
clean: | ||
-rm -f *.o ${PLUGIN_NAME}.so *.gcda *.gcno | ||
|
||
check: test | ||
test: | ||
|
||
install: ${PLUGIN_NAME}.so | ||
# Don't install, these are examples only. | ||
#$(INSTALL) -d "${DESTDIR}$(libdir)" | ||
#$(INSTALL) ${STRIP_OPTS} ${PLUGIN_NAME}.so "${DESTDIR}${libdir}/${PLUGIN_NAME}.so" | ||
|
||
uninstall : | ||
-rm -f "${DESTDIR}${libdir}/${PLUGIN_NAME}.so" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
/* | ||
Copyright (c) 2021 Roger Light <[email protected]> | ||
All rights reserved. This program and the accompanying materials | ||
are made available under the terms of the Eclipse Public License 2.0 | ||
and Eclipse Distribution License v1.0 which accompany this distribution. | ||
The Eclipse Public License is available at | ||
https://www.eclipse.org/legal/epl-2.0/ | ||
and the Eclipse Distribution License is available at | ||
https://www.eclipse.org/org/documents/edl-v10.php. | ||
SPDX-License-Identifier: EPL-2.0 OR EDL-1.0 | ||
Contributors: | ||
Roger Light - initial implementation and documentation. | ||
*/ | ||
|
||
/* | ||
* This is an example plugin showing how to use the basic authentication | ||
* callback to allow/disallow client connections based on client IP addresses. | ||
* | ||
* This is an extremely basic type of access control, password based or similar | ||
* authentication is preferred. | ||
* | ||
* Compile with: | ||
* gcc -I<path to mosquitto-repo/include> -fPIC -shared mosquitto_auth_by_ip.c -o mosquitto_auth_by_ip.so | ||
* | ||
* Use in config with: | ||
* | ||
* plugin /path/to/mosquitto_auth_by_ip.so | ||
* | ||
* Note that this only works on Mosquitto 2.0 or later. | ||
*/ | ||
|
||
|
||
#include <stdio.h> | ||
#include <string.h> | ||
|
||
#include "mosquitto_broker.h" | ||
#include "mosquitto_plugin.h" | ||
#include "mosquitto.h" | ||
#include "mqtt_protocol.h" | ||
|
||
static mosquitto_plugin_id_t *mosq_pid = NULL; | ||
|
||
static int basic_auth_callback(int event, void *event_data, void *userdata) | ||
{ | ||
struct mosquitto_evt_basic_auth *ed = event_data; | ||
const char *ip_address; | ||
|
||
ip_address = mosquitto_client_address(ed->client); | ||
if(!strcmp(ip_address, "127.0.0.1")){ | ||
/* Only allow connections from localhost */ | ||
return MOSQ_ERR_SUCCESS; | ||
}else{ | ||
return MOSQ_ERR_AUTH; | ||
} | ||
} | ||
|
||
int mosquitto_plugin_version(int supported_version_count, const int *supported_versions) | ||
{ | ||
int i; | ||
|
||
for(i=0; i<supported_version_count; i++){ | ||
if(supported_versions[i] == 5){ | ||
return 5; | ||
} | ||
} | ||
return -1; | ||
} | ||
|
||
int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **user_data, struct mosquitto_opt *opts, int opt_count) | ||
{ | ||
mosq_pid = identifier; | ||
return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL); | ||
} | ||
|
||
int mosquitto_plugin_cleanup(void *user_data, struct mosquitto_opt *opts, int opt_count) | ||
{ | ||
return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL); | ||
} |