Per listener allow_anonymous.

eclipse · Mar 15, 2018 · aa87f3c · aa87f3c
1 parent d55da83
commit aa87f3c
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 9 deletions.
diff --git a/src/conf.c b/src/conf.c
@@ -150,7 +150,7 @@ static void config__init_reload(struct mosquitto__config *config)
  /* Set defaults */
  mosquitto__free(config->acl_file);
  config->acl_file = NULL;
- config->allow_anonymous = true;
+ config->security_options.allow_anonymous = true;
  config->allow_duplicate_messages = false;
  config->allow_zero_length_clientid = true;
  config->auto_id_prefix = NULL;
@@ -696,7 +696,8 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
  log__printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
 #endif
  }else if(!strcmp(token, "allow_anonymous")){
- if(conf__parse_bool(&token, "allow_anonymous", &config->allow_anonymous, saveptr)) return MOSQ_ERR_INVAL;
+ conf__set_cur_security_options(config, cur_listener, &cur_security_options);
+ if(conf__parse_bool(&token, "allow_anonymous", &cur_security_options->allow_anonymous, saveptr)) return MOSQ_ERR_INVAL;
  }else if(!strcmp(token, "allow_duplicate_messages")){
  if(conf__parse_bool(&token, "allow_duplicate_messages", &config->allow_duplicate_messages, saveptr)) return MOSQ_ERR_INVAL;
  }else if(!strcmp(token, "allow_zero_length_clientid")){
@@ -1183,6 +1184,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
  }
  cur_listener = &config->listeners[config->listener_count-1];
  memset(cur_listener, 0, sizeof(struct mosquitto__listener));
+ cur_listener->security_options.allow_anonymous = true;
  cur_listener->protocol = mp_mqtt;
  cur_listener->port = tmp_int;
  token = strtok_r(NULL, "", &saveptr);

diff --git a/src/handle_connect.c b/src/handle_connect.c
@@ -134,6 +134,10 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 
  G_CONNECTION_COUNT_INC();
 
+ if(!context->listener){
+ return MOSQ_ERR_INVAL;
+ }
+
  /* Don't accept multiple CONNECT commands. */
  if(context->state != mosq_cs_new){
  rc = MOSQ_ERR_PROTOCOL;
@@ -279,7 +283,7 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
  goto handle_connect_error;
  }
 
- if(context->listener && context->listener->mount_point){
+ if(context->listener->mount_point){
  slen = strlen(context->listener->mount_point) + strlen(will_topic) + 1;
  will_topic_mount = mosquitto__malloc(slen+1);
  if(!will_topic_mount){
@@ -465,10 +469,14 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
  password = NULL;
  }
 
- if(!username_flag && db->config->allow_anonymous == false){
- send__connack(context, 0, CONNACK_REFUSED_NOT_AUTHORIZED);
- rc = 1;
- goto handle_connect_error;
+ if(!username_flag){
+ if((db->config->per_listener_settings && context->listener->security_options.allow_anonymous == false)
+ || (!db->config->per_listener_settings && db->config->security_options.allow_anonymous == false)){
+
+ send__connack(context, 0, CONNACK_REFUSED_NOT_AUTHORIZED);
+ rc = 1;
+ goto handle_connect_error;
+ }
  }
 #ifdef WITH_TLS
  }

diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h
@@ -151,6 +151,7 @@ struct mosquitto__security_options {
  char *psk_file;
  struct mosquitto__auth_plugin_config *auth_plugins;
  int auth_plugin_count;
+ bool allow_anonymous;
 };
 
 struct mosquitto__listener {
@@ -190,7 +191,6 @@ struct mosquitto__listener {
 struct mosquitto__config {
  char *config_file;
  char *acl_file;
- bool allow_anonymous;
  bool allow_duplicate_messages;
  bool allow_zero_length_clientid;
  char *auto_id_prefix;

diff --git a/src/security_default.c b/src/security_default.c
@@ -773,10 +773,15 @@ int mosquitto_security_apply_default(struct mosquitto_db *db)
 
  if(!db) return MOSQ_ERR_INVAL;
 
- allow_anonymous = db->config->allow_anonymous;
 
  HASH_ITER(hh_id, db->contexts_by_id, context, ctxt_tmp){
  /* Check for anonymous clients when allow_anonymous is false */
+ if(db->config->per_listener_settings){
+ allow_anonymous = context->listener->security_options.allow_anonymous;
+ }else{
+ allow_anonymous = db->config->security_options.allow_anonymous;
+ }
+
  if(!allow_anonymous && !context->username){
  context->state = mosq_cs_disconnecting;
  do_disconnect(db, context);