Merge branch 'fixes'

CMakeLists.txt

@@ -8,7 +8,7 @@ cmake_minimum_required(VERSION 3.0)
 cmake_policy(SET CMP0042 NEW)
 
 project(mosquitto)
-set (VERSION 2.0.4)
+set (VERSION 2.0.5)
 
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/")
 

ChangeLog.txt

@@ -1,3 +1,38 @@
+2.0.5 - 2021-01-11
+==================
+
+Broker:
+- Fix `auth_method` not being provided to the extended auth plugin event.
+ Closes #1975.
+- Fix large packets not being completely published to slow clients.
+ Closes #1977.
+- Fix bridge connection not relinquishing POLLOUT after messages are sent.
+ Closes #1979.
+- Fix apparmor incorrectly denying access to
+ /var/lib/mosquitto/mosquitto.db.new. Closes #1978.
+- Fix potential intermittent initial bridge connections when using poll().
+- Fix `bind_interface` option. Closes #1999.
+- Fix invalid behaviour in dynsec plugin if a group or client is deleted
+ before a role that was attached to the group or client is deleted.
+ Closes #1998.
+- Improve logging in dynsec addGroupRole command. Closes #2005.
+- Improve logging in dynsec addGroupClient command. Closes #2008.
+
+Client library:
+- Improve documentation around the `_v5()` and non-v5 functions, e.g.
+ `mosquitto_publish()` and `mosquitto_publish_v5().
+
+Build:
+- `install` Makefile target should depend on `all`, not `mosquitto`, to ensure
+ that man pages are always built. Closes #1989.
+- Fixes for lots of minor build warnings highlighted by Visual Studio. 
+
+Apps:
+- Disallow control characters in mosquitto_passwd usernames.
+- Fix incorrect description in mosquitto_ctrl man page. Closes #1995.
+- Fix `mosquitto_ctrl dynsec getGroup` not showing roles. Closes #1997.
+
+
 2.0.4 - 2020-12-22
 ==================
 

Makefile

@@ -87,7 +87,7 @@ ptest : mosquitto
 utest : mosquitto
  $(MAKE) -C test utest
 
-install : mosquitto
+install : all
  set -e; for d in ${DIRS}; do $(MAKE) -C $${d} install; done
 ifeq ($(WITH_DOCS),yes)
  set -e; for d in ${DOCDIRS}; do $(MAKE) -C $${d} install; done

apps/db_dump/stubs.c

@@ -38,12 +38,22 @@ enum mosquitto_client_state mosquitto__get_state(struct mosquitto *mosq)
  return mosq_cs_new;
 }
 
+int mux__add_out(struct mosquitto *mosq)
+{
+ return 0;
+}
+
+int mux__remove_out(struct mosquitto *mosq)
+{
+ return 0;
+}
+
 ssize_t net__read(struct mosquitto *mosq, void *buf, size_t count)
 {
  return 0;
 }
 
-ssize_t net__write(struct mosquitto *mosq, void *buf, size_t count)
+ssize_t net__write(struct mosquitto *mosq, const void *buf, size_t count)
 {
  return 0;
 }

apps/mosquitto_ctrl/client.c

@@ -36,6 +36,8 @@ static void on_message(struct mosquitto *mosq, void *obj, const struct mosquitto
 {
  struct mosq_ctrl *ctrl = obj;
 
+ UNUSED(properties);
+
  if(ctrl->payload_callback){
  ctrl->payload_callback(ctrl, msg->payloadlen, msg->payload);
  }
@@ -47,6 +49,10 @@ static void on_message(struct mosquitto *mosq, void *obj, const struct mosquitto
 
 static void on_publish(struct mosquitto *mosq, void *obj, int mid, int reason_code, const mosquitto_property *properties)
 {
+ UNUSED(obj);
+ UNUSED(mid);
+ UNUSED(properties);
+
  if(reason_code > 127){
  fprintf(stderr, "Publish error: %s\n", mosquitto_reason_string(reason_code));
  run = 0;
@@ -59,6 +65,9 @@ static void on_subscribe(struct mosquitto *mosq, void *obj, int mid, int qos_cou
 {
  struct mosq_ctrl *ctrl = obj;
 
+ UNUSED(mid);
+ UNUSED(properties);
+
  if(qos_count == 1){
  if(granted_qos[0] < 128){
  /* Success */
@@ -87,6 +96,9 @@ static void on_connect(struct mosquitto *mosq, void *obj, int reason_code, int f
 {
  struct mosq_ctrl *ctrl = obj;
 
+ UNUSED(flags);
+ UNUSED(properties);
+
  if(reason_code == 0){
  if(ctrl->response_topic){
  mosquitto_subscribe(mosq, NULL, ctrl->response_topic, ctrl->cfg.qos);

apps/mosquitto_ctrl/dynsec.c

@@ -124,6 +124,37 @@ static void print_list(cJSON *j_response, const char *arrayname, const char *key
 }
 
 
+static void print_roles(cJSON *j_roles, size_t slen)
+{
+ bool first;
+ cJSON *j_elem, *jtmp;
+
+ if(j_roles && cJSON_IsArray(j_roles)){
+ first = true;
+ cJSON_ArrayForEach(j_elem, j_roles){
+ jtmp = cJSON_GetObjectItem(j_elem, "rolename");
+ if(jtmp && cJSON_IsString(jtmp)){
+ if(first){
+ first = false;
+ printf("%-*s %s", (int)slen, "Roles:", jtmp->valuestring);
+ }else{
+ printf("%-*s %s", (int)slen, "", jtmp->valuestring);
+ }
+ jtmp = cJSON_GetObjectItem(j_elem, "priority");
+ if(jtmp && cJSON_IsNumber(jtmp)){
+ printf(" (priority: %d)", (int)jtmp->valuedouble);
+ }else{
+ printf(" (priority: -1)");
+ }
+ printf("\n");
+ }
+ }
+ }else{
+ printf("Roles:\n");
+ }
+}
+
+
 static void print_client(cJSON *j_response)
 {
  cJSON *j_data, *j_client, *j_array, *j_elem, *jtmp;
@@ -161,29 +192,8 @@ static void print_client(cJSON *j_response)
  }
 
  j_array = cJSON_GetObjectItem(j_client, "roles");
- if(j_array && cJSON_IsArray(j_array)){
- first = true;
- cJSON_ArrayForEach(j_elem, j_array){
- jtmp = cJSON_GetObjectItem(j_elem, "rolename");
- if(jtmp && cJSON_IsString(jtmp)){
- if(first){
- first = false;
- printf("Roles: %s", jtmp->valuestring);
- }else{
- printf(" %s", jtmp->valuestring);
- }
- jtmp = cJSON_GetObjectItem(j_elem, "priority");
- if(jtmp && cJSON_IsNumber(jtmp)){
- printf(" (priority: %d)", (int)jtmp->valuedouble);
- }else{
- printf(" (priority: -1)");
- }
- printf("\n");
- }
- }
- }else{
- printf("Roles:\n");
- }
+ print_roles(j_array, strlen("Username:"));
+
  j_array = cJSON_GetObjectItem(j_client, "groups");
  if(j_array && cJSON_IsArray(j_array)){
  first = true;
@@ -236,27 +246,7 @@ static void print_group(cJSON *j_response)
  printf("Groupname: %s\n", jtmp->valuestring);
 
  j_array = cJSON_GetObjectItem(j_group, "roles");
- if(j_array && cJSON_IsArray(j_array)){
- first = true;
- cJSON_ArrayForEach(j_elem, j_array){
- jtmp = cJSON_GetObjectItem(j_elem, "groupname");
- if(jtmp && cJSON_IsString(jtmp)){
- if(first){
- first = false;
- printf("Roles: %s", jtmp->valuestring);
- }else{
- printf(" %s", jtmp->valuestring);
- }
- jtmp = cJSON_GetObjectItem(j_elem, "priority");
- if(jtmp && cJSON_IsNumber(jtmp)){
- printf(" (priority: %d)", (int)jtmp->valuedouble);
- }else{
- printf(" (priority: -1)");
- }
- printf("\n");
- }
- }
- }
+ print_roles(j_array, strlen("Groupname:"));
 
  j_array = cJSON_GetObjectItem(j_group, "clients");
  if(j_array && cJSON_IsArray(j_array)){
@@ -393,7 +383,13 @@ static void dynsec__payload_callback(struct mosq_ctrl *ctrl, long payloadlen, co
 {
  cJSON *tree, *j_responses, *j_response, *j_command, *j_error;
 
+ UNUSED(ctrl);
+
+#if CJSON_VERSION_FULL < 1007013
  tree = cJSON_Parse(payload);
+#else
+ tree = cJSON_ParseWithLength(payload, payloadlen);
+#endif
  if(tree == NULL){
  fprintf(stderr, "Error: Payload not JSON.\n");
  return;
@@ -502,6 +498,9 @@ static int dynsec__set_default_acl_access(int argc, char *argv[], cJSON *j_comma
 
 static int dynsec__get_default_acl_access(int argc, char *argv[], cJSON *j_command)
 {
+ UNUSED(argc);
+ UNUSED(argv);
+
  if(cJSON_AddStringToObject(j_command, "command", "getDefaultACLAccess") == NULL
  ){
 

apps/mosquitto_ctrl/dynsec_group.c

@@ -15,6 +15,8 @@ SPDX-License-Identifier: EPL-2.0 OR EDL-1.0
 Contributors:
  Roger Light - initial implementation and documentation.
 */
+#include "config.h"
+
 #include <cjson/cJSON.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -66,6 +68,9 @@ int dynsec_group__delete(int argc, char *argv[], cJSON *j_command)
 
 int dynsec_group__get_anonymous(int argc, char *argv[], cJSON *j_command)
 {
+ UNUSED(argc);
+ UNUSED(argv);
+
  if(cJSON_AddStringToObject(j_command, "command", "getAnonymousGroup") == NULL
  ){
 

apps/mosquitto_passwd/mosquitto_passwd.c

@@ -18,6 +18,7 @@ SPDX-License-Identifier: EPL-2.0 OR EDL-1.0
 
 #include "config.h"
 
+#include <ctype.h>
 #include <errno.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -240,6 +241,10 @@ static int pwfile_iterate(FILE *fptr, FILE *ftmp,
  * ====================================================================== */
 static int delete_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
 {
+ UNUSED(fptr);
+ UNUSED(password);
+ UNUSED(line);
+
  if(strcmp(username, helper->username)){
  /* If this isn't the username to delete, write it to the new file */
  fprintf(ftmp, "%s", line);
@@ -273,6 +278,9 @@ int delete_pwuser(FILE *fptr, FILE *ftmp, const char *username)
  * ====================================================================== */
 static int update_file_cb(FILE *fptr, FILE *ftmp, const char *username, const char *password, const char *line, struct cb_helper *helper)
 {
+ UNUSED(fptr);
+ UNUSED(line);
+
  if(helper){
  return output_new_password(ftmp, username, password, helper->iterations);
  }else{
@@ -293,6 +301,9 @@ static int update_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const
 {
  int rc = 0;
 
+ UNUSED(fptr);
+ UNUSED(password);
+
  if(strcmp(username, helper->username)){
  /* If this isn't the matching user, then writing out the exiting line */
  fprintf(ftmp, "%s", line);
@@ -378,6 +389,32 @@ void handle_sigint(int signal)
  exit(0);
 }
 
+
+static bool is_username_valid(const char *username)
+{
+ int i;
+ size_t slen;
+
+ if(username){
+ slen = strlen(username);
+ if(slen > 65535){
+ fprintf(stderr, "Error: Username must be less than 65536 characters long.\n");
+ return false;
+ }
+ for(i=0; i<slen; i++){
+ if(iscntrl(username[i])){
+ fprintf(stderr, "Error: Username must not contain control characters.\n");
+ return false;
+ }
+ }
+ if(strchr(username, ':')){
+ fprintf(stderr, "Error: Username must not contain the ':' character.\n");
+ return false;
+ }
+ }
+ return true;
+}
+
 int main(int argc, char *argv[])
 {
  char *password_file_tmp = NULL;
@@ -514,15 +551,8 @@ int main(int argc, char *argv[])
  return 1;
  }
 
- if(username){
- if(strlen(username) > 65535){
- fprintf(stderr, "Error: Username must be less than 65536 characters long.\n");
- return 1;
- }
- if(strchr(username, ':')){
- fprintf(stderr, "Error: Username must not contain the ':' character.\n");
- return 1;
- }
+ if(!is_username_valid(username)){
+ return 1;
  }
  if(password_cmd && strlen(password_cmd) > 65535){
  fprintf(stderr, "Error: Password must be less than 65536 characters long.\n");