Make correct allow_anonymous check in pwfile security.

We always get passed the client even if it doesn't have a username/password now.
eclipse · Aug 18, 2020 · cae55aa · cae55aa
1 parent a5f02f3
commit cae55aa
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/security_default.c b/src/security_default.c
@@ -895,6 +895,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
  unsigned int hash_len;
  int rc;
 #endif
+ bool allow_anonymous;
 
  if(!db) return MOSQ_ERR_INVAL;
 
@@ -903,15 +904,21 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
  if(!context->listener) return MOSQ_ERR_INVAL;
  if(context->listener->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
  unpwd_ref = context->listener->unpwd;
+ allow_anonymous = context->listener->security_options.allow_anonymous;
  }else{
  if(db->config->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
  unpwd_ref = db->unpwd;
+ allow_anonymous = db->config->security_options.allow_anonymous;
  }
  if(context->username == NULL){
  /* Check must be made only after checking unpwd_ref.
  * This is DENY here, because in MQTT v5 username can be missing when
  * password is present, but we don't support that. */
- return MOSQ_ERR_AUTH;
+ if(allow_anonymous == true){
+ return MOSQ_ERR_SUCCESS;
+ }else{
+ return MOSQ_ERR_AUTH;
+ }
  }
 
  HASH_ITER(hh, unpwd_ref, u, tmp){