diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h index bf14f93c34..e87573b1a7 100644 --- a/src/mosquitto_broker_internal.h +++ b/src/mosquitto_broker_internal.h @@ -756,7 +756,7 @@ int mosquitto_security_init_default(struct mosquitto_db *db, bool reload); int mosquitto_security_apply_default(struct mosquitto_db *db); int mosquitto_security_cleanup_default(struct mosquitto_db *db, bool reload); int mosquitto_acl_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *topic, int access); -int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *username, const char *password); +int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context); int mosquitto_psk_key_get_default(struct mosquitto_db *db, struct mosquitto *context, const char *hint, const char *identity, char *key, int max_key_len); int mosquitto_security_auth_start(struct mosquitto_db *db, struct mosquitto *context, bool reauth, const void *data_in, uint16_t data_in_len, void **data_out, uint16_t *data_out_len); diff --git a/src/security.c b/src/security.c index abf5820d20..52e9793598 100644 --- a/src/security.c +++ b/src/security.c @@ -679,7 +679,7 @@ int mosquitto_unpwd_check(struct mosquitto_db *db, struct mosquitto *context) int i; struct mosquitto__security_options *opts; - rc = mosquitto_unpwd_check_default(db, context, context->username, context->password); + rc = mosquitto_unpwd_check_default(db, context); if(rc != MOSQ_ERR_PLUGIN_DEFER){ return rc; } diff --git a/src/security_default.c b/src/security_default.c index 031eb2439e..09d17e4331 100644 --- a/src/security_default.c +++ b/src/security_default.c @@ -886,7 +886,7 @@ static int mosquitto__memcmp_const(const void *a, const void *b, size_t len) #endif -int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *username, const char *password) +int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context) { struct mosquitto__unpwd *u, *tmp; struct mosquitto__unpwd *unpwd_ref; @@ -907,7 +907,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con if(db->config->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER; unpwd_ref = db->unpwd; } - if(!username){ + if(context->username == NULL){ /* Check must be made only after checking unpwd_ref. * This is DENY here, because in MQTT v5 username can be missing when * password is present, but we don't support that. */ @@ -915,11 +915,11 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con } HASH_ITER(hh, unpwd_ref, u, tmp){ - if(!strcmp(u->username, username)){ + if(!strcmp(u->username, context->username)){ if(u->password){ - if(password){ + if(context->password){ #ifdef WITH_TLS - rc = pw__digest(password, u->salt, u->salt_len, hash, &hash_len); + rc = pw__digest(context->password, u->salt, u->salt_len, hash, &hash_len); if(rc == MOSQ_ERR_SUCCESS){ if(hash_len == u->password_len && !mosquitto__memcmp_const(u->password, hash, hash_len)){ return MOSQ_ERR_SUCCESS; @@ -930,7 +930,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con return rc; } #else - if(!strcmp(u->password, password)){ + if(!strcmp(u->password, context->password)){ return MOSQ_ERR_SUCCESS; } #endif