mosquitto/plugins/auth-by-ip/mosquitto_auth_by_ip.c

/*
Copyright (c) 2021 Roger Light <roger@atchoo.org>

All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License 2.0
and Eclipse Distribution License v1.0 which accompany this distribution.
 
The Eclipse Public License is available at
   https://www.eclipse.org/legal/epl-2.0/
and the Eclipse Distribution License is available at
  http://www.eclipse.org/org/documents/edl-v10.php.
 
SPDX-License-Identifier: EPL-2.0 OR EDL-1.0

Contributors:
   Roger Light - initial implementation and documentation.
*/

/*
 * This is an example plugin showing how to use the basic authentication
 * callback to allow/disallow client connections based on client IP addresses.
 *
 * This is an extremely basic type of access control, password based or similar
 * authentication is preferred.
 *
 * Compile with:
 *   gcc -I<path to mosquitto-repo/include> -fPIC -shared mosquitto_auth_by_ip.c -o mosquitto_auth_by_ip.so
 *
 * Use in config with:
 *
 *   plugin /path/to/mosquitto_auth_by_ip.so
 *
 * Note that this only works on Mosquitto 2.0 or later.
 */
#include "config.h"

#include <stdio.h>
#include <string.h>

#include "mosquitto_broker.h"
#include "mosquitto_plugin.h"
#include "mosquitto.h"
#include "mqtt_protocol.h"

static mosquitto_plugin_id_t *mosq_pid = NULL;

static int basic_auth_callback(int event, void *event_data, void *userdata)
{
	struct mosquitto_evt_basic_auth *ed = event_data;
	const char *ip_address;

	UNUSED(event);
	UNUSED(userdata);

	ip_address = mosquitto_client_address(ed->client);
	if(!strcmp(ip_address, "127.0.0.1")){
		/* Only allow connections from localhost */
		return MOSQ_ERR_SUCCESS;
	}else{
		return MOSQ_ERR_AUTH;
	}
}

int mosquitto_plugin_version(int supported_version_count, const int *supported_versions)
{
	int i;

	for(i=0; i<supported_version_count; i++){
		if(supported_versions[i] == 5){
			return 5;
		}
	}
	return -1;
}

int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **user_data, struct mosquitto_opt *opts, int opt_count)
{
	UNUSED(user_data);
	UNUSED(opts);
	UNUSED(opt_count);

	mosq_pid = identifier;
	return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL);
}

int mosquitto_plugin_cleanup(void *user_data, struct mosquitto_opt *opts, int opt_count)
{
	UNUSED(user_data);
	UNUSED(opts);
	UNUSED(opt_count);

	return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL);
}
Add trivial basic authentication plugin based on IP. 2021-01-12 22:51:33 +00:00			`/*`
			`Copyright (c) 2021 Roger Light <roger@atchoo.org>`

			`All rights reserved. This program and the accompanying materials`
			`are made available under the terms of the Eclipse Public License 2.0`
			`and Eclipse Distribution License v1.0 which accompany this distribution.`

			`The Eclipse Public License is available at`
			`https://www.eclipse.org/legal/epl-2.0/`
			`and the Eclipse Distribution License is available at`
			`http://www.eclipse.org/org/documents/edl-v10.php.`

			`SPDX-License-Identifier: EPL-2.0 OR EDL-1.0`

			`Contributors:`
			`Roger Light - initial implementation and documentation.`
			`*/`

			`/*`
			`* This is an example plugin showing how to use the basic authentication`
			`* callback to allow/disallow client connections based on client IP addresses.`
			`*`
			`* This is an extremely basic type of access control, password based or similar`
			`* authentication is preferred.`
			`*`
			`* Compile with:`
			`* gcc -I<path to mosquitto-repo/include> -fPIC -shared mosquitto_auth_by_ip.c -o mosquitto_auth_by_ip.so`
			`*`
			`* Use in config with:`
			`*`
			`* plugin /path/to/mosquitto_auth_by_ip.so`
			`*`
			`* Note that this only works on Mosquitto 2.0 or later.`
			`*/`
Minor build fixes. 2021-03-21 09:17:53 +00:00			`#include "config.h"`
Add trivial basic authentication plugin based on IP. 2021-01-12 22:51:33 +00:00
			`#include <stdio.h>`
			`#include <string.h>`

			`#include "mosquitto_broker.h"`
			`#include "mosquitto_plugin.h"`
			`#include "mosquitto.h"`
			`#include "mqtt_protocol.h"`

			`static mosquitto_plugin_id_t *mosq_pid = NULL;`

			`static int basic_auth_callback(int event, void event_data, void userdata)`
			`{`
			`struct mosquitto_evt_basic_auth *ed = event_data;`
			`const char *ip_address;`

Minor build fixes. 2021-03-21 09:17:53 +00:00			`UNUSED(event);`
			`UNUSED(userdata);`

Add trivial basic authentication plugin based on IP. 2021-01-12 22:51:33 +00:00			`ip_address = mosquitto_client_address(ed->client);`
			`if(!strcmp(ip_address, "127.0.0.1")){`
			`/* Only allow connections from localhost */`
			`return MOSQ_ERR_SUCCESS;`
			`}else{`
			`return MOSQ_ERR_AUTH;`
			`}`
			`}`

			`int mosquitto_plugin_version(int supported_version_count, const int *supported_versions)`
			`{`
			`int i;`

			`for(i=0; i<supported_version_count; i++){`
			`if(supported_versions[i] == 5){`
			`return 5;`
			`}`
			`}`
			`return -1;`
			`}`

			`int mosquitto_plugin_init(mosquitto_plugin_id_t identifier, void user_data, struct mosquitto_opt opts, int opt_count)`
			`{`
Minor build fixes. 2021-03-21 09:17:53 +00:00			`UNUSED(user_data);`
			`UNUSED(opts);`
			`UNUSED(opt_count);`

Add trivial basic authentication plugin based on IP. 2021-01-12 22:51:33 +00:00			`mosq_pid = identifier;`
			`return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL);`
			`}`

			`int mosquitto_plugin_cleanup(void user_data, struct mosquitto_opt opts, int opt_count)`
			`{`
Minor build fixes. 2021-03-21 09:17:53 +00:00			`UNUSED(user_data);`
			`UNUSED(opts);`
			`UNUSED(opt_count);`

Add trivial basic authentication plugin based on IP. 2021-01-12 22:51:33 +00:00			`return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL);`
			`}`