d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'fixes'

Browse Source
This commit is contained in:
Roger A. Light 2021-04-03 12:01:43 +01:00
commit 1a6fdfb695
78 changed files with 635 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -8,7 +8,7 @@ cmake_minimum_required(VERSION 3.0)
cmake_policy(SET CMP0042 NEW)
project(mosquitto)
set (VERSION 2.0.9)
set (VERSION 2.0.10)
list(APPEND CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/cmake/")

35
ChangeLog.txt
View File

@ -1,3 +1,36 @@
2.0.10 - 2021-04-03
==================
Security:
- CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a
malformed CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault. This will be updated with the CVE
number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.
Broker:
- Don't over write new receive-maximum if a v5 client connects and takes over
an old session. Closes #2134.
- Fix CVE-xxxx-xxxx. Closes #2163.
Clients:
- Set `receive-maximum` to not exceed the `-C` message count in mosquitto_sub
and mosquitto_rr, to avoid potentially lost messages. Closes #2134.
- Fix TLS-PSK mode not working with port 8883. Closes #2152.
Client library:
- Fix possible socket leak. This would occur if a client was using
`mosquitto_loop_start()`, then if the connection failed due to the remote
server being inaccessible they called `mosquitto_loop_stop(, true)` and
recreated the mosquitto object.
Build:
- A variety of minor build related fixes, like functions not having previous
declarations.
- Fix CMake cross compile builds not finding opensslconf.h. Closes #2160.
- Fix build on Solaris non-sparc. Closes #2136.
2.0.9 - 2021-03-11
==================
@ -1771,6 +1804,8 @@ Client library:
- Add support for MQTT v3.1.1.
- Don't quit mosquitto_loop_forever() if broker not available on first
connect. Closes bug #453293, but requires more work.
- Don't reset queued messages state on CONNACK. Fixes bug with duplicate
messages on connection.
1.3.5 - 20141008

1
apps/db_dump/db_dump.c
View File

@ -27,6 +27,7 @@ Contributors:
#include <sys/stat.h>
#include <time.h>
#include "db_dump.h"
#include <mosquitto_broker_internal.h>
#include <memory_mosq.h>
#include <persist.h>

11
apps/db_dump/print.c
View File

@ -19,6 +19,7 @@ Contributors:
#include <inttypes.h>
#include <stdio.h>
#include "db_dump.h"
#include <mosquitto_broker_internal.h>
#include <memory_mosq.h>
#include <mqtt_protocol.h>
@ -142,7 +143,7 @@ static void print__properties(mosquitto_property *properties)
}
void print__client(struct P_client *chunk, int length)
void print__client(struct P_client *chunk, uint32_t length)
{
printf("DB_CHUNK_CLIENT:\n");
printf("\tLength: %d\n", length);
@ -159,7 +160,7 @@ void print__client(struct P_client *chunk, int length)
}
void print__client_msg(struct P_client_msg *chunk, int length)
void print__client_msg(struct P_client_msg *chunk, uint32_t length)
{
printf("DB_CHUNK_CLIENT_MSG:\n");
printf("\tLength: %d\n", length);
@ -175,8 +176,10 @@ void print__client_msg(struct P_client_msg *chunk, int length)
}
void print__msg_store(struct P_msg_store *chunk, int length)
void print__msg_store(struct P_msg_store *chunk, uint32_t length)
{
uint8_t *payload;
printf("DB_CHUNK_MSG_STORE:\n");
printf("\tLength: %d\n", length);
printf("\tStore ID: %" PRIu64 "\n", chunk->F.store_id);
@ -190,8 +193,6 @@ void print__msg_store(struct P_msg_store *chunk, int length)
printf("\tPayload Length: %d\n", chunk->F.payloadlen);
printf("\tExpiry Time: %" PRIu64 "\n", chunk->F.expiry_time);
uint8_t *payload;
payload = chunk->payload;
if(chunk->F.payloadlen < 256){
/* Print payloads with UTF-8 data below an arbitrary limit of 256 bytes */

6
apps/db_dump/stubs.c
View File

@ -1,8 +1,14 @@
#include <stdlib.h>
#include <string.h>
#include "misc_mosq.h"
#include "mosquitto_broker_internal.h"
#include "mosquitto_internal.h"
#include "util_mosq.h"
#ifndef UNUSED
# define UNUSED(A) (void)(A)
#endif
struct mosquitto *context__init(mosq_sock_t sock)
{

2
apps/mosquitto_ctrl/Makefile
View File

@ -12,7 +12,7 @@ LIBMOSQ:=../../lib/libmosquitto.a
endif
endif
LOCAL_CPPFLAGS:=-I../mosquitto_passwd
LOCAL_CPPFLAGS:=-I../mosquitto_passwd -DWITH_CJSON
OBJS= mosquitto_ctrl.o \
client.o \

4
apps/mosquitto_ctrl/dynsec.c
View File

@ -79,6 +79,8 @@ void dynsec__print_usage(void)
printf("acltype: publishClientSend|publishClientReceive\n");
printf(" |subscribeLiteral|subscribePattern\n");
printf(" |unsubscribeLiteral|unsubscribePattern\n");
printf("\nFor more information see:\n");
printf(" https://mosquitto.org/documentation/dynamic-security/\n\n");
}
cJSON *cJSON_AddIntToObject(cJSON * const object, const char * const name, int number)
@ -689,7 +691,7 @@ static cJSON *init_create(const char *username, const char *password, const char
}
/* mosquitto_ctrl dynsec init <filename> <admin-user> <admin-password> [role-name] */
int dynsec_init(int argc, char *argv[])
static int dynsec_init(int argc, char *argv[])
{
char *filename;
char *admin_user;

19
apps/mosquitto_ctrl/mosquitto_ctrl.c
View File

@ -28,7 +28,7 @@ Contributors:
#include "mosquitto.h"
#include "mosquitto_ctrl.h"
void print_version(void)
static void print_version(void)
{
int major, minor, revision;
@ -36,14 +36,15 @@ void print_version(void)
printf("mosquitto_ctrl version %s running on libmosquitto %d.%d.%d.\n", VERSION, major, minor, revision);
}
void print_usage(void)
static void print_usage(void)
{
printf("mosquitto_ctrl is a tool for administering certain Mosquitto features.\n");
print_version();
printf("\nGeneral usage: mosquitto_ctrl <module> <module-command> <command-options>\n");
printf("For module specific help use: mosquitto_ctrl <module> help\n");
printf("\nModules available: dynsec\n");
printf("\nSee https://mosquitto.org/man/mosquitto_ctrl-1.html for more information.\n\n");
printf("\nFor more information see:\n");
printf(" https://mosquitto.org/man/mosquitto_ctrl-1.html\n\n");
}
@ -51,7 +52,7 @@ int main(int argc, char *argv[])
{
struct mosq_ctrl ctrl;
int rc = MOSQ_ERR_SUCCESS;
FUNC_ctrl_main ctrl_main = NULL;
FUNC_ctrl_main l_ctrl_main = NULL;
void *lib = NULL;
char lib_name[200];
@ -76,22 +77,22 @@ int main(int argc, char *argv[])
/* In built modules */
if(!strcasecmp(argv[0], "dynsec")){
ctrl_main = dynsec__main;
l_ctrl_main = dynsec__main;
}else{
/* Attempt external module */
snprintf(lib_name, sizeof(lib_name), "mosquitto_ctrl_%s.so", argv[0]);
lib = LIB_LOAD(lib_name);
if(lib){
ctrl_main = (FUNC_ctrl_main)LIB_SYM(lib, "ctrl_main");
l_ctrl_main = (FUNC_ctrl_main)LIB_SYM(lib, "ctrl_main");
}
}
if(ctrl_main == NULL){
if(l_ctrl_main == NULL){
fprintf(stderr, "Error: Module '%s' not supported.\n", argv[0]);
rc = MOSQ_ERR_NOT_SUPPORTED;
}
if(ctrl_main){
rc = ctrl_main(argc-1, &argv[1], &ctrl);
if(l_ctrl_main){
rc = l_ctrl_main(argc-1, &argv[1], &ctrl);
if(rc < 0){
/* Usage print */
rc = 0;

4
apps/mosquitto_passwd/get_password.c
View File

@ -35,7 +35,9 @@ Contributors:
# include <sys/stat.h>
#endif
#define MAX_BUFFER_LEN 65536
#include "get_password.h"
#define MAX_BUFFER_LEN 65500
#define SALT_LEN 12
void get_password__reset_term(void)

18
apps/mosquitto_passwd/mosquitto_passwd.c
View File

@ -52,7 +52,7 @@ Contributors:
# include <sys/stat.h>
#endif
#define MAX_BUFFER_LEN 65536
#define MAX_BUFFER_LEN 65500
#define SALT_LEN 12
#include "misc_mosq.h"
@ -107,7 +107,7 @@ static FILE *mpw_tmpfile(void)
#endif
void print_usage(void)
static void print_usage(void)
{
printf("mosquitto_passwd is a tool for managing password files for mosquitto.\n\n");
printf("Usage: mosquitto_passwd [-H sha512 | -H sha512-pbkdf2] [-c | -D] passwordfile username\n");
@ -122,7 +122,7 @@ void print_usage(void)
printf("\nSee https://mosquitto.org/ for more information.\n\n");
}
int output_new_password(FILE *fptr, const char *username, const char *password, int iterations)
static int output_new_password(FILE *fptr, const char *username, const char *password, int iterations)
{
int rc;
char *salt64 = NULL, *hash64 = NULL;
@ -255,7 +255,7 @@ static int delete_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const
return 0;
}
int delete_pwuser(FILE *fptr, FILE *ftmp, const char *username)
static int delete_pwuser(FILE *fptr, FILE *ftmp, const char *username)
{
struct cb_helper helper;
int rc;
@ -288,7 +288,7 @@ static int update_file_cb(FILE *fptr, FILE *ftmp, const char *username, const ch
}
}
int update_file(FILE *fptr, FILE *ftmp)
static int update_file(FILE *fptr, FILE *ftmp)
{
return pwfile_iterate(fptr, ftmp, update_file_cb, NULL);
}
@ -315,7 +315,7 @@ static int update_pwuser_cb(FILE *fptr, FILE *ftmp, const char *username, const
return rc;
}
int update_pwuser(FILE *fptr, FILE *ftmp, const char *username, const char *password, int iterations)
static int update_pwuser(FILE *fptr, FILE *ftmp, const char *username, const char *password, int iterations)
{
struct cb_helper helper;
int rc;
@ -334,7 +334,7 @@ int update_pwuser(FILE *fptr, FILE *ftmp, const char *username, const char *pass
}
int copy_contents(FILE *src, FILE *dest)
static int copy_contents(FILE *src, FILE *dest)
{
char buf[MAX_BUFFER_LEN];
size_t len;
@ -361,7 +361,7 @@ int copy_contents(FILE *src, FILE *dest)
return 0;
}
int create_backup(const char *backup_file, FILE *fptr)
static int create_backup(const char *backup_file, FILE *fptr)
{
FILE *fbackup;
@ -380,7 +380,7 @@ int create_backup(const char *backup_file, FILE *fptr)
return 0;
}
void handle_sigint(int signal)
static void handle_sigint(int signal)
{
get_password__reset_term();

26
client/client_shared.c
View File

@ -183,7 +183,7 @@ static int check_format(const char *str)
}
void init_config(struct mosq_config *cfg, int pub_or_sub)
static void init_config(struct mosq_config *cfg, int pub_or_sub)
{
memset(cfg, 0, sizeof(*cfg));
cfg->port = PORT_UNDEFINED;
@ -485,7 +485,7 @@ int client_config_load(struct mosq_config *cfg, int pub_or_sub, int argc, char *
return MOSQ_ERR_SUCCESS;
}
int cfg_add_topic(struct mosq_config *cfg, int type, char *topic, const char *arg)
static int cfg_add_topic(struct mosq_config *cfg, int type, char *topic, const char *arg)
{
if(mosquitto_validate_utf8(topic, (int )strlen(topic))){
fprintf(stderr, "Error: Malformed UTF-8 in %s argument.\n\n", arg);
@ -1263,6 +1263,14 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
mosquitto_lib_cleanup();
return 1;
}
# ifdef FINAL_WITH_TLS_PSK
}else if(cfg->psk){
if(mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){
err_printf(cfg, "Error: Problem setting TLS-PSK options.\n");
mosquitto_lib_cleanup();
return 1;
}
# endif
}else if(cfg->port == 8883){
mosquitto_int_option(mosq, MOSQ_OPT_TLS_USE_OS_CERTS, 1);
}
@ -1295,13 +1303,6 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
mosquitto_lib_cleanup();
return 1;
}
# ifdef FINAL_WITH_TLS_PSK
if(cfg->psk && mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){
err_printf(cfg, "Error: Problem setting TLS-PSK options.\n");
mosquitto_lib_cleanup();
return 1;
}
# endif
if((cfg->tls_version || cfg->ciphers) && mosquitto_tls_opts_set(mosq, 1, cfg->tls_version, cfg->ciphers)){
err_printf(cfg, "Error: Problem setting TLS options, check the options are valid.\n");
mosquitto_lib_cleanup();
@ -1321,6 +1322,13 @@ int client_opts_set(struct mosquitto *mosq, struct mosq_config *cfg)
if(cfg->tcp_nodelay){
mosquitto_int_option(mosq, MOSQ_OPT_TCP_NODELAY, 1);
}
if(cfg->msg_count > 0 && cfg->msg_count < 20){
/* 20 is the default "receive maximum"
* If we don't set this, then we can receive > msg_count messages
* before we quit.*/
mosquitto_int_option(mosq, MOSQ_OPT_RECEIVE_MAXIMUM, cfg->msg_count);
}
return MOSQ_ERR_SUCCESS;
}

7
client/client_shared.h
View File

@ -27,6 +27,10 @@ Contributors:
# include <sys/time.h>
#endif
#ifndef __GNUC__
#define __attribute__(attrib)
#endif
/* pub_client.c modes */
#define MSGMODE_NONE 0
#define MSGMODE_CMD 1
@ -136,6 +140,5 @@ int client_connect(struct mosquitto *mosq, struct mosq_config *cfg);
int cfg_parse_property(struct mosq_config *cfg, int argc, char *argv[], int *idx);
void err_printf(const struct mosq_config *cfg, const char *fmt, ...);
void err_printf(const struct mosq_config *cfg, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
#endif

8
client/pub_client.c
View File

@ -232,7 +232,7 @@ int pub_shared_init(void)
}
int pub_stdin_line_loop(struct mosquitto *mosq)
static int pub_stdin_line_loop(struct mosquitto *mosq)
{
char *buf2;
int buf_len_actual = 0;
@ -334,7 +334,7 @@ int pub_stdin_line_loop(struct mosquitto *mosq)
}
int pub_other_loop(struct mosquitto *mosq)
static int pub_other_loop(struct mosquitto *mosq)
{
int rc;
int loop_delay = 1000;
@ -387,7 +387,7 @@ void pub_shared_cleanup(void)
}
void print_version(void)
static void print_version(void)
{
int major, minor, revision;
@ -395,7 +395,7 @@ void print_version(void)
printf("mosquitto_pub version %s running on libmosquitto %d.%d.%d.\n", VERSION, major, minor, revision);
}
void print_usage(void)
static void print_usage(void)
{
int major, minor, revision;

12
client/rr_client.c
View File

@ -50,8 +50,6 @@ enum rr__state {
static enum rr__state client_state = rr_s_new;
extern struct mosq_config cfg;
bool process_messages = true;
int msg_count = 0;
struct mosquitto *g_mosq = NULL;
@ -59,7 +57,7 @@ static bool timed_out = false;
static int connack_result = 0;
#ifndef WIN32
void my_signal_handler(int signum)
static void my_signal_handler(int signum)
{
if(signum == SIGALRM){
process_messages = false;
@ -80,7 +78,7 @@ int my_publish(struct mosquitto *mosq, int *mid, const char *topic, int payloadl
}
void my_message_callback(struct mosquitto *mosq, void *obj, const struct mosquitto_message *message, const mosquitto_property *properties)
static void my_message_callback(struct mosquitto *mosq, void *obj, const struct mosquitto_message *message, const mosquitto_property *properties)
{
UNUSED(mosq);
UNUSED(obj);
@ -151,7 +149,7 @@ void my_connect_callback(struct mosquitto *mosq, void *obj, int result, int flag
}
void my_subscribe_callback(struct mosquitto *mosq, void *obj, int mid, int qos_count, const int *granted_qos)
static void my_subscribe_callback(struct mosquitto *mosq, void *obj, int mid, int qos_count, const int *granted_qos)
{
UNUSED(obj);
UNUSED(mid);
@ -179,7 +177,7 @@ void my_publish_callback(struct mosquitto *mosq, void *obj, int mid, int reason_
}
void print_version(void)
static void print_version(void)
{
int major, minor, revision;
@ -187,7 +185,7 @@ void print_version(void)
printf("mosquitto_rr version %s running on libmosquitto %d.%d.%d.\n", VERSION, major, minor, revision);
}
void print_usage(void)
static void print_usage(void)
{
int major, minor, revision;

26
client/sub_client.c
View File

@ -48,7 +48,7 @@ static int connack_result = 0;
bool connack_received = false;
#ifndef WIN32
void my_signal_handler(int signum)
static void my_signal_handler(int signum)
{
if(signum == SIGALRM || signum == SIGTERM || signum == SIGINT){
if(connack_received){
@ -65,19 +65,7 @@ void my_signal_handler(int signum)
#endif
void my_publish_callback(struct mosquitto *mosq, void *obj, int mid, int reason_code, const mosquitto_property *properties)
{
UNUSED(obj);
UNUSED(reason_code);
UNUSED(properties);
if(process_messages == false && (mid == last_mid || last_mid == 0)){
mosquitto_disconnect_v5(mosq, 0, cfg.disconnect_props);
}
}
void my_message_callback(struct mosquitto *mosq, void *obj, const struct mosquitto_message *message, const mosquitto_property *properties)
static void my_message_callback(struct mosquitto *mosq, void *obj, const struct mosquitto_message *message, const mosquitto_property *properties)
{
int i;
bool res;
@ -120,7 +108,7 @@ void my_message_callback(struct mosquitto *mosq, void *obj, const struct mosquit
}
}
void my_connect_callback(struct mosquitto *mosq, void *obj, int result, int flags, const mosquitto_property *properties)
static void my_connect_callback(struct mosquitto *mosq, void *obj, int result, int flags, const mosquitto_property *properties)
{
int i;
@ -153,7 +141,7 @@ void my_connect_callback(struct mosquitto *mosq, void *obj, int result, int flag
}
}
void my_subscribe_callback(struct mosquitto *mosq, void *obj, int mid, int qos_count, const int *granted_qos)
static void my_subscribe_callback(struct mosquitto *mosq, void *obj, int mid, int qos_count, const int *granted_qos)
{
int i;
bool some_sub_allowed = (granted_qos[0] < 128);
@ -177,7 +165,7 @@ void my_subscribe_callback(struct mosquitto *mosq, void *obj, int mid, int qos_c
}
}
void my_log_callback(struct mosquitto *mosq, void *obj, int level, const char *str)
static void my_log_callback(struct mosquitto *mosq, void *obj, int level, const char *str)
{
UNUSED(mosq);
UNUSED(obj);
@ -186,7 +174,7 @@ void my_log_callback(struct mosquitto *mosq, void *obj, int level, const char *s
printf("%s\n", str);
}
void print_version(void)
static void print_version(void)
{
int major, minor, revision;
@ -194,7 +182,7 @@ void print_version(void)
printf("mosquitto_sub version %s running on libmosquitto %d.%d.%d.\n", VERSION, major, minor, revision);
}
void print_usage(void)
static void print_usage(void)
{
int major, minor, revision;

17
config.mk
View File

@ -127,7 +127,7 @@ WITH_XTREPORT=no
# Also bump lib/mosquitto.h, CMakeLists.txt,
# installer/mosquitto.nsi, installer/mosquitto64.nsi
VERSION=2.0.9
VERSION=2.0.10
# Client library SO version. Bump if incompatible API/ABI changes are made.
SOVERSION=1
@ -140,6 +140,7 @@ DB_HTML_XSL=man/html.xsl
#MANCOUNTRIES=en_GB
UNAME:=$(shell uname -s)
ARCH:=$(shell uname -p)
ifeq ($(UNAME),SunOS)
ifeq ($(CC),cc)
@ -148,7 +149,7 @@ ifeq ($(UNAME),SunOS)
CFLAGS?=-Wall -ggdb -O2
endif
else
CFLAGS?=-Wall -ggdb -O2 -Wconversion
CFLAGS?=-Wall -ggdb -O2 -Wconversion -Wextra
endif
STATIC_LIB_DEPS:=
@ -199,9 +200,15 @@ ifeq ($(WITH_SHARED_LIBRARIES),yes)
endif
ifeq ($(UNAME),SunOS)
ifeq ($(CC),cc)
LIB_CFLAGS:=$(LIB_CFLAGS) -xc99 -KPIC
else
SEDINPLACE:=
ifeq ($(ARCH),sparc)
ifeq ($(CC),cc)
LIB_CFLAGS:=$(LIB_CFLAGS) -xc99 -KPIC
else
LIB_CFLAGS:=$(LIB_CFLAGS) -fPIC
endif
endif
ifeq ($(ARCH),i386)
LIB_CFLAGS:=$(LIB_CFLAGS) -fPIC
endif

164
docker/generic/Dockerfile
View File

@ -1,74 +1,114 @@
FROM alpine:edge AS build
FROM alpine:3.12
LABEL maintainer="Roger Light <roger@atchoo.org>" \
description="Eclipse Mosquitto MQTT Broker"
# A released dist version, like "1.2.3"
ARG VERSION
RUN test -n "${VERSION}"
RUN apk --no-cache add \
build-base \
c-ares-dev \
ca-certificates \
cjson-dev \
curl \
libwebsockets-dev \
libxslt \
openssl-dev \
python2 \
util-linux-dev
ENV \
GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \
LWS_VERSION=2.4.2 \
LWS_SHA256=73012d7fcf428dedccc816e83a63a01462e27819d5537b8e0d0c7264bfacfad6 \
CJSON_VERSION=1.7.14 \
CJSON_SHA256=fb50a663eefdc76bafa80c82bc045af13b1363e8f45cec8b442007aef6a41343
# This build procedure is based on:
# https://github.com/alpinelinux/aports/blob/master/main/mosquitto/APKBUILD
#
# If this step fails, double check the version build-arg and make sure its
# a valid published tarball at https://mosquitto.org/files/source/
RUN mkdir -p /build /install && \
curl -SL https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz \
| tar --strip=1 -xzC /build && \
make -C /build \
WITH_MEMORY_TRACKING=no \
WITH_WEBSOCKETS=yes \
WITH_SRV=yes \
WITH_TLS_PSK=no \
WITH_ADNS=no \
prefix=/usr \
binary && \
make -C /build \
prefix=/usr \
DESTDIR="/install" \
install && \
mv /install/etc/mosquitto/mosquitto.conf.example /install/etc/mosquitto/mosquitto.conf && \
sed -i -e 's/#log_dest stderr/log_dest syslog/' /install/etc/mosquitto/mosquitto.conf
# Single-layer image for the mosquitto distribution
FROM alpine:latest
LABEL maintainer="Jonathan Hanson <jonathan@jonathan-hanson.org>" \
description="Eclipse Mosquitto MQTT Broker"
# Install the run-time dependencies
RUN apk --no-cache add \
busybox \
ca-certificates \
cjson \
openssl \
libuuid \
libwebsockets \
musl
# Copy over the built install from the earlier image layer
COPY --from=build /install /
# Set up the mosquitto directories and the mosquitto user
RUN addgroup -S mosquitto 2>/dev/null && \
adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \
RUN set -x && \
apk --no-cache add --virtual build-deps \
build-base \
cmake \
gnupg \
openssl-dev \
util-linux-dev && \
wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \
echo "$LWS_SHA256 /tmp/lws.tar.gz" | sha256sum -c - && \
mkdir -p /build/lws && \
tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \
rm /tmp/lws.tar.gz && \
cd /build/lws && \
cmake . \
-DCMAKE_BUILD_TYPE=MinSizeRel \
-DCMAKE_INSTALL_PREFIX=/usr \
-DLWS_IPV6=ON \
-DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \
-DLWS_WITHOUT_CLIENT=ON \
-DLWS_WITHOUT_EXTENSIONS=ON \
-DLWS_WITHOUT_TESTAPPS=ON \
-DLWS_WITH_SHARED=OFF \
-DLWS_WITH_ZIP_FOPS=OFF \
-DLWS_WITH_ZLIB=OFF && \
make -j "$(nproc)" && \
rm -rf /root/.cmake && \
wget https://github.com/DaveGamble/cJSON/archive/v${CJSON_VERSION}.tar.gz -O /tmp/cjson.tar.gz && \
echo "$CJSON_SHA256 /tmp/cjson.tar.gz" | sha256sum -c - && \
mkdir -p /build/cjson && \
tar --strip=1 -xf /tmp/cjson.tar.gz -C /build/cjson && \
rm /tmp/cjson.tar.gz && \
cd /build/cjson && \
cmake . \
-DCMAKE_BUILD_TYPE=MinSizeRel \
-DBUILD_SHARED_AND_STATIC_LIBS=OFF \
-DBUILD_SHARED_LIBS=OFF \
-DCJSON_BUILD_SHARED_LIBS=OFF \
-DCJSON_OVERRIDE_BUILD_SHARED_LIBS=OFF \
-DCMAKE_INSTALL_PREFIX=/usr && \
make -j "$(nproc)" && \
rm -rf /root/.cmake && \
wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \
wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \
export GNUPGHOME="$(mktemp -d)" && \
found=''; \
for server in \
ha.pool.sks-keyservers.net \
hkp://keyserver.ubuntu.com:80 \
hkp://p80.pool.sks-keyservers.net:80 \
pgp.mit.edu \
; do \
echo "Fetching GPG key $GPG_KEYS from $server"; \
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
done; \
test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \
gpgconf --kill all && \
rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \
mkdir -p /build/mosq && \
tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \
rm /tmp/mosq.tar.gz && \
make -C /build/mosq -j "$(nproc)" \
CFLAGS="-Wall -O2 -I/build/lws/include -I/build" \
LDFLAGS="-L/build/lws/lib -L/build/cjson" \
WITH_ADNS=no \
WITH_DOCS=no \
WITH_SHARED_LIBRARIES=yes \
WITH_SRV=no \
WITH_STRIP=yes \
WITH_TLS_PSK=no \
WITH_WEBSOCKETS=yes \
prefix=/usr \
binary && \
addgroup -S -g 1883 mosquitto 2>/dev/null && \
adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \
mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \
cp /etc/mosquitto/mosquitto.conf /mosquitto/config && \
chown -R mosquitto:mosquitto /mosquitto
install -d /usr/sbin/ && \
install -s -m755 /build/mosq/client/mosquitto_pub /usr/bin/mosquitto_pub && \
install -s -m755 /build/mosq/client/mosquitto_rr /usr/bin/mosquitto_rr && \
install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \
install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \
install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \
install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \
install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \
install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \
install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \
chown -R mosquitto:mosquitto /mosquitto && \
apk --no-cache add \
ca-certificates && \
apk del build-deps && \
rm -rf /build
VOLUME ["/mosquitto/config", "/mosquitto/data", "/mosquitto/log"]
VOLUME ["/mosquitto/data", "/mosquitto/log"]
# Set up the entry point script and default command
COPY docker-entrypoint.sh /
COPY docker-entrypoint.sh mosquitto-no-auth.conf /
EXPOSE 1883
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]

13
docker/generic/README.md
View File

@ -9,6 +9,19 @@ Three docker volumes have been created in the image to be used for configuration
/mosquitto/log
```
## Running without a configuration file
Mosquitto 2.0 requires you to configure listeners and authentication before it
will allow connections from anything other than the loopback interface. In the
context of a container, this means you would normally need to provide a
configuration file with your settings.
If you wish to run mosquitto without any authentication, and without setting
any other configuration options, you can do so by using a configuration
provided in the container for this purpose:
```
docker run -it -p 1883:1883 eclipse-mosquitto:<version> mosquitto -c /mosquitto-no-auth.conf
```
## Configuration
When creating a container from the image, the default configuration values are used.
To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf`

5
docker/generic/mosquitto-no-auth.conf Normal file
View File

@ -0,0 +1,5 @@
# This is a Mosquitto configuration file that creates a listener on port 1883
# that allows unauthenticated access.
listener 1883
allow_anonymous true

2
include/mosquitto.h
View File

@ -66,7 +66,7 @@ extern "C" {
#define LIBMOSQUITTO_MAJOR 2
#define LIBMOSQUITTO_MINOR 0
#define LIBMOSQUITTO_REVISION 9
#define LIBMOSQUITTO_REVISION 10
/* LIBMOSQUITTO_VERSION_NUMBER looks like 1002001 for e.g. version 1.2.1. */
#define LIBMOSQUITTO_VERSION_NUMBER (LIBMOSQUITTO_MAJOR*1000000+LIBMOSQUITTO_MINOR*1000+LIBMOSQUITTO_REVISION)

2
installer/mosquitto.nsi
View File

@ -9,7 +9,7 @@
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
Name "Eclipse Mosquitto"
!define VERSION 2.0.9
!define VERSION 2.0.10
OutFile "mosquitto-${VERSION}-install-windows-x86.exe"
InstallDir "$PROGRAMFILES\mosquitto"

2
installer/mosquitto64.nsi
View File

@ -9,7 +9,7 @@
!define env_hklm 'HKLM "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"'
Name "Eclipse Mosquitto"
!define VERSION 2.0.9
!define VERSION 2.0.10
OutFile "mosquitto-${VERSION}-install-windows-x64.exe"
!include "x64.nsh"

2
lib/connect.c
View File

@ -189,7 +189,7 @@ static int mosquitto__reconnect(struct mosquitto *mosq, bool blocking)
packet__cleanup_all(mosq);
message__reconnect_reset(mosq);
message__reconnect_reset(mosq, false);
if(mosq->sock != INVALID_SOCKET){
net__socket_close(mosq); //close socket

1
lib/handle_auth.c
View File

@ -26,6 +26,7 @@ Contributors:
#include "mqtt_protocol.h"
#include "packet_mosq.h"
#include "property_mosq.h"
#include "read_handle.h"
int handle__auth(struct mosquitto *mosq)

2
lib/handle_connack.c
View File

@ -106,7 +106,7 @@ int handle__connack(struct mosquitto *mosq)
mosquitto_property_read_int32(properties, MQTT_PROP_MAXIMUM_PACKET_SIZE, &mosq->maximum_packet_size, false);
mosq->msgs_out.inflight_quota = mosq->msgs_out.inflight_maximum;
message__reconnect_reset(mosq);
message__reconnect_reset(mosq, true);
connack_callback(mosq, reason_code, connect_flags, properties);
mosquitto_property_free_all(&properties);

1
lib/handle_disconnect.c
View File

@ -27,6 +27,7 @@ Contributors:
#include "net_mosq.h"
#include "packet_mosq.h"
#include "property_mosq.h"
#include "read_handle.h"
#include "send_mosq.h"
#include "util_mosq.h"

1
lib/handle_publish.c
View File

@ -29,6 +29,7 @@ Contributors:
#include "messages_mosq.h"
#include "packet_mosq.h"
#include "property_mosq.h"
#include "read_handle.h"
#include "send_mosq.h"
#include "time_mosq.h"
#include "util_mosq.h"

1
lib/handle_suback.c
View File

@ -31,6 +31,7 @@ Contributors:
#include "mqtt_protocol.h"
#include "packet_mosq.h"
#include "property_mosq.h"
#include "read_handle.h"
#include "util_mosq.h"

5
lib/logging_mosq.c
View File

@ -23,11 +23,12 @@ Contributors:
#include <stdio.h>
#include <string.h>
#include "logging_mosq.h"
#include "mosquitto_internal.h"
#include "mosquitto.h"
#include "memory_mosq.h"
int log__printf(struct mosquitto *mosq, int priority, const char *fmt, ...)
int log__printf(struct mosquitto *mosq, unsigned int priority, const char *fmt, ...)
{
va_list va;
char *s;
@ -50,7 +51,7 @@ int log__printf(struct mosquitto *mosq, int priority, const char *fmt, ...)
va_end(va);
s[len-1] = '\0'; /* Ensure string is null terminated. */
mosq->on_log(mosq, mosq->userdata, priority, s);
mosq->on_log(mosq, mosq->userdata, (int)priority, s);
mosquitto__free(s);
}

6
lib/logging_mosq.h
View File

@ -20,6 +20,10 @@ Contributors:
#include "mosquitto.h"
int log__printf(struct mosquitto *mosq, unsigned int priority, const char *fmt, ...);
#ifndef __GNUC__
#define __attribute__(attrib)
#endif
int log__printf(struct mosquitto *mosq, unsigned int level, const char *fmt, ...) __attribute__((format(printf, 3, 4)));
#endif

5
lib/loop.c
View File

@ -204,10 +204,9 @@ static int interruptible_sleep(struct mosquitto *mosq, time_t reconnect_delay)
int maxfd = 0;
#ifndef WIN32
if(read(mosq->sockpairR, &pairbuf, 1) == 0){
}
while(read(mosq->sockpairR, &pairbuf, 1) > 0);
#else
recv(mosq->sockpairR, &pairbuf, 1, 0);
while(recv(mosq->sockpairR, &pairbuf, 1, 0) > 0);
#endif
local_timeout.tv_sec = reconnect_delay;

20
lib/messages_mosq.c
View File

@ -137,7 +137,7 @@ int message__queue(struct mosquitto *mosq, struct mosquitto_message_all *message
return message__release_to_inflight(mosq, dir);
}
void message__reconnect_reset(struct mosquitto *mosq)
void message__reconnect_reset(struct mosquitto *mosq, bool update_quota_only)
{
struct mosquitto_message_all *message, *tmp;
assert(mosq);
@ -169,15 +169,17 @@ void message__reconnect_reset(struct mosquitto *mosq)
message->timestamp = 0;
if(mosq->msgs_out.inflight_quota != 0){
util__decrement_send_quota(mosq);
if(message->msg.qos == 1){
message->state = mosq_ms_publish_qos1;
}else if(message->msg.qos == 2){
if(message->state == mosq_ms_wait_for_pubrec){
message->state = mosq_ms_publish_qos2;
}else if(message->state == mosq_ms_wait_for_pubcomp){
message->state = mosq_ms_resend_pubrel;
if (update_quota_only == false){
if(message->msg.qos == 1){
message->state = mosq_ms_publish_qos1;
}else if(message->msg.qos == 2){
if(message->state == mosq_ms_wait_for_pubrec){
message->state = mosq_ms_publish_qos2;
}else if(message->state == mosq_ms_wait_for_pubcomp){
message->state = mosq_ms_resend_pubrel;
}
/* Should be able to preserve state. */
}
/* Should be able to preserve state. */
}
}else{
message->state = mosq_ms_invalid;

2
lib/messages_mosq.h
View File

@ -25,7 +25,7 @@ void message__cleanup_all(struct mosquitto *mosq);
void message__cleanup(struct mosquitto_message_all **message);
int message__delete(struct mosquitto *mosq, uint16_t mid, enum mosquitto_msg_direction dir, int qos);
int message__queue(struct mosquitto *mosq, struct mosquitto_message_all *message, enum mosquitto_msg_direction dir);
void message__reconnect_reset(struct mosquitto *mosq);
void message__reconnect_reset(struct mosquitto *mosq, bool update_quota_only);
int message__release_to_inflight(struct mosquitto *mosq, enum mosquitto_msg_direction dir);
int message__remove(struct mosquitto *mosq, uint16_t mid, enum mosquitto_msg_direction dir, struct mosquitto_message_all **message, int qos);
void message__retry_check(struct mosquitto *mosq);

2
lib/misc_mosq.c
View File

@ -36,6 +36,8 @@ Contributors:
# include <sys/stat.h>
#endif
#include "misc_mosq.h"
FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read)
{

1
lib/misc_mosq.h
View File

@ -19,6 +19,7 @@ Contributors:
#define MISC_MOSQ_H
#include <stdbool.h>
#include <stdio.h>
FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read);
char *misc__trimblanks(char *str);

5
lib/net_mosq.c
View File

@ -917,16 +917,13 @@ int net__socket_connect_step3(struct mosquitto *mosq, const char *host)
/* Create a socket and connect it to 'ip' on port 'port'. */
int net__socket_connect(struct mosquitto *mosq, const char *host, uint16_t port, const char *bind_address, bool blocking)
{
mosq_sock_t sock = INVALID_SOCKET;
int rc, rc2;
if(!mosq || !host) return MOSQ_ERR_INVAL;
rc = net__try_connect(host, port, &sock, bind_address, blocking);
rc = net__try_connect(host, port, &mosq->sock, bind_address, blocking);
if(rc > 0) return rc;
mosq->sock = sock;
if(mosq->tcp_nodelay){
int flag = 1;
if(setsockopt(mosq->sock, IPPROTO_TCP, TCP_NODELAY, (const void*)&flag, sizeof(int)) != 0){

3
lib/net_mosq_ocsp.c
View File

@ -64,10 +64,11 @@ int mosquitto__verify_ocsp_status_cb(SSL * ssl, void *arg)
OCSP_BASICRESP *br = NULL;
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
long len;
UNUSED(ssl);
long len = SSL_get_tlsext_status_ocsp_resp(mosq->ssl, &p);
len = SSL_get_tlsext_status_ocsp_resp(mosq->ssl, &p);
log__printf(mosq, MOSQ_LOG_DEBUG, "OCSP: SSL_get_tlsext_status_ocsp_resp returned %ld bytes", len);
/* the following functions expect a const pointer */

6
lib/property_mosq.c
View File

@ -33,7 +33,7 @@ Contributors:
#include "property_mosq.h"
int property__read(struct mosquitto__packet *packet, uint32_t *len, mosquitto_property *property)
static int property__read(struct mosquitto__packet *packet, uint32_t *len, mosquitto_property *property)
{
int rc;
uint32_t property_identifier;
@ -355,7 +355,7 @@ unsigned int property__get_remaining_length(const mosquitto_property *props)
}
int property__write(struct mosquitto__packet *packet, const mosquitto_property *property)
static int property__write(struct mosquitto__packet *packet, const mosquitto_property *property)
{
int rc;
@ -975,7 +975,7 @@ int mosquitto_property_check_all(int command, const mosquitto_property *properti
return MOSQ_ERR_SUCCESS;
}
const mosquitto_property *property__get_property(const mosquitto_property *proplist, int identifier, bool skip_first)
static const mosquitto_property *property__get_property(const mosquitto_property *proplist, int identifier, bool skip_first)
{
const mosquitto_property *p;
bool is_first = true;

1
lib/send_connect.c
View File

@ -32,6 +32,7 @@ Contributors:
#include "mqtt_protocol.h"
#include "packet_mosq.h"
#include "property_mosq.h"
#include "send_mosq.h"
int send__connect(struct mosquitto *mosq, uint16_t keepalive, bool clean_session, const mosquitto_property *properties)
{

3
lib/send_subscribe.c
View File

@ -32,10 +32,11 @@ Contributors:
#include "mqtt_protocol.h"
#include "packet_mosq.h"
#include "property_mosq.h"
#include "send_mosq.h"
#include "util_mosq.h"
int send__subscribe(struct mosquitto *mosq, int *mid, int topic_count, const char **topic, int topic_qos, const mosquitto_property *properties)
int send__subscribe(struct mosquitto *mosq, int *mid, int topic_count, char *const *const topic, int topic_qos, const mosquitto_property *properties)
{
struct mosquitto__packet *packet = NULL;
uint32_t packetlen;

3
lib/socks_mosq.c
View File

@ -23,7 +23,7 @@ Contributors:
#include <limits.h>
#ifdef WIN32
# include <ws2tcpip.h>
#elif __QNX__
#elif defined(__QNX__)
# include <sys/socket.h>
# include <arpa/inet.h>
# include <netinet/in.h>
@ -40,6 +40,7 @@ Contributors:
#include "net_mosq.h"
#include "packet_mosq.h"
#include "send_mosq.h"
#include "socks_mosq.h"
#include "util_mosq.h"
#define SOCKS_AUTH_NONE 0x00U

2
lib/tls_mosq.c
View File

@ -84,7 +84,7 @@ int mosquitto__server_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx)
}
}
int mosquitto__cmp_hostname_wildcard(char *certname, const char *hostname)
static int mosquitto__cmp_hostname_wildcard(char *certname, const char *hostname)
{
size_t i;
size_t len;

18
man/mosquitto.conf.5.xml
View File

@ -42,7 +42,8 @@
<title>Authentication</title>
<para>The authentication options described below allow a wide range of
possibilities in conjunction with the listener options. This
section aims to clarify the possibilities.</para>
section aims to clarify the possibilities. An overview is also available at
<ulink url="https://mosquitto.org/documentation/authentication-methods/"/></para>
<para>The simplest option is to have no authentication at all. This is
the default if no other options are given. Unauthenticated
encrypted support is provided by using the certificate based
@ -54,6 +55,11 @@
vulnerable to interception. Use the
<option>per_listener_settings</option> to control whether passwords
are required globally or on a per-listener basis.</para>
<para>Mosquitto provides the Dynamic Security plugin which handles
username/password authentication and access control in a much
more flexible way than a password file. See
<ulink url="https://mosquitto.org/documentation/dynamic-security/"/>
</para>
<para>When using certificate based encryption there are three options
that affect authentication. The first is require_certificate, which
may be set to true or false. If false, the SSL/TLS component of the
@ -164,6 +170,9 @@
<para>Reloaded on reload signal. The currently loaded ACLs
will be freed and reloaded. Existing subscriptions will
be affected after the reload.</para>
<para>See also
<ulink url="https://mosquitto.org/documentation/dynamic-security/"/>
</para>
</listitem>
</varlistentry>
<varlistentry>
@ -267,6 +276,9 @@
alongsize <option>auth_plugin</option>, the plugin
checks will run after the built in checks.</para>
<para>Not currently reloaded on reload signal.</para>
<para>See also
<ulink url="https://mosquitto.org/documentation/dynamic-security/"/>
</para>
</listitem>
</varlistentry>
<varlistentry>
@ -753,7 +765,9 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S
Clients that are already connected will not be
affected.</para>
<para>See also
<citerefentry><refentrytitle>mosquitto_passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<citerefentry><refentrytitle>mosquitto_passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and
<ulink url="https://mosquitto.org/documentation/dynamic-security/"/>
</para>
</listitem>
</varlistentry>
<varlistentry>

22
man/mosquitto_ctrl.1.xml
View File

@ -17,7 +17,7 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>mosquitto_ctrl</command>
<arg choice='opt'>connection-options</arg>
<arg choice='opt'>connection-options | -o config-file</arg>
<arg choice='plain'>module-name</arg>
<arg choice='plain'>module-command</arg>
<arg choice='opt'>command-options</arg>
@ -132,7 +132,11 @@
<para>The options below may be given on the command line, but may also
be placed in a config file located at
<option>$XDG_CONFIG_HOME/mosquitto_ctrl</option> or
<option>$HOME/.config/mosquitto_ctrl</option> with one pair of
<option>$HOME/.config/mosquitto_ctrl</option>.</para>
<para>The config file may be specified manually with the
<option>-o <replaceable>config-file</replaceable></option>
option.</para>
<para>The config file should have one pair of
<option>-option <replaceable>value</replaceable></option>
per line. The values in the config file will be used as defaults
and can be overridden by using the command line. The exceptions to
@ -320,6 +324,20 @@
being sent than would normally be necessary.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-o</option> <replaceable>config-file</replaceable></term>
<listitem>
<para>Provide a path to a config file to load options from. The config file should have one pair of
<option>-option <replaceable>value</replaceable></option>
per line. The values in the config file will be used as defaults
and can be overridden by using the command line. The exceptions to
this are the message type options, of which only one can be
specified. Note also that currently some options cannot be negated,
e.g. <option>-S</option>. Config file lines that have a
<option>#</option> as the first character are treated as comments
and not processed any further.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-p</option></term>
<term><option>--port</option></term>

2
plugins/auth-by-ip/CMakeLists.txt
View File

@ -1,5 +1,5 @@
include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include
${STDBOOL_H_PATH} ${STDINT_H_PATH})
${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH})
add_library(mosquitto_auth_by_ip SHARED mosquitto_auth_by_ip.c)
set_target_properties(mosquitto_auth_by_ip PROPERTIES

13
plugins/auth-by-ip/mosquitto_auth_by_ip.c
View File

@ -32,7 +32,7 @@ Contributors:
*
* Note that this only works on Mosquitto 2.0 or later.
*/
#include "config.h"
#include <stdio.h>
#include <string.h>
@ -49,6 +49,9 @@ static int basic_auth_callback(int event, void *event_data, void *userdata)
struct mosquitto_evt_basic_auth *ed = event_data;
const char *ip_address;
UNUSED(event);
UNUSED(userdata);
ip_address = mosquitto_client_address(ed->client);
if(!strcmp(ip_address, "127.0.0.1")){
/* Only allow connections from localhost */
@ -72,11 +75,19 @@ int mosquitto_plugin_version(int supported_version_count, const int *supported_v
int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **user_data, struct mosquitto_opt *opts, int opt_count)
{
UNUSED(user_data);
UNUSED(opts);
UNUSED(opt_count);
mosq_pid = identifier;
return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL);
}
int mosquitto_plugin_cleanup(void *user_data, struct mosquitto_opt *opts, int opt_count)
{
UNUSED(user_data);
UNUSED(opts);
UNUSED(opt_count);
return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL);
}

2
plugins/dynamic-security/Makefile
View File

@ -3,7 +3,7 @@ include ../../config.mk
.PHONY : all binary check clean reallyclean test install uninstall
PLUGIN_NAME=mosquitto_dynamic_security
LOCAL_CPPFLAGS=-I../../src/
LOCAL_CPPFLAGS=-I../../src/ -DWITH_CJSON
OBJS= \
acl.o \

1
plugins/dynamic-security/json_help.c
View File

@ -23,6 +23,7 @@ Contributors:
#include <stdlib.h>
#include <stdio.h>
#include "json_help.h"
#include "mosquitto.h"

4
plugins/dynamic-security/plugin.c
View File

@ -131,7 +131,7 @@ static int dynsec_control_callback(int event, void *event_data, void *userdata)
return MOSQ_ERR_SUCCESS;
}
int dynsec__process_set_default_acl_access(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
static int dynsec__process_set_default_acl_access(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
{
cJSON *j_actions, *j_action, *j_acltype, *j_allow;
bool allow;
@ -174,7 +174,7 @@ int dynsec__process_set_default_acl_access(cJSON *j_responses, struct mosquitto
}
int dynsec__process_get_default_acl_access(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
static int dynsec__process_get_default_acl_access(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
{
cJSON *tree, *jtmp, *j_data, *j_acls, *j_acl;
const char *admin_clientid, *admin_username;

4
plugins/dynamic-security/rolelist.c
View File

@ -51,7 +51,7 @@ static int rolelist_cmp(void *a, void *b)
}
void dynsec_rolelist__free_item(struct dynsec__rolelist **base_rolelist, struct dynsec__rolelist *rolelist)
static void dynsec_rolelist__free_item(struct dynsec__rolelist **base_rolelist, struct dynsec__rolelist *rolelist)
{
HASH_DELETE(hh, *base_rolelist, rolelist);
mosquitto_free(rolelist->rolename);
@ -67,7 +67,7 @@ void dynsec_rolelist__cleanup(struct dynsec__rolelist **base_rolelist)
}
}
int dynsec_rolelist__remove_role(struct dynsec__rolelist **base_rolelist, const struct dynsec__role *role)
static int dynsec_rolelist__remove_role(struct dynsec__rolelist **base_rolelist, const struct dynsec__role *role)
{
struct dynsec__rolelist *found_rolelist;

2
plugins/dynamic-security/roles.c
View File

@ -209,7 +209,7 @@ static int insert_acl_cmp(struct dynsec__acl *a, struct dynsec__acl *b)
}
int dynsec_roles__acl_load(cJSON *j_acls, const char *key, struct dynsec__acl **acllist)
static int dynsec_roles__acl_load(cJSON *j_acls, const char *key, struct dynsec__acl **acllist)
{
cJSON *j_acl, *j_type, *jtmp;
struct dynsec__acl *acl;

2
plugins/dynamic-security/sub_matches_sub.c
View File

@ -21,6 +21,8 @@ Contributors:
#include <stdlib.h>
#include <string.h>
#include "dynamic_security.h"
static char *strtok_hier(char *str, char **saveptr)
{
char *c;

2
plugins/message-timestamp/CMakeLists.txt
View File

@ -1,5 +1,5 @@
include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include
${STDBOOL_H_PATH} ${STDINT_H_PATH})
${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH})
add_library(mosquitto_message_timestamp SHARED mosquitto_message_timestamp.c)
set_target_properties(mosquitto_message_timestamp PROPERTIES

2
plugins/payload-modification/CMakeLists.txt
View File

@ -1,5 +1,5 @@
include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include
${STDBOOL_H_PATH} ${STDINT_H_PATH})
${OPENSSL_INCLUDE_DIR} ${STDBOOL_H_PATH} ${STDINT_H_PATH})
link_directories(${mosquitto_SOURCE_DIR})
add_library(mosquitto_payload_modification SHARED mosquitto_payload_modification.c)

2
set-version.sh
View File

@ -2,7 +2,7 @@
MAJOR=2
MINOR=0
REVISION=9
REVISION=10
sed -i "s/^VERSION=.*/VERSION=${MAJOR}.${MINOR}.${REVISION}/" config.mk

2
snap/snapcraft.yaml
View File

@ -1,5 +1,5 @@
name: mosquitto
version: 2.0.9
version: 2.0.10
summary: Eclipse Mosquitto MQTT broker
description: This is a message broker that supports version 5.0, 3.1.1, and 3.1 of the MQTT
protocol.

4
src/conf.c
View File

@ -527,7 +527,7 @@ int config__parse_args(struct mosquitto__config *config, int argc, char *argv[])
return config__check(config);
}
void config__copy(struct mosquitto__config *src, struct mosquitto__config *dest)
static void config__copy(struct mosquitto__config *src, struct mosquitto__config *dest)
{
mosquitto__free(dest->security_options.acl_file);
dest->security_options.acl_file = src->security_options.acl_file;
@ -721,7 +721,7 @@ int config__read(struct mosquitto__config *config, bool reload)
}
int config__read_file_core(struct mosquitto__config *config, bool reload, struct config_recurse *cr, int level, int *lineno, FILE *fptr, char **buf, int *buflen)
static int config__read_file_core(struct mosquitto__config *config, bool reload, struct config_recurse *cr, int level, int *lineno, FILE *fptr, char **buf, int *buflen)
{
int rc;
char *token;

2
src/conf_includedir.c
View File

@ -50,7 +50,7 @@ Contributors:
#include "mqtt_protocol.h"
int scmp_p(const void *p1, const void *p2)
static int scmp_p(const void *p1, const void *p2)
{
const char *s1 = *(const char **)p1;
const char *s2 = *(const char **)p2;

65
src/database.c
View File

@ -580,7 +580,7 @@ int db__message_update_outgoing(struct mosquitto *context, uint16_t mid, enum mo
}
void db__messages_delete_list(struct mosquitto_client_msg **head)
static void db__messages_delete_list(struct mosquitto_client_msg **head)
{
struct mosquitto_client_msg *tail, *tmp;
@ -624,7 +624,7 @@ int db__messages_delete(struct mosquitto *context, bool force_free)
int db__messages_easy_queue(struct mosquitto *context, const char *topic, uint8_t qos, uint32_t payloadlen, const void *payload, int retain, uint32_t message_expiry_interval, mosquitto_property **properties)
{
struct mosquitto_msg_store *stored;
char *source_id;
const char *source_id;
enum mosquitto_msg_origin origin;
if(!topic) return MOSQ_ERR_INVAL;
@ -752,7 +752,7 @@ int db__message_store_find(struct mosquitto *context, uint16_t mid, struct mosqu
/* Called on reconnect to set outgoing messages to a sensible state and force a
* retry, and to set incoming messages to expect an appropriate retry. */
int db__message_reconnect_reset_outgoing(struct mosquitto *context)
static int db__message_reconnect_reset_outgoing(struct mosquitto *context)
{
struct mosquitto_client_msg *msg, *tmp;
@ -821,7 +821,7 @@ int db__message_reconnect_reset_outgoing(struct mosquitto *context)
/* Called on reconnect to set incoming messages to expect an appropriate retry. */
int db__message_reconnect_reset_incoming(struct mosquitto *context)
static int db__message_reconnect_reset_incoming(struct mosquitto *context)
{
struct mosquitto_client_msg *msg, *tmp;
@ -975,63 +975,6 @@ int db__message_release_incoming(struct mosquitto *context, uint16_t mid)
}
}
int db__message_write_inflight_in(struct mosquitto *context)
{
struct mosquitto_client_msg *tail, *tmp;
int rc;
if(context->state != mosq_cs_active){
return MOSQ_ERR_SUCCESS;
}
DL_FOREACH_SAFE(context->msgs_in.inflight, tail, tmp){
if(tail->store->message_expiry_time){
if(db.now_real_s > tail->store->message_expiry_time){
/* Message is expired, must not send. */
db__message_remove(&context->msgs_in, tail);
if(tail->qos > 0){
util__increment_receive_quota(context);
}
continue;
}
}
switch(tail->state){
case mosq_ms_send_pubrec:
rc = send__pubrec(context, tail->mid, 0, NULL);
if(!rc){
tail->state = mosq_ms_wait_for_pubrel;
}else{
return rc;
}
break;
case mosq_ms_resend_pubcomp:
rc = send__pubcomp(context, tail->mid, NULL);
if(!rc){
tail->state = mosq_ms_wait_for_pubrel;
}else{
return rc;
}
break;
case mosq_ms_invalid:
case mosq_ms_publish_qos0:
case mosq_ms_publish_qos1:
case mosq_ms_publish_qos2:
case mosq_ms_resend_pubrel:
case mosq_ms_wait_for_puback:
case mosq_ms_wait_for_pubrec:
case mosq_ms_wait_for_pubrel:
case mosq_ms_wait_for_pubcomp:
case mosq_ms_queued:
break;
}
}
return MOSQ_ERR_SUCCESS;
}
static int db__message_write_inflight_out_single(struct mosquitto *context, struct mosquitto_client_msg *msg)
{
mosquitto_property *cmsg_props = NULL, *store_props = NULL;

2
src/handle_connack.c
View File

@ -39,7 +39,7 @@ int handle__connack(struct mosquitto *context)
uint16_t server_keepalive;
uint8_t max_qos = 255;
if(!context){
if(context == NULL || context->bridge == NULL){
return MOSQ_ERR_INVAL;
}
log__printf(NULL, MOSQ_LOG_DEBUG, "Received CONNACK on connection %s.", context->id);

14
src/handle_connect.c
View File

@ -83,7 +83,7 @@ static char *client_id_gen(uint16_t *idlen, const char *auto_id_prefix, uint16_t
/* Remove any queued messages that are no longer allowed through ACL,
* assuming a possible change of username. */
void connection_check_acl(struct mosquitto *context, struct mosquitto_client_msg **head)
static void connection_check_acl(struct mosquitto *context, struct mosquitto_client_msg **head)
{
struct mosquitto_client_msg *msg_tail, *tmp;
@ -111,6 +111,8 @@ int connect__on_authorised(struct mosquitto *context, void *auth_data_out, uint1
uint8_t connect_ack = 0;
int i;
int rc;
int in_quota, out_quota;
uint16_t in_maximum, out_maximum;
/* Find if this client already has an entry. This must be done *after* any security checks. */
HASH_FIND(hh_id, db.contexts_by_id, context->id, strlen(context->id), found_context);
@ -135,12 +137,22 @@ int connect__on_authorised(struct mosquitto *context, void *auth_data_out, uint1
if(found_context->msgs_in.inflight || found_context->msgs_in.queued
|| found_context->msgs_out.inflight || found_context->msgs_out.queued){
in_quota = context->msgs_in.inflight_quota;
out_quota = context->msgs_out.inflight_quota;
in_maximum = context->msgs_in.inflight_maximum;
out_maximum = context->msgs_out.inflight_maximum;
memcpy(&context->msgs_in, &found_context->msgs_in, sizeof(struct mosquitto_msg_data));
memcpy(&context->msgs_out, &found_context->msgs_out, sizeof(struct mosquitto_msg_data));
memset(&found_context->msgs_in, 0, sizeof(struct mosquitto_msg_data));
memset(&found_context->msgs_out, 0, sizeof(struct mosquitto_msg_data));
context->msgs_in.inflight_quota = in_quota;
context->msgs_out.inflight_quota = out_quota;
context->msgs_in.inflight_maximum = in_maximum;
context->msgs_out.inflight_maximum = out_maximum;
db__message_reconnect_reset(context);
}
context->subs = found_context->subs;

3
src/logging.c
View File

@ -34,6 +34,7 @@ Contributors:
#include <dlt/dlt.h>
#endif
#include "logging_mosq.h"
#include "mosquitto_broker_internal.h"
#include "memory_mosq.h"
#include "misc_mosq.h"
@ -186,7 +187,7 @@ DltLogLevelType get_dlt_level(unsigned int priority)
}
#endif
int log__vprintf(unsigned int priority, const char *fmt, va_list va)
static int log__vprintf(unsigned int priority, const char *fmt, va_list va)
{
const char *topic;
int syslog_priority;

4
src/loop.c
View File

@ -133,7 +133,7 @@ static void read_message_expiry_interval(mosquitto_property **proplist, uint32_t
}
}
void queue_plugin_msgs(void)
static void queue_plugin_msgs(void)
{
struct mosquitto_message_v5 *msg, *tmp;
struct mosquitto *context;
@ -279,7 +279,7 @@ int mosquitto_main_loop(struct mosquitto__listener_sock *listensock, int listens
void do_disconnect(struct mosquitto *context, int reason)
{
char *id;
const char *id;
#ifdef WITH_WEBSOCKETS
bool is_duplicate = false;
#endif

24
src/mosquitto.c
View File

@ -74,13 +74,6 @@ int allow_severity = LOG_INFO;
int deny_severity = LOG_INFO;
#endif
void handle_sigint(int signal);
void handle_sigusr1(int signal);
void handle_sigusr2(int signal);
#ifdef SIGHUP
void handle_sighup(int signal);
#endif
/* mosquitto shouldn't run as root.
* This function will attempt to change to an unprivileged user and group if
* running as root. The user is given in config->user.
@ -146,7 +139,7 @@ int drop_privileges(struct mosquitto__config *config)
return MOSQ_ERR_SUCCESS;
}
void mosquitto__daemonise(void)
static void mosquitto__daemonise(void)
{
#ifndef WIN32
char *err;
@ -208,7 +201,7 @@ void listeners__reload_all_certificates(void)
}
int listeners__start_single_mqtt(struct mosquitto__listener *listener)
static int listeners__start_single_mqtt(struct mosquitto__listener *listener)
{
int i;
struct mosquitto__listener_sock *listensock_new;
@ -275,7 +268,7 @@ void listeners__add_websockets(struct lws_context *ws_context, mosq_sock_t fd)
}
#endif
int listeners__add_local(const char *host, uint16_t port)
static int listeners__add_local(const char *host, uint16_t port)
{
struct mosquitto__listener *listeners;
listeners = db.config->listeners;
@ -296,7 +289,7 @@ int listeners__add_local(const char *host, uint16_t port)
return MOSQ_ERR_SUCCESS;
}
int listeners__start_local_only(void)
static int listeners__start_local_only(void)
{
/* Attempt to open listeners bound to 127.0.0.1 and ::1 only */
int i;
@ -313,6 +306,7 @@ int listeners__start_local_only(void)
log__printf(NULL, MOSQ_LOG_WARNING, "Starting in local only mode. Connections will only be possible from clients running on this machine.");
log__printf(NULL, MOSQ_LOG_WARNING, "Create a configuration file which defines a listener to allow remote access.");
log__printf(NULL, MOSQ_LOG_WARNING, "For more details see https://mosquitto.org/documentation/authentication-methods/");
if(db.config->cmd_port_count == 0){
rc = listeners__add_local("127.0.0.1", 1883);
if(rc == MOSQ_ERR_NOMEM) return MOSQ_ERR_NOMEM;
@ -335,7 +329,7 @@ int listeners__start_local_only(void)
}
int listeners__start(void)
static int listeners__start(void)
{
int i;
@ -379,7 +373,7 @@ int listeners__start(void)
}
void listeners__stop(void)
static void listeners__stop(void)
{
int i;
@ -406,7 +400,7 @@ void listeners__stop(void)
}
void signal__setup(void)
static void signal__setup(void)
{
signal(SIGINT, handle_sigint);
signal(SIGTERM, handle_sigint);
@ -424,7 +418,7 @@ void signal__setup(void)
}
int pid__write(void)
static int pid__write(void)
{
FILE *pid;

13
src/mosquitto_broker_internal.h
View File

@ -34,6 +34,7 @@ Contributors:
#include "mosquitto_broker.h"
#include "mosquitto_plugin.h"
#include "mosquitto.h"
#include "logging_mosq.h"
#include "password_mosq.h"
#include "tls_mosq.h"
#include "uthash.h"
@ -709,7 +710,6 @@ int control__unregister_callback(struct mosquitto__security_options *opts, MOSQ_
* ============================================================ */
int log__init(struct mosquitto__config *config);
int log__close(struct mosquitto__config *config);
int log__printf(struct mosquitto *mosq, unsigned int level, const char *fmt, ...) __attribute__((format(printf, 3, 4)));
void log__internal(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
/* ============================================================
@ -819,6 +819,16 @@ void session_expiry__remove_all(void);
void session_expiry__check(void);
void session_expiry__send_all(void);
/* ============================================================
* Signals
* ============================================================ */
void handle_sigint(int signal);
void handle_sigusr1(int signal);
void handle_sigusr2(int signal);
#ifdef SIGHUP
void handle_sighup(int signal);
#endif
/* ============================================================
* Window service and signal related functions
* ============================================================ */
@ -855,4 +865,3 @@ void xtreport(void);
#endif
#endif

6
src/mux_epoll.c
View File

@ -106,12 +106,6 @@ int mux_epoll__init(struct mosquitto__listener_sock *listensock, int listensock_
return MOSQ_ERR_SUCCESS;
}
int mux_epoll__loop_setup(void)
{
return MOSQ_ERR_SUCCESS;
}
int mux_epoll__add_out(struct mosquitto *context)
{
struct epoll_event ev;

8
src/net.c
View File

@ -427,7 +427,7 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
#endif
int net__load_crl_file(struct mosquitto__listener *listener)
static int net__load_crl_file(struct mosquitto__listener *listener)
{
#ifdef WITH_TLS
X509_STORE *store;
@ -754,6 +754,12 @@ static int net__socket_listen_tcp(struct mosquitto__listener *listener)
#endif
if(bind(sock, rp->ai_addr, rp->ai_addrlen) == -1){
#if defined(__linux__)
if(errno == EACCES){
log__printf(NULL, MOSQ_LOG_ERR, "If you are trying to bind to a privileged port (<1024), try using setcap and do not start the broker as root:");
log__printf(NULL, MOSQ_LOG_ERR, " sudo setcap 'CAP_NET_BIND_SERVICE=+ep /usr/sbin/mosquitto'");
}
#endif
net__print_error(MOSQ_LOG_ERR, "Error: %s");
COMPAT_CLOSE(sock);
freeaddrinfo(ainfo);

2
src/persist.h
View File

@ -19,6 +19,8 @@ Contributors:
#ifndef PERSIST_H
#define PERSIST_H
#include "mosquitto_broker_internal.h"
#define MOSQ_DB_VERSION 6
/* DB read/write */

6
src/security.c
View File

@ -47,7 +47,7 @@ void LIB_ERROR(void)
}
int security__load_v2(struct mosquitto__auth_plugin *plugin, struct mosquitto_auth_opt *auth_options, int auth_option_count, void *lib)
static int security__load_v2(struct mosquitto__auth_plugin *plugin, struct mosquitto_auth_opt *auth_options, int auth_option_count, void *lib)
{
int rc;
@ -121,7 +121,7 @@ int security__load_v2(struct mosquitto__auth_plugin *plugin, struct mosquitto_au
}
int security__load_v3(struct mosquitto__auth_plugin *plugin, struct mosquitto_opt *auth_options, int auth_option_count, void *lib)
static int security__load_v3(struct mosquitto__auth_plugin *plugin, struct mosquitto_opt *auth_options, int auth_option_count, void *lib)
{
int rc;
@ -194,7 +194,7 @@ int security__load_v3(struct mosquitto__auth_plugin *plugin, struct mosquitto_op
}
int security__load_v4(struct mosquitto__auth_plugin *plugin, struct mosquitto_opt *auth_options, int auth_option_count, void *lib)
static int security__load_v4(struct mosquitto__auth_plugin *plugin, struct mosquitto_opt *auth_options, int auth_option_count, void *lib)
{
int rc;

4
src/security_default.c
View File

@ -202,7 +202,7 @@ int mosquitto_security_cleanup_default(bool reload)
}
int add__acl(struct mosquitto__security_options *security_opts, const char *user, const char *topic, int access)
static int add__acl(struct mosquitto__security_options *security_opts, const char *user, const char *topic, int access)
{
struct mosquitto__acl_user *acl_user=NULL, *user_tail;
struct mosquitto__acl *acl, *acl_tail;
@ -298,7 +298,7 @@ int add__acl(struct mosquitto__security_options *security_opts, const char *user
return MOSQ_ERR_SUCCESS;
}
int add__acl_pattern(struct mosquitto__security_options *security_opts, const char *topic, int access)
static int add__acl_pattern(struct mosquitto__security_options *security_opts, const char *topic, int access)
{
struct mosquitto__acl *acl, *acl_tail;
char *local_topic;

2
src/signals.c
View File

@ -29,6 +29,8 @@ Contributors:
#include <stdbool.h>
#include <signal.h>
#include "mosquitto_broker_internal.h"
#ifdef WITH_PERSISTENCE
extern bool flag_db_backup;
#endif

50
test/broker/01-connect-connack-2163.py Executable file
View File

@ -0,0 +1,50 @@
#!/usr/bin/env python3
# Test https://github.com/eclipse/mosquitto/issues/2163
# Does the broker cope with a malformed CONNACK sent to it after a valid CONNECT?
from mosq_test_helper import *
def do_test(proto_ver):
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("connect-connack-2163", keepalive=keepalive, proto_ver=proto_ver)
connack_packet = mosq_test.gen_connack(rc=0, proto_ver=proto_ver)
connack_malformed = struct.pack("BBBBB", 0x02, 0x00, 0x01, 0xE0, 0x00)
connack_malformed = struct.pack("BBBB", 0x29, 0x02, 0x00, 0x01)
pingreq_packet = mosq_test.gen_pingreq()
port = mosq_test.get_port()
broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port)
try:
sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
sock.send(connack_malformed)
try:
mosq_test.do_send_receive(sock, pingreq_packet, b"", "pingreq")
except ConnectionResetError:
pass
sock.close()
# Does the broker still exist?
sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
mosq_test.do_ping(sock)
sock.close()
rc = 0
except mosq_test.TestError:
pass
finally:
broker.terminate()
broker.wait()
(stdo, stde) = broker.communicate()
if rc:
print(stde.decode('utf-8'))
print("proto_ver=%d" % (proto_ver))
exit(rc)
do_test(proto_ver=3)
do_test(proto_ver=4)
do_test(proto_ver=5)
exit(0)

1
test/broker/Makefile
View File

@ -22,6 +22,7 @@ test : test-compile 01 02 03 04 05 06 07 08 09 10 11 12 13 14
01 :
./01-connect-allow-anonymous.py
./01-connect-bad-packet.py
./01-connect-connack-2163.py
./01-connect-disconnect-v5.py
./01-connect-duplicate.py
./01-connect-invalid-id-0.py

1
test/broker/test.py
View File

@ -7,6 +7,7 @@ tests = [
#(ports required, 'path'),
(1, './01-connect-allow-anonymous.py'),
(1, './01-connect-bad-packet.py'),
(1, './01-connect-connack-2163.py'),
(1, './01-connect-disconnect-v5.py'),
(1, './01-connect-duplicate.py'),
(1, './01-connect-invalid-id-0.py'),

118
www/pages/documentation/dynamic-security.md
View File

@ -343,7 +343,9 @@ application.
The initial configuration is the only time that `mosquitto_ctrl` does not
connect to a broker to carry out the configuration. All other commands require
a connection to a broker, and hence a username, password, and whatever else is
required for that particular connection.
required for that particular connection. It is strongly recommended that your
broker connection uses encryption so that your configuration, including new
passwords, is not transmitted in plain text.
The connection options must be given before the `dynsec` part of the command
line:
@ -357,10 +359,118 @@ For example:
mosquitto_ctrl -u admin -h localhost dynsec <command> ...
```
It is possible to provide the admin password on the command line, but this is
not recommended.
It is possible to provide the admin password on the command line using `-P
password`, but this is not recommended. If you do not provide a password,
mosquitto_ctrl will ask you to enter the password when it is needed.
### Using an options file
For convenience, mosquitto_ctrl can load an options file which contains a list
of options it should use. This means you can set the encryption options, host,
admin username and any other options once and not have to add them to the
command line every time.
mosquitto_ctrl will try to load a configuration file from a default location.
For Windows this is at `%USER_PROFILE%\mosquitto_ctrl.conf`. For other systems,
it will try `$XDG_CONFIG_HOME/mosquitto_ctrl.conf` or
`$HOME/.config/mosquitto_ctrl.conf`.
You may override this behaviour by manually specifying an options file with
`-o <path to options file>`.
The options file should contain a list of options, one per line, exactly as
they would be provided on the command line. For example:
```
--cafile /path/to/my/CA.crt
--certfile /path/to/my/client.crt
--keyfile /path/to/my/client.key
-u admin
-h mosquitto.example.com
```
### mosquitto_ctrl options
* `-A address` : Bind the outgoing connection to a local ip address/hostname.
Use this argument if you need to restrict network communication to a
particular interface.
* `--cafile path-to-ca.crt` : Define the path to a file containing PEM encoded
CA certificates that are trusted. Used to enable SSL communication. See also
`--capath`
* `--capath` : Define the path to a directory containing PEM encoded CA
certificates that are trusted. Used to enable SSL communication. For
`--capath` to work correctly, the certificate files must have ".crt" as the
file ending and you must run `openssl rehash <path to capath>` each time you
add/remove a certificate. See also `--cafile`.
* `--cert path-to-client.crt` : Define the path to a file containing a PEM
encoded certificate for this client, if required by the server. See also
`--key`.
* `--ciphers` : An openssl compatible list of TLS ciphers to support in the
client. See ciphers(1) for more information.
* `-d` : Enable debug messages.
* `--help` : Display usage information.
* `-h hostname` : Specify the host to connect to. Defaults to localhost.
* `-i client-id` : The id to use for this client. If not given, a client id
will be generated depending on the MQTT version being used. For v3.1.1/v3.1,
the client generates a client id in the format mosq-XXXXXXXXXXXXXXXXXX, where
the X are replaced with random alphanumeric characters. For v5.0, the client
sends a zero length client id, and the server will generate a client id for
the client.
* `--insecure` : When using certificate based encryption, this option disables
verification of the server hostname in the server certificate. This can be
useful when testing initial server configurations but makes it possible for a
malicious third party to impersonate your server through DNS spoofing, for
example. Use this option in testing only. If you need to resort to using this
option in a production environment, your setup is at fault and there is no
point using encryption.
* `--key path-to-client.key` : Define the path to a file containing a PEM
encoded private key for this client, if required by the server. See also
`--cert`.
* `-L url` : Specify specify user, password, hostname, port and topic at once
as a URL. The URL must be in the form:
`mqtt(s)://[username[:password]@]host[:port]`. If the scheme is mqtt:// then
the port defaults to 1883. If the scheme is mqtts:// then the port defaults
to 8883.
* `--nodelay` : Disable Nagle's algorithm for the socket. This means that
latency of sent messages is reduced, which is particularly noticable for
small, reasonably infrequent messages. Using this option may result in more
packets being sent than would normally be necessary.
* `-p port` : Connect to the port specified. If not given, the default of 1883
for plain MQTT or 8883 for MQTT over TLS will be used.
* `-P password` : Provide a password to be used for authenticating with the
broker. Using this argument without also specifying a username is invalid
when using MQTT v3.1 or v3.1.1. See also the `-u` option.
* `--proxy proxy-url` : Specify a SOCKS5 proxy to connect through. "None" and
"username" authentication types are supported. The socks-url must be of the
form `socks5h://[username[:password]@]host[:port]`. The protocol prefix
socks5h means that hostnames are resolved by the proxy. The symbols %25, %3A
and %40 are URL decoded into %, : and @ respectively, if present in the
username or password. If username is not given, then no authentication is
attempted. If the port is not given, then the default of 1080 is used.
* `--psk key` : Provide the hexadecimal (no leading 0x) pre-shared-key matching
the one used on the broker to use TLS-PSK encryption support.
`--psk-identity` must also be provided to enable TLS-PSK.
* `--psk-identity identify` : The client identity to use with TLS-PSK support.
This may be used instead of a username if the broker is configured to do so.
* `-q qos` : Specify the quality of service to use for messages, from 0, 1 and
2. Defaults to 1.
* `--quiet` : If this argument is given, no runtime errors will be printed.
This excludes any error messages given in case of invalid user input (e.g.
using `-p` without a port).
* `--tls-version version` : Choose which TLS protocol version to use when
communicating with the broker. Valid options are tlsv1.3, tlsv1.2 and
tlsv1.1. The default value is tlsv1.2. Must match the protocol version used
by the broker.
* `-u username` : Provide a username to be used for authenticating with the
broker. See also the `-P` argument.
* `--unix path` : Connect to a broker through a local unix domain socket
instead of a TCP socket. This is a replacement for `-h` and `-L`. For
example: `mosquitto_ctrl --unix /tmp/mosquitto.sock ...`.
* `-V protocol-version` : Specify which version of the MQTT protocol should be
used when connecting to the remote broker. Can be `5`, `311`, `31`, or the
more verbose `mqttv5`, `mqttv311`, or `mqttv31`. Defaults to `311`.
See **FIXME** for the full list of options available for `mosquitto_ctrl`.
## Configuring default access

8
www/pages/download.md
View File

@ -1,7 +1,7 @@
<!--
.. title: Download
.. slug: download
.. date: 2022-03-11 22:16:38 UTC
.. date: 2021-04-03 11:52:38 UTC+1
.. tags: tag
.. category: category
.. link: link
@ -11,7 +11,7 @@
# Source
* [mosquitto-2.0.9.tar.gz](https://mosquitto.org/files/source/mosquitto-2.0.9.tar.gz) (319kB) ([GPG signature](https://mosquitto.org/files/source/mosquitto-2.0.9.tar.gz.asc))
* [mosquitto-2.0.10.tar.gz](https://mosquitto.org/files/source/mosquitto-2.0.10.tar.gz) ([GPG signature](https://mosquitto.org/files/source/mosquitto-2.0.10.tar.gz.asc))
* [Git source code repository](https://github.com/eclipse/mosquitto) (github.com)
Older downloads are available at [https://mosquitto.org/files/](../files/)
@ -24,8 +24,8 @@ distributions.
## Windows
* [mosquitto-2.0.9-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-2.0.9-install-windows-x64.exe) (64-bit build, Windows Vista and up, built with Visual Studio Community 2019)
* [mosquitto-2.0.9-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-2.0.9-install-windows-x86.exe) (32-bit build, Windows Vista and up, built with Visual Studio Community 2019)
* [mosquitto-2.0.10-install-windows-x64.exe](https://mosquitto.org/files/binary/win64/mosquitto-2.0.10-install-windows-x64.exe) (64-bit build, Windows Vista and up, built with Visual Studio Community 2019)
* [mosquitto-2.0.10-install-windows-x32.exe](https://mosquitto.org/files/binary/win32/mosquitto-2.0.10-install-windows-x86.exe) (32-bit build, Windows Vista and up, built with Visual Studio Community 2019)
Older installers can be found at [https://mosquitto.org/files/binary/](https://mosquitto.org/files/binary/).

4
www/pages/security.md
View File

@ -1,7 +1,7 @@
<!--
.. title: Security
.. slug: security
.. date: 2018-02-07 10:52:50 UTC
.. date: 2021-04-03 11:55:50 UTC+1
.. tags:
.. category:
.. link:
@ -19,6 +19,8 @@ follow the steps on [Eclipse Security] page to report it.
Listed with most recent first. Further information on security related issues
can be found in the [security category].
* April 2021: CVE-xxxx-xxxx Affecting versions **2.0.0** to **2.0.9**
inclusive, fixed in **2.0.10**.
* December 2020: Running mosquitto_passwd with the following arguments only
`mosquitto_passwd -b password_file username password` would cause the
username to be used as the password. Affecting versions **2.0.0** to

48
www/posts/2021/04/version-2-0-10-released.md Normal file
View File

@ -0,0 +1,48 @@
<!--
.. title: Version 2.0.10 released.
.. slug: version-2-0-10-released
.. date: 2021-04-03 11:54:38 UTC+1
.. tags: Releases
.. category:
.. link:
.. description:
.. type: text
-->
Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix
release.
# Security
- CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a
malformed CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault. This will be updated with the CVE
number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive.
# Broker
- Don't overwrite new receive-maximum if a v5 client connects and takes over
an old session. Closes [#2134].
- Fix CVE-xxxx-xxxx. Closes [#2163].
# Clients
- Set `receive-maximum` to not exceed the `-C` message count in mosquitto_sub
and mosquitto_rr, to avoid potentially lost messages. Closes [#2134].
- Fix TLS-PSK mode not working with port 8883. Closes [#2152].
# Client library
- Fix possible socket leak. This would occur if a client was using
`mosquitto_loop_start()`, then if the connection failed due to the remote
server being inaccessible they called `mosquitto_loop_stop(, true)` and
recreated the mosquitto object.
# Build
- A variety of minor build related fixes, like functions not having previous
declarations.
- Fix CMake cross compile builds not finding opensslconf.h. Closes [#2160].
- Fix build on Solaris non-sparc. Closes [#2136].
[#2134]: https://github.com/eclipse/mosquitto/issues/2134
[#2136]: https://github.com/eclipse/mosquitto/issues/2136
[#2152]: https://github.com/eclipse/mosquitto/issues/2152
[#2160]: https://github.com/eclipse/mosquitto/issues/2160
[#2163]: https://github.com/eclipse/mosquitto/issues/2163