From 2ea97a6cd9da7134812d4761a76cf3a2d10ac776 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 6 Mar 2019 16:12:36 +0000 Subject: [PATCH] Check for authentication method on CONNECT, and reject. --- src/handle_connect.c | 8 ++++++++ test/broker/09-auth-bad-method.py | 29 +++++++++++++++++++++++++++++ test/broker/Makefile | 1 + test/broker/readme.txt | 4 ++-- test/broker/test.py | 19 ++++++++++--------- 5 files changed, 50 insertions(+), 11 deletions(-) create mode 100755 test/broker/09-auth-bad-method.py diff --git a/src/handle_connect.c b/src/handle_connect.c index 47b3d242..4ca75bd4 100644 --- a/src/handle_connect.c +++ b/src/handle_connect.c @@ -358,6 +358,14 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context) } property__process_connect(context, properties); + if(mosquitto_property_read_string(properties, MQTT_PROP_AUTHENTICATION_METHOD, NULL, false)){ + mosquitto_property_free_all(&properties); + /* Client has requested extended authentication, but we don't support it yet. */ + send__connack(db, context, 0, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL); + rc = MOSQ_ERR_PROTOCOL; + goto handle_connect_error; + } + mosquitto_property_free_all(&properties); /* FIXME - TEMPORARY UNTIL PROPERTIES PROCESSED */ if(packet__read_string(&context->in_packet, &client_id, &slen)){ diff --git a/test/broker/09-auth-bad-method.py b/test/broker/09-auth-bad-method.py new file mode 100755 index 00000000..254ebf6d --- /dev/null +++ b/test/broker/09-auth-bad-method.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python + +# Test whether sending an Authentication Method produces the correct response +# when no auth methods are defined. + +from mosq_test_helper import * + +rc = 1 +keepalive = 10 +props = mqtt5_props.gen_string_prop(mqtt5_props.PROP_AUTHENTICATION_METHOD, "basic") +connect_packet = mosq_test.gen_connect("connect-test", proto_ver=5, keepalive=keepalive, properties=props) +connack_packet = mosq_test.gen_connack(rc=mqtt5_rc.MQTT_RC_BAD_AUTHENTICATION_METHOD, proto_ver=5) + +port = mosq_test.get_port() +broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port) + +try: + sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port) + sock.close() + rc = 0 +finally: + broker.terminate() + broker.wait() + (stdo, stde) = broker.communicate() + if rc: + print(stde) + +exit(rc) + diff --git a/test/broker/Makefile b/test/broker/Makefile index 6d2feec4..6ffd41cd 100644 --- a/test/broker/Makefile +++ b/test/broker/Makefile @@ -157,6 +157,7 @@ endif 09 : ./09-acl-empty-file.py + ./09-auth-bad-method.py ./09-plugin-auth-acl-sub-denied.py ./09-plugin-auth-acl-sub.py ./09-plugin-auth-context-params.py diff --git a/test/broker/readme.txt b/test/broker/readme.txt index c31535de..37f062e1 100644 --- a/test/broker/readme.txt +++ b/test/broker/readme.txt @@ -9,11 +9,11 @@ Numbering is as follows: 02: Subscribe/unsubscribe tests 03: Publish tests 04: Retained message tests -05: Clean session tests +05: Session management tests 06: Bridge tests 07: Will tests 08: TLS tests -09: Auth plugin tests +09: Auth tests 10: Listener tests 11: Persistence tests 12: Property tests diff --git a/test/broker/test.py b/test/broker/test.py index b509a989..25c40f72 100755 --- a/test/broker/test.py +++ b/test/broker/test.py @@ -25,9 +25,6 @@ tests = [ (1, './01-connect-uname-password-success.py'), (1, './01-connect-uname-pwd-no-flag.py'), - (1, './02-subpub-qos1-bad-pubcomp.py'), - (1, './02-subpub-qos1-bad-pubrec.py'), - (1, './02-subpub-qos2-bad-pubcomp.py'), (1, './02-subhier-crash.py'), (1, './02-subpub-qos0-retain-as-publish.py'), (1, './02-subpub-qos0-send-retain.py'), @@ -36,6 +33,8 @@ tests = [ (1, './02-subpub-qos0-topic-alias.py'), (1, './02-subpub-qos0-v5.py'), (1, './02-subpub-qos0.py'), + (1, './02-subpub-qos1-bad-pubcomp.py'), + (1, './02-subpub-qos1-bad-pubrec.py'), (1, './02-subpub-qos1-message-expiry-retain.py'), (1, './02-subpub-qos1-message-expiry-will.py'), (1, './02-subpub-qos1-message-expiry.py'), @@ -44,6 +43,7 @@ tests = [ (1, './02-subpub-qos1.py'), (1, './02-subpub-qos2-bad-puback-1.py'), (1, './02-subpub-qos2-bad-puback-2.py'), + (1, './02-subpub-qos2-bad-pubcomp.py'), (1, './02-subpub-qos2-pubrec-error.py'), (1, './02-subpub-qos2-receive-maximum-1.py'), (1, './02-subpub-qos2-receive-maximum-2.py'), @@ -126,8 +126,8 @@ tests = [ (2, './08-tls-psk-pub.py'), (3, './08-tls-psk-bridge.py'), - (1, './09-pwfile-parse-invalid.py'), (1, './09-acl-empty-file.py'), + (1, './09-auth-bad-method.py'), (1, './09-plugin-auth-acl-sub-denied.py'), (1, './09-plugin-auth-acl-sub.py'), (1, './09-plugin-auth-context-params.py'), @@ -138,16 +138,13 @@ tests = [ (1, './09-plugin-auth-unpwd-success.py'), (1, './09-plugin-auth-v2-unpwd-fail.py'), (1, './09-plugin-auth-v2-unpwd-success.py'), + (1, './09-pwfile-parse-invalid.py'), (2, './10-listener-mount-point.py'), (1, './11-persistent-subscription.py'), - (1, './12-prop-assigned-client-identifier.py'), - (1, './12-prop-server-keepalive.py'), - (1, './12-prop-session-expiry-invalid.py'), - (1, './12-prop-subpub-content-type.py'), - (1, './12-prop-subpub-payload-format.py'), + (1, './12-prop-assigned-client-identifier.py'), (1, './12-prop-maximum-packet-size-broker.py'), (1, './12-prop-maximum-packet-size-connect.py'), (1, './12-prop-maximum-packet-size-publish-qos1.py'), @@ -155,6 +152,10 @@ tests = [ (1, './12-prop-maximum-packet-size-publish.py'), (1, './12-prop-response-topic-correlation-data.py'), (1, './12-prop-response-topic.py'), + (1, './12-prop-server-keepalive.py'), + (1, './12-prop-session-expiry-invalid.py'), + (1, './12-prop-subpub-content-type.py'), + (1, './12-prop-subpub-payload-format.py'), ] ptest.run_tests(tests)