Check for authentication method on CONNECT, and reject.

2019-03-06 16:12:36 +00:00 · 2019-03-06 16:12:36 +00:00 · 2ea97a6cd9
commit 2ea97a6cd9
parent ac91144495
5 changed files with 50 additions and 11 deletions
--- a/src/handle_connect.c
+++ b/src/handle_connect.c
@ -358,6 +358,14 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 	}
 	property__process_connect(context, properties);

+	if(mosquitto_property_read_string(properties, MQTT_PROP_AUTHENTICATION_METHOD, NULL, false)){
+		mosquitto_property_free_all(&properties);
+		/* Client has requested extended authentication, but we don't support it yet. */
+		send__connack(db, context, 0, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
+		rc = MOSQ_ERR_PROTOCOL;
+		goto handle_connect_error;
+	}
+
 	mosquitto_property_free_all(&properties); /* FIXME - TEMPORARY UNTIL PROPERTIES PROCESSED */

 	if(packet__read_string(&context->in_packet, &client_id, &slen)){
--- a/test/broker/09-auth-bad-method.py
+++ b/test/broker/09-auth-bad-method.py
@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+# Test whether sending an Authentication Method produces the correct response
+# when no auth methods are defined.
+
+from mosq_test_helper import *
+
+rc = 1
+keepalive = 10
+props = mqtt5_props.gen_string_prop(mqtt5_props.PROP_AUTHENTICATION_METHOD, "basic")
+connect_packet = mosq_test.gen_connect("connect-test", proto_ver=5, keepalive=keepalive, properties=props)
+connack_packet = mosq_test.gen_connack(rc=mqtt5_rc.MQTT_RC_BAD_AUTHENTICATION_METHOD, proto_ver=5)
+
+port = mosq_test.get_port()
+broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port)
+
+try:
+    sock = mosq_test.do_client_connect(connect_packet, connack_packet, port=port)
+    sock.close()
+    rc = 0
+finally:
+    broker.terminate()
+    broker.wait()
+    (stdo, stde) = broker.communicate()
+    if rc:
+        print(stde)
+
+exit(rc)
+
--- a/test/broker/Makefile
+++ b/test/broker/Makefile
@ -157,6 +157,7 @@ endif

 09 :
 	./09-acl-empty-file.py
+	./09-auth-bad-method.py
 	./09-plugin-auth-acl-sub-denied.py
 	./09-plugin-auth-acl-sub.py
 	./09-plugin-auth-context-params.py
--- a/test/broker/readme.txt
+++ b/test/broker/readme.txt
@ -9,11 +9,11 @@ Numbering is as follows:
 02: Subscribe/unsubscribe tests
 03: Publish tests
 04: Retained message tests
-05: Clean session tests
+05: Session management tests
 06: Bridge tests
 07: Will tests
 08: TLS tests
-09: Auth plugin tests
+09: Auth tests
 10: Listener tests
 11: Persistence tests
 12: Property tests
--- a/test/broker/test.py
+++ b/test/broker/test.py
@ -25,9 +25,6 @@ tests = [
    (1, './01-connect-uname-password-success.py'),
    (1, './01-connect-uname-pwd-no-flag.py'),

-	(1, './02-subpub-qos1-bad-pubcomp.py'),
-	(1, './02-subpub-qos1-bad-pubrec.py'),
-	(1, './02-subpub-qos2-bad-pubcomp.py'),
    (1, './02-subhier-crash.py'),
    (1, './02-subpub-qos0-retain-as-publish.py'),
    (1, './02-subpub-qos0-send-retain.py'),
@ -36,6 +33,8 @@ tests = [
    (1, './02-subpub-qos0-topic-alias.py'),
    (1, './02-subpub-qos0-v5.py'),
    (1, './02-subpub-qos0.py'),
+    (1, './02-subpub-qos1-bad-pubcomp.py'),
+    (1, './02-subpub-qos1-bad-pubrec.py'),
    (1, './02-subpub-qos1-message-expiry-retain.py'),
    (1, './02-subpub-qos1-message-expiry-will.py'),
    (1, './02-subpub-qos1-message-expiry.py'),
@ -44,6 +43,7 @@ tests = [
    (1, './02-subpub-qos1.py'),
    (1, './02-subpub-qos2-bad-puback-1.py'),
    (1, './02-subpub-qos2-bad-puback-2.py'),
+    (1, './02-subpub-qos2-bad-pubcomp.py'),
    (1, './02-subpub-qos2-pubrec-error.py'),
    (1, './02-subpub-qos2-receive-maximum-1.py'),
    (1, './02-subpub-qos2-receive-maximum-2.py'),
@ -126,8 +126,8 @@ tests = [
    (2, './08-tls-psk-pub.py'),
    (3, './08-tls-psk-bridge.py'),

-	(1, './09-pwfile-parse-invalid.py'),
    (1, './09-acl-empty-file.py'),
+    (1, './09-auth-bad-method.py'),
    (1, './09-plugin-auth-acl-sub-denied.py'),
    (1, './09-plugin-auth-acl-sub.py'),
    (1, './09-plugin-auth-context-params.py'),
@ -138,16 +138,13 @@ tests = [
    (1, './09-plugin-auth-unpwd-success.py'),
    (1, './09-plugin-auth-v2-unpwd-fail.py'),
    (1, './09-plugin-auth-v2-unpwd-success.py'),
+    (1, './09-pwfile-parse-invalid.py'),

    (2, './10-listener-mount-point.py'),

    (1, './11-persistent-subscription.py'),

-	(1, './12-prop-assigned-client-identifier.py'),
-	(1, './12-prop-server-keepalive.py'),
-	(1, './12-prop-session-expiry-invalid.py'),
-	(1, './12-prop-subpub-content-type.py'),
-	(1, './12-prop-subpub-payload-format.py'),
+    (1, './12-prop-assigned-client-identifier.py'),
    (1, './12-prop-maximum-packet-size-broker.py'),
    (1, './12-prop-maximum-packet-size-connect.py'),
    (1, './12-prop-maximum-packet-size-publish-qos1.py'),
@ -155,6 +152,10 @@ tests = [
    (1, './12-prop-maximum-packet-size-publish.py'),
    (1, './12-prop-response-topic-correlation-data.py'),
    (1, './12-prop-response-topic.py'),
+    (1, './12-prop-server-keepalive.py'),
+    (1, './12-prop-session-expiry-invalid.py'),
+    (1, './12-prop-subpub-content-type.py'),
+    (1, './12-prop-subpub-payload-format.py'),
    ]

 ptest.run_tests(tests)