Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication.
Closes #2339. Thanks to hvxl.
This commit is contained in:
parent
be80a3f4d0
commit
5cae4d1d81
@ -10,6 +10,8 @@ Broker:
|
||||
- Don't send retained messages when a shared subscription is made.
|
||||
- Fix log being truncated in Windows.
|
||||
- Fix client id not showing in log on failed connections, where possible.
|
||||
- Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication.
|
||||
Closes #2339.
|
||||
|
||||
Client library:
|
||||
- Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` to avoid
|
||||
|
@ -129,18 +129,22 @@ int handle__auth(struct mosquitto *context)
|
||||
will__clear(context);
|
||||
}
|
||||
if(rc == MOSQ_ERR_AUTH){
|
||||
send__connack(context, 0, MQTT_RC_NOT_AUTHORIZED, NULL);
|
||||
if(context->state == mosq_cs_authenticating){
|
||||
send__connack(context, 0, MQTT_RC_NOT_AUTHORIZED, NULL);
|
||||
mosquitto__free(context->id);
|
||||
context->id = NULL;
|
||||
}else{
|
||||
send__disconnect(context, MQTT_RC_NOT_AUTHORIZED, NULL);
|
||||
}
|
||||
return MOSQ_ERR_PROTOCOL;
|
||||
}else if(rc == MOSQ_ERR_NOT_SUPPORTED){
|
||||
/* Client has requested extended authentication, but we don't support it. */
|
||||
send__connack(context, 0, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
|
||||
if(context->state == mosq_cs_authenticating){
|
||||
send__connack(context, 0, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
|
||||
mosquitto__free(context->id);
|
||||
context->id = NULL;
|
||||
}else{
|
||||
send__disconnect(context, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
|
||||
}
|
||||
return MOSQ_ERR_PROTOCOL;
|
||||
}else{
|
||||
|
52
test/broker/09-extended-auth-reauth.py
Executable file
52
test/broker/09-extended-auth-reauth.py
Executable file
@ -0,0 +1,52 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
from mosq_test_helper import *
|
||||
|
||||
def write_config(filename, port):
|
||||
with open(filename, 'w') as f:
|
||||
f.write("port %d\n" % (port))
|
||||
f.write("auth_plugin c/auth_plugin_extended_reauth.so\n")
|
||||
|
||||
port = mosq_test.get_port()
|
||||
conf_file = os.path.basename(__file__).replace('.py', '.conf')
|
||||
write_config(conf_file, port)
|
||||
|
||||
rc = 1
|
||||
|
||||
# First authentication succeeds
|
||||
props = mqtt5_props.gen_string_prop(mqtt5_props.PROP_AUTHENTICATION_METHOD, "repeat")
|
||||
props += mqtt5_props.gen_string_prop(mqtt5_props.PROP_AUTHENTICATION_DATA, "repeat")
|
||||
connect_packet = mosq_test.gen_connect("client-params-test", keepalive=42, proto_ver=5, properties=props)
|
||||
|
||||
props = mqtt5_props.gen_uint16_prop(mqtt5_props.PROP_TOPIC_ALIAS_MAXIMUM, 10)
|
||||
props += mqtt5_props.gen_string_prop(mqtt5_props.PROP_AUTHENTICATION_METHOD, "repeat")
|
||||
props += mqtt5_props.gen_uint16_prop(mqtt5_props.PROP_RECEIVE_MAXIMUM, 20)
|
||||
connack_packet = mosq_test.gen_connack(rc=0, proto_ver=5, properties=props, property_helper=False)
|
||||
|
||||
# Reauthentication fails
|
||||
props = mqtt5_props.gen_string_prop(mqtt5_props.PROP_AUTHENTICATION_METHOD, "repeat")
|
||||
props += mqtt5_props.gen_string_prop(mqtt5_props.PROP_AUTHENTICATION_DATA, "repeat")
|
||||
auth_packet = mosq_test.gen_auth(reason_code=mqtt5_rc.MQTT_RC_REAUTHENTICATE, properties=props)
|
||||
disconnect_packet = mosq_test.gen_disconnect(reason_code=mqtt5_rc.MQTT_RC_NOT_AUTHORIZED, proto_ver=5)
|
||||
|
||||
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
|
||||
|
||||
try:
|
||||
sock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=20, port=port)
|
||||
mosq_test.do_send_receive(sock, auth_packet, disconnect_packet)
|
||||
sock.close()
|
||||
|
||||
rc = 0
|
||||
except mosq_test.TestError:
|
||||
pass
|
||||
finally:
|
||||
os.remove(conf_file)
|
||||
broker.terminate()
|
||||
broker.wait()
|
||||
(stdo, stde) = broker.communicate()
|
||||
if rc:
|
||||
print(stde.decode('utf-8'))
|
||||
|
||||
|
||||
exit(rc)
|
||||
|
@ -168,6 +168,7 @@ endif
|
||||
./09-extended-auth-change-username.py
|
||||
./09-extended-auth-multistep-reauth.py
|
||||
./09-extended-auth-multistep.py
|
||||
./09-extended-auth-reauth.py
|
||||
./09-extended-auth-single.py
|
||||
./09-plugin-acl-change.py
|
||||
./09-plugin-auth-acl-pub.py
|
||||
|
@ -8,6 +8,7 @@ PLUGIN_SRC = \
|
||||
auth_plugin_acl_sub_denied.c \
|
||||
auth_plugin_context_params.c \
|
||||
auth_plugin_extended_multiple.c \
|
||||
auth_plugin_extended_reauth.c \
|
||||
auth_plugin_extended_single.c \
|
||||
auth_plugin_extended_single2.c \
|
||||
auth_plugin_msg_params.c \
|
||||
|
54
test/broker/c/auth_plugin_extended_reauth.c
Normal file
54
test/broker/c/auth_plugin_extended_reauth.c
Normal file
@ -0,0 +1,54 @@
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <mosquitto.h>
|
||||
#include <mosquitto_broker.h>
|
||||
#include <mosquitto_plugin.h>
|
||||
|
||||
static int auth_count = 0;
|
||||
|
||||
int mosquitto_auth_plugin_version(void)
|
||||
{
|
||||
return 4;
|
||||
}
|
||||
|
||||
int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_opt *auth_opts, int auth_opt_count)
|
||||
{
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count)
|
||||
{
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
int mosquitto_auth_security_init(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload)
|
||||
{
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload)
|
||||
{
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
int mosquitto_auth_acl_check(void *user_data, int access, struct mosquitto *client, const struct mosquitto_acl_msg *msg)
|
||||
{
|
||||
return MOSQ_ERR_PLUGIN_DEFER;
|
||||
}
|
||||
|
||||
|
||||
int mosquitto_auth_start(void *user_data, struct mosquitto *client, const char *method, bool reauth, const void *data, uint16_t data_len, void **data_out, uint16_t *data_out_len)
|
||||
{
|
||||
if(auth_count == 0){
|
||||
auth_count++;
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}else{
|
||||
return MOSQ_ERR_AUTH;
|
||||
}
|
||||
}
|
||||
|
||||
int mosquitto_auth_continue(void *user_data, struct mosquitto *client, const char *method, const void *data, uint16_t data_len, void **data_out, uint16_t *data_out_len)
|
||||
{
|
||||
return MOSQ_ERR_AUTH;
|
||||
}
|
@ -138,6 +138,7 @@ tests = [
|
||||
(1, './09-extended-auth-change-username.py'),
|
||||
(1, './09-extended-auth-multistep-reauth.py'),
|
||||
(1, './09-extended-auth-multistep.py'),
|
||||
(1, './09-extended-auth-reauth.py'),
|
||||
(1, './09-extended-auth-single.py'),
|
||||
(1, './09-plugin-acl-change.py'),
|
||||
(1, './09-plugin-auth-acl-pub.py'),
|
||||
|
Loading…
Reference in New Issue
Block a user