Fix invalid behaviour in dynsec plugin.
This occurred if a group or client was deleted before a role that was attached to the group or client is deleted. Closes #1998. Thanks to Willem Eradus.
This commit is contained in:
parent
5b3acfe3cc
commit
7e1a818c54
@ -9,6 +9,9 @@ Broker:
|
|||||||
/var/lib/mosquitto/mosquitto.db.new. Closes #1978.
|
/var/lib/mosquitto/mosquitto.db.new. Closes #1978.
|
||||||
- Fix potential intermittent initial bridge connections when using poll().
|
- Fix potential intermittent initial bridge connections when using poll().
|
||||||
- Fix `bind_interface` option. Closes #1999.
|
- Fix `bind_interface` option. Closes #1999.
|
||||||
|
- Fix invalid behaviour in dynsec plugin if a group or client is deleted
|
||||||
|
before a role that was attached to the group or client is deleted.
|
||||||
|
Closes #1998.
|
||||||
|
|
||||||
Apps:
|
Apps:
|
||||||
- Disallow control characters in mosquitto_passwd usernames.
|
- Disallow control characters in mosquitto_passwd usernames.
|
||||||
|
@ -35,6 +35,7 @@ Contributors:
|
|||||||
* ################################################################ */
|
* ################################################################ */
|
||||||
|
|
||||||
static int dynsec__remove_client_from_all_groups(const char *username);
|
static int dynsec__remove_client_from_all_groups(const char *username);
|
||||||
|
static void client__remove_all_roles(struct dynsec__client *client);
|
||||||
|
|
||||||
/* ################################################################
|
/* ################################################################
|
||||||
* #
|
* #
|
||||||
@ -482,6 +483,7 @@ int dynsec_clients__process_delete(cJSON *j_responses, struct mosquitto *context
|
|||||||
client = dynsec_clients__find(username);
|
client = dynsec_clients__find(username);
|
||||||
if(client){
|
if(client){
|
||||||
dynsec__remove_client_from_all_groups(username);
|
dynsec__remove_client_from_all_groups(username);
|
||||||
|
client__remove_all_roles(client);
|
||||||
client__free_item(client);
|
client__free_item(client);
|
||||||
dynsec__config_save();
|
dynsec__config_save();
|
||||||
dynsec__command_reply(j_responses, context, "deleteClient", NULL, correlation_data);
|
dynsec__command_reply(j_responses, context, "deleteClient", NULL, correlation_data);
|
||||||
|
@ -44,6 +44,7 @@ struct dynsec__group *dynsec_anonymous_group = NULL;
|
|||||||
* ################################################################ */
|
* ################################################################ */
|
||||||
|
|
||||||
static int dynsec__remove_all_clients_from_group(struct dynsec__group *group);
|
static int dynsec__remove_all_clients_from_group(struct dynsec__group *group);
|
||||||
|
static int dynsec__remove_all_roles_from_group(struct dynsec__group *group);
|
||||||
static cJSON *add_group_to_json(struct dynsec__group *group);
|
static cJSON *add_group_to_json(struct dynsec__group *group);
|
||||||
|
|
||||||
|
|
||||||
@ -460,6 +461,7 @@ int dynsec_groups__process_delete(cJSON *j_responses, struct mosquitto *context,
|
|||||||
/* Enforce any changes */
|
/* Enforce any changes */
|
||||||
group__kick_all(group);
|
group__kick_all(group);
|
||||||
|
|
||||||
|
dynsec__remove_all_roles_from_group(group);
|
||||||
group__free_item(group);
|
group__free_item(group);
|
||||||
dynsec__config_save();
|
dynsec__config_save();
|
||||||
dynsec__command_reply(j_responses, context, "deleteGroup", NULL, correlation_data);
|
dynsec__command_reply(j_responses, context, "deleteGroup", NULL, correlation_data);
|
||||||
@ -583,6 +585,17 @@ static int dynsec__remove_all_clients_from_group(struct dynsec__group *group)
|
|||||||
return MOSQ_ERR_SUCCESS;
|
return MOSQ_ERR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int dynsec__remove_all_roles_from_group(struct dynsec__group *group)
|
||||||
|
{
|
||||||
|
struct dynsec__rolelist *rolelist, *rolelist_tmp;
|
||||||
|
|
||||||
|
HASH_ITER(hh, group->rolelist, rolelist, rolelist_tmp){
|
||||||
|
dynsec_rolelist__group_remove(group, rolelist->role);
|
||||||
|
}
|
||||||
|
|
||||||
|
return MOSQ_ERR_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
int dynsec_groups__remove_client(const char *username, const char *groupname, bool update_config)
|
int dynsec_groups__remove_client(const char *username, const char *groupname, bool update_config)
|
||||||
{
|
{
|
||||||
struct dynsec__client *client;
|
struct dynsec__client *client;
|
||||||
|
Loading…
Reference in New Issue
Block a user