Add local_username, local_password for bridge connections to authenticate to the local broker.
This commit is contained in:
parent
1573b3a1c5
commit
968004d9d8
@ -1,4 +1,9 @@
|
||||
1.4 - xxxxxxxx
|
||||
==============
|
||||
|
||||
Broker:
|
||||
- Add local_username, local_password for bridge connections to authenticate to
|
||||
the local broker.
|
||||
- Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
|
||||
- Support for ECDHE-ECDSA family ciphers.
|
||||
|
||||
|
@ -672,6 +672,13 @@
|
||||
# username is also set.
|
||||
#password
|
||||
|
||||
# Set the username to use on the local broker.
|
||||
#local_username
|
||||
|
||||
# Set the password to use on the local broker.
|
||||
# This option is only used if local_username is also set.
|
||||
#local_password
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
|
@ -162,6 +162,13 @@ int mqtt3_bridge_connect(struct mosquitto_db *db, struct mosquitto *context)
|
||||
mqtt3_db_messages_delete(context);
|
||||
}
|
||||
|
||||
rc = mosquitto_unpwd_check(db, context->bridge->local_username, context->bridge->local_password);
|
||||
if(rc == MOSQ_ERR_AUTH){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Bridge %s failed authentication on local broker.", context->id);
|
||||
return rc;
|
||||
}
|
||||
rc = 0;
|
||||
|
||||
/* Delete all local subscriptions even for clean_session==false. We don't
|
||||
* remove any messages and the next loop carries out the resubscription
|
||||
* anyway. This means any unwanted subs will be removed.
|
||||
|
50
src/conf.c
50
src/conf.c
@ -250,6 +250,8 @@ void mqtt3_config_cleanup(struct mqtt3_config *config)
|
||||
if(config->bridges[i].clientid) _mosquitto_free(config->bridges[i].clientid);
|
||||
if(config->bridges[i].username) _mosquitto_free(config->bridges[i].username);
|
||||
if(config->bridges[i].password) _mosquitto_free(config->bridges[i].password);
|
||||
if(config->bridges[i].local_username) _mosquitto_free(config->bridges[i].local_username);
|
||||
if(config->bridges[i].local_password) _mosquitto_free(config->bridges[i].local_password);
|
||||
if(config->bridges[i].topics){
|
||||
for(j=0; j<config->bridges[i].topic_count; j++){
|
||||
if(config->bridges[i].topics[j].topic) _mosquitto_free(config->bridges[i].topics[j].topic);
|
||||
@ -1140,6 +1142,54 @@ int _config_read_file(struct mqtt3_config *config, bool reload, const char *file
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Empty listener value in configuration.");
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
}else if(!strcmp(token, "local_password")){
|
||||
#ifdef WITH_BRIDGE
|
||||
if(reload) continue; // FIXME
|
||||
if(!cur_bridge){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
token = strtok_r(NULL, " ", &saveptr);
|
||||
if(token){
|
||||
if(cur_bridge->local_password){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Duplicate local_password value in bridge configuration.");
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
cur_bridge->local_password = _mosquitto_strdup(token);
|
||||
if(!cur_bridge->local_password){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory");
|
||||
return MOSQ_ERR_NOMEM;
|
||||
}
|
||||
}else{
|
||||
cur_bridge->local_password = NULL;
|
||||
}
|
||||
#else
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
|
||||
#endif
|
||||
}else if(!strcmp(token, "local_username")){
|
||||
#ifdef WITH_BRIDGE
|
||||
if(reload) continue; // FIXME
|
||||
if(!cur_bridge){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
token = strtok_r(NULL, " ", &saveptr);
|
||||
if(token){
|
||||
if(cur_bridge->local_username){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Duplicate local_username value in bridge configuration.");
|
||||
return MOSQ_ERR_INVAL;
|
||||
}
|
||||
cur_bridge->local_username = _mosquitto_strdup(token);
|
||||
if(!cur_bridge->local_username){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory");
|
||||
return MOSQ_ERR_NOMEM;
|
||||
}
|
||||
}else{
|
||||
cur_bridge->local_username = NULL;
|
||||
}
|
||||
#else
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
|
||||
#endif
|
||||
}else if(!strcmp(token, "log_dest")){
|
||||
token = strtok_r(NULL, " ", &saveptr);
|
||||
if(token){
|
||||
|
@ -258,6 +258,8 @@ struct _mqtt3_bridge{
|
||||
time_t restart_t;
|
||||
char *username;
|
||||
char *password;
|
||||
char *local_username;
|
||||
char *local_password;
|
||||
bool notifications;
|
||||
char *notification_topic;
|
||||
enum mosquitto_bridge_start_type start_type;
|
||||
|
Loading…
Reference in New Issue
Block a user