diff --git a/ChangeLog.txt b/ChangeLog.txt index 106ef56b..bd8a25da 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,4 +1,9 @@ +1.4 - xxxxxxxx +============== + Broker: +- Add local_username, local_password for bridge connections to authenticate to + the local broker. - Default TLS mode now accepts TLS v1.2, v1.1 and v1.0. - Support for ECDHE-ECDSA family ciphers. diff --git a/mosquitto.conf b/mosquitto.conf index 7c22e4f4..e22fd750 100644 --- a/mosquitto.conf +++ b/mosquitto.conf @@ -672,6 +672,13 @@ # username is also set. #password +# Set the username to use on the local broker. +#local_username + +# Set the password to use on the local broker. +# This option is only used if local_username is also set. +#local_password + # ----------------------------------------------------------------- # Certificate based SSL/TLS support # ----------------------------------------------------------------- diff --git a/src/bridge.c b/src/bridge.c index 43e70b09..83048a2f 100644 --- a/src/bridge.c +++ b/src/bridge.c @@ -162,6 +162,13 @@ int mqtt3_bridge_connect(struct mosquitto_db *db, struct mosquitto *context) mqtt3_db_messages_delete(context); } + rc = mosquitto_unpwd_check(db, context->bridge->local_username, context->bridge->local_password); + if(rc == MOSQ_ERR_AUTH){ + _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Bridge %s failed authentication on local broker.", context->id); + return rc; + } + rc = 0; + /* Delete all local subscriptions even for clean_session==false. We don't * remove any messages and the next loop carries out the resubscription * anyway. This means any unwanted subs will be removed. diff --git a/src/conf.c b/src/conf.c index b603a933..dd3f07d5 100644 --- a/src/conf.c +++ b/src/conf.c @@ -250,6 +250,8 @@ void mqtt3_config_cleanup(struct mqtt3_config *config) if(config->bridges[i].clientid) _mosquitto_free(config->bridges[i].clientid); if(config->bridges[i].username) _mosquitto_free(config->bridges[i].username); if(config->bridges[i].password) _mosquitto_free(config->bridges[i].password); + if(config->bridges[i].local_username) _mosquitto_free(config->bridges[i].local_username); + if(config->bridges[i].local_password) _mosquitto_free(config->bridges[i].local_password); if(config->bridges[i].topics){ for(j=0; jbridges[i].topic_count; j++){ if(config->bridges[i].topics[j].topic) _mosquitto_free(config->bridges[i].topics[j].topic); @@ -1140,6 +1142,54 @@ int _config_read_file(struct mqtt3_config *config, bool reload, const char *file _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Empty listener value in configuration."); return MOSQ_ERR_INVAL; } + }else if(!strcmp(token, "local_password")){ +#ifdef WITH_BRIDGE + if(reload) continue; // FIXME + if(!cur_bridge){ + _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); + return MOSQ_ERR_INVAL; + } + token = strtok_r(NULL, " ", &saveptr); + if(token){ + if(cur_bridge->local_password){ + _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Duplicate local_password value in bridge configuration."); + return MOSQ_ERR_INVAL; + } + cur_bridge->local_password = _mosquitto_strdup(token); + if(!cur_bridge->local_password){ + _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory"); + return MOSQ_ERR_NOMEM; + } + }else{ + cur_bridge->local_password = NULL; + } +#else + _mosquitto_log_printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available."); +#endif + }else if(!strcmp(token, "local_username")){ +#ifdef WITH_BRIDGE + if(reload) continue; // FIXME + if(!cur_bridge){ + _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration."); + return MOSQ_ERR_INVAL; + } + token = strtok_r(NULL, " ", &saveptr); + if(token){ + if(cur_bridge->local_username){ + _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Duplicate local_username value in bridge configuration."); + return MOSQ_ERR_INVAL; + } + cur_bridge->local_username = _mosquitto_strdup(token); + if(!cur_bridge->local_username){ + _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory"); + return MOSQ_ERR_NOMEM; + } + }else{ + cur_bridge->local_username = NULL; + } +#else + _mosquitto_log_printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available."); +#endif }else if(!strcmp(token, "log_dest")){ token = strtok_r(NULL, " ", &saveptr); if(token){ diff --git a/src/mosquitto_broker.h b/src/mosquitto_broker.h index 497f3d9a..ece47008 100644 --- a/src/mosquitto_broker.h +++ b/src/mosquitto_broker.h @@ -258,6 +258,8 @@ struct _mqtt3_bridge{ time_t restart_t; char *username; char *password; + char *local_username; + char *local_password; bool notifications; char *notification_topic; enum mosquitto_bridge_start_type start_type;