Add local_username, local_password for bridge connections to authenticate to the local broker.
This commit is contained in:
parent
1573b3a1c5
commit
968004d9d8
@ -1,4 +1,9 @@
|
|||||||
|
1.4 - xxxxxxxx
|
||||||
|
==============
|
||||||
|
|
||||||
Broker:
|
Broker:
|
||||||
|
- Add local_username, local_password for bridge connections to authenticate to
|
||||||
|
the local broker.
|
||||||
- Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
|
- Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
|
||||||
- Support for ECDHE-ECDSA family ciphers.
|
- Support for ECDHE-ECDSA family ciphers.
|
||||||
|
|
||||||
|
@ -672,6 +672,13 @@
|
|||||||
# username is also set.
|
# username is also set.
|
||||||
#password
|
#password
|
||||||
|
|
||||||
|
# Set the username to use on the local broker.
|
||||||
|
#local_username
|
||||||
|
|
||||||
|
# Set the password to use on the local broker.
|
||||||
|
# This option is only used if local_username is also set.
|
||||||
|
#local_password
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
# -----------------------------------------------------------------
|
||||||
# Certificate based SSL/TLS support
|
# Certificate based SSL/TLS support
|
||||||
# -----------------------------------------------------------------
|
# -----------------------------------------------------------------
|
||||||
|
@ -162,6 +162,13 @@ int mqtt3_bridge_connect(struct mosquitto_db *db, struct mosquitto *context)
|
|||||||
mqtt3_db_messages_delete(context);
|
mqtt3_db_messages_delete(context);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rc = mosquitto_unpwd_check(db, context->bridge->local_username, context->bridge->local_password);
|
||||||
|
if(rc == MOSQ_ERR_AUTH){
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Bridge %s failed authentication on local broker.", context->id);
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
rc = 0;
|
||||||
|
|
||||||
/* Delete all local subscriptions even for clean_session==false. We don't
|
/* Delete all local subscriptions even for clean_session==false. We don't
|
||||||
* remove any messages and the next loop carries out the resubscription
|
* remove any messages and the next loop carries out the resubscription
|
||||||
* anyway. This means any unwanted subs will be removed.
|
* anyway. This means any unwanted subs will be removed.
|
||||||
|
50
src/conf.c
50
src/conf.c
@ -250,6 +250,8 @@ void mqtt3_config_cleanup(struct mqtt3_config *config)
|
|||||||
if(config->bridges[i].clientid) _mosquitto_free(config->bridges[i].clientid);
|
if(config->bridges[i].clientid) _mosquitto_free(config->bridges[i].clientid);
|
||||||
if(config->bridges[i].username) _mosquitto_free(config->bridges[i].username);
|
if(config->bridges[i].username) _mosquitto_free(config->bridges[i].username);
|
||||||
if(config->bridges[i].password) _mosquitto_free(config->bridges[i].password);
|
if(config->bridges[i].password) _mosquitto_free(config->bridges[i].password);
|
||||||
|
if(config->bridges[i].local_username) _mosquitto_free(config->bridges[i].local_username);
|
||||||
|
if(config->bridges[i].local_password) _mosquitto_free(config->bridges[i].local_password);
|
||||||
if(config->bridges[i].topics){
|
if(config->bridges[i].topics){
|
||||||
for(j=0; j<config->bridges[i].topic_count; j++){
|
for(j=0; j<config->bridges[i].topic_count; j++){
|
||||||
if(config->bridges[i].topics[j].topic) _mosquitto_free(config->bridges[i].topics[j].topic);
|
if(config->bridges[i].topics[j].topic) _mosquitto_free(config->bridges[i].topics[j].topic);
|
||||||
@ -1140,6 +1142,54 @@ int _config_read_file(struct mqtt3_config *config, bool reload, const char *file
|
|||||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Empty listener value in configuration.");
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Empty listener value in configuration.");
|
||||||
return MOSQ_ERR_INVAL;
|
return MOSQ_ERR_INVAL;
|
||||||
}
|
}
|
||||||
|
}else if(!strcmp(token, "local_password")){
|
||||||
|
#ifdef WITH_BRIDGE
|
||||||
|
if(reload) continue; // FIXME
|
||||||
|
if(!cur_bridge){
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
|
return MOSQ_ERR_INVAL;
|
||||||
|
}
|
||||||
|
token = strtok_r(NULL, " ", &saveptr);
|
||||||
|
if(token){
|
||||||
|
if(cur_bridge->local_password){
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Duplicate local_password value in bridge configuration.");
|
||||||
|
return MOSQ_ERR_INVAL;
|
||||||
|
}
|
||||||
|
cur_bridge->local_password = _mosquitto_strdup(token);
|
||||||
|
if(!cur_bridge->local_password){
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory");
|
||||||
|
return MOSQ_ERR_NOMEM;
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
cur_bridge->local_password = NULL;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
|
||||||
|
#endif
|
||||||
|
}else if(!strcmp(token, "local_username")){
|
||||||
|
#ifdef WITH_BRIDGE
|
||||||
|
if(reload) continue; // FIXME
|
||||||
|
if(!cur_bridge){
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Invalid bridge configuration.");
|
||||||
|
return MOSQ_ERR_INVAL;
|
||||||
|
}
|
||||||
|
token = strtok_r(NULL, " ", &saveptr);
|
||||||
|
if(token){
|
||||||
|
if(cur_bridge->local_username){
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Duplicate local_username value in bridge configuration.");
|
||||||
|
return MOSQ_ERR_INVAL;
|
||||||
|
}
|
||||||
|
cur_bridge->local_username = _mosquitto_strdup(token);
|
||||||
|
if(!cur_bridge->local_username){
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Out of memory");
|
||||||
|
return MOSQ_ERR_NOMEM;
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
cur_bridge->local_username = NULL;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
_mosquitto_log_printf(NULL, MOSQ_LOG_WARNING, "Warning: Bridge support not available.");
|
||||||
|
#endif
|
||||||
}else if(!strcmp(token, "log_dest")){
|
}else if(!strcmp(token, "log_dest")){
|
||||||
token = strtok_r(NULL, " ", &saveptr);
|
token = strtok_r(NULL, " ", &saveptr);
|
||||||
if(token){
|
if(token){
|
||||||
|
@ -258,6 +258,8 @@ struct _mqtt3_bridge{
|
|||||||
time_t restart_t;
|
time_t restart_t;
|
||||||
char *username;
|
char *username;
|
||||||
char *password;
|
char *password;
|
||||||
|
char *local_username;
|
||||||
|
char *local_password;
|
||||||
bool notifications;
|
bool notifications;
|
||||||
char *notification_topic;
|
char *notification_topic;
|
||||||
enum mosquitto_bridge_start_type start_type;
|
enum mosquitto_bridge_start_type start_type;
|
||||||
|
Loading…
Reference in New Issue
Block a user