Add trivial basic authentication plugin based on IP.
This commit is contained in:
parent
695bbc33c8
commit
9f9f92104b
@ -1,4 +1,5 @@
|
|||||||
DIRS= \
|
DIRS= \
|
||||||
|
auth-by-ip \
|
||||||
dynamic-security \
|
dynamic-security \
|
||||||
message-timestamp \
|
message-timestamp \
|
||||||
payload-modification
|
payload-modification
|
||||||
|
@ -18,3 +18,6 @@ This is an **example** plugin to demonstrate how it is possible to modify the pa
|
|||||||
If you are considering using this feature, you should be very certain you have verified the payload is the correct format before modifying it.
|
If you are considering using this feature, you should be very certain you have verified the payload is the correct format before modifying it.
|
||||||
|
|
||||||
This plugin adds the text string "hello " to the beginning of each payload, so with anything other than simple plain text messages it will corrupt the payload contents.
|
This plugin adds the text string "hello " to the beginning of each payload, so with anything other than simple plain text messages it will corrupt the payload contents.
|
||||||
|
|
||||||
|
## Authenticate by IP address
|
||||||
|
This is an **example** plugin that demonstrates a basic authentication callback that allows clients based on their IP address. Password based authentication is preferred over this very simple type of access control.
|
||||||
|
11
plugins/auth-by-ip/CMakeLists.txt
Normal file
11
plugins/auth-by-ip/CMakeLists.txt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
include_directories(${mosquitto_SOURCE_DIR} ${mosquitto_SOURCE_DIR}/include
|
||||||
|
${STDBOOL_H_PATH} ${STDINT_H_PATH})
|
||||||
|
|
||||||
|
add_library(mosquitto_auth_by_ip SHARED mosquitto_auth_by_ip.c)
|
||||||
|
set_target_properties(mosquitto_auth_by_ip PROPERTIES
|
||||||
|
POSITION_INDEPENDENT_CODE 1
|
||||||
|
)
|
||||||
|
set_target_properties(mosquitto_auth_by_ip PROPERTIES PREFIX "")
|
||||||
|
|
||||||
|
# Don't install, these are example plugins only.
|
||||||
|
#install(TARGETS mosquitto_auth_by_ip RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}")
|
27
plugins/auth-by-ip/Makefile
Normal file
27
plugins/auth-by-ip/Makefile
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
include ../../config.mk
|
||||||
|
|
||||||
|
.PHONY : all binary check clean reallyclean test install uninstall
|
||||||
|
|
||||||
|
PLUGIN_NAME=mosquitto_auth_by_ip
|
||||||
|
|
||||||
|
all : binary
|
||||||
|
|
||||||
|
binary : ${PLUGIN_NAME}.so
|
||||||
|
|
||||||
|
${PLUGIN_NAME}.so : ${PLUGIN_NAME}.c
|
||||||
|
$(CROSS_COMPILE)$(CC) $(PLUGIN_CPPFLAGS) $(PLUGIN_CFLAGS) $(PLUGIN_LDFLAGS) -fPIC -shared $< -o $@
|
||||||
|
|
||||||
|
reallyclean : clean
|
||||||
|
clean:
|
||||||
|
-rm -f *.o ${PLUGIN_NAME}.so *.gcda *.gcno
|
||||||
|
|
||||||
|
check: test
|
||||||
|
test:
|
||||||
|
|
||||||
|
install: ${PLUGIN_NAME}.so
|
||||||
|
# Don't install, these are examples only.
|
||||||
|
#$(INSTALL) -d "${DESTDIR}$(libdir)"
|
||||||
|
#$(INSTALL) ${STRIP_OPTS} ${PLUGIN_NAME}.so "${DESTDIR}${libdir}/${PLUGIN_NAME}.so"
|
||||||
|
|
||||||
|
uninstall :
|
||||||
|
-rm -f "${DESTDIR}${libdir}/${PLUGIN_NAME}.so"
|
82
plugins/auth-by-ip/mosquitto_auth_by_ip.c
Normal file
82
plugins/auth-by-ip/mosquitto_auth_by_ip.c
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
/*
|
||||||
|
Copyright (c) 2021 Roger Light <roger@atchoo.org>
|
||||||
|
|
||||||
|
All rights reserved. This program and the accompanying materials
|
||||||
|
are made available under the terms of the Eclipse Public License 2.0
|
||||||
|
and Eclipse Distribution License v1.0 which accompany this distribution.
|
||||||
|
|
||||||
|
The Eclipse Public License is available at
|
||||||
|
https://www.eclipse.org/legal/epl-2.0/
|
||||||
|
and the Eclipse Distribution License is available at
|
||||||
|
http://www.eclipse.org/org/documents/edl-v10.php.
|
||||||
|
|
||||||
|
SPDX-License-Identifier: EPL-2.0 OR EDL-1.0
|
||||||
|
|
||||||
|
Contributors:
|
||||||
|
Roger Light - initial implementation and documentation.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This is an example plugin showing how to use the basic authentication
|
||||||
|
* callback to allow/disallow client connections based on client IP addresses.
|
||||||
|
*
|
||||||
|
* This is an extremely basic type of access control, password based or similar
|
||||||
|
* authentication is preferred.
|
||||||
|
*
|
||||||
|
* Compile with:
|
||||||
|
* gcc -I<path to mosquitto-repo/include> -fPIC -shared mosquitto_auth_by_ip.c -o mosquitto_auth_by_ip.so
|
||||||
|
*
|
||||||
|
* Use in config with:
|
||||||
|
*
|
||||||
|
* plugin /path/to/mosquitto_auth_by_ip.so
|
||||||
|
*
|
||||||
|
* Note that this only works on Mosquitto 2.0 or later.
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "mosquitto_broker.h"
|
||||||
|
#include "mosquitto_plugin.h"
|
||||||
|
#include "mosquitto.h"
|
||||||
|
#include "mqtt_protocol.h"
|
||||||
|
|
||||||
|
static mosquitto_plugin_id_t *mosq_pid = NULL;
|
||||||
|
|
||||||
|
static int basic_auth_callback(int event, void *event_data, void *userdata)
|
||||||
|
{
|
||||||
|
struct mosquitto_evt_basic_auth *ed = event_data;
|
||||||
|
const char *ip_address;
|
||||||
|
|
||||||
|
ip_address = mosquitto_client_address(ed->client);
|
||||||
|
if(!strcmp(ip_address, "127.0.0.1")){
|
||||||
|
/* Only allow connections from localhost */
|
||||||
|
return MOSQ_ERR_SUCCESS;
|
||||||
|
}else{
|
||||||
|
return MOSQ_ERR_AUTH;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int mosquitto_plugin_version(int supported_version_count, const int *supported_versions)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for(i=0; i<supported_version_count; i++){
|
||||||
|
if(supported_versions[i] == 5){
|
||||||
|
return 5;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **user_data, struct mosquitto_opt *opts, int opt_count)
|
||||||
|
{
|
||||||
|
mosq_pid = identifier;
|
||||||
|
return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
int mosquitto_plugin_cleanup(void *user_data, struct mosquitto_opt *opts, int opt_count)
|
||||||
|
{
|
||||||
|
return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL);
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user