d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Per listener allow_anonymous.

Browse Source
This commit is contained in:
Roger A. Light 2018-03-15 14:29:07 +00:00
parent 7046691b7d
commit b2e1592376
5 changed files with 59 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog.txt
View File

@ -64,6 +64,12 @@ Broker:
Closes #8.
- Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on
client sockets. Closes #433.
- The behaviour of allow_anonymous has changed. In the old behaviour, the
default if not set was to allow anonymous access. The new behaviour is to
default is to allow anonymous access unless another security option is set.
For example, if password_file is set and allow_anonymous is not set, then
anonymous access will be denied. It is still possible to allow anonymous
access by setting it explicitly.
Client library:
- Outgoing messages with QoS>1 are no longer retried after a timeout period.

8
man/mosquitto.conf.5.xml
View File

@ -161,8 +161,12 @@
connect without providing a username are allowed to
connect. If set to <replaceable>false</replaceable>
then another means of connection should be created to
control authenticated client access. Defaults to
<replaceable>true</replaceable>.</para>
control authenticated client access.</para>
<para>Defaults to <replaceable>true</replaceable> if no
other security options are set. If any other
authentication options are set, then
<option>allow_anonymous</option> defaults to
<replaceable>false</replaceable>.</para>
<para>Reloaded on reload signal.</para>
</listitem>
</varlistentry>

7
mosquitto.conf
View File

@ -141,7 +141,7 @@
# options are controlled on a per listener basis. The following options are
# affected:
#
# password_file acl_file psk_file auth_plugin auth_opt_*
# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
#
# The default behaviour is for this to be set to false, which maintains the
# setting behaviour from previous versions of mosquitto.
@ -543,7 +543,10 @@
# without providing a username are allowed to connect. If set to
# false then a password file should be created (see the
# password_file option) to control authenticated client access.
# Defaults to true.
#
# Defaults to true if no other security options are set. If any other
# authentication options are set, then allow_anonymous defaults to false.
#
#allow_anonymous true
# -----------------------------------------------------------------

42
src/conf.c
View File

@ -150,7 +150,7 @@ static void config__init_reload(struct mosquitto__config *config)
/* Set defaults */
mosquitto__free(config->acl_file);
config->acl_file = NULL;
config->security_options.allow_anonymous = true;
config->security_options.allow_anonymous = -1;
config->allow_duplicate_messages = false;
config->allow_zero_length_clientid = true;
config->auto_id_prefix = NULL;
@ -524,9 +524,7 @@ int config__read(struct mosquitto__config *config, bool reload)
struct config_recurse cr;
int lineno = 0;
int len;
#ifdef WITH_BRIDGE
int i;
#endif
cr.log_dest = MQTT3_LOG_NONE;
cr.log_dest_set = 0;
@ -549,6 +547,40 @@ int config__read(struct mosquitto__config *config, bool reload)
return rc;
}
/* If auth/access options are set and allow_anonymous not explicitly set, disallow anon. */
if(config->per_listener_settings){
for(i=0; i<config->listener_count; i++){
if(config->listeners[i].security_options.allow_anonymous == -1){
if(config->listeners[i].security_options.password_file
|| config->listeners[i].security_options.psk_file
|| config->listeners[i].security_options.auth_plugins){
/* allow_anonymous not set explicitly, some other security options
* have been set - so disable allow_anonymous
*/
config->listeners[i].security_options.allow_anonymous = false;
}else{
/* Default option if no security options set */
config->listeners[i].security_options.allow_anonymous = true;
}
}
}
}else{
if(config->security_options.allow_anonymous == -1){
if(config->security_options.password_file
|| config->security_options.psk_file
|| config->security_options.auth_plugins){
/* allow_anonymous not set explicitly, some other security options
* have been set - so disable allow_anonymous
*/
config->security_options.allow_anonymous = false;
}else{
/* Default option if no security options set */
config->security_options.allow_anonymous = true;
}
}
}
#ifdef WITH_PERSISTENCE
if(config->persistence){
if(!config->persistence_file){
@ -697,7 +729,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
#endif
}else if(!strcmp(token, "allow_anonymous")){
conf__set_cur_security_options(config, cur_listener, &cur_security_options);
if(conf__parse_bool(&token, "allow_anonymous", &cur_security_options->allow_anonymous, saveptr)) return MOSQ_ERR_INVAL;
if(conf__parse_bool(&token, "allow_anonymous", (bool *)&cur_security_options->allow_anonymous, saveptr)) return MOSQ_ERR_INVAL;
}else if(!strcmp(token, "allow_duplicate_messages")){
if(conf__parse_bool(&token, "allow_duplicate_messages", &config->allow_duplicate_messages, saveptr)) return MOSQ_ERR_INVAL;
}else if(!strcmp(token, "allow_zero_length_clientid")){
@ -1184,7 +1216,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
}
cur_listener = &config->listeners[config->listener_count-1];
memset(cur_listener, 0, sizeof(struct mosquitto__listener));
cur_listener->security_options.allow_anonymous = true;
cur_listener->security_options.allow_anonymous = -1;
cur_listener->protocol = mp_mqtt;
cur_listener->port = tmp_int;
token = strtok_r(NULL, "", &saveptr);

6
src/mosquitto_broker_internal.h
View File

@ -147,11 +147,15 @@ struct mosquitto__auth_plugin_config
};
struct mosquitto__security_options {
/* Any options that get added here also need considering
* in config__read() with regards whether allow_anonymous
* should be disabled when these options are set.
*/
char *password_file;
char *psk_file;
struct mosquitto__auth_plugin_config *auth_plugins;
int auth_plugin_count;
bool allow_anonymous;
char allow_anonymous;
};
struct mosquitto__listener {