Per listener allow_anonymous.
This commit is contained in:
parent
7046691b7d
commit
b2e1592376
@ -64,6 +64,12 @@ Broker:
|
||||
Closes #8.
|
||||
- Add set_tcp_nodelay option to allow Nagle's algorithm to be disabled on
|
||||
client sockets. Closes #433.
|
||||
- The behaviour of allow_anonymous has changed. In the old behaviour, the
|
||||
default if not set was to allow anonymous access. The new behaviour is to
|
||||
default is to allow anonymous access unless another security option is set.
|
||||
For example, if password_file is set and allow_anonymous is not set, then
|
||||
anonymous access will be denied. It is still possible to allow anonymous
|
||||
access by setting it explicitly.
|
||||
|
||||
Client library:
|
||||
- Outgoing messages with QoS>1 are no longer retried after a timeout period.
|
||||
|
@ -161,8 +161,12 @@
|
||||
connect without providing a username are allowed to
|
||||
connect. If set to <replaceable>false</replaceable>
|
||||
then another means of connection should be created to
|
||||
control authenticated client access. Defaults to
|
||||
<replaceable>true</replaceable>.</para>
|
||||
control authenticated client access.</para>
|
||||
<para>Defaults to <replaceable>true</replaceable> if no
|
||||
other security options are set. If any other
|
||||
authentication options are set, then
|
||||
<option>allow_anonymous</option> defaults to
|
||||
<replaceable>false</replaceable>.</para>
|
||||
<para>Reloaded on reload signal.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -141,7 +141,7 @@
|
||||
# options are controlled on a per listener basis. The following options are
|
||||
# affected:
|
||||
#
|
||||
# password_file acl_file psk_file auth_plugin auth_opt_*
|
||||
# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
|
||||
#
|
||||
# The default behaviour is for this to be set to false, which maintains the
|
||||
# setting behaviour from previous versions of mosquitto.
|
||||
@ -543,7 +543,10 @@
|
||||
# without providing a username are allowed to connect. If set to
|
||||
# false then a password file should be created (see the
|
||||
# password_file option) to control authenticated client access.
|
||||
# Defaults to true.
|
||||
#
|
||||
# Defaults to true if no other security options are set. If any other
|
||||
# authentication options are set, then allow_anonymous defaults to false.
|
||||
#
|
||||
#allow_anonymous true
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
|
42
src/conf.c
42
src/conf.c
@ -150,7 +150,7 @@ static void config__init_reload(struct mosquitto__config *config)
|
||||
/* Set defaults */
|
||||
mosquitto__free(config->acl_file);
|
||||
config->acl_file = NULL;
|
||||
config->security_options.allow_anonymous = true;
|
||||
config->security_options.allow_anonymous = -1;
|
||||
config->allow_duplicate_messages = false;
|
||||
config->allow_zero_length_clientid = true;
|
||||
config->auto_id_prefix = NULL;
|
||||
@ -524,9 +524,7 @@ int config__read(struct mosquitto__config *config, bool reload)
|
||||
struct config_recurse cr;
|
||||
int lineno = 0;
|
||||
int len;
|
||||
#ifdef WITH_BRIDGE
|
||||
int i;
|
||||
#endif
|
||||
|
||||
cr.log_dest = MQTT3_LOG_NONE;
|
||||
cr.log_dest_set = 0;
|
||||
@ -549,6 +547,40 @@ int config__read(struct mosquitto__config *config, bool reload)
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* If auth/access options are set and allow_anonymous not explicitly set, disallow anon. */
|
||||
if(config->per_listener_settings){
|
||||
for(i=0; i<config->listener_count; i++){
|
||||
if(config->listeners[i].security_options.allow_anonymous == -1){
|
||||
if(config->listeners[i].security_options.password_file
|
||||
|| config->listeners[i].security_options.psk_file
|
||||
|| config->listeners[i].security_options.auth_plugins){
|
||||
|
||||
/* allow_anonymous not set explicitly, some other security options
|
||||
* have been set - so disable allow_anonymous
|
||||
*/
|
||||
config->listeners[i].security_options.allow_anonymous = false;
|
||||
}else{
|
||||
/* Default option if no security options set */
|
||||
config->listeners[i].security_options.allow_anonymous = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}else{
|
||||
if(config->security_options.allow_anonymous == -1){
|
||||
if(config->security_options.password_file
|
||||
|| config->security_options.psk_file
|
||||
|| config->security_options.auth_plugins){
|
||||
|
||||
/* allow_anonymous not set explicitly, some other security options
|
||||
* have been set - so disable allow_anonymous
|
||||
*/
|
||||
config->security_options.allow_anonymous = false;
|
||||
}else{
|
||||
/* Default option if no security options set */
|
||||
config->security_options.allow_anonymous = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
#ifdef WITH_PERSISTENCE
|
||||
if(config->persistence){
|
||||
if(!config->persistence_file){
|
||||
@ -697,7 +729,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
|
||||
#endif
|
||||
}else if(!strcmp(token, "allow_anonymous")){
|
||||
conf__set_cur_security_options(config, cur_listener, &cur_security_options);
|
||||
if(conf__parse_bool(&token, "allow_anonymous", &cur_security_options->allow_anonymous, saveptr)) return MOSQ_ERR_INVAL;
|
||||
if(conf__parse_bool(&token, "allow_anonymous", (bool *)&cur_security_options->allow_anonymous, saveptr)) return MOSQ_ERR_INVAL;
|
||||
}else if(!strcmp(token, "allow_duplicate_messages")){
|
||||
if(conf__parse_bool(&token, "allow_duplicate_messages", &config->allow_duplicate_messages, saveptr)) return MOSQ_ERR_INVAL;
|
||||
}else if(!strcmp(token, "allow_zero_length_clientid")){
|
||||
@ -1184,7 +1216,7 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
|
||||
}
|
||||
cur_listener = &config->listeners[config->listener_count-1];
|
||||
memset(cur_listener, 0, sizeof(struct mosquitto__listener));
|
||||
cur_listener->security_options.allow_anonymous = true;
|
||||
cur_listener->security_options.allow_anonymous = -1;
|
||||
cur_listener->protocol = mp_mqtt;
|
||||
cur_listener->port = tmp_int;
|
||||
token = strtok_r(NULL, "", &saveptr);
|
||||
|
@ -147,11 +147,15 @@ struct mosquitto__auth_plugin_config
|
||||
};
|
||||
|
||||
struct mosquitto__security_options {
|
||||
/* Any options that get added here also need considering
|
||||
* in config__read() with regards whether allow_anonymous
|
||||
* should be disabled when these options are set.
|
||||
*/
|
||||
char *password_file;
|
||||
char *psk_file;
|
||||
struct mosquitto__auth_plugin_config *auth_plugins;
|
||||
int auth_plugin_count;
|
||||
bool allow_anonymous;
|
||||
char allow_anonymous;
|
||||
};
|
||||
|
||||
struct mosquitto__listener {
|
||||
|
Loading…
Reference in New Issue
Block a user