From c5fe1fc36bd9c42037b144e7daca44330c37b37b Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Sat, 7 Nov 2020 23:48:37 +0000 Subject: [PATCH] Dynsec: Fix loading of clients with no password. --- plugins/dynamic-security/clients.c | 34 ++++++++++++------------------ 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/plugins/dynamic-security/clients.c b/plugins/dynamic-security/clients.c index 3c5a1ffd..9c04b1bf 100644 --- a/plugins/dynamic-security/clients.c +++ b/plugins/dynamic-security/clients.c @@ -108,7 +108,7 @@ void dynsec_clients__cleanup(void) int dynsec_clients__config_load(cJSON *tree) { cJSON *j_clients, *j_client, *jtmp, *j_roles, *j_role; - cJSON *j_salt, *j_password; + cJSON *j_salt, *j_password, *j_iterations; struct dynsec__client *client; struct dynsec__role *role; unsigned char *buf; @@ -152,30 +152,24 @@ int dynsec_clients__config_load(cJSON *tree) client->disabled = cJSON_IsTrue(jtmp); } - /* Hash iterations */ - jtmp = cJSON_GetObjectItem(j_client, "iterations"); - if(jtmp == NULL || !cJSON_IsNumber(jtmp)){ - // FIXME log - mosquitto_free(client->username); - mosquitto_free(client); - continue; - } - iterations = (int)jtmp->valuedouble; - if(iterations < 1){ - // FIXME log - mosquitto_free(client->username); - mosquitto_free(client); - continue; - }else{ - client->pw.iterations = iterations; - } - /* Salt */ j_salt = cJSON_GetObjectItem(j_client, "salt"); j_password = cJSON_GetObjectItem(j_client, "password"); + j_iterations = cJSON_GetObjectItem(j_client, "iterations"); if(j_salt && cJSON_IsString(j_salt) - && j_password && cJSON_IsString(j_password)){ + && j_password && cJSON_IsString(j_password) + && j_iterations && cJSON_IsNumber(j_iterations)){ + + iterations = (int)j_iterations->valuedouble; + if(iterations < 1){ + // FIXME log + mosquitto_free(client->username); + mosquitto_free(client); + continue; + }else{ + client->pw.iterations = iterations; + } if(dynsec_auth__base64_decode(j_salt->valuestring, &buf, &buf_len) != MOSQ_ERR_SUCCESS || buf_len != sizeof(client->pw.salt)){