d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dynsec: Fix loading of clients with no password.

Browse Source
This commit is contained in:
Roger A. Light 2020-11-07 23:48:37 +00:00
parent 4b3c76d97a
commit c5fe1fc36b
1 changed files with 14 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
plugins/dynamic-security/clients.c
View File

@ -108,7 +108,7 @@ void dynsec_clients__cleanup(void)
int dynsec_clients__config_load(cJSON *tree)
{
cJSON *j_clients, *j_client, *jtmp, *j_roles, *j_role;
cJSON *j_salt, *j_password;
cJSON *j_salt, *j_password, *j_iterations;
struct dynsec__client *client;
struct dynsec__role *role;
unsigned char *buf;
@ -152,15 +152,16 @@ int dynsec_clients__config_load(cJSON *tree)
client->disabled = cJSON_IsTrue(jtmp);
}
/* Hash iterations */
jtmp = cJSON_GetObjectItem(j_client, "iterations");
if(jtmp == NULL || !cJSON_IsNumber(jtmp)){
// FIXME log
mosquitto_free(client->username);
mosquitto_free(client);
continue;
}
iterations = (int)jtmp->valuedouble;
/* Salt */
j_salt = cJSON_GetObjectItem(j_client, "salt");
j_password = cJSON_GetObjectItem(j_client, "password");
j_iterations = cJSON_GetObjectItem(j_client, "iterations");
if(j_salt && cJSON_IsString(j_salt)
&& j_password && cJSON_IsString(j_password)
&& j_iterations && cJSON_IsNumber(j_iterations)){
iterations = (int)j_iterations->valuedouble;
if(iterations < 1){
// FIXME log
mosquitto_free(client->username);
@ -170,13 +171,6 @@ int dynsec_clients__config_load(cJSON *tree)
client->pw.iterations = iterations;
}
/* Salt */
j_salt = cJSON_GetObjectItem(j_client, "salt");
j_password = cJSON_GetObjectItem(j_client, "password");
if(j_salt && cJSON_IsString(j_salt)
&& j_password && cJSON_IsString(j_password)){
if(dynsec_auth__base64_decode(j_salt->valuestring, &buf, &buf_len) != MOSQ_ERR_SUCCESS
|| buf_len != sizeof(client->pw.salt)){