d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make correct allow_anonymous check in pwfile security.

Browse Source 
We always get passed the client even if it doesn't have a
username/password now.
This commit is contained in:
Roger A. Light 2020-08-18 08:32:21 +01:00
parent a5f02f31fc
commit cae55aa381
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/security_default.c
View File

@ -895,6 +895,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
unsigned int hash_len;
int rc;
#endif
bool allow_anonymous;
if(!db) return MOSQ_ERR_INVAL;
@ -903,16 +904,22 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
if(!context->listener) return MOSQ_ERR_INVAL;
if(context->listener->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
unpwd_ref = context->listener->unpwd;
allow_anonymous = context->listener->security_options.allow_anonymous;
}else{
if(db->config->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
unpwd_ref = db->unpwd;
allow_anonymous = db->config->security_options.allow_anonymous;
}
if(context->username == NULL){
/* Check must be made only after checking unpwd_ref.
* This is DENY here, because in MQTT v5 username can be missing when
* password is present, but we don't support that. */
if(allow_anonymous == true){
return MOSQ_ERR_SUCCESS;
}else{
return MOSQ_ERR_AUTH;
}
}
HASH_ITER(hh, unpwd_ref, u, tmp){
if(!strcmp(u->username, context->username)){