Add missing parameters to internal mosquitto_acl_check
Signed-off-by: Tobias Assarsson <tobias.assarsson@gmail.com>
This commit is contained in:
parent
6a75eb377b
commit
cc96485330
@ -202,7 +202,8 @@ void context__cleanup(struct mosquitto_db *db, struct mosquitto *context, bool d
|
|||||||
void context__send_will(struct mosquitto_db *db, struct mosquitto *ctxt)
|
void context__send_will(struct mosquitto_db *db, struct mosquitto *ctxt)
|
||||||
{
|
{
|
||||||
if(ctxt->state != mosq_cs_disconnecting && ctxt->will){
|
if(ctxt->state != mosq_cs_disconnecting && ctxt->will){
|
||||||
if(mosquitto_acl_check(db, ctxt, ctxt->will->topic, MOSQ_ACL_WRITE) == MOSQ_ERR_SUCCESS){
|
if(mosquitto_acl_check(db, ctxt, ctxt->will->topic, ctxt->will->payloadlen, ctxt->will->payload,
|
||||||
|
ctxt->will->qos, ctxt->will->retain, MOSQ_ACL_WRITE) == MOSQ_ERR_SUCCESS){
|
||||||
/* Unexpected disconnect, queue the client will. */
|
/* Unexpected disconnect, queue the client will. */
|
||||||
db__messages_easy_queue(db, ctxt, ctxt->will->topic, ctxt->will->qos, ctxt->will->payloadlen, ctxt->will->payload, ctxt->will->retain);
|
db__messages_easy_queue(db, ctxt, ctxt->will->topic, ctxt->will->qos, ctxt->will->payloadlen, ctxt->will->payload, ctxt->will->retain);
|
||||||
}
|
}
|
||||||
|
@ -83,7 +83,9 @@ void connection_check_acl(struct mosquitto_db *db, struct mosquitto *context, st
|
|||||||
msg_prev = NULL;
|
msg_prev = NULL;
|
||||||
while(msg_tail){
|
while(msg_tail){
|
||||||
if(msg_tail->direction == mosq_md_out){
|
if(msg_tail->direction == mosq_md_out){
|
||||||
if(mosquitto_acl_check(db, context, msg_tail->store->topic, MOSQ_ACL_READ) != MOSQ_ERR_SUCCESS){
|
if(mosquitto_acl_check(db, context, msg_tail->store->topic,
|
||||||
|
msg_tail->store->payloadlen, UHPA_ACCESS(msg_tail->store->payload, msg_tail->store->payloadlen),
|
||||||
|
msg_tail->store->qos, msg_tail->store->retain, MOSQ_ACL_READ) != MOSQ_ERR_SUCCESS){
|
||||||
db__msg_store_deref(db, &msg_tail->store);
|
db__msg_store_deref(db, &msg_tail->store);
|
||||||
if(msg_prev){
|
if(msg_prev){
|
||||||
msg_prev->next = msg_tail->next;
|
msg_prev->next = msg_tail->next;
|
||||||
|
@ -168,7 +168,7 @@ int handle__publish(struct mosquitto_db *db, struct mosquitto *context)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Check for topic access */
|
/* Check for topic access */
|
||||||
rc = mosquitto_acl_check(db, context, topic, MOSQ_ACL_WRITE);
|
rc = mosquitto_acl_check(db, context, topic, payloadlen, UHPA_ACCESS(payload, payloadlen), qos, retain, MOSQ_ACL_WRITE);
|
||||||
if(rc == MOSQ_ERR_ACL_DENIED){
|
if(rc == MOSQ_ERR_ACL_DENIED){
|
||||||
log__printf(NULL, MOSQ_LOG_DEBUG, "Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))", context->id, dup, qos, retain, mid, topic, (long)payloadlen);
|
log__printf(NULL, MOSQ_LOG_DEBUG, "Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))", context->id, dup, qos, retain, mid, topic, (long)payloadlen);
|
||||||
goto process_bad_message;
|
goto process_bad_message;
|
||||||
|
@ -112,7 +112,7 @@ int handle__subscribe(struct mosquitto_db *db, struct mosquitto *context)
|
|||||||
log__printf(NULL, MOSQ_LOG_DEBUG, "\t%s (QoS %d)", sub, qos);
|
log__printf(NULL, MOSQ_LOG_DEBUG, "\t%s (QoS %d)", sub, qos);
|
||||||
|
|
||||||
if(context->protocol == mosq_p_mqtt311){
|
if(context->protocol == mosq_p_mqtt311){
|
||||||
rc = mosquitto_acl_check(db, context, sub, MOSQ_ACL_SUBSCRIBE);
|
rc = mosquitto_acl_check(db, context, sub, 0, NULL, qos, false, MOSQ_ACL_SUBSCRIBE);
|
||||||
switch(rc){
|
switch(rc){
|
||||||
case MOSQ_ERR_SUCCESS:
|
case MOSQ_ERR_SUCCESS:
|
||||||
break;
|
break;
|
||||||
|
@ -605,7 +605,7 @@ int mosquitto_security_module_cleanup(struct mosquitto_db *db);
|
|||||||
int mosquitto_security_init(struct mosquitto_db *db, bool reload);
|
int mosquitto_security_init(struct mosquitto_db *db, bool reload);
|
||||||
int mosquitto_security_apply(struct mosquitto_db *db);
|
int mosquitto_security_apply(struct mosquitto_db *db);
|
||||||
int mosquitto_security_cleanup(struct mosquitto_db *db, bool reload);
|
int mosquitto_security_cleanup(struct mosquitto_db *db, bool reload);
|
||||||
int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, const char *topic, int access);
|
int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, const char *topic, long payloadlen, void* payload, int qos, bool retain, int access);
|
||||||
int mosquitto_unpwd_check(struct mosquitto_db *db, struct mosquitto *context, const char *username, const char *password);
|
int mosquitto_unpwd_check(struct mosquitto_db *db, struct mosquitto *context, const char *username, const char *password);
|
||||||
int mosquitto_psk_key_get(struct mosquitto_db *db, struct mosquitto *context, const char *hint, const char *identity, char *key, int max_key_len);
|
int mosquitto_psk_key_get(struct mosquitto_db *db, struct mosquitto *context, const char *hint, const char *identity, char *key, int max_key_len);
|
||||||
|
|
||||||
|
@ -427,13 +427,10 @@ int mosquitto_security_cleanup(struct mosquitto_db *db, bool reload)
|
|||||||
|
|
||||||
|
|
||||||
//int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, const char *topic, int access)
|
//int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, const char *topic, int access)
|
||||||
static int acl__check_single(struct mosquitto__auth_plugin_config *auth_plugin, struct mosquitto *context, const char *topic, int access)
|
static int acl__check_single(struct mosquitto__auth_plugin_config *auth_plugin, struct mosquitto *context, struct mosquitto_acl_msg *msg, int access)
|
||||||
{
|
{
|
||||||
struct mosquitto_acl_msg msg;
|
|
||||||
const char *username;
|
const char *username;
|
||||||
|
const char *topic = msg->topic;
|
||||||
memset(&msg, 0, sizeof(msg));
|
|
||||||
msg.topic = topic;
|
|
||||||
|
|
||||||
username = mosquitto_client_username(context);
|
username = mosquitto_client_username(context);
|
||||||
if(auth_plugin->deny_special_chars == true){
|
if(auth_plugin->deny_special_chars == true){
|
||||||
@ -454,7 +451,7 @@ static int acl__check_single(struct mosquitto__auth_plugin_config *auth_plugin,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(auth_plugin->plugin.version == 3){
|
if(auth_plugin->plugin.version == 3){
|
||||||
return auth_plugin->plugin.acl_check_v3(auth_plugin->plugin.user_data, access, context, &msg);
|
return auth_plugin->plugin.acl_check_v3(auth_plugin->plugin.user_data, access, context, msg);
|
||||||
}else if(auth_plugin->plugin.version == 2){
|
}else if(auth_plugin->plugin.version == 2){
|
||||||
if(access == MOSQ_ACL_SUBSCRIBE){
|
if(access == MOSQ_ACL_SUBSCRIBE){
|
||||||
return MOSQ_ERR_SUCCESS;
|
return MOSQ_ERR_SUCCESS;
|
||||||
@ -466,11 +463,12 @@ static int acl__check_single(struct mosquitto__auth_plugin_config *auth_plugin,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, const char *topic, int access)
|
int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, const char *topic, long payloadlen, void* payload, int qos, bool retain, int access)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
int i;
|
int i;
|
||||||
struct mosquitto__security_options *opts;
|
struct mosquitto__security_options *opts;
|
||||||
|
struct mosquitto_acl_msg msg;
|
||||||
|
|
||||||
if(!context->id){
|
if(!context->id){
|
||||||
return MOSQ_ERR_ACL_DENIED;
|
return MOSQ_ERR_ACL_DENIED;
|
||||||
@ -491,8 +489,15 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons
|
|||||||
opts = &db->config->security_options;
|
opts = &db->config->security_options;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
memset(&msg, 0, sizeof(msg));
|
||||||
|
msg.topic = topic;
|
||||||
|
msg.payloadlen = payloadlen;
|
||||||
|
msg.payload = payload;
|
||||||
|
msg.qos = qos;
|
||||||
|
msg.retain = retain;
|
||||||
|
|
||||||
for(i=0; i<opts->auth_plugin_config_count; i++){
|
for(i=0; i<opts->auth_plugin_config_count; i++){
|
||||||
rc = acl__check_single(&opts->auth_plugin_configs[i], context, topic, access);
|
rc = acl__check_single(&opts->auth_plugin_configs[i], context, &msg, access);
|
||||||
if(rc != MOSQ_ERR_PLUGIN_DEFER){
|
if(rc != MOSQ_ERR_PLUGIN_DEFER){
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -102,7 +102,7 @@ static int subs__process(struct mosquitto_db *db, struct mosquitto__subhier *hie
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
/* Check for ACL topic access. */
|
/* Check for ACL topic access. */
|
||||||
rc2 = mosquitto_acl_check(db, leaf->context, topic, MOSQ_ACL_READ);
|
rc2 = mosquitto_acl_check(db, leaf->context, topic, stored->payloadlen, UHPA_ACCESS(stored->payload, stored->payloadlen), stored->qos, stored->retain, MOSQ_ACL_READ);
|
||||||
if(rc2 == MOSQ_ERR_ACL_DENIED){
|
if(rc2 == MOSQ_ERR_ACL_DENIED){
|
||||||
leaf = leaf->next;
|
leaf = leaf->next;
|
||||||
continue;
|
continue;
|
||||||
@ -649,7 +649,8 @@ static int retain__process(struct mosquitto_db *db, struct mosquitto_msg_store *
|
|||||||
int qos;
|
int qos;
|
||||||
uint16_t mid;
|
uint16_t mid;
|
||||||
|
|
||||||
rc = mosquitto_acl_check(db, context, retained->topic, MOSQ_ACL_READ);
|
rc = mosquitto_acl_check(db, context, retained->topic, retained->payloadlen, UHPA_ACCESS(retained->payload, retained->payloadlen),
|
||||||
|
retained->qos, retained->retain, MOSQ_ACL_READ);
|
||||||
if(rc == MOSQ_ERR_ACL_DENIED){
|
if(rc == MOSQ_ERR_ACL_DENIED){
|
||||||
return MOSQ_ERR_SUCCESS;
|
return MOSQ_ERR_SUCCESS;
|
||||||
}else if(rc != MOSQ_ERR_SUCCESS){
|
}else if(rc != MOSQ_ERR_SUCCESS){
|
||||||
|
Loading…
Reference in New Issue
Block a user