No need to pass separate username/password here.

src/mosquitto_broker_internal.h

@@ -756,7 +756,7 @@ int mosquitto_security_init_default(struct mosquitto_db *db, bool reload);
 int mosquitto_security_apply_default(struct mosquitto_db *db);
 int mosquitto_security_cleanup_default(struct mosquitto_db *db, bool reload);
 int mosquitto_acl_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *topic, int access);
-int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *username, const char *password);
+int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context);
 int mosquitto_psk_key_get_default(struct mosquitto_db *db, struct mosquitto *context, const char *hint, const char *identity, char *key, int max_key_len);
 
 int mosquitto_security_auth_start(struct mosquitto_db *db, struct mosquitto *context, bool reauth, const void *data_in, uint16_t data_in_len, void **data_out, uint16_t *data_out_len);

src/security.c

@@ -679,7 +679,7 @@ int mosquitto_unpwd_check(struct mosquitto_db *db, struct mosquitto *context)
 	int i;
 	struct mosquitto__security_options *opts;
 
-	rc = mosquitto_unpwd_check_default(db, context, context->username, context->password);
+	rc = mosquitto_unpwd_check_default(db, context);
 	if(rc != MOSQ_ERR_PLUGIN_DEFER){
 		return rc;
 	}

src/security_default.c

@@ -886,7 +886,7 @@ static int mosquitto__memcmp_const(const void *a, const void *b, size_t len)
 #endif
 
 
-int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *username, const char *password)
+int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context)
 {
 	struct mosquitto__unpwd *u, *tmp;
 	struct mosquitto__unpwd *unpwd_ref;
@@ -907,7 +907,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
 		if(db->config->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
 		unpwd_ref = db->unpwd;
 	}
-	if(!username){
+	if(context->username == NULL){
 		/* Check must be made only after checking unpwd_ref.
 		 * This is DENY here, because in MQTT v5 username can be missing when
 		 * password is present, but we don't support that. */
@@ -915,11 +915,11 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
 	}
 
 	HASH_ITER(hh, unpwd_ref, u, tmp){
-		if(!strcmp(u->username, username)){
+		if(!strcmp(u->username, context->username)){
 			if(u->password){
-				if(password){
+				if(context->password){
 #ifdef WITH_TLS
-					rc = pw__digest(password, u->salt, u->salt_len, hash, &hash_len);
+					rc = pw__digest(context->password, u->salt, u->salt_len, hash, &hash_len);
 					if(rc == MOSQ_ERR_SUCCESS){
 						if(hash_len == u->password_len && !mosquitto__memcmp_const(u->password, hash, hash_len)){
 							return MOSQ_ERR_SUCCESS;
@@ -930,7 +930,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
 						return rc;
 					}
 #else
-					if(!strcmp(u->password, password)){
+					if(!strcmp(u->password, context->password)){
 						return MOSQ_ERR_SUCCESS;
 					}
 #endif