Per listener psk_file.
This commit is contained in:
parent
b2e1592376
commit
fd7b08c0eb
13
src/conf.c
13
src/conf.c
@ -195,8 +195,8 @@ static void config__init_reload(struct mosquitto__config *config)
|
||||
mosquitto__free(config->persistence_file);
|
||||
config->persistence_file = NULL;
|
||||
config->persistent_client_expiration = 0;
|
||||
mosquitto__free(config->psk_file);
|
||||
config->psk_file = NULL;
|
||||
mosquitto__free(config->security_options.psk_file);
|
||||
config->security_options.psk_file = NULL;
|
||||
config->queue_qos0_messages = false;
|
||||
config->set_tcp_nodelay = false;
|
||||
config->sys_interval = 10;
|
||||
@ -277,7 +277,7 @@ void config__cleanup(struct mosquitto__config *config)
|
||||
mosquitto__free(config->persistence_location);
|
||||
mosquitto__free(config->persistence_file);
|
||||
mosquitto__free(config->persistence_filepath);
|
||||
mosquitto__free(config->psk_file);
|
||||
mosquitto__free(config->security_options.psk_file);
|
||||
mosquitto__free(config->pid_file);
|
||||
if(config->listeners){
|
||||
for(i=0; i<config->listener_count; i++){
|
||||
@ -1576,11 +1576,12 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
|
||||
}
|
||||
}else if(!strcmp(token, "psk_file")){
|
||||
#ifdef REAL_WITH_TLS_PSK
|
||||
conf__set_cur_security_options(config, cur_listener, &cur_security_options);
|
||||
if(reload){
|
||||
mosquitto__free(config->psk_file);
|
||||
config->psk_file = NULL;
|
||||
mosquitto__free(cur_security_options->psk_file);
|
||||
cur_security_options->psk_file = NULL;
|
||||
}
|
||||
if(conf__parse_string(&token, "psk_file", &config->psk_file, saveptr)) return MOSQ_ERR_INVAL;
|
||||
if(conf__parse_string(&token, "psk_file", &cur_security_options->psk_file, saveptr)) return MOSQ_ERR_INVAL;
|
||||
#else
|
||||
log__printf(NULL, MOSQ_LOG_WARNING, "Warning: TLS/TLS-PSK support not available.");
|
||||
#endif
|
||||
|
@ -190,6 +190,7 @@ struct mosquitto__listener {
|
||||
#endif
|
||||
struct mosquitto__security_options security_options;
|
||||
struct mosquitto__unpwd *unpwd;
|
||||
struct mosquitto__unpwd *psk_id;
|
||||
};
|
||||
|
||||
struct mosquitto__config {
|
||||
@ -220,7 +221,6 @@ struct mosquitto__config {
|
||||
char *persistence_filepath;
|
||||
time_t persistent_client_expiration;
|
||||
char *pid_file;
|
||||
char *psk_file;
|
||||
bool queue_qos0_messages;
|
||||
bool per_listener_settings;
|
||||
bool set_tcp_nodelay;
|
||||
@ -615,7 +615,7 @@ int mosquitto_security_apply_default(struct mosquitto_db *db);
|
||||
int mosquitto_security_cleanup_default(struct mosquitto_db *db, bool reload);
|
||||
int mosquitto_acl_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *topic, int access);
|
||||
int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *context, const char *username, const char *password);
|
||||
int mosquitto_psk_key_get_default(struct mosquitto_db *db, const char *hint, const char *identity, char *key, int max_key_len);
|
||||
int mosquitto_psk_key_get_default(struct mosquitto_db *db, struct mosquitto *context, const char *hint, const char *identity, char *key, int max_key_len);
|
||||
|
||||
/* ============================================================
|
||||
* Window service and signal related functions
|
||||
|
@ -449,7 +449,7 @@ int mosquitto_psk_key_get(struct mosquitto_db *db, struct mosquitto *context, co
|
||||
int rc;
|
||||
int i;
|
||||
|
||||
rc = mosquitto_psk_key_get_default(db, hint, identity, key, max_key_len);
|
||||
rc = mosquitto_psk_key_get_default(db, context, hint, identity, key, max_key_len);
|
||||
if(rc != MOSQ_ERR_PLUGIN_DEFER){
|
||||
return rc;
|
||||
}
|
||||
|
@ -27,7 +27,7 @@ static int aclfile__parse(struct mosquitto_db *db);
|
||||
static int unpwd__file_parse(struct mosquitto__unpwd **unpwd, const char *password_file);
|
||||
static int acl__cleanup(struct mosquitto_db *db, bool reload);
|
||||
static int unpwd__cleanup(struct mosquitto__unpwd **unpwd, bool reload);
|
||||
static int psk__file_parse(struct mosquitto_db *db);
|
||||
static int psk__file_parse(struct mosquitto_db *db, struct mosquitto__unpwd **psk_id, const char *psk_file);
|
||||
#ifdef WITH_TLS
|
||||
static int pw__digest(const char *password, const unsigned char *salt, unsigned int salt_len, unsigned char *hash, unsigned int *hash_len);
|
||||
static int base64__decode(char *in, unsigned char **decoded, unsigned int *decoded_len);
|
||||
@ -75,11 +75,25 @@ int mosquitto_security_init_default(struct mosquitto_db *db, bool reload)
|
||||
}
|
||||
|
||||
/* Load psk data if required. */
|
||||
if(db->config->psk_file){
|
||||
rc = psk__file_parse(db);
|
||||
if(rc){
|
||||
log__printf(NULL, MOSQ_LOG_ERR, "Error opening psk file \"%s\".", db->config->psk_file);
|
||||
return rc;
|
||||
if(db->config->per_listener_settings){
|
||||
for(int i=0; i<db->config->listener_count; i++){
|
||||
char *pskf = db->config->listeners[i].security_options.psk_file;
|
||||
if(pskf){
|
||||
rc = psk__file_parse(db, &db->config->listeners[i].psk_id, pskf);
|
||||
if(rc){
|
||||
log__printf(NULL, MOSQ_LOG_ERR, "Error opening psk file \"%s\".", pskf);
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
}
|
||||
}else{
|
||||
char *pskf = db->config->security_options.psk_file;
|
||||
if(pskf){
|
||||
rc = psk__file_parse(db, &db->psk_id, pskf);
|
||||
if(rc){
|
||||
log__printf(NULL, MOSQ_LOG_ERR, "Error opening psk file \"%s\".", pskf);
|
||||
return rc;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -98,10 +112,21 @@ int mosquitto_security_cleanup_default(struct mosquitto_db *db, bool reload)
|
||||
for(int i=0; i<db->config->listener_count; i++){
|
||||
if(db->config->listeners[i].unpwd){
|
||||
rc = unpwd__cleanup(&db->config->listeners[i].unpwd, reload);
|
||||
if(rc != MOSQ_ERR_SUCCESS) return rc;
|
||||
}
|
||||
}
|
||||
|
||||
return unpwd__cleanup(&db->psk_id, reload);
|
||||
rc = unpwd__cleanup(&db->psk_id, reload);
|
||||
if(rc != MOSQ_ERR_SUCCESS) return rc;
|
||||
|
||||
for(int i=0; i<db->config->listener_count; i++){
|
||||
if(db->config->listeners[i].psk_id){
|
||||
rc = unpwd__cleanup(&db->config->listeners[i].psk_id, reload);
|
||||
if(rc != MOSQ_ERR_SUCCESS) return rc;
|
||||
}
|
||||
}
|
||||
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
@ -649,20 +674,20 @@ static int unpwd__file_parse(struct mosquitto__unpwd **unpwd, const char *passwo
|
||||
return rc;
|
||||
}
|
||||
|
||||
static int psk__file_parse(struct mosquitto_db *db)
|
||||
static int psk__file_parse(struct mosquitto_db *db, struct mosquitto__unpwd **psk_id, const char *psk_file)
|
||||
{
|
||||
int rc;
|
||||
struct mosquitto__unpwd *u, *tmp;
|
||||
|
||||
if(!db || !db->config) return MOSQ_ERR_INVAL;
|
||||
if(!db || !db->config || !psk_id) return MOSQ_ERR_INVAL;
|
||||
|
||||
/* We haven't been asked to parse a psk file. */
|
||||
if(!db->config->psk_file) return MOSQ_ERR_SUCCESS;
|
||||
if(!psk_file) return MOSQ_ERR_SUCCESS;
|
||||
|
||||
rc = pwfile__parse(db->config->psk_file, &db->psk_id);
|
||||
rc = pwfile__parse(psk_file, psk_id);
|
||||
if(rc) return rc;
|
||||
|
||||
HASH_ITER(hh, db->psk_id, u, tmp){
|
||||
HASH_ITER(hh, (*psk_id), u, tmp){
|
||||
/* Check for hex only digits */
|
||||
if(!u->password){
|
||||
log__printf(NULL, MOSQ_LOG_ERR, "Error: Empty psk for identity \"%s\".", u->username);
|
||||
@ -704,6 +729,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
|
||||
#endif
|
||||
|
||||
if(!db) return MOSQ_ERR_INVAL;
|
||||
|
||||
if(db->config->per_listener_settings){
|
||||
if(!context->listener) return MOSQ_ERR_INVAL;
|
||||
if(!context->listener->unpwd) return MOSQ_ERR_PLUGIN_DEFER;
|
||||
@ -825,14 +851,24 @@ int mosquitto_security_apply_default(struct mosquitto_db *db)
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
}
|
||||
|
||||
int mosquitto_psk_key_get_default(struct mosquitto_db *db, const char *hint, const char *identity, char *key, int max_key_len)
|
||||
int mosquitto_psk_key_get_default(struct mosquitto_db *db, struct mosquitto *context, const char *hint, const char *identity, char *key, int max_key_len)
|
||||
{
|
||||
struct mosquitto__unpwd *u, *tmp;
|
||||
struct mosquitto__unpwd *psk_id_ref = NULL;
|
||||
|
||||
if(!db || !hint || !identity || !key) return MOSQ_ERR_INVAL;
|
||||
if(!db->psk_id) return MOSQ_ERR_PLUGIN_DEFER;
|
||||
|
||||
HASH_ITER(hh, db->psk_id, u, tmp){
|
||||
if(db->config->per_listener_settings){
|
||||
if(!context->listener) return MOSQ_ERR_INVAL;
|
||||
if(!context->listener->psk_id) return MOSQ_ERR_PLUGIN_DEFER;
|
||||
psk_id_ref = context->listener->psk_id;
|
||||
}else{
|
||||
if(!db->psk_id) return MOSQ_ERR_PLUGIN_DEFER;
|
||||
psk_id_ref = db->psk_id;
|
||||
}
|
||||
if(!psk_id_ref) return MOSQ_ERR_PLUGIN_DEFER;
|
||||
|
||||
HASH_ITER(hh, psk_id_ref, u, tmp){
|
||||
if(!strcmp(u->username, identity)){
|
||||
strncpy(key, u->password, max_key_len);
|
||||
return MOSQ_ERR_SUCCESS;
|
||||
|
Loading…
Reference in New Issue
Block a user