d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,513 Commits 1 Branch 0 Tags 11 MiB
87197bf9d4
Commit Graph

766 Commits

Author SHA1 Message Date
Roger A. Light
d3d6f3a980 Fix compiling with openssl < 1.1.1. 2019-02-28 11:23:26 +00:00
Roger A. Light
463de0a2c1 Make error messages for missing config file clearer. 2019-02-28 11:13:47 +00:00
Roger A. Light
0632549ce9 Doc improvements for websockets_header_size. 2019-02-28 00:34:23 +00:00
Pierre Fersing
1aaf5f2348 Add websockets_headers_size option 
Signed-off-by: Pierre Fersing <pierre.fersing@bleemeo.com>
 2019-02-28 00:25:19 +00:00
Roger A. Light
1924afe49e Add explicit support for TLS v1.3 and drop TLS v1.0. 2019-02-27 22:50:01 +00:00
Roger A. Light
130ddf47f7 Add dhparamfile option, to allow DH parameters to be loaded. 
This is for Ephemeral DH support on listeners.
 2019-02-27 22:26:40 +00:00
Roger A. Light
4564ff1232 Set umask for temp file. 2019-02-27 17:49:19 +00:00
Roger A. Light
87b3ca35f1 Use mkstemp with mosquitto_passwd on non-Windows. 2019-02-27 16:38:54 +00:00
Roger A. Light
48d731ecb5 Use better random numbers for everything, where possible. 2019-02-27 14:15:31 +00:00
Roger A. Light
dfbd33e0f4 Update documentation for bridge backup, plus tweaks 
Sets default to use the backoff mechanism.
 2019-02-27 13:52:19 +00:00
Abilio Marques
87eb535307 bridge: add decorrelated jitter backoff mechanism 
Signed-off-by: Abilio Marques <abiliojr@gmail.com>
 2019-02-27 13:25:20 +00:00
Roger A. Light
72941db546 Coverity fixes 
1399064
1399065
1398655
1398656
1398654
1399067
1399066
1399063
1399060
1399059
1399068
1399062
1398657
1398653
1302848
1302847
1399070
 2019-02-27 12:38:20 +00:00
Steven Lawrance
208c3d3e85 Allow binding a listener to a specific network interface 
Signed-off-by: Steven Lawrance <stl@koffein.net>
 2019-02-27 09:38:39 +00:00
Roger A. Light
b2c0c3d573 Handle DISCONNECT with will. 2019-02-27 09:27:34 +00:00
Roger A. Light
3b6b6d5fa8 Test improvements 
And some related fixes.
 2019-02-27 09:27:34 +00:00
Roger A. Light
c506c8335b Will delay tests and implementation. 2019-02-27 09:27:34 +00:00
Roger A. Light
b0c60fb6e1 Separate will reading code. 2019-02-27 09:27:34 +00:00
Roger A. Light
5aabc171b0 Merge branch 'mqtt5' into develop 2019-02-26 18:51:31 +00:00
Roger A. Light
e862a047a8 Rework TLS engine support. 2019-02-26 17:11:29 +00:00
Nicolás Pernas Maradei
20894fcbce Add engine private key password support 
Some OpenSSL engines (selectable via tls_engine option) may require a
password to make use of private keys created with them in the first place.

The TPM engine for example, will require a password to access the underlying
TPM's Storage Root Key (SRK), which is the root key of a hierarchy of keys
associated with a TPM; it is generated within a TPM and is a non-migratable
key. Each owned TPM contains a SRK, generated by the TPM at the request
of the Owner. [1]

By default, the engine will prompt the user to introduce the SRK password
before any private keys created with the engine can be used. This could
be inconvenient when running on an unattended system.

Here's where the new tls_engine_kpass_sha option comes in handy. The user
can specify a SHA1 hash of its engine private key password via command
line or config file and it will be passed on to the engine directly.

This commit adds support for both clients (libmosquitto) and broker.

[1] https://goo.gl/qQoXBY

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 2019-02-26 15:50:37 +00:00
Nicolás Pernas Maradei
d5f039ec7c Add TLS engine and keyform support to mosquitto 
Add same OpenSSL engine support to mosquitto (server side) previously added to
client side only.

Signed-off-by: Nicolás Pernas Maradei <nicopernas@gmail.com>
 2019-02-26 15:50:37 +00:00
Roger A. Light
c3c8c99f5d Fix dropping oversize messages for QoS>0. 2019-02-21 08:31:54 +00:00
Roger A. Light
1d17ced449 Broker configurable max_packet_size 
Plus tests.
 2019-02-19 15:57:20 +00:00
Roger A. Light
1877f8a326 Tests and implementation for maximum packet size. 
This is for broker outgoing connack and publish packets only.
 2019-02-18 19:50:51 +00:00
Roger A. Light
8db16591fa Test and fix for subscription identifiers not being updated. 
Closes #1169. Thanks to Christoph Krey.
 2019-02-18 12:24:19 +00:00
Roger A. Light
66c1e2ccf0 Add mosquitto_unsubscribe_multiple(), plus tests. 2019-02-17 20:59:16 +00:00
Roger A. Light
1479c57e34 v5 report reason code=no sub when unsubscribing. 2019-02-17 10:14:02 +00:00
Roger A. Light
1ec0cea34a Fix missing reason_code on v5 UNSUBACK. 
Closes #1167. Thanks to Christoph Krey.
 2019-02-17 09:30:06 +00:00
Roger A. Light
5e8199323b Fix clients being disconnected when ACLs are in use. 
This only affects the case where a client connects using a username, and
the anonymous ACL list is defined but specific user ACLs are not
defined.

Closes #1162. Thanks to quonb.
 2019-02-14 17:46:01 +00:00
Roger A. Light
8350956a08 Make include_dir sort usefully case sensitive. 2019-02-13 22:55:15 +00:00
Roger A. Light
321e566af6 Fix unref'd messages being saved to the persistence file. 
This was leaving dangling messages that were never freed.

Closes #389. Thanks to pjchx.
 2019-02-13 12:08:05 +00:00
Roger A. Light
084062c85e Merge branch 'fixes' into mqtt5 2019-02-12 17:05:42 +00:00
Roger A. Light
9999faf9da Add rewritten build test script and remove some build warnings. 2019-02-12 13:24:54 +00:00
Roger A. Light
04e89450c0 Don't require C99 compiler. 2019-02-09 13:52:09 +00:00
Roger A. Light
715da28602 Fix include_dir not sorting config files before loading. 
Thanks to momoskitto.
 2019-02-08 23:52:11 +00:00
Roger A. Light
2e1c2c430f per_listener_settings true must come before other security settings. 
Produce error if this is not the case. Closes #1164, thanks to
momoskitto.
 2019-02-08 23:14:43 +00:00
Roger A. Light
9378016b19 Fix build failure when using WITH_ADNS=yes 2019-02-08 21:34:08 +00:00
Roger A. Light
05458eb35d Fix some unused variable warnings. 2019-02-08 13:01:07 +00:00
Roger A. Light
1c075988ca Log message for disconnecting a client with invalid UTF-8 topic. 
Closes #1144. Thanks to Kris Mattheus.
 2019-02-08 13:01:07 +00:00
Roger A. Light
17b52bd5d1 Windows: Fix possible crash when client disconnects. 
Closes #1137. Thanks to Kris Mattheus.
 2019-02-08 13:01:07 +00:00
Roger A. Light
d6a690aa8d Fix Will not being sent for Websockets clients. 
Closes #1143. Thanks to salcedo.
 2019-02-08 13:01:07 +00:00
Roger A. Light
29a1936c77 Fix spaces not being allowed in the bridge remote_username option. 
Closes #1131. Thanks to beville.
 2019-02-08 13:01:07 +00:00
Roger Light
c40957a7d8 Fix and tests for CVE-2018-12546. 2019-02-08 13:01:07 +00:00
Roger A. Light
d8505624d0 Fix and tests for security bug #541870. 2019-02-08 13:01:07 +00:00
Roger A. Light
36b5421c59 Fix and tests for security bug #543401. 2019-02-08 13:01:07 +00:00
Steven Lawrance
84d5028c2e Include sys/socket.h for AF_INET definition 
Without this, mosquitto doesn't build on FreeBSD with websockets enabled

Signed-off-by: Steven Lawrance <stl@koffein.net>
 2019-02-08 13:01:07 +00:00
Roger Light
5236295159 Handle mismatched handshakes properly. 
For example, a QoS1 PUBLISH with QoS2 reply.
 2019-02-08 13:01:07 +00:00
Vinod Kumar
78259850ed ignore inline comments while parsing optional config params 
Signed-off-by: Vinod Kumar <kumar003vinod@gmail.com>
 2019-02-08 13:01:07 +00:00
Roger A. Light
be9c1071b0 Fix compilation when openssl deprecated APIs are not available. 
Closes #1094. Thanks to Rosen Penev.
 2019-02-08 13:01:07 +00:00
Roger A. Light
70c4097b6f Fix comparison of boolean values in CMake build. 
Closes #1101. Thanks to Mojca Miklavec and Andrew L. Moore.
 2019-02-08 13:01:07 +00:00
Roger A. Light
873ffce27a Send DISCONNECT on invalid topic alias, plus test. 2019-01-25 22:53:31 +00:00
Roger A. Light
5e7f43c9ea Temporarily disable all extended AUTH. 2019-01-25 22:02:12 +00:00
Roger A. Light
6b977fa198 Test and fixes for expiring retained messages. 2019-01-23 10:00:13 +00:00
Roger A. Light
ca3782b38d Test and fixes for will message expiry interval. 2019-01-22 17:51:57 +00:00
Roger A. Light
6a59e92db8 Set remaining message expiry interval when republishing. 2019-01-22 12:43:52 +00:00
Roger A. Light
85615c1bae AUTH packet can be truncated. 2019-01-18 21:38:29 +00:00
Roger A. Light
f9a17e2782 Add alias support to the broker. 2019-01-18 21:30:34 +00:00
Roger A. Light
37727b402b Fix maximum qos on listener conf. 2019-01-17 21:04:46 +00:00
Roger Light
8513af4da5 Tests and fixes for shortened DISCONNECT packets. 2019-01-17 18:51:23 +00:00
Roger A. Light
5f8d86b4ee Fix sub-denied test. 2019-01-10 22:10:32 +00:00
Roger A. Light
326292681a Add maximum-qos support to broker and client. 
This comes in the form of:

* Per listener maximum_qos option, which can be in the range 0-2.
* Changes to mosquitto_publish*() to return MOSQ_ERR_QOS_NOT_SUPPORTED
  if attempting to publish with a higher QoS than supported.
* Bridges will downgrade messages to match the maximum QoS.

More tests on the broker side (specifically bridges) are required. This
needs bridge support for MQTT 5 first.
 2019-01-09 18:03:01 +00:00
Roger Light
740a128769 Support PUBREC reason code >=0x80 as partial qos2 flow. 2019-01-09 15:00:12 +00:00
Roger Light
84660e1cbe Send maximum limits for QoS>0. 
This needs more work on the broker front to simplify the design.
 2019-01-08 18:38:47 +00:00
Roger A. Light
16e83bfe5d Process receive maximum (as max_inflight_messages). 2018-12-30 21:53:50 +00:00
Roger A. Light
7c3666d593 Subscription identifier support. 2018-12-20 15:32:43 +00:00
Roger A. Light
dab6452a1d Add test for duplicate CONNECT. 2018-12-19 22:17:39 +00:00
Roger A. Light
ec1178806c Fix bridge tests. 2018-12-19 14:38:49 +00:00
Roger A. Light
fcf4cd0b27 Merge branch 'master' into mqtt5 2018-12-19 14:11:11 +00:00
Roger A. Light
31e6dbbe74 Tests and fixes for subscription options. 2018-12-19 12:54:04 +00:00
Roger A. Light
72fdb590b1 Fix no local and retain as published for local bridges. 2018-12-19 10:45:40 +00:00
Roger A. Light
2919510384 No local support. 2018-12-14 13:54:26 +00:00
Roger A. Light
db7901884f Retain-as-published support. 2018-12-14 13:36:02 +00:00
Roger A. Light
89f3d7bb3f Don't print connect/disconnect messages when connection_messages false. 
Closes #772. Closes #613. Closes #537.

Thanks to Christopher Maynard, Brandon Arrendondo, and qubeck.
 2018-12-11 10:55:39 +00:00
Roger A. Light
a00dd29af8 Fix building where TLS-PSK is not available. 
Closes #68.
 2018-12-11 10:55:31 +00:00
Roger A. Light
9097577b49 Fix acl_file being ignore for default listener if with per_listener_settings 
Close #1073. Thanks to Jef Driesen.

Bug: https://github.com/eclipse/mosquitto/issues/1073
 2018-12-09 21:23:46 +00:00
Jelle van der Waa
1a6f8d3c28 src: ASN1_STRING_data is deprecated in OpenSSL 1.1 
ASN1_STRING_get0_data replaces ASN1_STRING_data in OpenSSL 1.1 therefore
add an #ifdef for backwards compatibility.

Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
 2018-12-09 21:22:04 +00:00
Roger A. Light
f90ba23738 Retain handling support. 2018-12-06 22:25:45 +00:00
Roger A. Light
9896e61727 Test and small fix for response-topic and correlation-data props. 2018-12-06 09:29:25 +00:00
Roger A. Light
6ef2c79e9a Add max_keepalive, for limiting keepalives of MQTT v5 clients. 2018-12-06 08:49:02 +00:00
Roger A. Light
48c2217015 auto_id_prefix now defaults to 'auto-'. 2018-12-05 17:17:35 +00:00
Roger A. Light
1d3949bce0 Improve broker generated client ids for the non-Linux case. 
Removes libuuid dependency.
 2018-12-05 16:39:45 +00:00
Abilio Marques
ead440e47d bridge: fix issue where keepalive_interval gets added to restart_timeout using ADNS 
Signed-off-by: Abilio Marques <abiliojr@gmail.com>
 2018-12-05 11:42:24 +00:00
Roger A. Light
3a871828ac Print message on error when installing as a Windows service. 2018-12-05 11:25:41 +00:00
Roger A. Light
c9ed2708f6 Don't reload auth_opt_ options on reload. 
This matches the behaviour of the other plugin options.

Closes #1068. Thanks to Jason McFadyen.

Bug: https://github.com/eclipse/mosquitto/issues/1068
 2018-12-04 20:51:25 +00:00
Roger A. Light
464b12f3d6 Fix outgoing retained messages not being sent by bridges. 
This now happens on initial connection, after CONNACK is processed,
before it was happening (and being dropped) before the connection was
made.

Closes #1040. Thanks to giover.

Bug: https://github.com/eclipse/mosquitto/issues/1040
 2018-12-04 20:45:15 +00:00
Roger A. Light
e169f1c7c2 When using ADNS, don't ask for all network protocols when connecting. 
This can lead to confusing "Protocol not supported" errors if the
network is down, because UDP sockets are provided.

Thanks to jsaak.

Closes #1062.

Bug: https://github.com/eclipse/mosquitto/issues/1062
 2018-12-04 12:39:00 +00:00
Roger A. Light
d29dac087d Add socket_domain option. 2018-12-04 11:48:29 +00:00
Roger A. Light
7020fad86c Add server support for Assigned Client Identifier. 2018-11-29 17:19:26 +00:00
Roger A. Light
d5108956bf Process session-expiry-interval on CONNECT and DISCONNECT. 
Add test to check for invalid values.
 2018-11-27 12:23:21 +00:00
Roger A. Light
54db895cb3 Rename clean_session to clean_start for v5. 2018-11-27 10:02:10 +00:00
Roger A. Light
1241f68ff5 Macro update 2018-11-27 09:58:39 +00:00
Roger Light
17d213b79a Declare lack of support for shared subs and sub IDs. 2018-11-22 18:54:12 +00:00
Roger Light
9560c5bac7 Add retain_available support. 2018-11-22 18:21:40 +00:00
Roger Light
6ca746695f Pass db to send__connack() to give it access to config. 2018-11-22 17:32:43 +00:00
Roger A. Light
9464e3fe19 Guard against possible null client id. 2018-11-20 10:15:34 +00:00
Roger A. Light
098a1c8ecf Fix subscribe_multiple datatypes. 2018-11-13 14:05:03 +00:00
Roger A. Light
beb96c6b8b Merge branch 'master' into develop 2018-11-11 21:41:44 +00:00
Roger A. Light
b54e379fba Fix websockets listeners not verifying client certs. 
When using a TLS enabled websockets listener with "require_certificate"
enabled, the mosquitto broker does not correctly verify client certificates.
This is now fixed. All other security measures operate as expected, and in
particular non-websockets listeners are not affected by this. Closes #996.

Thanks to creising.
 2018-11-08 12:10:28 +00:00
Roger A. Light
ba67e1ffe5 Don't use gnu-specific strerror_r. 2018-11-07 18:27:15 +00:00
Roger A. Light
34c752a0d0 Give better error message if a client sends a password without a username. 
Closes #1015. Thanks to TabascoEye.
 2018-11-07 17:29:39 +00:00