Merge 1.3.2-1.3.5 into 1.4.

11 years ago · 070d783c9f
parent 43556537e3 1a47f86648
commit 070d783c9f
12 changed files with 92 additions and 40 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -57,15 +57,55 @@ Client library:
 - mosquitto_loop_forever now quits after a fatal error, rather than blindly
  retrying.

-1.3.2 - 2014xxxx
+1.3.5 - 20141008
 ================

 Broker:
+- Fix possible memory leak when using a topic that has a leading slash. Fixes
+  bug #1360985.
+- Fix saving persistent database on Windows.
+- Temporarily disable ACL checks on subscriptions when using MQTT v3.1.1. This
+  is due to the complexity of checking wildcard ACLs against wildcard
+  subscriptions. This does not have a negative impact on security because
+  checks are still made before a message is sent to a client.
+  Fixes bug #1374291.
+- When using -v and the broker receives a SIGHUP, verbose logging was being
+  disabled. This has been fixed.
+
+Client library:
+- Fix mutex being incorrectly passed by value. Fixes bug #1373785.
+
+1.3.4 - 20140806
+================
+
+Broker:
+- Don't ask client for certificate when require_certificate is false.
+- Backout incomplete functionality that was incorrectly included in 1.3.2.
+
+1.3.3 - 20140801
+================
+
+Broker:
+- Fix incorrect handling of anonymous bridges on the local broker.
+
+1.3.2 - 20140713
+================
+
+Broker:
+- Don't allow access to clients when authenticating if a security plugin
+  returns an application error. Fixes bug #1340782.
 - Ensure that bridges verify certificates by default when using TLS.
 - Fix possible crash when using pattern ACLs that do not include a %u and
  clients that connect without a username.
 - Fix subscriptions being deleted when clients subscribed to a topic beginning
  with a $ but that is not $SYS.
+- When a durable client reconnects, its queued messages are now checked
+  against ACLs in case of a change in username/ACL state since it last
+  connected.
+- Fix bug #1324411, which could have had unexpected consequences for delayed
+  messages in rare circumstances.
+- Anonymous clients are no longer accidently disconnected from the broker
+  after a SIGHUP.

 Client library:
 - Fix topic matching edge case.
--- a/config.mk
+++ b/config.mk
@ -240,3 +240,4 @@ STRIP?=strip
 prefix=/usr/local
 mandir=${prefix}/share/man
 localedir=${prefix}/share/locale
+STRIP?=strip
--- a/man/libmosquitto.3.xml
+++ b/man/libmosquitto.3.xml
@ -421,7 +421,6 @@ void my_log_callback(struct mosquitto *mosq, void *userdata, int level, const ch

 int main(int argc, char *argv[])
 {
-	char id[30];
 	int i;
 	char *host = "localhost";
 	int port = 1883;
@ -430,13 +429,12 @@ int main(int argc, char *argv[])
 	struct mosquitto *mosq = NULL;

 	mosquitto_lib_init();
-	mosq = mosquitto_new(id, clean_session, NULL);
+	mosq = mosquitto_new(NULL, clean_session, NULL);
 	if(!mosq){
 		fprintf(stderr, "Error: Out of memory.\n");
 		return 1;
 	}
 	mosquitto_log_callback_set(mosq, my_log_callback);
-
 	mosquitto_connect_callback_set(mosq, my_connect_callback);
 	mosquitto_message_callback_set(mosq, my_message_callback);
 	mosquitto_subscribe_callback_set(mosq, my_subscribe_callback);
@ -446,7 +444,7 @@ int main(int argc, char *argv[])
 		return 1;
 	}

-	while(!mosquitto_loop(mosq, -1)){
+	while(!mosquitto_loop(mosq, -1, 1)){
 	}
 	mosquitto_destroy(mosq);
 	mosquitto_lib_cleanup();
--- a/mosquitto.conf
+++ b/mosquitto.conf
@ -727,13 +727,6 @@
 # remains valid for the time being.
 #remote_password

-# Set the username to use on the local broker.
-#local_username
-
-# Set the password to use on the local broker.
-# This option is only used if local_username is also set.
-#local_password
-
 # -----------------------------------------------------------------
 # Certificate based SSL/TLS support
 # -----------------------------------------------------------------
--- a/readme.txt
+++ b/readme.txt
@ -1,8 +1,8 @@
 Mosquitto
 =========

-Mosquitto is an open source implementation of a server for version 3.1 of the
-MQTT protocol.
+Mosquitto is an open source implementation of a server for version 3.1 and
+3.1.1 of the MQTT protocol.

 See the following links for more information on MQTT:

--- a/src/bridge.c
+++ b/src/bridge.c
@ -152,13 +152,6 @@ int mqtt3_bridge_connect(struct mosquitto_db *db, struct mosquitto *context)
 		mqtt3_db_messages_delete(context);
 	}

-	rc = mosquitto_unpwd_check(db, context->bridge->local_username, context->bridge->local_password);
-	if(rc == MOSQ_ERR_AUTH){
-		_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Bridge %s failed authentication on local broker.", context->id);
-		return rc;
-	}
-	rc = 0;
-
 	/* Delete all local subscriptions even for clean_session==false. We don't
 	 * remove any messages and the next loop carries out the resubscription
 	 * anyway. This means any unwanted subs will be removed.
--- a/src/persist.c
+++ b/src/persist.c
@ -387,6 +387,11 @@ int mqtt3_db_backup(struct mosquitto_db *db, bool cleanup, bool shutdown)

 	fclose(db_fptr);

+#ifdef WIN32
+	if(remove(db->config->persistence_filepath) != 0){
+		goto error;
+	}
+#endif
 	if(rename(outfile, db->config->persistence_filepath) != 0){
 		goto error;
 	}
--- a/src/read_handle_server.c
+++ b/src/read_handle_server.c
@ -363,12 +363,20 @@ int mqtt3_handle_connect(struct mosquitto_db *db, struct mosquitto *context)
 #endif /* WITH_TLS */
 		if(username_flag){
 			rc = mosquitto_unpwd_check(db, username, password);
-			if(rc == MOSQ_ERR_AUTH){
-				_mosquitto_send_connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD);
-				rc = MOSQ_ERR_SUCCESS;
-				goto handle_connect_error;
-			}else if(rc == MOSQ_ERR_INVAL){
-				goto handle_connect_error;
+			switch(rc){
+				case MOSQ_ERR_SUCCESS:
+					break;
+				case MOSQ_ERR_AUTH:
+					_mosquitto_send_connack(context, CONNACK_REFUSED_BAD_USERNAME_PASSWORD);
+					mqtt3_context_disconnect(db, context);
+					rc = MOSQ_ERR_SUCCESS;
+					goto handle_connect_error;
+					break;
+				default:
+					mqtt3_context_disconnect(db, context);
+					rc = MOSQ_ERR_SUCCESS;
+					goto handle_connect_error;
+					break;
 			}
 			context->username = username;
 			context->password = password;
@ -728,12 +736,33 @@ int mqtt3_handle_subscribe(struct mosquitto_db *db, struct mosquitto *context)
 			}
 			_mosquitto_log_printf(NULL, MOSQ_LOG_DEBUG, "\t%s (QoS %d)", sub, qos);

+#if 0
+			/* FIXME
+			 * This section has been disabled temporarily. mosquitto_acl_check
+			 * calls mosquitto_topic_matches_sub, which can't cope with
+			 * checking subscriptions that have wildcards against ACLs that
+			 * have wildcards. Bug #1374291 is related.
+			 *
+			 * It's a very difficult problem when an ACL looks like foo/+/bar
+			 * and a subscription request to foo/# is made.
+			 *
+			 * This should be changed to using MOSQ_ACL_SUBSCRIPTION in the
+			 * future anyway.
+			 */
 			if(context->protocol == mosq_p_mqtt311){
 				rc = mosquitto_acl_check(db, context, sub, MOSQ_ACL_READ);
-				if(rc == MOSQ_ERR_ACL_DENIED){
-					qos = 0x80;
+				switch(rc){
+					case MOSQ_ERR_SUCCESS:
+						break;
+					case MOSQ_ERR_ACL_DENIED:
+						qos = 0x80;
+						break;
+					default:
+						_mosquitto_free(sub);
+						return rc;
 				}
 			}
+#endif

 			if(qos != 0x80){
 				rc2 = mqtt3_sub_add(db, context, sub, qos, &db->subs);
--- a/src/security.c
+++ b/src/security.c
@ -200,15 +200,7 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons
 	if(!db->auth_plugin.lib){
 		return mosquitto_acl_check_default(db, context, topic, access);
 	}else{
-#ifdef WITH_BRIDGE
-		if(context->bridge){
-			return db->auth_plugin.acl_check(db->auth_plugin.user_data, context->id, context->bridge->local_username, topic, access);
-		}else{
-#endif
-			return db->auth_plugin.acl_check(db->auth_plugin.user_data, context->id, context->username, topic, access);
-#ifdef WITH_BRIDGE
-		}
-#endif
+		return db->auth_plugin.acl_check(db->auth_plugin.user_data, context->id, context->username, topic, access);
 	}
 }

--- a/src/security_default.c
+++ b/src/security_default.c
@ -628,7 +628,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username,

 	if(!db) return MOSQ_ERR_INVAL;
 	if(!db->unpwd) return MOSQ_ERR_SUCCESS;
-	if(!username) return MOSQ_ERR_INVAL;
+	if(!username) return MOSQ_ERR_INVAL; /* Check must be made only after checking db->unpwd. */

 	HASH_ITER(hh, db->unpwd, u, tmp){
 		if(!strcmp(u->username, username)){
--- a/src/subs.c
+++ b/src/subs.c
@ -135,7 +135,7 @@ static int _subs_process(struct mosquitto_db *db, struct _mosquitto_subhier *hie
 			}
 			if(mqtt3_db_message_insert(db, leaf->context, mid, mosq_md_out, msg_qos, client_retain, stored) == 1) rc = 1;
 		}else{
-			rc = 1;
+			return 1; /* Application error */
 		}
 		leaf = leaf->next;
 	}
--- a/test/broker/08-ssl-connect-identity.conf
+++ b/test/broker/08-ssl-connect-identity.conf
@ -6,4 +6,5 @@ certfile ../ssl/server.crt
 keyfile ../ssl/server.key

 use_identity_as_username true
+require_certificate true