diff --git a/ChangeLog.txt b/ChangeLog.txt index e7bfd836..ca5ed60c 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -57,15 +57,55 @@ Client library: - mosquitto_loop_forever now quits after a fatal error, rather than blindly retrying. -1.3.2 - 2014xxxx +1.3.5 - 20141008 ================ Broker: +- Fix possible memory leak when using a topic that has a leading slash. Fixes + bug #1360985. +- Fix saving persistent database on Windows. +- Temporarily disable ACL checks on subscriptions when using MQTT v3.1.1. This + is due to the complexity of checking wildcard ACLs against wildcard + subscriptions. This does not have a negative impact on security because + checks are still made before a message is sent to a client. + Fixes bug #1374291. +- When using -v and the broker receives a SIGHUP, verbose logging was being + disabled. This has been fixed. + +Client library: +- Fix mutex being incorrectly passed by value. Fixes bug #1373785. + +1.3.4 - 20140806 +================ + +Broker: +- Don't ask client for certificate when require_certificate is false. +- Backout incomplete functionality that was incorrectly included in 1.3.2. + +1.3.3 - 20140801 +================ + +Broker: +- Fix incorrect handling of anonymous bridges on the local broker. + +1.3.2 - 20140713 +================ + +Broker: +- Don't allow access to clients when authenticating if a security plugin + returns an application error. Fixes bug #1340782. - Ensure that bridges verify certificates by default when using TLS. - Fix possible crash when using pattern ACLs that do not include a %u and clients that connect without a username. - Fix subscriptions being deleted when clients subscribed to a topic beginning with a $ but that is not $SYS. +- When a durable client reconnects, its queued messages are now checked + against ACLs in case of a change in username/ACL state since it last + connected. +- Fix bug #1324411, which could have had unexpected consequences for delayed + messages in rare circumstances. +- Anonymous clients are no longer accidently disconnected from the broker + after a SIGHUP. Client library: - Fix topic matching edge case. diff --git a/config.mk b/config.mk index 890511b0..9f4da450 100644 --- a/config.mk +++ b/config.mk @@ -240,3 +240,4 @@ STRIP?=strip prefix=/usr/local mandir=${prefix}/share/man localedir=${prefix}/share/locale +STRIP?=strip diff --git a/man/libmosquitto.3.xml b/man/libmosquitto.3.xml index 2a7f3514..528b6beb 100644 --- a/man/libmosquitto.3.xml +++ b/man/libmosquitto.3.xml @@ -421,7 +421,6 @@ void my_log_callback(struct mosquitto *mosq, void *userdata, int level, const ch int main(int argc, char *argv[]) { - char id[30]; int i; char *host = "localhost"; int port = 1883; @@ -430,13 +429,12 @@ int main(int argc, char *argv[]) struct mosquitto *mosq = NULL; mosquitto_lib_init(); - mosq = mosquitto_new(id, clean_session, NULL); + mosq = mosquitto_new(NULL, clean_session, NULL); if(!mosq){ fprintf(stderr, "Error: Out of memory.\n"); return 1; } mosquitto_log_callback_set(mosq, my_log_callback); - mosquitto_connect_callback_set(mosq, my_connect_callback); mosquitto_message_callback_set(mosq, my_message_callback); mosquitto_subscribe_callback_set(mosq, my_subscribe_callback); @@ -446,7 +444,7 @@ int main(int argc, char *argv[]) return 1; } - while(!mosquitto_loop(mosq, -1)){ + while(!mosquitto_loop(mosq, -1, 1)){ } mosquitto_destroy(mosq); mosquitto_lib_cleanup(); diff --git a/mosquitto.conf b/mosquitto.conf index 2d630f66..c50011d4 100644 --- a/mosquitto.conf +++ b/mosquitto.conf @@ -727,13 +727,6 @@ # remains valid for the time being. #remote_password -# Set the username to use on the local broker. -#local_username - -# Set the password to use on the local broker. -# This option is only used if local_username is also set. -#local_password - # ----------------------------------------------------------------- # Certificate based SSL/TLS support # ----------------------------------------------------------------- diff --git a/readme.txt b/readme.txt index 2412dddd..143ddecc 100644 --- a/readme.txt +++ b/readme.txt @@ -1,8 +1,8 @@ Mosquitto ========= -Mosquitto is an open source implementation of a server for version 3.1 of the -MQTT protocol. +Mosquitto is an open source implementation of a server for version 3.1 and +3.1.1 of the MQTT protocol. See the following links for more information on MQTT: diff --git a/src/bridge.c b/src/bridge.c index 2ec9f75c..55a3ad52 100644 --- a/src/bridge.c +++ b/src/bridge.c @@ -152,13 +152,6 @@ int mqtt3_bridge_connect(struct mosquitto_db *db, struct mosquitto *context) mqtt3_db_messages_delete(context); } - rc = mosquitto_unpwd_check(db, context->bridge->local_username, context->bridge->local_password); - if(rc == MOSQ_ERR_AUTH){ - _mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Bridge %s failed authentication on local broker.", context->id); - return rc; - } - rc = 0; - /* Delete all local subscriptions even for clean_session==false. We don't * remove any messages and the next loop carries out the resubscription * anyway. This means any unwanted subs will be removed. diff --git a/src/persist.c b/src/persist.c index c028a6b5..c4430955 100644 --- a/src/persist.c +++ b/src/persist.c @@ -387,6 +387,11 @@ int mqtt3_db_backup(struct mosquitto_db *db, bool cleanup, bool shutdown) fclose(db_fptr); +#ifdef WIN32 + if(remove(db->config->persistence_filepath) != 0){ + goto error; + } +#endif if(rename(outfile, db->config->persistence_filepath) != 0){ goto error; } diff --git a/src/read_handle_server.c b/src/read_handle_server.c index 58744462..b38215ba 100644 --- a/src/read_handle_server.c +++ b/src/read_handle_server.c @@ -363,12 +363,20 @@ int mqtt3_handle_connect(struct mosquitto_db *db, struct mosquitto *context) #endif /* WITH_TLS */ if(username_flag){ rc = mosquitto_unpwd_check(db, username, password); - if(rc == MOSQ_ERR_AUTH){ - _mosquitto_send_connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD); - rc = MOSQ_ERR_SUCCESS; - goto handle_connect_error; - }else if(rc == MOSQ_ERR_INVAL){ - goto handle_connect_error; + switch(rc){ + case MOSQ_ERR_SUCCESS: + break; + case MOSQ_ERR_AUTH: + _mosquitto_send_connack(context, CONNACK_REFUSED_BAD_USERNAME_PASSWORD); + mqtt3_context_disconnect(db, context); + rc = MOSQ_ERR_SUCCESS; + goto handle_connect_error; + break; + default: + mqtt3_context_disconnect(db, context); + rc = MOSQ_ERR_SUCCESS; + goto handle_connect_error; + break; } context->username = username; context->password = password; @@ -728,12 +736,33 @@ int mqtt3_handle_subscribe(struct mosquitto_db *db, struct mosquitto *context) } _mosquitto_log_printf(NULL, MOSQ_LOG_DEBUG, "\t%s (QoS %d)", sub, qos); +#if 0 + /* FIXME + * This section has been disabled temporarily. mosquitto_acl_check + * calls mosquitto_topic_matches_sub, which can't cope with + * checking subscriptions that have wildcards against ACLs that + * have wildcards. Bug #1374291 is related. + * + * It's a very difficult problem when an ACL looks like foo/+/bar + * and a subscription request to foo/# is made. + * + * This should be changed to using MOSQ_ACL_SUBSCRIPTION in the + * future anyway. + */ if(context->protocol == mosq_p_mqtt311){ rc = mosquitto_acl_check(db, context, sub, MOSQ_ACL_READ); - if(rc == MOSQ_ERR_ACL_DENIED){ - qos = 0x80; + switch(rc){ + case MOSQ_ERR_SUCCESS: + break; + case MOSQ_ERR_ACL_DENIED: + qos = 0x80; + break; + default: + _mosquitto_free(sub); + return rc; } } +#endif if(qos != 0x80){ rc2 = mqtt3_sub_add(db, context, sub, qos, &db->subs); diff --git a/src/security.c b/src/security.c index e4ee6b8a..bd9476d1 100644 --- a/src/security.c +++ b/src/security.c @@ -200,15 +200,7 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons if(!db->auth_plugin.lib){ return mosquitto_acl_check_default(db, context, topic, access); }else{ -#ifdef WITH_BRIDGE - if(context->bridge){ - return db->auth_plugin.acl_check(db->auth_plugin.user_data, context->id, context->bridge->local_username, topic, access); - }else{ -#endif - return db->auth_plugin.acl_check(db->auth_plugin.user_data, context->id, context->username, topic, access); -#ifdef WITH_BRIDGE - } -#endif + return db->auth_plugin.acl_check(db->auth_plugin.user_data, context->id, context->username, topic, access); } } diff --git a/src/security_default.c b/src/security_default.c index ff79555f..a99df8ac 100644 --- a/src/security_default.c +++ b/src/security_default.c @@ -628,7 +628,7 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, const char *username, if(!db) return MOSQ_ERR_INVAL; if(!db->unpwd) return MOSQ_ERR_SUCCESS; - if(!username) return MOSQ_ERR_INVAL; + if(!username) return MOSQ_ERR_INVAL; /* Check must be made only after checking db->unpwd. */ HASH_ITER(hh, db->unpwd, u, tmp){ if(!strcmp(u->username, username)){ diff --git a/src/subs.c b/src/subs.c index cabaacb6..188e80eb 100644 --- a/src/subs.c +++ b/src/subs.c @@ -135,7 +135,7 @@ static int _subs_process(struct mosquitto_db *db, struct _mosquitto_subhier *hie } if(mqtt3_db_message_insert(db, leaf->context, mid, mosq_md_out, msg_qos, client_retain, stored) == 1) rc = 1; }else{ - rc = 1; + return 1; /* Application error */ } leaf = leaf->next; } diff --git a/test/broker/08-ssl-connect-identity.conf b/test/broker/08-ssl-connect-identity.conf index 37a59e38..763174f4 100644 --- a/test/broker/08-ssl-connect-identity.conf +++ b/test/broker/08-ssl-connect-identity.conf @@ -6,4 +6,5 @@ certfile ../ssl/server.crt keyfile ../ssl/server.key use_identity_as_username true +require_certificate true