Fix accessor functions for username and client id when used in plugin auth check.

ChangeLog.txt

@@ -24,6 +24,8 @@ Broker:
 - Fix UNSUBACK messages not being logged. Closes #903.
 - Fix possible endian issue when reading the `memory_limit` option.
 - Fix building for libwebsockets < 1.6.
+- Fix accessor functions for username and client id when used in plugin auth
+  check.
 
 Library:
 - Fix some places where return codes were incorrect, including to the

src/handle_connect.c

@@ -497,7 +497,13 @@ int handle__connect(struct mosquitto_db *db, struct mosquitto *context)
 	}else{
 #endif /* WITH_TLS */
 		if(username_flag){
+			/* FIXME - these ensure the mosquitto_client_id() and
+			 * mosquitto_client_username() functions work, but is hacky */
+			context->id = client_id;
+			context->username = username;
 			rc = mosquitto_unpwd_check(db, context, username, password);
+			context->username = NULL;
+			context->id = NULL;
 			switch(rc){
 				case MOSQ_ERR_SUCCESS:
 					break;

test/broker/Makefile

@@ -5,11 +5,11 @@ include ../../config.mk
 
 all :
 
-clean : 
+clean :
 	-rm -f *.vglog
 	$(MAKE) -C c clean
 
-test-compile : 
+test-compile :
 	$(MAKE) -C c
 
 ptest : test-compile
@@ -72,7 +72,7 @@ endif
 	./04-retain-upgrade-outgoing-qos.py
 
 05 :
-	./05-clean-session-qos1.py 
+	./05-clean-session-qos1.py
 
 06 :
 	./06-bridge-reconnect-local-out.py
@@ -120,6 +120,7 @@ endif
 	./09-plugin-auth-defer-unpwd-success.py
 	./09-plugin-auth-defer-unpwd-fail.py
 	./09-plugin-auth-msg-params.py
+	./09-plugin-auth-context-params.py
 
 10 :
 	./10-listener-mount-point.py

test/broker/c/Makefile

@@ -2,24 +2,27 @@
 
 CFLAGS=-I../../../lib -I../../../src -Wall -Werror
 
-all : auth_plugin.so auth_plugin_pwd.so auth_plugin_acl.so auth_plugin_v2.so auth_plugin_msg_params.so 08
+all : auth_plugin.so auth_plugin_pwd.so auth_plugin_acl.so auth_plugin_v2.so auth_plugin_msg_params.so auth_plugin_context_params.so 08
 
 08 : 08-tls-psk-pub.test 08-tls-psk-bridge.test
 
 auth_plugin.so : auth_plugin.c
-	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_pwd.so : auth_plugin_pwd.c
-	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_acl.so : auth_plugin_acl.c
-	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_v2.so : auth_plugin_v2.c
-	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@
+
+auth_plugin_context_params.so : auth_plugin_context_params.c
+	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 auth_plugin_msg_params.so : auth_plugin_msg_params.c
-	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@ 
+	$(CC) ${CFLAGS} -fPIC -shared $^ -o $@
 
 08-tls-psk-pub.test : 08-tls-psk-pub.c
 	$(CC) ${CFLAGS} $^ -o $@ ../../../lib/libmosquitto.so.1

test/broker/c/auth_plugin_context_params.c

@@ -0,0 +1,91 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <mosquitto.h>
+#include <mosquitto_broker.h>
+#include <mosquitto_plugin.h>
+
+int mosquitto_auth_plugin_version(void)
+{
+	return MOSQ_AUTH_PLUGIN_VERSION;
+}
+
+int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_opt *auth_opts, int auth_opt_count)
+{
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count)
+{
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_security_init(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload)
+{
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_opt *auth_opts, int auth_opt_count, bool reload)
+{
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, const struct mosquitto_acl_msg *msg)
+{
+	return MOSQ_ERR_PLUGIN_DEFER;
+}
+
+int mosquitto_auth_unpwd_check(void *user_data, const struct mosquitto *client, const char *username, const char *password)
+{
+	const char *tmp;
+
+	tmp = mosquitto_client_address(client);
+	if(!tmp || strcmp(tmp, "127.0.0.1")){
+		return MOSQ_ERR_AUTH;
+	}
+
+	if(!mosquitto_client_clean_session(client)){
+		fprintf(stderr, "mosquitto_auth_unpwd_check clean_session error: %d\n", mosquitto_client_clean_session(client));
+		return MOSQ_ERR_AUTH;
+	}
+
+	tmp = mosquitto_client_id(client);
+	if(!tmp || strcmp(tmp, "client-params-test")){
+		fprintf(stderr, "mosquitto_auth_unpwd_check client_id error: %s\n", tmp);
+		return MOSQ_ERR_AUTH;
+	}
+
+	if(mosquitto_client_keepalive(client) != 42){
+		fprintf(stderr, "mosquitto_auth_unpwd_check keepalive error: %d\n", mosquitto_client_keepalive(client));
+		return MOSQ_ERR_AUTH;
+	}
+
+	if(!mosquitto_client_certificate(client)){
+		// FIXME
+		//return MOSQ_ERR_AUTH;
+	}
+
+	if(mosquitto_client_protocol(client) != 2){
+		fprintf(stderr, "mosquitto_auth_unpwd_check protocol error: %d\n", mosquitto_client_protocol(client));
+		return MOSQ_ERR_AUTH;
+	}
+
+	if(mosquitto_client_sub_count(client)){
+		fprintf(stderr, "mosquitto_auth_unpwd_check sub_count error: %d\n", mosquitto_client_sub_count(client));
+		return MOSQ_ERR_AUTH;
+	}
+
+	tmp = mosquitto_client_username(client);
+	if(!tmp || strcmp(tmp, "client-username")){
+		fprintf(stderr, "mosquitto_auth_unpwd_check username error: %s\n", tmp);
+		return MOSQ_ERR_AUTH;
+	}
+
+	return MOSQ_ERR_SUCCESS;
+}
+
+int mosquitto_auth_psk_key_get(void *user_data, const struct mosquitto *client, const char *hint, const char *identity, char *key, int max_key_len)
+{
+	return MOSQ_ERR_AUTH;
+}
+

test/broker/ptest.py

@@ -7,95 +7,96 @@ import sys
 max_running = 10
 tests = [
     #(ports required, 'path'),
-	(1, './01-connect-success.py'),
+    (1, './01-connect-success.py'),
-	(1, './01-connect-invalid-protonum.py'),
+    (1, './01-connect-invalid-protonum.py'),
-	(1, './01-connect-invalid-id-0.py'),
+    (1, './01-connect-invalid-id-0.py'),
-	(1, './01-connect-invalid-id-0-311.py'),
+    (1, './01-connect-invalid-id-0-311.py'),
-	(1, './01-connect-invalid-id-missing.py'),
+    (1, './01-connect-invalid-id-missing.py'),
-	(1, './01-connect-invalid-reserved.py'),
+    (1, './01-connect-invalid-reserved.py'),
-	(1, './01-connect-invalid-id-utf8.py'),
+    (1, './01-connect-invalid-id-utf8.py'),
-	(1, './01-connect-anon-denied.py'),
+    (1, './01-connect-anon-denied.py'),
-	(1, './01-connect-uname-no-password-denied.py'),
+    (1, './01-connect-uname-no-password-denied.py'),
-	(1, './01-connect-uname-password-denied.py'),
+    (1, './01-connect-uname-password-denied.py'),
-	(1, './01-connect-uname-password-success.py'),
+    (1, './01-connect-uname-password-success.py'),
-	(1, './01-connect-uname-no-flag.py'),
+    (1, './01-connect-uname-no-flag.py'),
-	(1, './01-connect-uname-pwd-no-flag.py'),
+    (1, './01-connect-uname-pwd-no-flag.py'),
-	(1, './01-connect-uname-invalid-utf8.py'),
+    (1, './01-connect-uname-invalid-utf8.py'),
-
+
-	(1, './02-subscribe-qos0.py'),
+    (1, './02-subscribe-qos0.py'),
-	(1, './02-subscribe-qos1.py'),
+    (1, './02-subscribe-qos1.py'),
-	(1, './02-subscribe-qos2.py'),
+    (1, './02-subscribe-qos2.py'),
-	(1, './02-subpub-qos0.py'),
+    (1, './02-subpub-qos0.py'),
-	(1, './02-subpub-qos1.py'),
+    (1, './02-subpub-qos1.py'),
-	(1, './02-subpub-qos2.py'),
+    (1, './02-subpub-qos2.py'),
-	(1, './02-unsubscribe-qos0.py'),
+    (1, './02-unsubscribe-qos0.py'),
-	(1, './02-unsubscribe-qos1.py'),
+    (1, './02-unsubscribe-qos1.py'),
-	(1, './02-unsubscribe-qos2.py'),
+    (1, './02-unsubscribe-qos2.py'),
-	(1, './02-unsubscribe-invalid-no-topic.py'),
+    (1, './02-unsubscribe-invalid-no-topic.py'),
-	(1, './02-subscribe-invalid-utf8.py'),
+    (1, './02-subscribe-invalid-utf8.py'),
     (1, './02-subscribe-persistence-flipflop.py'),
     (1, './02-subhier-crash.py'),
 
-	(1, './03-publish-qos1.py'),
+    (1, './03-publish-qos1.py'),
-	(1, './03-publish-qos2.py'),
+    (1, './03-publish-qos2.py'),
-	(1, './03-publish-b2c-disconnect-qos1.py'),
+    (1, './03-publish-b2c-disconnect-qos1.py'),
-	(1, './03-publish-c2b-disconnect-qos2.py'),
+    (1, './03-publish-c2b-disconnect-qos2.py'),
-	(1, './03-publish-b2c-disconnect-qos2.py'),
+    (1, './03-publish-b2c-disconnect-qos2.py'),
-	(1, './03-pattern-matching.py'),
+    (1, './03-pattern-matching.py'),
-	#(1, './03-publish-qos1-queued-bytes.py'),
+    #(1, './03-publish-qos1-queued-bytes.py'),
-	(1, './03-publish-invalid-utf8.py'),
+    (1, './03-publish-invalid-utf8.py'),
-
+
-	(1, './04-retain-qos0.py'),
+    (1, './04-retain-qos0.py'),
-	(1, './04-retain-qos0-fresh.py'),
+    (1, './04-retain-qos0-fresh.py'),
-	(1, './04-retain-qos0-repeated.py'),
+    (1, './04-retain-qos0-repeated.py'),
-	(1, './04-retain-qos1-qos0.py'),
+    (1, './04-retain-qos1-qos0.py'),
-	(1, './04-retain-qos0-clear.py'),
+    (1, './04-retain-qos0-clear.py'),
-	(1, './04-retain-upgrade-outgoing-qos.py'),
+    (1, './04-retain-upgrade-outgoing-qos.py'),
-
+
-	(1, './05-clean-session-qos1.py'),
+    (1, './05-clean-session-qos1.py'),
-
+
-	(2, './06-bridge-reconnect-local-out.py'),
+    (2, './06-bridge-reconnect-local-out.py'),
-	(2, './06-bridge-br2b-disconnect-qos1.py'),
+    (2, './06-bridge-br2b-disconnect-qos1.py'),
-	(2, './06-bridge-br2b-disconnect-qos2.py'),
+    (2, './06-bridge-br2b-disconnect-qos2.py'),
-	(2, './06-bridge-b2br-disconnect-qos1.py'),
+    (2, './06-bridge-b2br-disconnect-qos1.py'),
-	(2, './06-bridge-b2br-disconnect-qos2.py'),
+    (2, './06-bridge-b2br-disconnect-qos2.py'),
-	(2, './06-bridge-fail-persist-resend-qos1.py'),
+    (2, './06-bridge-fail-persist-resend-qos1.py'),
-	(2, './06-bridge-fail-persist-resend-qos2.py'),
+    (2, './06-bridge-fail-persist-resend-qos2.py'),
-	(2, './06-bridge-b2br-remapping.py'),
+    (2, './06-bridge-b2br-remapping.py'),
-	(2, './06-bridge-br2b-remapping.py'),
+    (2, './06-bridge-br2b-remapping.py'),
-	(3, './06-bridge-per-listener-settings.py'),
+    (3, './06-bridge-per-listener-settings.py'),
-
+
-	(1, './07-will-qos0.py'),
+    (1, './07-will-qos0.py'),
-	(1, './07-will-null.py'),
+    (1, './07-will-null.py'),
-	(1, './07-will-null-topic.py'),
+    (1, './07-will-null-topic.py'),
-	(1, './07-will-invalid-utf8.py'),
+    (1, './07-will-invalid-utf8.py'),
-	(1, './07-will-no-flag.py'),
+    (1, './07-will-no-flag.py'),
-
+
-	(2, './08-ssl-connect-no-auth.py'),
+    (2, './08-ssl-connect-no-auth.py'),
-	(2, './08-ssl-connect-no-auth-wrong-ca.py'),
+    (2, './08-ssl-connect-no-auth-wrong-ca.py'),
-	(2, './08-ssl-connect-cert-auth.py'),
+    (2, './08-ssl-connect-cert-auth.py'),
-	(2, './08-ssl-connect-cert-auth-without.py'),
+    (2, './08-ssl-connect-cert-auth-without.py'),
-	(2, './08-ssl-connect-cert-auth-expired.py'),
+    (2, './08-ssl-connect-cert-auth-expired.py'),
-	(2, './08-ssl-connect-cert-auth-revoked.py'),
+    (2, './08-ssl-connect-cert-auth-revoked.py'),
-	(2, './08-ssl-connect-cert-auth-crl.py'),
+    (2, './08-ssl-connect-cert-auth-crl.py'),
-	(2, './08-ssl-connect-identity.py'),
+    (2, './08-ssl-connect-identity.py'),
-	(2, './08-ssl-connect-no-identity.py'),
+    (2, './08-ssl-connect-no-identity.py'),
-	(2, './08-ssl-bridge.py'),
+    (2, './08-ssl-bridge.py'),
-	(2, './08-tls-psk-pub.py'),
+    (2, './08-tls-psk-pub.py'),
-	(3, './08-tls-psk-bridge.py'),
+    (3, './08-tls-psk-bridge.py'),
-
+
-	(1, './09-plugin-auth-unpwd-success.py'),
+    (1, './09-plugin-auth-unpwd-success.py'),
-	(1, './09-plugin-auth-unpwd-fail.py'),
+    (1, './09-plugin-auth-unpwd-fail.py'),
-	(1, './09-plugin-auth-acl-sub.py'),
+    (1, './09-plugin-auth-acl-sub.py'),
-	(1, './09-plugin-auth-v2-unpwd-success.py'),
+    (1, './09-plugin-auth-v2-unpwd-success.py'),
-	(1, './09-plugin-auth-v2-unpwd-fail.py'),
+    (1, './09-plugin-auth-v2-unpwd-fail.py'),
-	(1, './09-plugin-auth-defer-unpwd-success.py'),
+    (1, './09-plugin-auth-defer-unpwd-success.py'),
-	(1, './09-plugin-auth-defer-unpwd-fail.py'),
+    (1, './09-plugin-auth-defer-unpwd-fail.py'),
     (1, './09-plugin-auth-msg-params.py'),
+    (1, './09-plugin-auth-context-params.py'),
 
-	(2, './10-listener-mount-point.py'),
+    (2, './10-listener-mount-point.py'),
 
-	(1, './11-persistent-subscription.py'),
+    (1, './11-persistent-subscription.py'),
     ]
 
 minport = 1888