diff --git a/apps/mosquitto_ctrl/dynsec.c b/apps/mosquitto_ctrl/dynsec.c index 56beddc4..adc2a189 100644 --- a/apps/mosquitto_ctrl/dynsec.c +++ b/apps/mosquitto_ctrl/dynsec.c @@ -66,7 +66,7 @@ void dynsec__print_usage(void) printf("Get role information: getRole \n"); printf("List all roles: listRoles [count [offset]]\n"); printf("\naclspec: allow|deny\n"); - printf("acltype: publishClientToBroker|publishBrokerToClient\n"); + printf("acltype: publishClientSend|publishClientReceive\n"); printf(" |subscribeLiteral|subscribePattern\n"); printf(" |unsubscribeLiteral|unsubscribePattern\n"); } @@ -165,8 +165,8 @@ static int dynsec__default_acl_access(int argc, char *argv[], cJSON *j_command) return MOSQ_ERR_INVAL; } - if(strcasecmp(acltype, "publishClientToBroker") - && strcasecmp(acltype, "publishBrokerToClient") + if(strcasecmp(acltype, "publishClientSend") + && strcasecmp(acltype, "publishClientReceive") && strcasecmp(acltype, "subscribe") && strcasecmp(acltype, "unsubscribe")){ @@ -244,8 +244,8 @@ static cJSON *init_add_role(const char *rolename) return NULL; } cJSON_AddItemToObject(j_role, "acls", j_acls); - if(init_add_acl_to_role(j_acls, "publishClientToBroker", "$CONTROL/dynamic-security/#") == NULL - || init_add_acl_to_role(j_acls, "publishBrokerToClient", "$CONTROL/dynamic-security/#") == NULL + if(init_add_acl_to_role(j_acls, "publishClientSend", "$CONTROL/dynamic-security/#") == NULL + || init_add_acl_to_role(j_acls, "publishClientReceive", "$CONTROL/dynamic-security/#") == NULL || init_add_acl_to_role(j_acls, "subscribePattern", "$CONTROL/dynamic-security/#") == NULL || init_add_acl_to_role(j_acls, "unsubscribePattern", "#") == NULL ){ @@ -342,8 +342,8 @@ static cJSON *init_create(const char *username, const char *password, const char * * Client con not subscribe to topics by default. * * Client *CAN* unsubscribe from topics by default. */ - if(cJSON_AddBoolToObject(j_default_access, "publishClientToBroker", false) == NULL - || cJSON_AddBoolToObject(j_default_access, "publishBrokerToClient", true) == NULL + if(cJSON_AddBoolToObject(j_default_access, "publishClientSend", false) == NULL + || cJSON_AddBoolToObject(j_default_access, "publishClientReceive", true) == NULL || cJSON_AddBoolToObject(j_default_access, "subscribe", false) == NULL || cJSON_AddBoolToObject(j_default_access, "unsubscribe", true) == NULL ){ diff --git a/apps/mosquitto_ctrl/dynsec_role.c b/apps/mosquitto_ctrl/dynsec_role.c index 3b522381..2871f052 100644 --- a/apps/mosquitto_ctrl/dynsec_role.c +++ b/apps/mosquitto_ctrl/dynsec_role.c @@ -129,8 +129,8 @@ int dynsec_role__add_acl(int argc, char *argv[], cJSON *j_command) return MOSQ_ERR_INVAL; } - if(strcasecmp(acltype, "publishClientToBroker") - && strcasecmp(acltype, "publishBrokerToClient") + if(strcasecmp(acltype, "publishClientSend") + && strcasecmp(acltype, "publishClientReceive") && strcasecmp(acltype, "subscribe") && strcasecmp(acltype, "unsubscribe")){ @@ -170,8 +170,8 @@ int dynsec_role__remove_acl(int argc, char *argv[], cJSON *j_command) return MOSQ_ERR_INVAL; } - if(strcasecmp(acltype, "publishClientToBroker") - && strcasecmp(acltype, "publishBrokerToClient") + if(strcasecmp(acltype, "publishClientSend") + && strcasecmp(acltype, "publishClientReceive") && strcasecmp(acltype, "subscribe") && strcasecmp(acltype, "unsubscribe")){ diff --git a/plugins/dynamic-security/README.md b/plugins/dynamic-security/README.md index 3e2af8bb..d2054f85 100644 --- a/plugins/dynamic-security/README.md +++ b/plugins/dynamic-security/README.md @@ -36,8 +36,8 @@ Command: { "command": "setDefaultACLAccess", "acls":[ - { "acltype": "publishClientToBroker", "allow": false }, - { "acltype": "publishBrokerToClient", "allow": false }, + { "acltype": "publishClientSend", "allow": false }, + { "acltype": "publishClientReceive", "allow": false }, { "acltype": "subscribe", "allow": false }, { "acltype": "unsubscribe", "allow": false } ] diff --git a/plugins/dynamic-security/acl.c b/plugins/dynamic-security/acl.c index 415f7e56..0b5fd5fe 100644 --- a/plugins/dynamic-security/acl.c +++ b/plugins/dynamic-security/acl.c @@ -31,14 +31,14 @@ typedef int (*MOSQ_FUNC_acl_check)(struct mosquitto_evt_acl_check *, struct dyns * # * ################################################################ */ -static int acl_check_publish_b2c(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist) +static int acl_check_publish_c_recv(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist) { struct dynsec__rolelist *rolelist, *rolelist_tmp; struct dynsec__acl *acl, *acl_tmp; bool result; HASH_ITER(hh, base_rolelist, rolelist, rolelist_tmp){ - HASH_ITER(hh, rolelist->role->acls.publish_b2c, acl, acl_tmp){ + HASH_ITER(hh, rolelist->role->acls.publish_c_recv, acl, acl_tmp){ mosquitto_topic_matches_sub(acl->topic, ed->topic, &result); if(result){ if(acl->allow){ @@ -59,14 +59,14 @@ static int acl_check_publish_b2c(struct mosquitto_evt_acl_check *ed, struct dyns * # * ################################################################ */ -static int acl_check_publish_c2b(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist) +static int acl_check_publish_c_send(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist) { struct dynsec__rolelist *rolelist, *rolelist_tmp; struct dynsec__acl *acl, *acl_tmp; bool result; HASH_ITER(hh, base_rolelist, rolelist, rolelist_tmp){ - HASH_ITER(hh, rolelist->role->acls.publish_c2b, acl, acl_tmp){ + HASH_ITER(hh, rolelist->role->acls.publish_c_send, acl, acl_tmp){ mosquitto_topic_matches_sub(acl->topic, ed->topic, &result); if(result){ if(acl->allow){ @@ -236,10 +236,10 @@ int dynsec__acl_check_callback(int event, void *event_data, void *userdata) return acl_check(event_data, acl_check_unsubscribe, default_access.unsubscribe); break; case MOSQ_ACL_WRITE: /* Client to broker */ - return acl_check(event_data, acl_check_publish_c2b, default_access.publish_c2b); + return acl_check(event_data, acl_check_publish_c_send, default_access.publish_c_send); break; case MOSQ_ACL_READ: - return acl_check(event_data, acl_check_publish_b2c, default_access.publish_b2c); + return acl_check(event_data, acl_check_publish_c_recv, default_access.publish_c_recv); break; default: return MOSQ_ERR_PLUGIN_DEFER; diff --git a/plugins/dynamic-security/dynamic_security.h b/plugins/dynamic-security/dynamic_security.h index a4ad780b..9f124d4c 100644 --- a/plugins/dynamic-security/dynamic_security.h +++ b/plugins/dynamic-security/dynamic_security.h @@ -21,6 +21,21 @@ Contributors: #include "mosquitto.h" #include "password_mosq.h" +/* ################################################################ + * # + * # ACL types + * # + * ################################################################ */ + +#define ACL_TYPE_PUB_C_RECV "publishClientReceive" +#define ACL_TYPE_PUB_C_SEND "publishClientSend" +#define ACL_TYPE_SUB_GENERIC "subscribe" +#define ACL_TYPE_SUB_LITERAL "subscribeLiteral" +#define ACL_TYPE_SUB_PATTERN "subscribePattern" +#define ACL_TYPE_UNSUB_GENERIC "unsubscribe" +#define ACL_TYPE_UNSUB_LITERAL "unsubscribeLiteral" +#define ACL_TYPE_UNSUB_PATTERN "unsubscribePattern" + /* ################################################################ * # * # Error codes @@ -87,8 +102,8 @@ struct dynsec__acl{ }; struct dynsec__acls{ - struct dynsec__acl *publish_c2b; - struct dynsec__acl *publish_b2c; + struct dynsec__acl *publish_c_send; + struct dynsec__acl *publish_c_recv; struct dynsec__acl *subscribe_literal; struct dynsec__acl *subscribe_pattern; struct dynsec__acl *unsubscribe_literal; @@ -104,8 +119,8 @@ struct dynsec__role{ }; struct dynsec__acl_default_access{ - bool publish_c2b; - bool publish_b2c; + bool publish_c_send; + bool publish_c_recv; bool subscribe; bool unsubscribe; }; diff --git a/plugins/dynamic-security/plugin.c b/plugins/dynamic-security/plugin.c index 8ca5506e..9b0aecec 100644 --- a/plugins/dynamic-security/plugin.c +++ b/plugins/dynamic-security/plugin.c @@ -128,13 +128,13 @@ int dynsec__process_default_acl_access(cJSON *j_responses, struct mosquitto *con allow = cJSON_IsTrue(j_allow); - if(!strcasecmp(j_acltype->valuestring, "publishClientToBroker")){ - default_access.publish_c2b = allow; - }else if(!strcasecmp(j_acltype->valuestring, "publishBrokerToClient")){ - default_access.publish_b2c = allow; - }else if(!strcasecmp(j_acltype->valuestring, "subscribe")){ + if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_SEND)){ + default_access.publish_c_send = allow; + }else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_RECV)){ + default_access.publish_c_recv = allow; + }else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_SUB_GENERIC)){ default_access.subscribe = allow; - }else if(!strcasecmp(j_acltype->valuestring, "unsubscribe")){ + }else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_UNSUB_GENERIC)){ default_access.unsubscribe = allow; } } @@ -164,28 +164,28 @@ static int dynsec__general_config_load(cJSON *tree) j_default_access = cJSON_GetObjectItem(tree, "defaultACLAccess"); if(j_default_access && cJSON_IsObject(j_default_access)){ - jtmp = cJSON_GetObjectItem(j_default_access, "publishClientToBroker"); + jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_PUB_C_SEND); if(jtmp && cJSON_IsBool(jtmp)){ - default_access.publish_c2b = cJSON_IsTrue(jtmp); + default_access.publish_c_send = cJSON_IsTrue(jtmp); }else{ - default_access.publish_c2b = false; + default_access.publish_c_send = false; } - jtmp = cJSON_GetObjectItem(j_default_access, "publishBrokerToClient"); + jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_PUB_C_RECV); if(jtmp && cJSON_IsBool(jtmp)){ - default_access.publish_b2c = cJSON_IsTrue(jtmp); + default_access.publish_c_recv = cJSON_IsTrue(jtmp); }else{ - default_access.publish_b2c = false; + default_access.publish_c_recv = false; } - jtmp = cJSON_GetObjectItem(j_default_access, "subscribe"); + jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_SUB_GENERIC); if(jtmp && cJSON_IsBool(jtmp)){ default_access.subscribe = cJSON_IsTrue(jtmp); }else{ default_access.subscribe = false; } - jtmp = cJSON_GetObjectItem(j_default_access, "unsubscribe"); + jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_UNSUB_GENERIC); if(jtmp && cJSON_IsBool(jtmp)){ default_access.unsubscribe = cJSON_IsTrue(jtmp); }else{ @@ -205,10 +205,10 @@ static int dynsec__general_config_save(cJSON *tree) } cJSON_AddItemToObject(tree, "defaultACLAccess", j_default_access); - if(cJSON_AddBoolToObject(j_default_access, "publishClientToBroker", default_access.publish_c2b) == NULL - || cJSON_AddBoolToObject(j_default_access, "publishBrokerToClient", default_access.publish_b2c) == NULL - || cJSON_AddBoolToObject(j_default_access, "subscribe", default_access.subscribe) == NULL - || cJSON_AddBoolToObject(j_default_access, "unsubscribe", default_access.unsubscribe) == NULL + if(cJSON_AddBoolToObject(j_default_access, ACL_TYPE_PUB_C_SEND, default_access.publish_c_send) == NULL + || cJSON_AddBoolToObject(j_default_access, ACL_TYPE_PUB_C_RECV, default_access.publish_c_recv) == NULL + || cJSON_AddBoolToObject(j_default_access, ACL_TYPE_SUB_GENERIC, default_access.subscribe) == NULL + || cJSON_AddBoolToObject(j_default_access, ACL_TYPE_UNSUB_GENERIC, default_access.unsubscribe) == NULL ){ return 1; diff --git a/plugins/dynamic-security/roles.c b/plugins/dynamic-security/roles.c index cad76621..7c276502 100644 --- a/plugins/dynamic-security/roles.c +++ b/plugins/dynamic-security/roles.c @@ -202,8 +202,8 @@ static void role__free_item(struct dynsec__role *role, bool remove_from_hash) mosquitto_free(role->text_name); mosquitto_free(role->text_description); mosquitto_free(role->rolename); - role__free_all_acls(&role->acls.publish_c2b); - role__free_all_acls(&role->acls.publish_b2c); + role__free_all_acls(&role->acls.publish_c_send); + role__free_all_acls(&role->acls.publish_c_recv); role__free_all_acls(&role->acls.subscribe_literal); role__free_all_acls(&role->acls.subscribe_pattern); role__free_all_acls(&role->acls.unsubscribe_literal); @@ -273,12 +273,12 @@ static int add_acls_to_json(cJSON *j_role, struct dynsec__role *role) return 1; } - if(add_single_acl_to_json(j_acls, "publishClientToBroker", role->acls.publish_c2b) != MOSQ_ERR_SUCCESS - || add_single_acl_to_json(j_acls, "publishBrokerToClient", role->acls.publish_b2c) != MOSQ_ERR_SUCCESS - || add_single_acl_to_json(j_acls, "subscribeLiteral", role->acls.subscribe_literal) != MOSQ_ERR_SUCCESS - || add_single_acl_to_json(j_acls, "subscribePattern", role->acls.subscribe_pattern) != MOSQ_ERR_SUCCESS - || add_single_acl_to_json(j_acls, "unsubscribeLiteral", role->acls.unsubscribe_literal) != MOSQ_ERR_SUCCESS - || add_single_acl_to_json(j_acls, "unsubscribePattern", role->acls.unsubscribe_pattern) != MOSQ_ERR_SUCCESS + if(add_single_acl_to_json(j_acls, ACL_TYPE_PUB_C_SEND, role->acls.publish_c_send) != MOSQ_ERR_SUCCESS + || add_single_acl_to_json(j_acls, ACL_TYPE_PUB_C_RECV, role->acls.publish_c_recv) != MOSQ_ERR_SUCCESS + || add_single_acl_to_json(j_acls, ACL_TYPE_SUB_LITERAL, role->acls.subscribe_literal) != MOSQ_ERR_SUCCESS + || add_single_acl_to_json(j_acls, ACL_TYPE_SUB_PATTERN, role->acls.subscribe_pattern) != MOSQ_ERR_SUCCESS + || add_single_acl_to_json(j_acls, ACL_TYPE_UNSUB_LITERAL, role->acls.unsubscribe_literal) != MOSQ_ERR_SUCCESS + || add_single_acl_to_json(j_acls, ACL_TYPE_UNSUB_PATTERN, role->acls.unsubscribe_pattern) != MOSQ_ERR_SUCCESS ){ return 1; @@ -419,12 +419,12 @@ int dynsec_roles__config_load(cJSON *tree) /* ACLs */ j_acls = cJSON_GetObjectItem(j_role, "acls"); if(j_acls && cJSON_IsArray(j_acls)){ - if(dynsec_roles__acl_load(j_acls, "publishClientToBroker", &role->acls.publish_c2b) != 0 - || dynsec_roles__acl_load(j_acls, "publishBrokerToClient", &role->acls.publish_b2c) != 0 - || dynsec_roles__acl_load(j_acls, "subscribeLiteral", &role->acls.subscribe_literal) != 0 - || dynsec_roles__acl_load(j_acls, "subscribePattern", &role->acls.subscribe_pattern) != 0 - || dynsec_roles__acl_load(j_acls, "unsubscribeLiteral", &role->acls.unsubscribe_literal) != 0 - || dynsec_roles__acl_load(j_acls, "unsubscribePattern", &role->acls.unsubscribe_pattern) != 0 + if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &role->acls.publish_c_send) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &role->acls.publish_c_recv) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &role->acls.subscribe_literal) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &role->acls.subscribe_pattern) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &role->acls.unsubscribe_literal) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &role->acls.unsubscribe_pattern) != 0 ){ // FIXME log @@ -503,12 +503,12 @@ int dynsec_roles__process_create(cJSON *j_responses, struct mosquitto *context, /* ACLs */ j_acls = cJSON_GetObjectItem(command, "acls"); if(j_acls && cJSON_IsArray(j_acls)){ - if(dynsec_roles__acl_load(j_acls, "publishClientToBroker", &role->acls.publish_c2b) != 0 - || dynsec_roles__acl_load(j_acls, "publishBrokerToClient", &role->acls.publish_b2c) != 0 - || dynsec_roles__acl_load(j_acls, "subscribeLiteral", &role->acls.subscribe_literal) != 0 - || dynsec_roles__acl_load(j_acls, "subscribePattern", &role->acls.subscribe_pattern) != 0 - || dynsec_roles__acl_load(j_acls, "unsubscribeLiteral", &role->acls.unsubscribe_literal) != 0 - || dynsec_roles__acl_load(j_acls, "unsubscribePattern", &role->acls.unsubscribe_pattern) != 0 + if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &role->acls.publish_c_send) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &role->acls.publish_c_recv) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &role->acls.subscribe_literal) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &role->acls.subscribe_pattern) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &role->acls.unsubscribe_literal) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &role->acls.unsubscribe_pattern) != 0 ){ dynsec__command_reply(j_responses, context, "createRole", "Internal error", correlation_data); @@ -692,17 +692,17 @@ int dynsec_roles__process_add_acl(cJSON *j_responses, struct mosquitto *context, dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid/missing acltype", correlation_data); return MOSQ_ERR_SUCCESS; } - if(!strcasecmp(jtmp->valuestring, "publishClientToBroker")){ - acllist = &role->acls.publish_c2b; - }else if(!strcasecmp(jtmp->valuestring, "publishBrokerToClient")){ - acllist = &role->acls.publish_b2c; - }else if(!strcasecmp(jtmp->valuestring, "subscribeLiteral")){ + if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_SEND)){ + acllist = &role->acls.publish_c_send; + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_RECV)){ + acllist = &role->acls.publish_c_recv; + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_LITERAL)){ acllist = &role->acls.subscribe_literal; - }else if(!strcasecmp(jtmp->valuestring, "subscribePattern")){ + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_PATTERN)){ acllist = &role->acls.subscribe_pattern; - }else if(!strcasecmp(jtmp->valuestring, "unsubscribeLiteral")){ + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_LITERAL)){ acllist = &role->acls.unsubscribe_literal; - }else if(!strcasecmp(jtmp->valuestring, "unsubscribePattern")){ + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_PATTERN)){ acllist = &role->acls.unsubscribe_pattern; }else{ dynsec__command_reply(j_responses, context, "addRoleACL", "Unknown acltype", correlation_data); @@ -769,17 +769,17 @@ int dynsec_roles__process_remove_acl(cJSON *j_responses, struct mosquitto *conte dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid/missing acltype", correlation_data); return MOSQ_ERR_SUCCESS; } - if(!strcasecmp(jtmp->valuestring, "publishClientToBroker")){ - acllist = &role->acls.publish_c2b; - }else if(!strcasecmp(jtmp->valuestring, "publishBrokerToClient")){ - acllist = &role->acls.publish_b2c; - }else if(!strcasecmp(jtmp->valuestring, "subscribeLiteral")){ + if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_SEND)){ + acllist = &role->acls.publish_c_send; + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_RECV)){ + acllist = &role->acls.publish_c_recv; + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_LITERAL)){ acllist = &role->acls.subscribe_literal; - }else if(!strcasecmp(jtmp->valuestring, "subscribePattern")){ + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_PATTERN)){ acllist = &role->acls.subscribe_pattern; - }else if(!strcasecmp(jtmp->valuestring, "unsubscribeLiteral")){ + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_LITERAL)){ acllist = &role->acls.unsubscribe_literal; - }else if(!strcasecmp(jtmp->valuestring, "unsubscribePattern")){ + }else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_PATTERN)){ acllist = &role->acls.unsubscribe_pattern; }else{ dynsec__command_reply(j_responses, context, "removeRoleACL", "Unknown acltype", correlation_data); @@ -874,7 +874,7 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context, struct dynsec__role *role; char *str; cJSON *j_acls; - struct dynsec__acl *tmp_publish_c2b, *tmp_publish_b2c; + struct dynsec__acl *tmp_publish_c_send, *tmp_publish_c_recv; struct dynsec__acl *tmp_subscribe_literal, *tmp_subscribe_pattern; struct dynsec__acl *tmp_unsubscribe_literal, *tmp_unsubscribe_pattern; @@ -911,17 +911,17 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context, j_acls = cJSON_GetObjectItem(command, "acls"); if(j_acls && cJSON_IsArray(j_acls)){ - if(dynsec_roles__acl_load(j_acls, "publishClientToBroker", &tmp_publish_c2b) != 0 - || dynsec_roles__acl_load(j_acls, "publishBrokerToClient", &tmp_publish_b2c) != 0 - || dynsec_roles__acl_load(j_acls, "subscribeLiteral", &tmp_subscribe_literal) != 0 - || dynsec_roles__acl_load(j_acls, "subscribePattern", &tmp_subscribe_pattern) != 0 - || dynsec_roles__acl_load(j_acls, "unsubscribeLiteral", &tmp_unsubscribe_literal) != 0 - || dynsec_roles__acl_load(j_acls, "unsubscribePattern", &tmp_unsubscribe_pattern) != 0 + if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &tmp_publish_c_send) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &tmp_publish_c_recv) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &tmp_subscribe_literal) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &tmp_subscribe_pattern) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &tmp_unsubscribe_literal) != 0 + || dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &tmp_unsubscribe_pattern) != 0 ){ /* Free any that were successful */ - role__free_all_acls(&tmp_publish_c2b); - role__free_all_acls(&tmp_publish_b2c); + role__free_all_acls(&tmp_publish_c_send); + role__free_all_acls(&tmp_publish_c_recv); role__free_all_acls(&tmp_subscribe_literal); role__free_all_acls(&tmp_subscribe_pattern); role__free_all_acls(&tmp_unsubscribe_literal); @@ -931,15 +931,15 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context, return MOSQ_ERR_NOMEM; } - role__free_all_acls(&role->acls.publish_c2b); - role__free_all_acls(&role->acls.publish_b2c); + role__free_all_acls(&role->acls.publish_c_send); + role__free_all_acls(&role->acls.publish_c_recv); role__free_all_acls(&role->acls.subscribe_literal); role__free_all_acls(&role->acls.subscribe_pattern); role__free_all_acls(&role->acls.unsubscribe_literal); role__free_all_acls(&role->acls.unsubscribe_pattern); - role->acls.publish_c2b = tmp_publish_c2b; - role->acls.publish_b2c = tmp_publish_b2c; + role->acls.publish_c_send = tmp_publish_c_send; + role->acls.publish_c_recv = tmp_publish_c_recv; role->acls.subscribe_literal = tmp_subscribe_literal; role->acls.subscribe_pattern = tmp_subscribe_pattern; role->acls.unsubscribe_literal = tmp_unsubscribe_literal; diff --git a/test/broker/14-dynsec-client.py b/test/broker/14-dynsec-client.py index bbedfef4..a9c165ae 100755 --- a/test/broker/14-dynsec-client.py +++ b/test/broker/14-dynsec-client.py @@ -73,7 +73,7 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') except FileExistsError: try: os.remove(f"{port}/dynamic-security.json") diff --git a/test/broker/14-dynsec-group.py b/test/broker/14-dynsec-group.py index a6dfa641..a4350053 100755 --- a/test/broker/14-dynsec-group.py +++ b/test/broker/14-dynsec-group.py @@ -84,7 +84,7 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') except FileExistsError: try: os.remove(f"{port}/dynamic-security.json") diff --git a/test/broker/14-dynsec-modify-client.py b/test/broker/14-dynsec-modify-client.py index e0965b8b..76e0b0b8 100755 --- a/test/broker/14-dynsec-modify-client.py +++ b/test/broker/14-dynsec-modify-client.py @@ -148,7 +148,7 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') except FileExistsError: try: os.remove(f"{port}/dynamic-security.json") diff --git a/test/broker/14-dynsec-modify-group.py b/test/broker/14-dynsec-modify-group.py index baed4fd0..1370b60e 100755 --- a/test/broker/14-dynsec-modify-group.py +++ b/test/broker/14-dynsec-modify-group.py @@ -135,7 +135,7 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') except FileExistsError: try: os.remove(f"{port}/dynamic-security.json") diff --git a/test/broker/14-dynsec-modify-role.py b/test/broker/14-dynsec-modify-role.py index 25d5494c..01ceabc8 100755 --- a/test/broker/14-dynsec-modify-role.py +++ b/test/broker/14-dynsec-modify-role.py @@ -30,13 +30,13 @@ create_role_command = { "commands": [{ "textName": "Name", "textDescription": "Description", "acls":[ { - "aclType": "publishClientToBroker", + "aclType": "publishClientSend", "allow": True, "topic": "topic/#", "priority": 8 }, { - "aclType": "publishClientToBroker", + "aclType": "publishClientSend", "allow": True, "topic": "topic/2/#", "priority": 9 @@ -58,13 +58,13 @@ get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol 'textName': 'Name', 'textDescription': 'Description', 'acls': [ { - "aclType": "publishClientToBroker", + "aclType": "publishClientSend", "topic": "topic/2/#", "allow": True, "priority": 9 }, { - "aclType": "publishClientToBroker", + "aclType": "publishClientSend", "topic": "topic/#", "allow": True, "priority": 8 @@ -77,13 +77,13 @@ get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol 'textName': 'Modified name', 'textDescription': 'Modified description', 'acls': [ { - "aclType": "publishClientToBroker", + "aclType": "publishClientSend", "topic": "topic/2/#", "allow": True, "priority": 9 }, { - "aclType": "publishClientToBroker", + "aclType": "publishClientSend", "topic": "topic/#", "allow": True, "priority": 8 @@ -102,7 +102,7 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') except FileExistsError: try: os.remove(f"{port}/dynamic-security.json") diff --git a/test/broker/14-dynsec-role.py b/test/broker/14-dynsec-role.py index bdeb696d..e1dc2351 100755 --- a/test/broker/14-dynsec-role.py +++ b/test/broker/14-dynsec-role.py @@ -42,7 +42,7 @@ create_group_response = {'responses':[{"command":"createGroup","correlationData" create_role_command = { "commands": [{'command': 'createRole', 'correlationData': '3', "roleName": "basic", "acls":[ - {"aclType":"publishClientToBroker", "topic": "out/#", "priority":3, "allow": True}], "textName":"name", "textDescription":"desc" + {"aclType":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textName":"name", "textDescription":"desc" }]} create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '3'}]} @@ -61,7 +61,7 @@ list_roles_verbose_command1 = { "commands": [{ } list_roles_verbose_response1 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':1, 'roles': [{'roleName': 'basic', "textName": "name", "textDescription": "desc", - 'acls': [{'aclType':'publishClientToBroker', 'topic': 'out/#', 'priority': 3, 'allow': True}] + 'acls': [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}] }]}, 'correlationData': '21'}]} add_acl_command = {"commands": [{'command': "addRoleACL", "roleName":"basic", "aclType":"subscribeLiteral", @@ -73,14 +73,14 @@ list_roles_verbose_command2 = { "commands": [{ } list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':1, 'roles': [{'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls': - [{'aclType':'publishClientToBroker', 'topic': 'out/#', 'priority': 3, 'allow': True}, + [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}, {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}], }]}, 'correlationData': '22'}]} get_role_command = {"commands": [{'command': "getRole", "roleName":"basic"}]} get_role_response = {'responses': [{'command': 'getRole', 'data': {'role': {'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls': - [{'aclType':'publishClientToBroker', 'topic': 'out/#', 'priority': 3, 'allow': True}, + [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}, {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}], }}}]} @@ -126,7 +126,7 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') except FileExistsError: try: os.remove(f"{port}/dynamic-security.json")