Add per_listener_settings, which isn't used yet.

8 years ago · bc13eab9d6
parent 4d3f5b2b39
commit bc13eab9d6
5 changed files with 43 additions and 3 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -2,6 +2,8 @@
 ==============

 Broker:
+- Add per_listener_settings to allow authentication and access control to be
+  per listener.
 - Fix UNSUBSCRIBE with no topic is accepted on MQTT 3.1.1. Closes #665.
 - Add ability to deny access to SUBSCRIBE messages as well as the current
  read/write accesses. Currently for auth plugins only.
--- a/man/mosquitto.conf.5.xml
+++ b/man/mosquitto.conf.5.xml
@ -51,7 +51,9 @@
 			protocol. Use the password_file option to define the valid
 			usernames and passwords. Be sure to use network encryption if you
 			are using this option otherwise the username and password will be
-			vulnerable to interception.</para>
+			vulnerable to interception. Use the
+			<option>per_listener_settings</option> to control whether passwords
+			are required globally or on a per-listener basis.</para>
 		<para>When using certificate based encryption there are three options
 			that affect authentication. The first is require_certificate, which
 			may be set to true or false. If false, the SSL/TLS component of the
@ -79,7 +81,8 @@
 			If use_identity_as_username is false, the client may still
 			authenticate using the MQTT username/password if using the
 			password_file option.</para>
-		<para>Both certificate and PSK based encryption are configured on a per-listener basis.</para>
+		<para>Both certificate and PSK based encryption are configured on a
+			per-listener basis.</para>
 		<para>Authentication plugins can be created to augment the
 			password_file, acl_file and psk_file options with e.g. SQL based
 			lookups.</para>
@ -470,7 +473,26 @@
 						affected.</para>
 					<para>See also
 						<citerefentry><refentrytitle>mosquitto_passwd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
-				</listitem> </varlistentry>
+				</listitem>
+			</varlistentry>
+			<varlistentry>
+				<term><option>per_listener_settings</option> [ true | false ]</term>
+				<listitem>
+					<para>If <replaceable>true</replaceable>, then
+						authentication and access control settings will be
+						controlled on a per-listener basis. The following
+						options are affected:</para>
+					<para><option>password_file</option>,
+						<option>acl_file</option>, <option>psk_file</option>,
+						<option>auth_plugin</option>,
+						<option>auth_opt_*</option>.</para>
+					<para>The default behaviour is for this to be set to
+						<replaceable>false</replaceable>, which maintains the
+						settings behaviour from previous versions of
+						mosquitto.</para>
+					<para>Reloaded on reload signal.</para>
+				</listitem>
+			</varlistentry>
 			<varlistentry>
 				<term><option>persistence</option> [ true | false ]</term>
 				<listitem>
--- a/mosquitto.conf
+++ b/mosquitto.conf
@ -136,6 +136,18 @@
 # of packets being sent.
 #set_tcp_nodelay false

+# Use per listener security settings.
+# If this option is set to true, then all authentication and access control
+# options are controlled on a per listener basis. The following options are
+# affected:
+#
+# password_file acl_file psk_file auth_plugin auth_opt_*
+#
+# The default behaviour is for this to be set to false, which maintains the 
+# setting behaviour from previous versions of mosquitto.
+#per_listener_settings false
+
+
 # =================================================================
 # Default listener
 # =================================================================
--- a/src/conf.c
+++ b/src/conf.c
@ -151,6 +151,7 @@ static void config__init_reload(struct mosquitto__config *config)
 	mosquitto__free(config->clientid_prefixes);
 	config->connection_messages = true;
 	config->clientid_prefixes = NULL;
+	config->per_listener_settings = false;
 	if(config->log_fptr){
 		fclose(config->log_fptr);
 		config->log_fptr = NULL;
@ -1446,6 +1447,8 @@ int config__read_file_core(struct mosquitto__config *config, bool reload, const
 						config->password_file = NULL;
 					}
 					if(conf__parse_string(&token, "password_file", &config->password_file, saveptr)) return MOSQ_ERR_INVAL;
+				}else if(!strcmp(token, "per_listener_settings")){
+					if(conf__parse_bool(&token, "per_listener_settings", &config->per_listener_settings, saveptr)) return MOSQ_ERR_INVAL;
 				}else if(!strcmp(token, "persistence") || !strcmp(token, "retained_persistence")){
 					if(conf__parse_bool(&token, token, &config->persistence, saveptr)) return MOSQ_ERR_INVAL;
 				}else if(!strcmp(token, "persistence_file")){
--- a/src/mosquitto_broker_internal.h
+++ b/src/mosquitto_broker_internal.h
@ -210,6 +210,7 @@ struct mosquitto__config {
 	char *pid_file;
 	char *psk_file;
 	bool queue_qos0_messages;
+	bool per_listener_settings;
 	bool set_tcp_nodelay;
 	int sys_interval;
 	bool upgrade_outgoing_qos;