Moving towards new mosquitto_acl_check().

9 years ago · ccedc6d709
parent 45ad23c7be
commit ccedc6d709
5 changed files with 23 additions and 5 deletions
--- a/src/Makefile
+++ b/src/Makefile
@ -194,6 +194,9 @@ mosquitto_passwd : mosquitto_passwd.o
 mosquitto_passwd.o : mosquitto_passwd.c
 	${CROSS_COMPILE}${CC} $(CFLAGS) ${CPPFLAGS} -c $< -o $@

+plugin_defer.so : plugin_defer.c mosquitto_plugin.h
+	${CROSS_COMPILE}${CC} -I. -I../lib -fPIC -shared $< -o $@
+
 install : all
 	$(INSTALL) -d ${DESTDIR}$(prefix)/sbin
 	$(INSTALL) ${STRIP_OPTS} mosquitto ${DESTDIR}${prefix}/sbin/mosquitto
--- a/src/mosquitto_broker_internal.h
+++ b/src/mosquitto_broker_internal.h
@ -313,7 +313,7 @@ struct mosquitto__auth_plugin{
 	int (*plugin_cleanup)(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count);
 	int (*security_init)(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload);
 	int (*security_cleanup)(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload);
-	int (*acl_check)(void *user_data, const char *clientid, const char *username, const char *topic, int access);
+	int (*acl_check)(void *user_data, int access, const struct mosquitto *client, struct mosquitto_acl_msg *msg);
 	int (*unpwd_check)(void *user_data, const char *username, const char *password);
 	int (*psk_key_get)(void *user_data, const char *hint, const char *identity, char *key, int max_key_len);
 };
--- a/src/mosquitto_plugin.h
+++ b/src/mosquitto_plugin.h
@ -23,11 +23,23 @@ Contributors:
 #define MOSQ_ACL_READ 0x01
 #define MOSQ_ACL_WRITE 0x02

+#include <stdbool.h>
+
+struct mosquitto;
+
 struct mosquitto_auth_opt {
 	char *key;
 	char *value;
 };

+struct mosquitto_acl_msg {
+	const char *topic;
+	const void *payload;
+	long payloadlen;
+	int qos;
+	bool retain;
+};
+
 /*
 * To create an authentication plugin you must include this file then implement
 * the functions listed in the "Plugin Functions" section below. The resulting
@ -174,7 +186,7 @@ int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_auth_opt *
 *	MOSQ_ERR_UNKNOWN for an application specific error.
 *	MOSQ_ERR_PLUGIN_DEFER if your plugin does not wish to handle this check.
 */
-int mosquitto_auth_acl_check(void *user_data, const char *clientid, const char *username, const char *topic, int access);
+int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, struct mosquitto_acl_msg *msg);

 /*
 * Function: mosquitto_auth_unpwd_check
--- a/src/plugin_defer.c
+++ b/src/plugin_defer.c
@ -44,7 +44,7 @@ int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_auth_opt *
 	return MOSQ_ERR_SUCCESS;
 }

-int mosquitto_auth_acl_check(void *user_data, const char *clientid, const char *username, const char *topic, int access)
+int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, struct mosquitto_acl_msg *msg)
 {
 	return MOSQ_ERR_PLUGIN_DEFER;
 }
--- a/src/security.c
+++ b/src/security.c
@ -29,7 +29,7 @@ typedef int (*FUNC_auth_plugin_init)(void **, struct mosquitto_auth_opt *, int);
 typedef int (*FUNC_auth_plugin_cleanup)(void *, struct mosquitto_auth_opt *, int);
 typedef int (*FUNC_auth_plugin_security_init)(void *, struct mosquitto_auth_opt *, int, bool);
 typedef int (*FUNC_auth_plugin_security_cleanup)(void *, struct mosquitto_auth_opt *, int, bool);
-typedef int (*FUNC_auth_plugin_acl_check)(void *, const char *, const char *, const char *, int);
+typedef int (*FUNC_auth_plugin_acl_check)(void *, int, const struct mosquitto *, struct mosquitto_acl_msg *);
 typedef int (*FUNC_auth_plugin_unpwd_check)(void *, const char *, const char *);
 typedef int (*FUNC_auth_plugin_psk_key_get)(void *, const char *, const char *, char *, int);

@ -238,6 +238,7 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons
 	char *username;
 	int rc;
 	int i;
+	struct mosquitto_acl_msg msg;

 	if(!context->id){
 		return MOSQ_ERR_ACL_DENIED;
@ -261,7 +262,9 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons
 	 */
 	rc = MOSQ_ERR_SUCCESS;
 	for(i=0; i<db->auth_plugin_count; i++){
-		rc = db->auth_plugins[i].acl_check(db->auth_plugins[i].user_data, context->id, username, topic, access);
+		memset(&msg, 0, sizeof(msg));
+		msg.topic = topic;
+		rc = db->auth_plugins[i].acl_check(db->auth_plugins[i].user_data, access, context, &msg);
 		if(rc != MOSQ_ERR_PLUGIN_DEFER){
 			return rc;
 		}