From ccedc6d7092f70dcb00663eb9dc03a6637a721eb Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Fri, 8 Jul 2016 11:26:58 +0100
Subject: [PATCH] Moving towards new mosquitto_acl_check().

---
 src/Makefile                    |  3 +++
 src/mosquitto_broker_internal.h |  2 +-
 src/mosquitto_plugin.h          | 14 +++++++++++++-
 src/plugin_defer.c              |  2 +-
 src/security.c                  |  7 +++++--
 5 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/Makefile b/src/Makefile
index a8dddaa8..6ffdee49 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -194,6 +194,9 @@ mosquitto_passwd : mosquitto_passwd.o
 mosquitto_passwd.o : mosquitto_passwd.c
 	${CROSS_COMPILE}${CC} $(CFLAGS) ${CPPFLAGS} -c $< -o $@
 
+plugin_defer.so : plugin_defer.c mosquitto_plugin.h
+	${CROSS_COMPILE}${CC} -I. -I../lib -fPIC -shared $< -o $@
+
 install : all
 	$(INSTALL) -d ${DESTDIR}$(prefix)/sbin
 	$(INSTALL) ${STRIP_OPTS} mosquitto ${DESTDIR}${prefix}/sbin/mosquitto
diff --git a/src/mosquitto_broker_internal.h b/src/mosquitto_broker_internal.h
index a7da533d..ac45aa60 100644
--- a/src/mosquitto_broker_internal.h
+++ b/src/mosquitto_broker_internal.h
@@ -313,7 +313,7 @@ struct mosquitto__auth_plugin{
 	int (*plugin_cleanup)(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count);
 	int (*security_init)(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload);
 	int (*security_cleanup)(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload);
-	int (*acl_check)(void *user_data, const char *clientid, const char *username, const char *topic, int access);
+	int (*acl_check)(void *user_data, int access, const struct mosquitto *client, struct mosquitto_acl_msg *msg);
 	int (*unpwd_check)(void *user_data, const char *username, const char *password);
 	int (*psk_key_get)(void *user_data, const char *hint, const char *identity, char *key, int max_key_len);
 };
diff --git a/src/mosquitto_plugin.h b/src/mosquitto_plugin.h
index 033ea47e..98e8992a 100644
--- a/src/mosquitto_plugin.h
+++ b/src/mosquitto_plugin.h
@@ -23,11 +23,23 @@ Contributors:
 #define MOSQ_ACL_READ 0x01
 #define MOSQ_ACL_WRITE 0x02
 
+#include <stdbool.h>
+
+struct mosquitto;
+
 struct mosquitto_auth_opt {
 	char *key;
 	char *value;
 };
 
+struct mosquitto_acl_msg {
+	const char *topic;
+	const void *payload;
+	long payloadlen;
+	int qos;
+	bool retain;
+};
+
 /*
  * To create an authentication plugin you must include this file then implement
  * the functions listed in the "Plugin Functions" section below. The resulting
@@ -174,7 +186,7 @@ int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_auth_opt *
  *	MOSQ_ERR_UNKNOWN for an application specific error.
  *	MOSQ_ERR_PLUGIN_DEFER if your plugin does not wish to handle this check.
  */
-int mosquitto_auth_acl_check(void *user_data, const char *clientid, const char *username, const char *topic, int access);
+int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, struct mosquitto_acl_msg *msg);
 
 /*
  * Function: mosquitto_auth_unpwd_check
diff --git a/src/plugin_defer.c b/src/plugin_defer.c
index 4a323d1a..b554276d 100644
--- a/src/plugin_defer.c
+++ b/src/plugin_defer.c
@@ -44,7 +44,7 @@ int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_auth_opt *
 	return MOSQ_ERR_SUCCESS;
 }
 
-int mosquitto_auth_acl_check(void *user_data, const char *clientid, const char *username, const char *topic, int access)
+int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, struct mosquitto_acl_msg *msg)
 {
 	return MOSQ_ERR_PLUGIN_DEFER;
 }
diff --git a/src/security.c b/src/security.c
index 1780dd35..4ef594e8 100644
--- a/src/security.c
+++ b/src/security.c
@@ -29,7 +29,7 @@ typedef int (*FUNC_auth_plugin_init)(void **, struct mosquitto_auth_opt *, int);
 typedef int (*FUNC_auth_plugin_cleanup)(void *, struct mosquitto_auth_opt *, int);
 typedef int (*FUNC_auth_plugin_security_init)(void *, struct mosquitto_auth_opt *, int, bool);
 typedef int (*FUNC_auth_plugin_security_cleanup)(void *, struct mosquitto_auth_opt *, int, bool);
-typedef int (*FUNC_auth_plugin_acl_check)(void *, const char *, const char *, const char *, int);
+typedef int (*FUNC_auth_plugin_acl_check)(void *, int, const struct mosquitto *, struct mosquitto_acl_msg *);
 typedef int (*FUNC_auth_plugin_unpwd_check)(void *, const char *, const char *);
 typedef int (*FUNC_auth_plugin_psk_key_get)(void *, const char *, const char *, char *, int);
 
@@ -238,6 +238,7 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons
 	char *username;
 	int rc;
 	int i;
+	struct mosquitto_acl_msg msg;
 
 	if(!context->id){
 		return MOSQ_ERR_ACL_DENIED;
@@ -261,7 +262,9 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons
 	 */
 	rc = MOSQ_ERR_SUCCESS;
 	for(i=0; i<db->auth_plugin_count; i++){
-		rc = db->auth_plugins[i].acl_check(db->auth_plugins[i].user_data, context->id, username, topic, access);
+		memset(&msg, 0, sizeof(msg));
+		msg.topic = topic;
+		rc = db->auth_plugins[i].acl_check(db->auth_plugins[i].user_data, access, context, &msg);
 		if(rc != MOSQ_ERR_PLUGIN_DEFER){
 			return rc;
 		}