/* Copyright (c) 2021 Frank Villaro-Dixon This plugin is under the WTFPL. Do what you want with it. SPDX-License-Identifier: WTFPL Contributors: Frank Villaro-Dixon - initial implementation and documentation. */ /* * This plugin allows users to authenticate with any username, as long as * the provided password matches the MOSQUITTO_PASSWORD environment variable. * If the MOSQUITTO_PASSWORD env variable is empty, then authentication is rejected. * * Compile with: * gcc -I -fPIC -shared mosquitto_auth_by_env.c -o mosquitto_auth_by_env.so * * Use in config with: * * plugin /path/to/mosquitto_auth_by_env.so * * Note that this only works on Mosquitto 2.0 or later. */ #include "config.h" #include #include #include #include "mosquitto_broker.h" #include "mosquitto_plugin.h" #include "mosquitto.h" #include "mqtt_protocol.h" #define ENV_MOSQUITTO_PASSWORD "MOSQUITTO_PASSWORD" static mosquitto_plugin_id_t *mosq_pid = NULL; static char *environment_password; static int basic_auth_callback(int event, void *event_data, void *userdata) { struct mosquitto_evt_basic_auth *ed = event_data; UNUSED(event); UNUSED(userdata); if(!environment_password || !ed->password){ return MOSQ_ERR_PLUGIN_DEFER; } if(!strcmp(ed->password, environment_password)){ /* Password matched MOSQUITTO_PASSWORD */ return MOSQ_ERR_SUCCESS; } else{ return MOSQ_ERR_PLUGIN_DEFER; } } int mosquitto_plugin_version(int supported_version_count, const int *supported_versions) { int i; for(i=0; i 0){ environment_password = strdup(env_var_content); return mosquitto_callback_register(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL, NULL); } } log__printf(NULL, MOSQ_LOG_INFO, "Auth-by-env plugin called, but "ENV_MOSQUITTO_PASSWORD" env var is empty\n"); return 0; } int mosquitto_plugin_cleanup(void *user_data, struct mosquitto_opt *opts, int opt_count) { UNUSED(user_data); UNUSED(opts); UNUSED(opt_count); free(environment_password); return mosquitto_callback_unregister(mosq_pid, MOSQ_EVT_BASIC_AUTH, basic_auth_callback, NULL); }