github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
master
fixes
release/2.0
release/1.6
dynamic-bridge
release/1.5
debian
debian-mosquitto
v2.0.15
v2.0.14
v2.0.13
v2.0.12
v2.0.11
v1.6.15
v2.0.10
v2.0.9
v1.6.14
v1.5.11
v2.0.8
v2.0.7
v1.6.13
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.5.10
v1.6.12
v1.6.11
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.5.9
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5
v1.4.15
v1.4.14
v1.4.13
v1.4.12
v1.4.11
v1.4.10
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.3.2-not-blessed
v1.3.3-not-blessed
v1.3.4-not-blessed
v1.3.5-not-blessed
v1.4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4a7da066e0'
${ noResults }
mosquitto/test/broker/14-dynsec-allow-wildcard.py

142 lines
5.0 KiB
Python
Raw Blame History

#!/usr/bin/env python3
# Test for allowwildcardsubs behaviour
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("listener %d\n" % (port))
f.write("allow_anonymous false\n")
f.write(f"plugin {mosq_test.get_build_root()}/plugins/dynamic-security/mosquitto_dynamic_security.so\n")
f.write("plugin_opt_config_file %d/dynamic-security.json\n" % (port))
def command_check(sock, command_payload, expected_response):
command_packet = mosq_test.gen_publish(topic="$CONTROL/dynamic-security/v1", qos=0, payload=json.dumps(command_payload))
sock.send(command_packet)
response = json.loads(mosq_test.read_publish(sock))
if response != expected_response:
print(expected_response)
print(response)
raise ValueError(response)
port = mosq_test.get_port()
conf_file = os.path.basename(__file__).replace('.py', '.conf')
write_config(conf_file, port)
add_client_command_with_id = { "commands": [{
"command": "createClient", "username": "user_one",
"password": "password", "clientid": "cid",
"correlationData": "2" }]
}
add_client_response_with_id = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
add_client_group_role_command = {"commands":[
{ "command": "createGroup", "groupname": "mygroup" },
{ "command": "createRole", "rolename": "myrole", "allowwildcardsubs": True},
{ "command": "addGroupRole", "groupname": "mygroup", "rolename": "myrole" },
{ "command": "addRoleACL", "rolename": "myrole", "acltype": "subscribePattern", "topic": "multilevel-wildcard/#", "allow": True },
{ "command": "addGroupClient", "groupname": "mygroup", "username": "user_one" }
]}
add_client_group_role_response = {'responses': [
{'command': 'createGroup'},
{'command': 'createRole'},
{'command': 'addGroupRole'},
{'command': 'addRoleACL'},
{'command': 'addGroupClient'}
]}
modify_role_command = {"commands":[
{ "command": "modifyRole", "rolename": "myrole", "allowwildcardsubs": False}
]}
modify_role_response = {"responses":[
{ "command": "modifyRole"}
]}
rc = 1
connect_packet_admin = mosq_test.gen_connect("ctrl-test", username="admin", password="admin")
connack_packet_admin = mosq_test.gen_connack(rc=0)
mid = 2
subscribe_packet_admin = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1)
suback_packet_admin = mosq_test.gen_suback(mid, 1)
# Success
connect_packet = mosq_test.gen_connect("cid", username="user_one", password="password", proto_ver=5)
connack_packet = mosq_test.gen_connack(rc=0, proto_ver=5)
mid = 4
subscribe_packet = mosq_test.gen_subscribe(mid, "multilevel-wildcard/#", 0, proto_ver=5)
suback_packet_success = mosq_test.gen_suback(mid, 0, proto_ver=5)
suback_packet_fail = mosq_test.gen_suback(mid, mqtt5_rc.MQTT_RC_NOT_AUTHORIZED, proto_ver=5)
disconnect_kick_packet = mosq_test.gen_disconnect(reason_code=mqtt5_rc.MQTT_RC_ADMINISTRATIVE_ACTION, proto_ver=5)
try:
os.mkdir(str(port))
shutil.copyfile(str(Path(__file__).resolve().parent / "dynamic-security-init.json"), "%d/dynamic-security.json" % (port))
except FileExistsError:
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
try:
sock = mosq_test.do_client_connect(connect_packet_admin, connack_packet_admin, timeout=5, port=port)
mosq_test.do_send_receive(sock, subscribe_packet_admin, suback_packet_admin, "suback")
# Add client
command_check(sock, add_client_command_with_id, add_client_response_with_id)
# Create a group, add a role to the group, add the client to the group
command_check(sock, add_client_group_role_command, add_client_group_role_response)
# Client with username, password, and client id
csock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port, connack_error="connack 1")
# Subscribe to "multilevel-wildcard/#" - allowed
mosq_test.do_send_receive(csock, subscribe_packet, suback_packet_success, "suback # allowed")
# Modify role - this will kick the client and remove the ability to subscribe to wildcards
command_check(sock, modify_role_command, modify_role_response)
mosq_test.expect_packet(csock, "disconnect kick 1", disconnect_kick_packet)
csock.close()
# Reconnect
csock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port, connack_error="connack 2")
# Subscribe to "multilevel-wildcard/#" - not allowed
mosq_test.do_send_receive(csock, subscribe_packet, suback_packet_fail, "suback # not allowed")
csock.close()
rc = 0
sock.close()
except mosq_test.TestError:
pass
finally:
os.remove(conf_file)
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
shutil.rmtree(f"{port}")
broker.terminate()
if mosq_test.wait_for_subprocess(broker):
print("broker not terminated")
if rc == 0: rc=1
(stdo, stde) = broker.communicate()
if rc:
print(stde.decode('utf-8'))
exit(rc)
Reference in New Issue View Git Blame Copy Permalink