From facb929c60b570d0f38022e2499cf6af23306651 Mon Sep 17 00:00:00 2001 From: Dany Khalife Date: Wed, 25 Dec 2024 22:39:57 +0000 Subject: [PATCH] add client id to basic authentication interface --- src/backends/backend.h | 5 ++++- src/backends/file/be_file.cpp | 2 +- src/backends/file/be_file.h | 5 ++++- src/backends/http/be_http.cpp | 2 +- src/backends/http/be_http.h | 5 ++++- src/backends/mysql/be_mysql.cpp | 2 +- src/backends/mysql/be_mysql.h | 5 ++++- src/backends/sqlite/be_sqlite.cpp | 2 +- src/backends/sqlite/be_sqlite.h | 5 ++++- src/plugin.cpp | 3 ++- 10 files changed, 26 insertions(+), 10 deletions(-) diff --git a/src/backends/backend.h b/src/backends/backend.h index 9945988..33b2487 100644 --- a/src/backends/backend.h +++ b/src/backends/backend.h @@ -15,9 +15,12 @@ class IBackend /** * Verifies a client credentials against its own store + * @param username The username the client passed + * @param password The password the client passed + * @param client_id The id associated with the mosquitto client making the connection * @return True if the client should be granted access by the broker */ - virtual bool authenticate(const std::string& username, const std::string& password) = 0; + virtual bool authenticate(const std::string& username, const std::string& password, const std::string& client_id) = 0; }; /** diff --git a/src/backends/file/be_file.cpp b/src/backends/file/be_file.cpp index 444d633..ab0387c 100644 --- a/src/backends/file/be_file.cpp +++ b/src/backends/file/be_file.cpp @@ -55,7 +55,7 @@ void BE_File::loadFile(const std::string& filePath) mosquitto_log_printf(MOSQ_LOG_INFO, "*** auth-plugin: loaded %i credentials from `%s`", m_credentials.size(), filePath.c_str()); } -bool BE_File::authenticate(const std::string& username, const std::string& password) +bool BE_File::authenticate(const std::string& username, const std::string& password, const std::string& /*client_id*/) { SHA256 hasher; std::string input_hash = hasher(password); diff --git a/src/backends/file/be_file.h b/src/backends/file/be_file.h index 1a72e02..5a275ea 100644 --- a/src/backends/file/be_file.h +++ b/src/backends/file/be_file.h @@ -20,9 +20,12 @@ class BE_File: public IBackend /** * Verifies a client credentials against the list of valid in-memory ones + * @param username The username the client passed + * @param password The password the client passed + * @param client_id The id associated with the mosquitto client making the connection * @return True if the client should be granted access by the broker */ - bool authenticate(const std::string& username, const std::string& password); + bool authenticate(const std::string& username, const std::string& password, const std::string& client_id); /** * Identifier to use in the broker configuration to use a file-backed list diff --git a/src/backends/http/be_http.cpp b/src/backends/http/be_http.cpp index 32aed2c..16214dc 100644 --- a/src/backends/http/be_http.cpp +++ b/src/backends/http/be_http.cpp @@ -65,7 +65,7 @@ void BE_Http::setupSubpaths(const std::map& options) n } } -bool BE_Http::authenticate(const std::string& username, const std::string& password) +bool BE_Http::authenticate(const std::string& username, const std::string& password, const std::string& client_id) { return false; } diff --git a/src/backends/http/be_http.h b/src/backends/http/be_http.h index 2c2b7ad..2640351 100644 --- a/src/backends/http/be_http.h +++ b/src/backends/http/be_http.h @@ -17,9 +17,12 @@ class BE_Http: public IBackend /** * Verifies a client credentials against the Http store + * @param username The username the client passed + * @param password The password the client passed + * @param client_id The id associated with the mosquitto client making the connection * @return True if the client should be granted access by the broker */ - bool authenticate(const std::string& username, const std::string& password); + bool authenticate(const std::string& username, const std::string& password, const std::string& client_id); /** * Identifier to use in the broker configuration to connect to an Http backend diff --git a/src/backends/mysql/be_mysql.cpp b/src/backends/mysql/be_mysql.cpp index 7ad8af3..c358435 100644 --- a/src/backends/mysql/be_mysql.cpp +++ b/src/backends/mysql/be_mysql.cpp @@ -7,7 +7,7 @@ BE_Mysql::BE_Mysql(const std::map& options) mosquitto_log_printf(MOSQ_LOG_DEBUG, "*** auth-plugin: backend %s initializing", BE_Mysql::kind); } -bool BE_Mysql::authenticate(const std::string& username, const std::string& password) +bool BE_Mysql::authenticate(const std::string& username, const std::string& password, const std::string& /*client_id*/) { return false; } diff --git a/src/backends/mysql/be_mysql.h b/src/backends/mysql/be_mysql.h index e1df697..1c3d303 100644 --- a/src/backends/mysql/be_mysql.h +++ b/src/backends/mysql/be_mysql.h @@ -17,9 +17,12 @@ class BE_Mysql: public IBackend /** * Verifies a client credentials against the MySQL store + * @param username The username the client passed + * @param password The password the client passed + * @param client_id The id associated with the mosquitto client making the connection * @return True if the client should be granted access by the broker */ - bool authenticate(const std::string& username, const std::string& password); + bool authenticate(const std::string& username, const std::string& password, const std::string& client_id); /** * Identifier to use in the broker configuration to connect to a MySQL service diff --git a/src/backends/sqlite/be_sqlite.cpp b/src/backends/sqlite/be_sqlite.cpp index b0843ce..7f58371 100644 --- a/src/backends/sqlite/be_sqlite.cpp +++ b/src/backends/sqlite/be_sqlite.cpp @@ -7,7 +7,7 @@ BE_Sqlite::BE_Sqlite(const std::map& options) mosquitto_log_printf(MOSQ_LOG_DEBUG, "*** auth-plugin: backend %s initializing", BE_Sqlite::kind); } -bool BE_Sqlite::authenticate(const std::string& username, const std::string& password) +bool BE_Sqlite::authenticate(const std::string& username, const std::string& password, const std::string& /*client_id*/) { return false; } diff --git a/src/backends/sqlite/be_sqlite.h b/src/backends/sqlite/be_sqlite.h index c527378..f9260fd 100644 --- a/src/backends/sqlite/be_sqlite.h +++ b/src/backends/sqlite/be_sqlite.h @@ -17,9 +17,12 @@ class BE_Sqlite: public IBackend /** * Verifies a client credentials against the SQLite store + * @param username The username the client passed + * @param password The password the client passed + * @param client_id The id associated with the mosquitto client making the connection * @return True if the client should be granted access by the broker */ - bool authenticate(const std::string& username, const std::string& password); + bool authenticate(const std::string& username, const std::string& password, const std::string& client_id); /** * Identifier to use in the broker configuration to connect to a SQLite database diff --git a/src/plugin.cpp b/src/plugin.cpp index cdb444f..741751f 100644 --- a/src/plugin.cpp +++ b/src/plugin.cpp @@ -96,7 +96,8 @@ int Plugin::onBasicAuth(const mosquitto_evt_basic_auth& event_data) noexcept { for (auto& backend: m_backends) { - if (backend->authenticate(event_data.username, event_data.password)) + const char* client_id = mosquitto_client_id(event_data.client); + if (backend->authenticate(event_data.username, event_data.password, client_id)) { return MOSQ_ERR_SUCCESS; }