New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding users to password file #169

Closed
castorgodinho opened this Issue May 24, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@castorgodinho

mosquitto_passwd can use any option to add a new user to the password file.
eg. The output of

$mosquitto_passwd -hello /etc/mosquitto/pass castor password
                            Error: Unknown option '-hello'
                            password: 
                            re-enter password:

-hello allowed me to add another user to the password file. This bug is caused due to a missing return statement in the mosquitto_passwd code.

if(argc == 5){
        if(!strcmp(argv[1], "-b")){
            batch_mode = true;
        }else{
            fprintf(stderr, "Error: Unknown option '%s'\n", argv[1]);
                    **return 1;**   //This missing return statement. 
        }
        password_file_tmp = argv[2];
        username = argv[3];
        password_cmd = argv[4];
    }

It is not advisable to add password in the command itself. Another argument (eg -a Adduser) can be implemented to add another user to the password file.

else if(argc == 4){
                /* -a argument implementation */
        if(strcmp(argv[1],"-a")==0){
            password_cmd = argv[4];
        }else
            if(!strcmp(argv[1], "-c")){
                create_new = true;
            }else if(!strcmp(argv[1], "-D")){
                delete_user = true;
            }else{
                fprintf(stderr, "Error: Unknown option '%s'\n", argv[1]);
                return 1;
            }
        password_file_tmp = argv[2];
        username = argv[3];
}

ralight added a commit that referenced this issue May 26, 2016

@ralight

This comment has been minimized.

Show comment
Hide comment
@ralight

ralight May 26, 2016

Contributor

Thanks for the report, you're quite right this is a bug. I've pushed a fix.

I agree about adding passwords on the command line, but it was a requested feature and is useful in some situations.

The normal way of adding a user is mosquitto_passwd passwordfile username just like with e.g. htpasswd2 from apache.

Contributor

ralight commented May 26, 2016

Thanks for the report, you're quite right this is a bug. I've pushed a fix.

I agree about adding passwords on the command line, but it was a requested feature and is useful in some situations.

The normal way of adding a user is mosquitto_passwd passwordfile username just like with e.g. htpasswd2 from apache.

@ralight ralight closed this May 26, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment