Adding users to password file #169

Closed
castorgodinho opened this Issue May 24, 2016 · 1 comment

Projects

None yet

2 participants

@castorgodinho

mosquitto_passwd can use any option to add a new user to the password file.
eg. The output of

$mosquitto_passwd -hello /etc/mosquitto/pass castor password
                            Error: Unknown option '-hello'
                            password: 
                            re-enter password:

-hello allowed me to add another user to the password file. This bug is caused due to a missing return statement in the mosquitto_passwd code.

if(argc == 5){
        if(!strcmp(argv[1], "-b")){
            batch_mode = true;
        }else{
            fprintf(stderr, "Error: Unknown option '%s'\n", argv[1]);
                    **return 1;**   //This missing return statement. 
        }
        password_file_tmp = argv[2];
        username = argv[3];
        password_cmd = argv[4];
    }

It is not advisable to add password in the command itself. Another argument (eg -a Adduser) can be implemented to add another user to the password file.

else if(argc == 4){
                /* -a argument implementation */
        if(strcmp(argv[1],"-a")==0){
            password_cmd = argv[4];
        }else
            if(!strcmp(argv[1], "-c")){
                create_new = true;
            }else if(!strcmp(argv[1], "-D")){
                delete_user = true;
            }else{
                fprintf(stderr, "Error: Unknown option '%s'\n", argv[1]);
                return 1;
            }
        password_file_tmp = argv[2];
        username = argv[3];
}
@ralight ralight added a commit that referenced this issue May 26, 2016
@ralight ralight [169] mosquitto_passwd handles unknown cmd args properly.
Closes #169. Thanks to castorgodinho.

Bug: #169
6f5f445
@ralight
Contributor
ralight commented May 26, 2016

Thanks for the report, you're quite right this is a bug. I've pushed a fix.

I agree about adding passwords on the command line, but it was a requested feature and is useful in some situations.

The normal way of adding a user is mosquitto_passwd passwordfile username just like with e.g. htpasswd2 from apache.

@ralight ralight closed this May 26, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment