support clientid in be_*_getuser()

closes #266
jpmens · Nov 21, 2018 · 837e3c7 · 837e3c7
1 parent 2795fef
commit 837e3c7
Show file tree

Hide file tree

Showing 25 changed files with 30 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -163,8 +163,9 @@ The following `auth_opt_` options are supported by the mysql back-end:
 The SQL query for looking up a user's password hash is mandatory. The query
 MUST return a single row only (any other number of rows is considered to be
 "user not found"), and it MUST return a single column only with the PBKDF2
-password hash. A single `'%s'` in the query string is replaced by the
-username attempting to access the broker.
+password hash. Two `'%s'` in the userquery string are replaced by the
+username attempting to access the broker and the clientid respectively. (If the clientid is not
+to be used in the SQL, insert just a single `'%s'` into the _userquery_ parameter.)
 
 ```sql
 SELECT pw FROM users WHERE username = '%s' LIMIT 1
@@ -209,6 +210,7 @@ auth_opt_dbname test
 auth_opt_user jjj
 auth_opt_pass supersecret
 auth_opt_userquery SELECT pw FROM users WHERE username = '%s'
+# auth_opt_userquery SELECT pwhash FROM user WHERE username = '%s' AND clientid = '%s'
 auth_opt_superquery SELECT COUNT(*) FROM users WHERE username = '%s' AND super = 1
 auth_opt_aclquery SELECT topic FROM acls WHERE (username = '%s') AND (rw >= %d)
 auth_opt_anonusername AnonymouS

diff --git a/auth-plug.c b/auth-plug.c
@@ -552,7 +552,7 @@ int mosquitto_auth_unpwd_check(void *userdata, const char *username, const char
 			free(phash);
 			phash = NULL;
 		}
-		rc = b->getuser(b->conf, username, password, &phash);
+		rc = b->getuser(b->conf, username, password, &phash, mosquitto_client_id(client));
 		if (rc == BACKEND_ALLOW) {
 			backend_name = (*bep)->name;
 			authenticated = TRUE;

diff --git a/backends.h b/backends.h
@@ -50,7 +50,7 @@
 # define __BACKENDS_H
 
 typedef void (f_kill)(void *conf);
-typedef int (f_getuser)(void *conf, const char *username, const char *password, char **phash);
+typedef int (f_getuser)(void *conf, const char *username, const char *password, char **phash, const char *clientid);
 typedef int (f_superuser)(void *conf, const char *username);
 typedef int (f_aclcheck)(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 

diff --git a/be-cdb.c b/be-cdb.c
@@ -85,7 +85,7 @@ void be_cdb_destroy(void *handle)
 	}
 }
 
-int be_cdb_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_cdb_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct cdb_backend *conf = (struct cdb_backend *)handle;
 	char *k, *v = NULL;

diff --git a/be-cdb.h b/be-cdb.h
@@ -36,7 +36,7 @@ struct cdb_backend {
 
 void *be_cdb_init();
 void be_cdb_destroy(void *handle);
-int be_cdb_getuser(void *handle, const char *username, const char *password, char **phash);
+int be_cdb_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid);
 int be_cdb_access(void *handle, const char *username, char *topic);
 int be_cdb_superuser(void *handle, const char *username);
 int be_cdb_aclcheck(void *handle, const char *clientid, const char *username, const char *topic, int acc);

diff --git a/be-files.c b/be-files.c
@@ -337,7 +337,7 @@ void be_files_destroy(void *handle)
 int be_files_getuser(void *handle,
 		            const char *username,
 		            const char *password,
-		            char **phash)
+		            char **phash, const char *clientid)
 {
 	be_files *const conf = (be_files *) handle;
 	pwd_entry *entry = find_pwd(conf, username);

diff --git a/be-files.h b/be-files.h
@@ -31,7 +31,7 @@
 
 void *be_files_init();
 void be_files_destroy(void *handle);
-int be_files_getuser(void *handle, const char *username, const char *password, char **phash);
+int be_files_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid);
 int be_files_superuser(void *handle, const char *username);
 int be_files_aclcheck(void *handle, const char *clientid, const char *username, const char *topic, int access);
 

diff --git a/be-http.c b/be-http.c
@@ -305,7 +305,7 @@ void be_http_destroy(void *handle)
 	}
 };
 
-int be_http_getuser(void *handle, const char *username, const char *password, char **phash) {
+int be_http_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid) {
 	struct http_backend *conf = (struct http_backend *)handle;
 	int re, try;
 	if (username == NULL) {

diff --git a/be-http.h b/be-http.h
@@ -50,7 +50,7 @@ struct http_backend {
 
 void *be_http_init();
 void be_http_destroy(void *conf);
-int be_http_getuser(void *conf, const char *username, const char *password, char **phash);
+int be_http_getuser(void *conf, const char *username, const char *password, char **phash, const char *clientid);
 int be_http_superuser(void *conf, const char *username);
 int be_http_aclcheck(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 #endif /* BE_HTTP */
diff --git a/be-jwt.c b/be-jwt.c
@@ -284,7 +284,7 @@ void be_jwt_destroy(void *handle)
 	}
 };
 
-int be_jwt_getuser(void *handle, const char *token, const char *pass, char **phash)
+int be_jwt_getuser(void *handle, const char *token, const char *pass, char **phash, const char *clientid)
 {
 	struct jwt_backend *conf = (struct jwt_backend *)handle;
 	int re;

diff --git a/be-jwt.h b/be-jwt.h
@@ -49,7 +49,7 @@ struct jwt_backend {
 
 void *be_jwt_init();
 void be_jwt_destroy(void *conf);
-int be_jwt_getuser(void *conf, const char *token, const char *password, char **phash);
+int be_jwt_getuser(void *conf, const char *token, const char *password, char **phash, const char *clientid);
 int be_jwt_superuser(void *conf, const char *token);
 int be_jwt_aclcheck(void *conf, const char *clientid, const char *token, const char *topic, int acc);
 #endif /* BE_JWT */
diff --git a/be-ldap.c b/be-ldap.c
@@ -186,7 +186,7 @@ static int user_bind(char *connstr, char *dn, const char *password)
 
 }
 
-int be_ldap_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_ldap_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct ldap_backend *conf = (struct ldap_backend *)handle;
 	LDAPMessage *msg,*entry;

diff --git a/be-ldap.h b/be-ldap.h
@@ -34,7 +34,7 @@
 
 void *be_ldap_init();
 void be_ldap_destroy(void *conf);
-int be_ldap_getuser(void *conf, const char *username, const char *password, char **phash);
+int be_ldap_getuser(void *conf, const char *username, const char *password, char **phash, const char *clientid);
 int be_ldap_superuser(void *conf, const char *username);
 int be_ldap_aclcheck(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 #endif /* BE_LDAP */
diff --git a/be-memcached.c b/be-memcached.c
@@ -136,7 +136,7 @@ void be_memcached_destroy(void *handle)
 	}
 }
 
-int be_memcached_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_memcached_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct memcached_backend *conf = (struct memcached_backend *)handle;
 

diff --git a/be-memcached.h b/be-memcached.h
@@ -31,7 +31,7 @@
 
 void *be_memcached_init();
 void be_memcached_destroy(void *conf);
-int be_memcached_getuser(void *handle, const char *username, const char *password, char **phash);
+int be_memcached_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid);
 int be_memcached_superuser(void *conf, const char *username);
 int be_memcached_aclcheck(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 #endif /* BE_MEMCACHED */
diff --git a/be-mongo.c b/be-mongo.c
@@ -114,7 +114,7 @@ mongoc_uri_t *be_mongo_new_uri_from_options() {
 	return uri;
 }
 
-int be_mongo_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_mongo_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct mongo_backend *conf = (struct mongo_backend *)handle;
 	mongoc_collection_t *collection;

diff --git a/be-mongo.h b/be-mongo.h
@@ -31,7 +31,7 @@
 
 void *be_mongo_init();
 void be_mongo_destroy(void *conf);
-int be_mongo_getuser(void *conf, const char *username, const char *password, char **phash);
+int be_mongo_getuser(void *conf, const char *username, const char *password, char **phash, const char *clientid);
 int be_mongo_superuser(void *conf, const char *username);
 int be_mongo_aclcheck(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 #endif /* BE_MONGO */
diff --git a/be-mysql.c b/be-mysql.c
@@ -186,14 +186,15 @@ static bool auto_connect(struct mysql_backend *conf)
 	return false;
 }
 
-int be_mysql_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_mysql_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct mysql_backend *conf = (struct mysql_backend *)handle;
 	char *query = NULL, *u = NULL, *value = NULL, *v;
 	long nrows, ulen;
 	MYSQL_RES *res = NULL;
 	MYSQL_ROW rowdata;
 
+	// fprintf(stderr, "------>%s<-----\n", clientid);
 	if (!conf || !conf->userquery || !username || !*username)
 		return BACKEND_DEFER;
 
@@ -210,7 +211,7 @@ int be_mysql_getuser(void *handle, const char *username, const char *password, c
 		free(u);
 		return BACKEND_ERROR;
 	}
-	sprintf(query, conf->userquery, u);
+	sprintf(query, conf->userquery, u, clientid);
 	free(u);
 
 	if (mysql_query(conf->mysql, query)) {

diff --git a/be-mysql.h b/be-mysql.h
@@ -33,7 +33,7 @@
 
 void *be_mysql_init();
 void be_mysql_destroy(void *conf);
-int be_mysql_getuser(void *conf, const char *username, const char *password, char **phash);
+int be_mysql_getuser(void *conf, const char *username, const char *password, char **phash, const char *clientid);
 int be_mysql_superuser(void *conf, const char *username);
 int be_mysql_aclcheck(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 #endif /* BE_MYSQL */
diff --git a/be-postgres.c b/be-postgres.c
@@ -162,7 +162,7 @@ void be_pg_destroy(void *handle)
 	}
 }
 
-int be_pg_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_pg_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct pg_backend *conf = (struct pg_backend *)handle;
 	char *value = NULL, *v = NULL;

diff --git a/be-postgres.h b/be-postgres.h
@@ -33,7 +33,7 @@
 
 void *be_pg_init();
 void be_pg_destroy(void *conf);
-int be_pg_getuser(void *conf, const char *username, const char *password, char **phash);
+int be_pg_getuser(void *conf, const char *username, const char *password, char **phash, const char *clientid);
 int be_pg_superuser(void *conf, const char *username);
 int be_pg_aclcheck(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 #endif /* BE_POSTGRES */
diff --git a/be-redis.c b/be-redis.c
@@ -136,7 +136,7 @@ void be_redis_destroy(void *handle)
 	}
 }
 
-int be_redis_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_redis_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct redis_backend *conf = (struct redis_backend *)handle;
 

diff --git a/be-redis.h b/be-redis.h
@@ -31,7 +31,7 @@
 
 void *be_redis_init();
 void be_redis_destroy(void *conf);
-int be_redis_getuser(void *conf, const char *username, const char *password, char **phash);
+int be_redis_getuser(void *conf, const char *username, const char *password, char **phash, const char *clientid);
 int be_redis_superuser(void *conf, const char *username);
 int be_redis_aclcheck(void *conf, const char *clientid, const char *username, const char *topic, int acc);
 #endif /* BE_REDIS */
diff --git a/be-sqlite.c b/be-sqlite.c
@@ -87,7 +87,7 @@ void be_sqlite_destroy(void *handle)
 	}
 }
 
-int be_sqlite_getuser(void *handle, const char *username, const char *password, char **phash)
+int be_sqlite_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid)
 {
 	struct sqlite_backend *conf = (struct sqlite_backend *)handle;
 	int res, retries;

diff --git a/be-sqlite.h b/be-sqlite.h
@@ -38,7 +38,7 @@ struct sqlite_backend {
 
 void *be_sqlite_init();
 void be_sqlite_destroy(void *handle);
-int be_sqlite_getuser(void *handle, const char *username, const char *password, char **phash);
+int be_sqlite_getuser(void *handle, const char *username, const char *password, char **phash, const char *clientid);
 int be_sqlite_access(void *handle, const char *username, char *topic);
 int be_sqlite_superuser(void *handle, const char *username);
 int be_sqlite_aclcheck(void *handle, const char *clientid, const char *username, const char *topic, int acc);