-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http acl support #1724
Merged
http acl support #1724
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
b7ecee9
* ADD [broker] Add acl check when receive sub package
RanMaoyi 532f436
* ADD [broker] Add acl check when receive publish packet
RanMaoyi 910847a
* MDF [sub_handler] Move acl_http check and optimize the sub_handler …
RanMaoyi 5d2cf72
* FIX [sub_handler] It's ok when properties is NULL in MQTT v5
RanMaoyi d73b7a5
* FIX [pub_handler] fix ctest pub_handler_test failed
RanMaoyi 3cb8510
* SYNC [SYNC] sync nng
RanMaoyi bd036e3
* Move NNG head for PR CI
JaylinYu File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,36 +27,39 @@ | |
int | ||
decode_sub_msg(nano_work *work) | ||
{ | ||
uint8_t *variable_ptr, *payload_ptr; | ||
int vpos = 0; // pos in variable | ||
int bpos = 0; // pos in payload | ||
size_t len_of_varint = 0, len_of_property = 0, len_of_properties = 0; | ||
int len_of_str = 0, len_of_topic = 0; | ||
uint8_t property_id; | ||
size_t bpos = 0; // pos in msg_body | ||
size_t ppos = 0; // pos in payload | ||
uint8_t *payload_ptr = NULL; | ||
|
||
topic_node * tn, *_tn; | ||
topic_node *tn = NULL; | ||
topic_node *newtn = NULL; | ||
|
||
nng_msg * msg = work->msg; | ||
size_t remaining_len = nng_msg_remaining_len(msg); | ||
const uint8_t proto_ver = work->proto_ver; | ||
size_t remaining_len = 0; | ||
packet_subscribe *sub_pkt = NULL; | ||
|
||
// handle variable header | ||
variable_ptr = nng_msg_body(msg); | ||
if (work->msg == NULL || work->sub_pkt == NULL) { | ||
return PROTOCOL_ERROR; | ||
} | ||
|
||
remaining_len = nng_msg_remaining_len(work->msg); | ||
|
||
packet_subscribe *sub_pkt = work->sub_pkt; | ||
sub_pkt = work->sub_pkt; | ||
sub_pkt->node = NULL; | ||
NNI_GET16(variable_ptr + vpos, sub_pkt->packet_id); | ||
if (sub_pkt->packet_id == 0) | ||
sub_pkt->prop_len = 0; | ||
sub_pkt->properties = NULL; | ||
NNI_GET16((uint8_t *)(nng_msg_body(work->msg)), sub_pkt->packet_id); | ||
if (sub_pkt->packet_id == 0) { | ||
return PROTOCOL_ERROR; // packetid should be non-zero | ||
} | ||
// TODO packetid should be checked if it's unused | ||
vpos += 2; | ||
bpos += 2; | ||
|
||
sub_pkt->properties = NULL; | ||
sub_pkt->prop_len = 0; | ||
// Only Mqtt_v5 include property. | ||
if (MQTT_PROTOCOL_VERSION_v5 == proto_ver) { | ||
sub_pkt->properties = | ||
decode_properties(msg, (uint32_t *)&vpos, &sub_pkt->prop_len, true); | ||
if (work->proto_ver == MQTT_PROTOCOL_VERSION_v5) { | ||
sub_pkt->properties = decode_properties(work->msg, | ||
(uint32_t *)&bpos, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. weird format?? |
||
&sub_pkt->prop_len, | ||
true); | ||
if (check_properties(sub_pkt->properties) != SUCCESS) { | ||
return PROTOCOL_ERROR; | ||
} | ||
|
@@ -65,61 +68,80 @@ decode_sub_msg(nano_work *work) | |
log_debug("remainLen: [%ld] packetid : [%d]", remaining_len, | ||
sub_pkt->packet_id); | ||
// handle payload | ||
payload_ptr = nng_msg_payload_ptr(msg); | ||
payload_ptr = nng_msg_payload_ptr(work->msg); | ||
if (payload_ptr == NULL) { | ||
log_error("payload_ptr is NULL"); | ||
return PROTOCOL_ERROR; | ||
} | ||
|
||
if ((tn = nng_zalloc(sizeof(topic_node))) == NULL) { | ||
tn = nng_zalloc(sizeof(topic_node)); | ||
if (tn == NULL) { | ||
log_error("nng_zalloc"); | ||
return NNG_ENOMEM; | ||
} | ||
tn->next = NULL; | ||
sub_pkt->node = tn; | ||
sub_pkt->node = tn; | ||
|
||
while (1) { | ||
_tn = tn; | ||
|
||
tn->reason_code = GRANTED_QOS_2; // default | ||
tn->next = NULL; | ||
tn->topic.len = 0; | ||
tn->reason_code = GRANTED_QOS_2; // default | ||
|
||
// TODO Decoding topic has potential buffer overflow | ||
tn->topic.body = (char *) copyn_utf8_str(payload_ptr, | ||
(uint32_t *) &bpos, &len_of_topic, remaining_len); | ||
tn->topic.len = len_of_topic; | ||
log_info("topic: [%s] len: [%d] pid [%d]", tn->topic.body, len_of_topic, sub_pkt->packet_id); | ||
len_of_topic = 0; | ||
tn->topic.body = (char *)copyn_utf8_str(payload_ptr, | ||
(uint32_t *)&ppos, &tn->topic.len, remaining_len); | ||
if (tn->topic.body == NULL) { | ||
log_error("tn->topic.body is NULL"); | ||
} else { | ||
log_info("topic: [%s] len: [%d] pid [%d]", | ||
tn->topic.body, tn->topic.len, sub_pkt->packet_id); | ||
} | ||
|
||
if (tn->topic.len < 1 || tn->topic.body == NULL) { | ||
log_error("NOT utf8-encoded string OR null string."); | ||
tn->reason_code = UNSPECIFIED_ERROR; | ||
if (MQTT_PROTOCOL_VERSION_v5 == proto_ver) | ||
if (work->proto_ver == MQTT_PROTOCOL_VERSION_v5) { | ||
tn->reason_code = TOPIC_FILTER_INVALID; | ||
bpos += 1; // ignore option | ||
goto next; | ||
} | ||
ppos += 1; // ignore option | ||
if (ppos < remaining_len - bpos) { | ||
newtn = nng_zalloc(sizeof(topic_node)); | ||
if (newtn == NULL) { | ||
log_error("nng_zalloc"); | ||
return NNG_ENOMEM; | ||
} | ||
tn->next = newtn; | ||
tn = newtn; | ||
continue; | ||
} else { | ||
break; | ||
} | ||
} | ||
|
||
tn->rap = 1; // Default Setting | ||
memcpy(tn, payload_ptr + bpos, 1); | ||
memcpy(tn, payload_ptr + ppos, 1); | ||
if (tn->retain_handling > 2) { | ||
log_error("error in retain_handling"); | ||
tn->reason_code = UNSPECIFIED_ERROR; | ||
return PROTOCOL_ERROR; | ||
} | ||
bpos ++; | ||
ppos++; | ||
|
||
// Setting no_local on shared subscription is invalid | ||
if (MQTT_VERSION_V5 == proto_ver && | ||
if (work->proto_ver == MQTT_PROTOCOL_VERSION_v5 && | ||
strncmp(tn->topic.body, "$share/", strlen("$share/")) == 0 && | ||
tn->no_local == 1) { | ||
tn->reason_code = UNSPECIFIED_ERROR; | ||
return PROTOCOL_ERROR; | ||
} | ||
|
||
next: | ||
if (bpos < (int) (remaining_len - vpos)) { | ||
if (NULL == (tn = nng_zalloc(sizeof(topic_node)))) { | ||
if (ppos < remaining_len - bpos) { | ||
newtn = nng_zalloc(sizeof(topic_node)); | ||
if (newtn == NULL) { | ||
log_error("nng_zalloc"); | ||
return NNG_ENOMEM; | ||
} | ||
tn->next = NULL; | ||
_tn->next = tn; | ||
tn->next = newtn; | ||
tn = newtn; | ||
} else { | ||
break; | ||
} | ||
|
@@ -185,7 +207,6 @@ encode_suback_msg(nng_msg *msg, nano_work *work) | |
return PROTOCOL_ERROR; | ||
} | ||
tn = tn->next; | ||
log_debug("reason_code: [%x]", reason_code); | ||
} | ||
|
||
// If NOT find any reason codes | ||
|
@@ -226,23 +247,57 @@ encode_suback_msg(nng_msg *msg, nano_work *work) | |
int | ||
sub_ctx_handle(nano_work *work) | ||
{ | ||
int topic_len = 0; | ||
int topic_exist = 0; | ||
char *topic_str = NULL; | ||
bool auth_http_reject = false; | ||
topic_node *tn = NULL; | ||
|
||
if (!work->sub_pkt || !work->sub_pkt->node) { | ||
return -1; | ||
} | ||
topic_node *tn = work->sub_pkt->node; | ||
|
||
char *topic_str = NULL; | ||
int topic_len = 0, topic_exist = 0; | ||
|
||
if (work->sub_pkt->packet_id == 0) { | ||
return -2; | ||
} | ||
|
||
tn = work->sub_pkt->node; | ||
if (work->config->auth_http.enable) { | ||
topic_queue *tq = NULL; | ||
tn = work->sub_pkt->node; | ||
tq = init_topic_queue_with_topic_node(tn); | ||
if (tq == NULL) { | ||
log_error("topic_queue is NULL"); | ||
} else { | ||
int rv = nmq_auth_http_sub_pub(work->cparam, true, tq, &work->config->auth_http); | ||
if (rv != 0) { | ||
log_error("Auth failed! subscribe packet!"); | ||
/* | ||
* Currently, we support bulk upload of topics, | ||
* but there is only one return code, so we don't | ||
* know which topic failed to authenticate, and | ||
* the topics uploaded together should be set to NMQ_AUTH_SUB_ERROR | ||
*/ | ||
auth_http_reject = true; | ||
tn = work->sub_pkt->node; | ||
while (tn != NULL) { | ||
tn->reason_code = NMQ_AUTH_SUB_ERROR; | ||
log_warn("topic: [%s] HTTP AUTH fail, set SUBACK reason_code: [%d]", tn->topic.body, tn->reason_code); | ||
tn = tn->next; | ||
} | ||
} else { | ||
log_info("Auth success! subscribe packet!"); | ||
} | ||
topic_queue_release(tq); | ||
} | ||
} | ||
|
||
#ifdef STATISTICS | ||
// TODO | ||
#endif | ||
nng_msg **retain = work->msg_ret; | ||
while (tn) { | ||
tn = work->sub_pkt->node; | ||
while (tn != NULL && auth_http_reject == false) { | ||
topic_len = tn->topic.len; | ||
topic_str = tn->topic.body; | ||
log_debug("topicLen: [%d] body: [%s]", topic_len, topic_str); | ||
|
@@ -292,17 +347,11 @@ sub_ctx_handle(nano_work *work) | |
#if defined(NNG_SUPP_SQLITE) | ||
if (work->config->sqlite.enable && work->sqlite_db != NULL) { | ||
if (rh == 0 || (rh == 1 && !topic_exist)) { | ||
nng_msg **msg_vec = | ||
nng_mqtt_qos_db_find_retain( | ||
work->sqlite_db, topic_str); | ||
|
||
nng_msg **msg_vec = nng_mqtt_qos_db_find_retain(work->sqlite_db, topic_str); | ||
if (msg_vec != NULL) { | ||
for (size_t i = 0; | ||
i < cvector_size(msg_vec); i++) { | ||
for (size_t i = 0; i < cvector_size(msg_vec); i++) { | ||
if (msg_vec[i] != NULL) { | ||
cvector_push_back( | ||
work->msg_ret, | ||
msg_vec[i]); | ||
cvector_push_back(work->msg_ret, msg_vec[i]); | ||
} | ||
} | ||
cvector_free(msg_vec); | ||
|
@@ -311,25 +360,27 @@ sub_ctx_handle(nano_work *work) | |
goto next; | ||
} | ||
#endif | ||
if (rh == 0 || (rh == 1 && !topic_exist)) | ||
if (rh == 0 || (rh == 1 && !topic_exist)) { | ||
retain = dbtree_find_retain(work->db_ret, topic_str); | ||
} | ||
work->msg_ret = (work->msg_ret == NULL) ? retain : work->msg_ret; | ||
|
||
for (size_t i = 0; retain != NULL && | ||
i < cvector_size(retain) && work->msg_ret != retain; | ||
i++) { | ||
if (!retain[i]) | ||
i < cvector_size(retain) && | ||
work->msg_ret != retain; | ||
i++) { | ||
if (!retain[i]) { | ||
continue; | ||
} | ||
cvector_push_back(work->msg_ret, retain[i]); | ||
} | ||
if (retain != work->msg_ret) { | ||
cvector_free(retain); | ||
retain = NULL; | ||
} | ||
|
||
|
||
if (!work->msg_ret) | ||
if (!work->msg_ret) { | ||
goto next; | ||
} | ||
|
||
next: | ||
tn = tn->next; | ||
|
Submodule nng
updated
41 files
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only one topic exsits for pub msg