/src/mosquitto/plugins/dynamic-security/auth.c

Source (jump to first uncovered line)
/*
Copyright (c) 2020-2021 Roger Light <roger@atchoo.org>

All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License 2.0
and Eclipse Distribution License v1.0 which accompany this distribution.

The Eclipse Public License is available at
   https://www.eclipse.org/legal/epl-2.0/
and the Eclipse Distribution License is available at
  http://www.eclipse.org/org/documents/edl-v10.php.

SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause

Contributors:
   Roger Light - initial implementation and documentation.
*/

#include "config.h"

#include <openssl/bio.h>
#include <openssl/buffer.h>
#include <openssl/evp.h>
#include <openssl/rand.h>

#include "dynamic_security.h"
#include "mosquitto.h"
#include "mosquitto_broker.h"


/* ################################################################
 * #
 * # Username/password check
 * #
 * ################################################################ */

static int memcmp_const(const void *a, const void *b, size_t len)
{
  size_t i;
  int rc = 0;

  if(!a || !b) return 1;

  for(i=0; i<len; i++){
    if( ((char *)a)[i] != ((char *)b)[i] ){
      rc = 1;
    }
  }
  return rc;
}


int dynsec_auth__basic_auth_callback(int event, void *event_data, void *userdata)
{
  struct mosquitto_evt_basic_auth *ed = event_data;
  struct dynsec__data *data = userdata;
  struct dynsec__client *client;
  unsigned char password_hash[64]; /* For SHA512 */
  const char *clientid;

  UNUSED(event);
  UNUSED(userdata);

  if(ed->username == NULL || ed->password == NULL) return MOSQ_ERR_PLUGIN_DEFER;

  client = dynsec_clients__find(data, ed->username);
  if(client){
    if(client->disabled){
      return MOSQ_ERR_AUTH;
    }
    if(client->clientid){
      clientid = mosquitto_client_id(ed->client);
      if(clientid == NULL || strcmp(client->clientid, clientid)){
        return MOSQ_ERR_AUTH;
      }
    }
    if(client->pw.valid && dynsec_auth__pw_hash(client, ed->password, password_hash, sizeof(password_hash), false) == MOSQ_ERR_SUCCESS){
      if(memcmp_const(client->pw.password_hash, password_hash, sizeof(password_hash)) == 0){
        return MOSQ_ERR_SUCCESS;
      }else{
        return MOSQ_ERR_AUTH;
      }
    }else{
      return MOSQ_ERR_PLUGIN_DEFER;
    }
  }else{
    return MOSQ_ERR_PLUGIN_DEFER;
  }
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		Copyright (c) 2020-2021 Roger Light <roger@atchoo.org>
3
4		All rights reserved. This program and the accompanying materials
5		are made available under the terms of the Eclipse Public License 2.0
6		and Eclipse Distribution License v1.0 which accompany this distribution.
7
8		The Eclipse Public License is available at
9		https://www.eclipse.org/legal/epl-2.0/
10		and the Eclipse Distribution License is available at
11		http://www.eclipse.org/org/documents/edl-v10.php.
12
13		SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
14
15		Contributors:
16		Roger Light - initial implementation and documentation.
17		*/
18
19		#include "config.h"
20
21		#include <openssl/bio.h>
22		#include <openssl/buffer.h>
23		#include <openssl/evp.h>
24		#include <openssl/rand.h>
25
26		#include "dynamic_security.h"
27		#include "mosquitto.h"
28		#include "mosquitto_broker.h"
29
30
31		/* ################################################################
32		* #
33		* # Username/password check
34		* #
35		* ################################################################ */
36
37		static int memcmp_const(const void a, const void b, size_t len)
38	0	{
39	0	size_t i;
40	0	int rc = 0;
41
42	0	if(!a \|\| !b) return 1;
43
44	0	for(i=0; i<len; i++){
45	0	if( ((char )a)[i] != ((char )b)[i] ){
46	0	rc = 1;
47	0	}
48	0	}
49	0	return rc;
50	0	}
51
52
53		int dynsec_auth__basic_auth_callback(int event, void event_data, void userdata)
54	0	{
55	0	struct mosquitto_evt_basic_auth *ed = event_data;
56	0	struct dynsec__data *data = userdata;
57	0	struct dynsec__client *client;
58	0	unsigned char password_hash[64]; /* For SHA512 */
59	0	const char *clientid;
60
61	0	UNUSED(event);
62	0	UNUSED(userdata);
63
64	0	if(ed->username == NULL \|\| ed->password == NULL) return MOSQ_ERR_PLUGIN_DEFER;
65
66	0	client = dynsec_clients__find(data, ed->username);
67	0	if(client){
68	0	if(client->disabled){
69	0	return MOSQ_ERR_AUTH;
70	0	}
71	0	if(client->clientid){
72	0	clientid = mosquitto_client_id(ed->client);
73	0	if(clientid == NULL \|\| strcmp(client->clientid, clientid)){
74	0	return MOSQ_ERR_AUTH;
75	0	}
76	0	}
77	0	if(client->pw.valid && dynsec_auth__pw_hash(client, ed->password, password_hash, sizeof(password_hash), false) == MOSQ_ERR_SUCCESS){
78	0	if(memcmp_const(client->pw.password_hash, password_hash, sizeof(password_hash)) == 0){
79	0	return MOSQ_ERR_SUCCESS;
80	0	}else{
81	0	return MOSQ_ERR_AUTH;
82	0	}
83	0	}else{
84	0	return MOSQ_ERR_PLUGIN_DEFER;
85	0	}
86	0	}else{
87	0	return MOSQ_ERR_PLUGIN_DEFER;
88	0	}
89	0	}

Coverage Report

Created: 2023-06-07 06:10