/src/mosquitto/src/handle_auth.c

Source
/*
Copyright (c) 2018-2021 Roger Light <roger@atchoo.org>

All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License 2.0
and Eclipse Distribution License v1.0 which accompany this distribution.

The Eclipse Public License is available at
   https://www.eclipse.org/legal/epl-2.0/
and the Eclipse Distribution License is available at
  http://www.eclipse.org/org/documents/edl-v10.php.

SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause

Contributors:
   Roger Light - initial implementation and documentation.
*/

#include "config.h"

#include <stdio.h>
#include <string.h>

#include "mosquitto_broker_internal.h"
#include "mosquitto/mqtt_protocol.h"
#include "packet_mosq.h"
#include "property_mosq.h"
#include "send_mosq.h"
#include "util_mosq.h"
#include "will_mosq.h"


int handle__auth(struct mosquitto *context)
{
  int rc = 0;
  uint8_t reason_code = 0;
  mosquitto_property *properties = NULL;
  char *auth_method = NULL;
  void *auth_data = NULL;
  uint16_t auth_data_len = 0;
  void *auth_data_out = NULL;
  uint16_t auth_data_out_len = 0;

  if(!context){
    return MOSQ_ERR_INVAL;
  }

  if(context->protocol != mosq_p_mqtt5 || context->auth_method == NULL){
    return MOSQ_ERR_PROTOCOL;
  }
  if(context->in_packet.command != CMD_AUTH){
    return MOSQ_ERR_MALFORMED_PACKET;
  }

  if(context->in_packet.remaining_length > 0){
    if(packet__read_byte(&context->in_packet, &reason_code)){
      return MOSQ_ERR_MALFORMED_PACKET;
    }
    if(reason_code != MQTT_RC_CONTINUE_AUTHENTICATION
        && reason_code != MQTT_RC_REAUTHENTICATE){

      send__disconnect(context, MQTT_RC_PROTOCOL_ERROR, NULL);
      return MOSQ_ERR_PROTOCOL;
    }

    if((reason_code == MQTT_RC_REAUTHENTICATE && context->state != mosq_cs_active)
        || (reason_code == MQTT_RC_CONTINUE_AUTHENTICATION
        && context->state != mosq_cs_authenticating && context->state != mosq_cs_reauthenticating)){

      send__disconnect(context, MQTT_RC_PROTOCOL_ERROR, NULL);
      return MOSQ_ERR_PROTOCOL;
    }

    rc = property__read_all(CMD_AUTH, &context->in_packet, &properties);
    if(rc){
      send__disconnect(context, MQTT_RC_UNSPECIFIED, NULL);
      return rc;
    }


    if(mosquitto_property_read_string(properties, MQTT_PROP_AUTHENTICATION_METHOD, &auth_method, false) == NULL){
      mosquitto_property_free_all(&properties);
      send__disconnect(context, MQTT_RC_UNSPECIFIED, NULL);
      return MOSQ_ERR_PROTOCOL;
    }

    if(!auth_method || strcmp(auth_method, context->auth_method)){
      /* No method, or non-matching method */
      mosquitto_FREE(auth_method);
      mosquitto_property_free_all(&properties);
      send__disconnect(context, MQTT_RC_PROTOCOL_ERROR, NULL);
      return MOSQ_ERR_PROTOCOL;
    }
    mosquitto_FREE(auth_method);

    mosquitto_property_read_binary(properties, MQTT_PROP_AUTHENTICATION_DATA, &auth_data, &auth_data_len, false);

    mosquitto_property_free_all(&properties); /* FIXME - TEMPORARY UNTIL PROPERTIES PROCESSED */
  }

  log__printf(NULL, MOSQ_LOG_DEBUG, "Received AUTH from %s (rc%d, %s)", context->id, reason_code, context->auth_method);


  if(reason_code == MQTT_RC_REAUTHENTICATE){
    /* This is a re-authentication attempt */
    mosquitto__set_state(context, mosq_cs_reauthenticating);
    rc = mosquitto_security_auth_start(context, true, auth_data, auth_data_len, &auth_data_out, &auth_data_out_len);
  }else{
    if(context->state != mosq_cs_reauthenticating){
      mosquitto__set_state(context, mosq_cs_authenticating);
    }
    rc = mosquitto_security_auth_continue(context, auth_data, auth_data_len, &auth_data_out, &auth_data_out_len);
  }
  mosquitto_FREE(auth_data);
  if(rc == MOSQ_ERR_SUCCESS){
    if(context->state == mosq_cs_authenticating){
      return connect__on_authorised(context, auth_data_out, auth_data_out_len);
    }else{
      mosquitto__set_state(context, mosq_cs_active);
      rc = send__auth(context, MQTT_RC_SUCCESS, auth_data_out, auth_data_out_len);
      SAFE_FREE(auth_data_out);
      return rc;
    }
  }else if(rc == MOSQ_ERR_AUTH_CONTINUE){
    rc = send__auth(context, MQTT_RC_CONTINUE_AUTHENTICATION, auth_data_out, auth_data_out_len);
    SAFE_FREE(auth_data_out);
    return rc;
  }else{
    SAFE_FREE(auth_data_out);
    if(context->state == mosq_cs_authenticating && context->will){
      /* Free will without sending if this is our first authentication attempt */
      will__clear(context);
    }
    if(rc == MOSQ_ERR_AUTH){
      if(context->state == mosq_cs_authenticating){
        send__connack(context, 0, MQTT_RC_NOT_AUTHORIZED, NULL);
        mosquitto_FREE(context->id);
      }else{
        send__disconnect(context, MQTT_RC_NOT_AUTHORIZED, NULL);
      }
      return MOSQ_ERR_PROTOCOL;
    }else if(rc == MOSQ_ERR_NOT_SUPPORTED){
      /* Client has requested extended authentication, but we don't support it. */
      if(context->state == mosq_cs_authenticating){
        send__connack(context, 0, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
        mosquitto_FREE(context->id);
      }else{
        send__disconnect(context, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
      }
      return MOSQ_ERR_PROTOCOL;
    }else{
      if(context->state == mosq_cs_authenticating){
        mosquitto_FREE(context->id);
      }
      return rc;
    }
  }
}

Line	Count	Source
1		/*
2		Copyright (c) 2018-2021 Roger Light <roger@atchoo.org>
3
4		All rights reserved. This program and the accompanying materials
5		are made available under the terms of the Eclipse Public License 2.0
6		and Eclipse Distribution License v1.0 which accompany this distribution.
7
8		The Eclipse Public License is available at
9		https://www.eclipse.org/legal/epl-2.0/
10		and the Eclipse Distribution License is available at
11		http://www.eclipse.org/org/documents/edl-v10.php.
12
13		SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
14
15		Contributors:
16		Roger Light - initial implementation and documentation.
17		*/
18
19		#include "config.h"
20
21		#include <stdio.h>
22		#include <string.h>
23
24		#include "mosquitto_broker_internal.h"
25		#include "mosquitto/mqtt_protocol.h"
26		#include "packet_mosq.h"
27		#include "property_mosq.h"
28		#include "send_mosq.h"
29		#include "util_mosq.h"
30		#include "will_mosq.h"
31
32
33		int handle__auth(struct mosquitto *context)
34	184	{
35	184	int rc = 0;
36	184	uint8_t reason_code = 0;
37	184	mosquitto_property *properties = NULL;
38	184	char *auth_method = NULL;
39	184	void *auth_data = NULL;
40	184	uint16_t auth_data_len = 0;
41	184	void *auth_data_out = NULL;
42	184	uint16_t auth_data_out_len = 0;
43
44	184	if(!context){
45	0	return MOSQ_ERR_INVAL;
46	0	}
47
48	184	if(context->protocol != mosq_p_mqtt5 \|\| context->auth_method == NULL){
49	0	return MOSQ_ERR_PROTOCOL;
50	0	}
51	184	if(context->in_packet.command != CMD_AUTH){
52	62	return MOSQ_ERR_MALFORMED_PACKET;
53	62	}
54
55	122	if(context->in_packet.remaining_length > 0){
56	112	if(packet__read_byte(&context->in_packet, &reason_code)){
57	1	return MOSQ_ERR_MALFORMED_PACKET;
58	1	}
59	111	if(reason_code != MQTT_RC_CONTINUE_AUTHENTICATION
60	0	&& reason_code != MQTT_RC_REAUTHENTICATE){
61
62	0	send__disconnect(context, MQTT_RC_PROTOCOL_ERROR, NULL);
63	0	return MOSQ_ERR_PROTOCOL;
64	0	}
65
66	111	if((reason_code == MQTT_RC_REAUTHENTICATE && context->state != mosq_cs_active)
67	111	\|\| (reason_code == MQTT_RC_CONTINUE_AUTHENTICATION
68	111	&& context->state != mosq_cs_authenticating && context->state != mosq_cs_reauthenticating)){
69
70	0	send__disconnect(context, MQTT_RC_PROTOCOL_ERROR, NULL);
71	0	return MOSQ_ERR_PROTOCOL;
72	0	}
73
74	111	rc = property__read_all(CMD_AUTH, &context->in_packet, &properties);
75	111	if(rc){
76	0	send__disconnect(context, MQTT_RC_UNSPECIFIED, NULL);
77	0	return rc;
78	0	}
79
80
81	111	if(mosquitto_property_read_string(properties, MQTT_PROP_AUTHENTICATION_METHOD, &auth_method, false) == NULL){
82	0	mosquitto_property_free_all(&properties);
83	0	send__disconnect(context, MQTT_RC_UNSPECIFIED, NULL);
84	0	return MOSQ_ERR_PROTOCOL;
85	0	}
86
87	111	if(!auth_method \|\| strcmp(auth_method, context->auth_method)){
88		/* No method, or non-matching method */
89	0	mosquitto_FREE(auth_method);
90	0	mosquitto_property_free_all(&properties);
91	0	send__disconnect(context, MQTT_RC_PROTOCOL_ERROR, NULL);
92	0	return MOSQ_ERR_PROTOCOL;
93	0	}
94	111	mosquitto_FREE(auth_method);
95
96	111	mosquitto_property_read_binary(properties, MQTT_PROP_AUTHENTICATION_DATA, &auth_data, &auth_data_len, false);
97
98	111	mosquitto_property_free_all(&properties); /* FIXME - TEMPORARY UNTIL PROPERTIES PROCESSED */
99	111	}
100
101	121	log__printf(NULL, MOSQ_LOG_DEBUG, "Received AUTH from %s (rc%d, %s)", context->id, reason_code, context->auth_method);
102
103
104	121	if(reason_code == MQTT_RC_REAUTHENTICATE){
105		/* This is a re-authentication attempt */
106	0	mosquitto__set_state(context, mosq_cs_reauthenticating);
107	0	rc = mosquitto_security_auth_start(context, true, auth_data, auth_data_len, &auth_data_out, &auth_data_out_len);
108	121	}else{
109	121	if(context->state != mosq_cs_reauthenticating){
110	121	mosquitto__set_state(context, mosq_cs_authenticating);
111	121	}
112	121	rc = mosquitto_security_auth_continue(context, auth_data, auth_data_len, &auth_data_out, &auth_data_out_len);
113	121	}
114	121	mosquitto_FREE(auth_data);
115	121	if(rc == MOSQ_ERR_SUCCESS){
116	0	if(context->state == mosq_cs_authenticating){
117	0	return connect__on_authorised(context, auth_data_out, auth_data_out_len);
118	0	}else{
119	0	mosquitto__set_state(context, mosq_cs_active);
120	0	rc = send__auth(context, MQTT_RC_SUCCESS, auth_data_out, auth_data_out_len);
121	0	SAFE_FREE(auth_data_out);
122	0	return rc;
123	0	}
124	121	}else if(rc == MOSQ_ERR_AUTH_CONTINUE){
125	0	rc = send__auth(context, MQTT_RC_CONTINUE_AUTHENTICATION, auth_data_out, auth_data_out_len);
126	0	SAFE_FREE(auth_data_out);
127	0	return rc;
128	121	}else{
129	121	SAFE_FREE(auth_data_out);
130	121	if(context->state == mosq_cs_authenticating && context->will){
131		/* Free will without sending if this is our first authentication attempt */
132	0	will__clear(context);
133	0	}
134	121	if(rc == MOSQ_ERR_AUTH){
135	0	if(context->state == mosq_cs_authenticating){
136	0	send__connack(context, 0, MQTT_RC_NOT_AUTHORIZED, NULL);
137	0	mosquitto_FREE(context->id);
138	0	}else{
139	0	send__disconnect(context, MQTT_RC_NOT_AUTHORIZED, NULL);
140	0	}
141	0	return MOSQ_ERR_PROTOCOL;
142	121	}else if(rc == MOSQ_ERR_NOT_SUPPORTED){
143		/* Client has requested extended authentication, but we don't support it. */
144	121	if(context->state == mosq_cs_authenticating){
145	121	send__connack(context, 0, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
146	121	mosquitto_FREE(context->id);
147	121	}else{
148	0	send__disconnect(context, MQTT_RC_BAD_AUTHENTICATION_METHOD, NULL);
149	0	}
150	121	return MOSQ_ERR_PROTOCOL;
151	121	}else{
152	0	if(context->state == mosq_cs_authenticating){
153		mosquitto_FREE(context->id);
154	0	}
155	0	return rc;
156	0	}
157	121	}
158	121	}

Coverage Report

Created: 2025-11-24 06:45