mosquitto-go-auth/auth-plugin.c

#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>

#include <mosquitto_broker.h>
#include <mosquitto_plugin.h>
#include <mosquitto.h>


#if MOSQ_AUTH_PLUGIN_VERSION >= 3
# define mosquitto_auth_opt mosquitto_opt
#endif

#include "go-auth.h"

// Same constant as one in go-auth.go.
#define AuthRejected 0
#define AuthGranted 1
#define AuthError 2

int mosquitto_auth_plugin_version(void) {
  #ifdef MOSQ_AUTH_PLUGIN_VERSION
    #if MOSQ_AUTH_PLUGIN_VERSION == 5
      return 4; // This is v2.0, use the backwards compatibility
    #else
      return MOSQ_AUTH_PLUGIN_VERSION;
    #endif
  #else
    return 4;
  #endif
}

int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count) {
  /*
    Pass auth_opts hash as keys and values char* arrays to Go in order to initialize them there.
  */

  GoInt32 opts_count = auth_opt_count;
  
  char *keys[auth_opt_count];
  char *values[auth_opt_count];
  int i;
  struct mosquitto_auth_opt *o;
  for (i = 0, o = auth_opts; i < auth_opt_count; i++, o++) {
    keys[i] = o->key;
    values[i] = o->value;
  }

  GoSlice keysSlice = {keys, auth_opt_count, auth_opt_count};
  GoSlice valuesSlice = {values, auth_opt_count, auth_opt_count};

  char versionArray[10];
  sprintf(versionArray, "%i.%i.%i", LIBMOSQUITTO_MAJOR, LIBMOSQUITTO_MINOR, LIBMOSQUITTO_REVISION);


  AuthPluginInit(keysSlice, valuesSlice, opts_count, versionArray);
  return MOSQ_ERR_SUCCESS;
}

int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count) {
  AuthPluginCleanup();
  return MOSQ_ERR_SUCCESS;
}

int mosquitto_auth_security_init(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload) {
  return MOSQ_ERR_SUCCESS;
}

int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload) {
  return MOSQ_ERR_SUCCESS;
}

#if MOSQ_AUTH_PLUGIN_VERSION >= 4
int mosquitto_auth_unpwd_check(void *user_data, struct mosquitto *client, const char *username, const char *password)
#elif MOSQ_AUTH_PLUGIN_VERSION >=3
int mosquitto_auth_unpwd_check(void *userdata, const struct mosquitto *client, const char *username, const char *password)
#else
int mosquitto_auth_unpwd_check(void *userdata, const char *username, const char *password)
#endif
{
  #if MOSQ_AUTH_PLUGIN_VERSION >= 3
    const char* clientid = mosquitto_client_id(client);
  #else
    const char* clientid = "";
  #endif
  if (username == NULL || password == NULL) {
    printf("error: received null username or password for unpwd check\n");
    fflush(stdout);
    return MOSQ_ERR_AUTH;
  }

  GoUint8 ret = AuthUnpwdCheck((char *)username, (char *)password, (char *)clientid);

  switch (ret)
  {
  case AuthGranted:
    return MOSQ_ERR_SUCCESS;
    break;
  case AuthRejected:
    return MOSQ_ERR_AUTH;
    break;
  case AuthError:
    return MOSQ_ERR_UNKNOWN;
    break;
  default:
    fprintf(stderr, "unknown plugin error: %d\n", ret);
    return MOSQ_ERR_UNKNOWN;
  }
}

#if MOSQ_AUTH_PLUGIN_VERSION >= 4
int mosquitto_auth_acl_check(void *user_data, int access, struct mosquitto *client, const struct mosquitto_acl_msg *msg)
#elif MOSQ_AUTH_PLUGIN_VERSION >= 3
int mosquitto_auth_acl_check(void *userdata, int access, const struct mosquitto *client, const struct mosquitto_acl_msg *msg)
#else
int mosquitto_auth_acl_check(void *userdata, const char *clientid, const char *username, const char *topic, int access)
#endif
{
  #if MOSQ_AUTH_PLUGIN_VERSION >= 3
    const char* clientid = mosquitto_client_id(client);
    const char* username = mosquitto_client_username(client);
    const char* topic = msg->topic;
  #endif
  if (clientid == NULL || username == NULL || topic == NULL || access < 1) {
    printf("error: received null username, clientid or topic, or access is equal or less than 0 for acl check\n");
    fflush(stdout);
    return MOSQ_ERR_ACL_DENIED;
  }

  GoUint8 ret = AuthAclCheck((char *)clientid, (char *)username, (char *)topic, access);

  switch (ret)
  {
  case AuthGranted:
    return MOSQ_ERR_SUCCESS;
    break;
  case AuthRejected:
    return MOSQ_ERR_ACL_DENIED;
    break;
  case AuthError:
    return MOSQ_ERR_UNKNOWN;
    break;
  default:
    fprintf(stderr, "unknown plugin error: %d\n", ret);
    return MOSQ_ERR_UNKNOWN;
  }
}

#if MOSQ_AUTH_PLUGIN_VERSION >= 4
int mosquitto_auth_psk_key_get(void *user_data, struct mosquitto *client, const char *hint, const char *identity, char *key, int max_key_len)
#elif MOSQ_AUTH_PLUGIN_VERSION >= 3
int mosquitto_auth_psk_key_get(void *userdata, const struct mosquitto *client, const char *hint, const char *identity, char *key, int max_key_len)
#else
int mosquitto_auth_psk_key_get(void *userdata, const char *hint, const char *identity, char *key, int max_key_len)
#endif
{
  return MOSQ_ERR_AUTH;
}
Mocking up functions. 2017-11-16 09:00:45 +08:00			`#include <string.h>`
			`#include <stdlib.h>`
			`#include <stdio.h>`
			`#include <errno.h>`

Fix include order for mosquitto 2.x 2021-01-13 03:34:00 +08:00			`#include <mosquitto_broker.h>`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`#include <mosquitto_plugin.h>`
Fix include order for mosquitto 2.x 2021-01-13 03:34:00 +08:00			`#include <mosquitto.h>`
Define MOSQ_AUTH_PLUGIN_VERSION if not defined to support 1.4.x and older versions. 2020-10-23 07:49:20 +08:00
Check if plugin version is defined to return the right version. 2020-10-24 07:10:19 +08:00
Testing support for mosquitto 1.5 > 2018-10-05 05:15:22 +08:00			`#if MOSQ_AUTH_PLUGIN_VERSION >= 3`
			`# define mosquitto_auth_opt mosquitto_opt`
			`#endif`

Define MOSQ_AUTH_PLUGIN_VERSION if not defined to support 1.4.x and older versions. 2020-10-23 07:49:20 +08:00			`#include "go-auth.h"`

Improve handling of backend failure * No longer cache response from backend when the backend fail. * Reply to Mosquitto using "MOSQ_ERR_UNKNOWN" which will disconnect client and avoid silent data loss when the error occure for ACL checks. 2020-11-13 22:41:22 +08:00			`// Same constant as one in go-auth.go.`
			`#define AuthRejected 0`
			`#define AuthGranted 1`
			`#define AuthError 2`

Mocking up functions. 2017-11-16 09:00:45 +08:00			`int mosquitto_auth_plugin_version(void) {`
Fix indentation. 2020-10-24 07:17:24 +08:00			`#ifdef MOSQ_AUTH_PLUGIN_VERSION`
Check if plugin version is defined to return the right version. 2020-10-24 07:10:19 +08:00			`#if MOSQ_AUTH_PLUGIN_VERSION == 5`
Fix indentation. 2020-10-24 07:17:46 +08:00			`return 4; // This is v2.0, use the backwards compatibility`
Check if plugin version is defined to return the right version. 2020-10-24 07:10:19 +08:00			`#else`
Fix indentation. 2020-10-24 07:17:46 +08:00			`return MOSQ_AUTH_PLUGIN_VERSION;`
Check if plugin version is defined to return the right version. 2020-10-24 07:10:19 +08:00			`#endif`
Fix indentation. 2020-10-24 07:17:24 +08:00			`#else`
Check if plugin version is defined to return the right version. 2020-10-24 07:10:19 +08:00			`return 4;`
Fix indentation. 2020-10-24 07:17:24 +08:00			`#endif`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`}`

			`int mosquitto_auth_plugin_init(void *user_data, struct mosquitto_auth_opt auth_opts, int auth_opt_count) {`
			`/*`
Opts passed as char* arrays. 2017-11-23 10:26:40 +08:00			`Pass auth_opts hash as keys and values char* arrays to Go in order to initialize them there.`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`*/`
Opts passed as char* arrays. 2017-11-23 10:26:40 +08:00
Passing params. 2017-11-17 07:53:26 +08:00			`GoInt32 opts_count = auth_opt_count;`
Opts passed as char* arrays. 2017-11-23 10:26:40 +08:00
Pass char* to Go and convert with C.GoString, avoiding unsafe use Using the char* passed by Mosquitto in a GoString struct is unsafe. The memory it points to is managed by Mosquitto, but Go will keep the pointer around for an indefinite duration, even when Mosquitto might free the memory. By passing the actual char* to Go, we can use C.GoString to convert it, which copies the bytes into a buffer managed by Go. That way we can use it safely at any time in the future. 2023-06-12 00:39:18 +08:00			`char *keys[auth_opt_count];`
			`char *values[auth_opt_count];`
Opts passed as char* arrays. 2017-11-23 10:26:40 +08:00			`int i;`
			`struct mosquitto_auth_opt *o;`
			`for (i = 0, o = auth_opts; i < auth_opt_count; i++, o++) {`
Pass char* to Go and convert with C.GoString, avoiding unsafe use Using the char* passed by Mosquitto in a GoString struct is unsafe. The memory it points to is managed by Mosquitto, but Go will keep the pointer around for an indefinite duration, even when Mosquitto might free the memory. By passing the actual char* to Go, we can use C.GoString to convert it, which copies the bytes into a buffer managed by Go. That way we can use it safely at any time in the future. 2023-06-12 00:39:18 +08:00			`keys[i] = o->key;`
			`values[i] = o->value;`
Opts passed as char* arrays. 2017-11-23 10:26:40 +08:00			`}`

			`GoSlice keysSlice = {keys, auth_opt_count, auth_opt_count};`
			`GoSlice valuesSlice = {values, auth_opt_count, auth_opt_count};`

Add user-agent to requests (#176) * Add default 'mosquitto' user-agent to http/jwt requests * Add libmosquitto version ofr http and jwt remote user agent. Add more room for extended versions. Co-authored-by: Ignacio Gómez <iegomez@uc.cl> 2021-07-12 09:52:22 +08:00			`char versionArray[10];`
			`sprintf(versionArray, "%i.%i.%i", LIBMOSQUITTO_MAJOR, LIBMOSQUITTO_MINOR, LIBMOSQUITTO_REVISION);`


Pass char* to Go and convert with C.GoString, avoiding unsafe use Using the char* passed by Mosquitto in a GoString struct is unsafe. The memory it points to is managed by Mosquitto, but Go will keep the pointer around for an indefinite duration, even when Mosquitto might free the memory. By passing the actual char* to Go, we can use C.GoString to convert it, which copies the bytes into a buffer managed by Go. That way we can use it safely at any time in the future. 2023-06-12 00:39:18 +08:00			`AuthPluginInit(keysSlice, valuesSlice, opts_count, versionArray);`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`return MOSQ_ERR_SUCCESS;`
			`}`

			`int mosquitto_auth_plugin_cleanup(void user_data, struct mosquitto_auth_opt auth_opts, int auth_opt_count) {`
Included plugin cleanup on mosquitto halt. 2018-01-09 23:13:18 +08:00			`AuthPluginCleanup();`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`return MOSQ_ERR_SUCCESS;`
			`}`

			`int mosquitto_auth_security_init(void user_data, struct mosquitto_auth_opt auth_opts, int auth_opt_count, bool reload) {`
			`return MOSQ_ERR_SUCCESS;`
			`}`

			`int mosquitto_auth_security_cleanup(void user_data, struct mosquitto_auth_opt auth_opts, int auth_opt_count, bool reload) {`
			`return MOSQ_ERR_SUCCESS;`
			`}`

Add 1.6 support (MOSQ_AUTH_PLUGIN_VERSION 4). 2019-05-02 21:43:34 +08:00			`#if MOSQ_AUTH_PLUGIN_VERSION >= 4`
			`int mosquitto_auth_unpwd_check(void user_data, struct mosquitto client, const char username, const char password)`
			`#elif MOSQ_AUTH_PLUGIN_VERSION >=3`
Testing support for mosquitto 1.5 > 2018-10-05 05:15:22 +08:00			`int mosquitto_auth_unpwd_check(void userdata, const struct mosquitto client, const char username, const char password)`
			`#else`
			`int mosquitto_auth_unpwd_check(void userdata, const char username, const char *password)`
			`#endif`
			`{`
Finish getuser clientid support. 2020-02-22 10:27:51 +08:00			`#if MOSQ_AUTH_PLUGIN_VERSION >= 3`
			`const char* clientid = mosquitto_client_id(client);`
			`#else`
			`const char* clientid = "";`
			`#endif`
Fixed auth error response. 2018-02-06 22:31:08 +08:00			`if (username == NULL \|\| password == NULL) {`
Specific ACL message for debugging. 2018-03-07 02:51:59 +08:00			`printf("error: received null username or password for unpwd check\n");`
ACL debug messages. 2018-03-06 22:28:40 +08:00			`fflush(stdout);`
Checking why mosquitto_broker isn't getting included. 2018-10-05 05:32:45 +08:00			`return MOSQ_ERR_AUTH;`
Fixed auth error response. 2018-02-06 22:31:08 +08:00			`}`

Pass char* to Go and convert with C.GoString, avoiding unsafe use Using the char* passed by Mosquitto in a GoString struct is unsafe. The memory it points to is managed by Mosquitto, but Go will keep the pointer around for an indefinite duration, even when Mosquitto might free the memory. By passing the actual char* to Go, we can use C.GoString to convert it, which copies the bytes into a buffer managed by Go. That way we can use it safely at any time in the future. 2023-06-12 00:39:18 +08:00			`GoUint8 ret = AuthUnpwdCheck((char )username, (char )password, (char *)clientid);`
Improve handling of backend failure * No longer cache response from backend when the backend fail. * Reply to Mosquitto using "MOSQ_ERR_UNKNOWN" which will disconnect client and avoid silent data loss when the error occure for ACL checks. 2020-11-13 22:41:22 +08:00
Use switch and cover all plugin possible reply 2021-02-13 20:55:21 +08:00			`switch (ret)`
			`{`
			`case AuthGranted:`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`return MOSQ_ERR_SUCCESS;`
Use switch and cover all plugin possible reply 2021-02-13 20:55:21 +08:00			`break;`
			`case AuthRejected:`
			`return MOSQ_ERR_AUTH;`
			`break;`
			`case AuthError:`
			`return MOSQ_ERR_UNKNOWN;`
			`break;`
			`default:`
			`fprintf(stderr, "unknown plugin error: %d\n", ret);`
Improve handling of backend failure * No longer cache response from backend when the backend fail. * Reply to Mosquitto using "MOSQ_ERR_UNKNOWN" which will disconnect client and avoid silent data loss when the error occure for ACL checks. 2020-11-13 22:41:22 +08:00			`return MOSQ_ERR_UNKNOWN;`
			`}`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`}`

Add 1.6 support (MOSQ_AUTH_PLUGIN_VERSION 4). 2019-05-02 21:43:34 +08:00			`#if MOSQ_AUTH_PLUGIN_VERSION >= 4`
			`int mosquitto_auth_acl_check(void user_data, int access, struct mosquitto client, const struct mosquitto_acl_msg *msg)`
			`#elif MOSQ_AUTH_PLUGIN_VERSION >= 3`
Testing support for mosquitto 1.5 > 2018-10-05 05:15:22 +08:00			`int mosquitto_auth_acl_check(void userdata, int access, const struct mosquitto client, const struct mosquitto_acl_msg *msg)`
			`#else`
			`int mosquitto_auth_acl_check(void userdata, const char clientid, const char username, const char topic, int access)`
			`#endif`
			`{`
Checking why mosquitto_broker isn't getting included. 2018-10-05 05:32:45 +08:00			`#if MOSQ_AUTH_PLUGIN_VERSION >= 3`
Handle new acl msg and client for 1.5 2018-10-05 05:20:40 +08:00			`const char* clientid = mosquitto_client_id(client);`
			`const char* username = mosquitto_client_username(client);`
			`const char* topic = msg->topic;`
			`#endif`
ACL debug messages. 2018-03-06 22:28:40 +08:00			`if (clientid == NULL \|\| username == NULL \|\| topic == NULL \|\| access < 1) {`
Specific ACL message for debugging. 2018-03-07 02:51:59 +08:00			`printf("error: received null username, clientid or topic, or access is equal or less than 0 for acl check\n");`
ACL debug messages. 2018-03-06 22:28:40 +08:00			`fflush(stdout);`
Checking why mosquitto_broker isn't getting included. 2018-10-05 05:32:45 +08:00			`return MOSQ_ERR_ACL_DENIED;`
ACL debug messages. 2018-03-06 22:28:40 +08:00			`}`
Mosquitto 1.5.x support by exporting flags. 2018-10-12 03:13:01 +08:00
Pass char* to Go and convert with C.GoString, avoiding unsafe use Using the char* passed by Mosquitto in a GoString struct is unsafe. The memory it points to is managed by Mosquitto, but Go will keep the pointer around for an indefinite duration, even when Mosquitto might free the memory. By passing the actual char* to Go, we can use C.GoString to convert it, which copies the bytes into a buffer managed by Go. That way we can use it safely at any time in the future. 2023-06-12 00:39:18 +08:00			`GoUint8 ret = AuthAclCheck((char )clientid, (char )username, (char *)topic, access);`
Improve handling of backend failure * No longer cache response from backend when the backend fail. * Reply to Mosquitto using "MOSQ_ERR_UNKNOWN" which will disconnect client and avoid silent data loss when the error occure for ACL checks. 2020-11-13 22:41:22 +08:00
Use switch and cover all plugin possible reply 2021-02-13 20:55:21 +08:00			`switch (ret)`
			`{`
			`case AuthGranted:`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`return MOSQ_ERR_SUCCESS;`
Use switch and cover all plugin possible reply 2021-02-13 20:55:21 +08:00			`break;`
			`case AuthRejected:`
			`return MOSQ_ERR_ACL_DENIED;`
			`break;`
			`case AuthError:`
			`return MOSQ_ERR_UNKNOWN;`
			`break;`
			`default:`
			`fprintf(stderr, "unknown plugin error: %d\n", ret);`
Improve handling of backend failure * No longer cache response from backend when the backend fail. * Reply to Mosquitto using "MOSQ_ERR_UNKNOWN" which will disconnect client and avoid silent data loss when the error occure for ACL checks. 2020-11-13 22:41:22 +08:00			`return MOSQ_ERR_UNKNOWN;`
			`}`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`}`

Add 1.6 support (MOSQ_AUTH_PLUGIN_VERSION 4). 2019-05-02 21:43:34 +08:00			`#if MOSQ_AUTH_PLUGIN_VERSION >= 4`
			`int mosquitto_auth_psk_key_get(void user_data, struct mosquitto client, const char hint, const char identity, char *key, int max_key_len)`
			`#elif MOSQ_AUTH_PLUGIN_VERSION >= 3`
Testing support for mosquitto 1.5 > 2018-10-05 05:15:22 +08:00			`int mosquitto_auth_psk_key_get(void userdata, const struct mosquitto client, const char hint, const char identity, char *key, int max_key_len)`
			`#else`
			`int mosquitto_auth_psk_key_get(void userdata, const char hint, const char identity, char key, int max_key_len)`
			`#endif`
			`{`
Checking why mosquitto_broker isn't getting included. 2018-10-05 05:32:45 +08:00			`return MOSQ_ERR_AUTH;`
Mocking up functions. 2017-11-16 09:00:45 +08:00			`}`