Skip to content

Commit

Permalink
Move password functions to libcommon.
Browse files Browse the repository at this point in the history
  • Loading branch information
ralight committed Jun 11, 2024
1 parent 1bb2299 commit 3851bd9
Show file tree
Hide file tree
Showing 38 changed files with 606 additions and 552 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/mosquitto-make.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ jobs:
submodules: 'true'
-
name: make
run: make ALLOC_MISMATCH_ABORT=yes
run: make
-
name: make test
run: |
make ALLOC_MISMATCH_ABORT=yes ptest
make ptest
8 changes: 0 additions & 8 deletions apps/mosquitto_ctrl/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ if(WITH_TLS)
../mosquitto_passwd/get_password.c ../mosquitto_passwd/get_password.h
options.c
../../common/json_help.c ../../common/json_help.h
../../common/password_mosq.c ../../common/password_mosq.h
)

target_include_directories(mosquitto_ctrl PRIVATE
Expand Down Expand Up @@ -46,13 +45,6 @@ if(WITH_TLS)
endif()
endif()

if(ARGON2_FOUND)
target_link_libraries(mosquitto_ctrl
PRIVATE
argon2
)
endif()

target_link_libraries(mosquitto_ctrl
PRIVATE
common-options
Expand Down
8 changes: 2 additions & 6 deletions apps/mosquitto_ctrl/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ include ${R}/config.mk
LOCAL_CFLAGS+=
LOCAL_CPPFLAGS+=-I${R}/lib -I${R}/apps/mosquitto_passwd -I${R}/plugins/dynamic-security -I${R}/common
LOCAL_LDFLAGS+=
LOCAL_LDADD+=-lcjson -ldl ${LIBMOSQ} ${LIBMOSQ_COMMON} ${LIB_ARGON2}
LOCAL_LDADD+=-lcjson -ldl ${LIBMOSQ} ${LIBMOSQ_COMMON}

# ------------------------------------------
# Compile time options
Expand Down Expand Up @@ -34,8 +34,7 @@ OBJS= \

OBJS_EXTERNAL= \
get_password.o \
json_help.o \
password_mosq.o
json_help.o

EXAMPLE_OBJS= example.o

Expand Down Expand Up @@ -65,9 +64,6 @@ get_password.o : ${R}/apps/mosquitto_passwd/get_password.c ${R}/apps/mosquitto_p
json_help.o : ${R}/common/json_help.c ${R}/common/json_help.h
${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@

password_mosq.o : ${R}/common/password_mosq.c ${R}/common/password_mosq.h
${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@

${R}/lib/libmosquitto.so.${SOVERSION} :
$(MAKE) -C ${R}/lib

Expand Down
43 changes: 10 additions & 33 deletions apps/mosquitto_ctrl/dynsec.c
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
#include "mosquitto_ctrl.h"
#include "mosquitto.h"
#include "json_help.h"
#include "password_mosq.h"
#include "get_password.h"

#define MAX_STRING_LEN 4096
Expand Down Expand Up @@ -561,16 +560,16 @@ static cJSON *init_add_role(const char *rolename)
static cJSON *init_add_client(const char *username, const char *password, const char *rolename)
{
cJSON *j_client, *j_roles, *j_role;
struct mosquitto_pw pw;
struct mosquitto_pw *pw;

memset(&pw, 0, sizeof(pw));

if(pw__create(&pw, password) != MOSQ_ERR_SUCCESS){
if(mosquitto_pw_new(&pw, MOSQ_PW_DEFAULT) || mosquitto_pw_hash_encoded(pw, password)){
mosquitto_pw_cleanup(pw);
return NULL;
}

j_client = cJSON_CreateObject();
if(j_client == NULL){
mosquitto_pw_cleanup(pw);
return NULL;
}

Expand All @@ -579,38 +578,16 @@ static cJSON *init_add_client(const char *username, const char *password, const
){

cJSON_Delete(j_client);
mosquitto_pw_cleanup(pw);
return NULL;
}

if(pw.hashtype == pw_sha512_pbkdf2){
char *salt_b64 = NULL, *password_b64 = NULL;

if(mosquitto_base64_encode(pw.params.sha512_pbkdf2.salt, pw.params.sha512_pbkdf2.salt_len, &salt_b64)
|| mosquitto_base64_encode(pw.params.sha512_pbkdf2.password_hash, sizeof(pw.params.sha512_pbkdf2.password_hash), &password_b64)
|| cJSON_AddStringToObject(j_client, "salt", salt_b64) == NULL
|| cJSON_AddStringToObject(j_client, "password", password_b64) == NULL
|| cJSON_AddNumberToObject(j_client, "iterations", pw.params.sha512_pbkdf2.iterations) == NULL){

cJSON_Delete(j_client);
free(password_b64);
free(salt_b64);
return NULL;
}
free(password_b64);
free(salt_b64);
}else{
if(pw__encode(&pw) != MOSQ_ERR_SUCCESS){
cJSON_Delete(j_client);
return NULL;
}

if(cJSON_AddStringToObject(j_client, "encoded_password", pw.encoded_password) == NULL){
free(pw.encoded_password);
cJSON_Delete(j_client);
return NULL;
}
free(pw.encoded_password);
if(cJSON_AddStringToObject(j_client, "encoded_password", mosquitto_pw_get_encoded(pw)) == NULL){
cJSON_Delete(j_client);
mosquitto_pw_cleanup(pw);
return NULL;
}
mosquitto_pw_cleanup(pw);

j_roles = cJSON_CreateArray();
if(j_roles == NULL){
Expand Down
89 changes: 25 additions & 64 deletions apps/mosquitto_ctrl/dynsec_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
#include "mosquitto_ctrl.h"
#include "get_password.h"
#include "json_help.h"
#include "password_mosq.h"
#include "dynamic_security.h"

int dynsec_client__create(int argc, char *argv[], cJSON *j_command)
Expand Down Expand Up @@ -161,6 +160,7 @@ int dynsec_client__file_set_password(int argc, char *argv[], const char *file)
struct dynsec__client client;
char *json_str;
int i;
int iterations = -1;

memset(&client, 0, sizeof(client));

Expand All @@ -176,7 +176,7 @@ int dynsec_client__file_set_password(int argc, char *argv[], const char *file)
fprintf(stderr, "Error: -i argument given, but no iterations provided.\n");
return MOSQ_ERR_INVAL;
}
client.pw.params.sha512_pbkdf2.iterations = atoi(argv[i+1]);
iterations = atoi(argv[i+1]);
i++;
}else{
fprintf(stderr, "Error: Unknown argument: %s\n", argv[i]);
Expand Down Expand Up @@ -231,89 +231,50 @@ int dynsec_client__file_set_password(int argc, char *argv[], const char *file)
const char *username_json;
if(json_get_string(j_client, "username", &username_json, false) == MOSQ_ERR_SUCCESS){
if(!strcmp(username_json, username)){
if(pw__create(&client.pw, password)){
if(iterations == -1){
mosquitto_pw_new(&client.pw, MOSQ_PW_DEFAULT);
}else{
mosquitto_pw_new(&client.pw, MOSQ_PW_SHA512_PBKDF2);
mosquitto_pw_set_param(client.pw, MOSQ_PW_PARAM_ITERATIONS, iterations);
}
if(!client.pw || mosquitto_pw_hash_encoded(client.pw, password)){
cJSON_Delete(j_tree);
mosquitto_pw_cleanup(client.pw);
client.pw = NULL;
fprintf(stderr, "Error: Problem generating password hash.\n");
return MOSQ_ERR_NOMEM;
}

if(client.pw.hashtype == pw_sha512_pbkdf2){
char *password_b64, *salt_b64;
cJSON *j_password = NULL, *j_salt = NULL, *j_iterations = NULL;

if(mosquitto_base64_encode(client.pw.params.sha512_pbkdf2.password_hash, sizeof(client.pw.params.sha512_pbkdf2.password_hash), &password_b64) != MOSQ_ERR_SUCCESS){
fprintf(stderr, "Error: Problem generating password hash.\n");
pw__cleanup(&client.pw);
return MOSQ_ERR_NOMEM;
}
if(mosquitto_base64_encode(client.pw.params.sha512_pbkdf2.salt, client.pw.params.sha512_pbkdf2.salt_len, &salt_b64) != MOSQ_ERR_SUCCESS){
pw__cleanup(&client.pw);
free(password_b64);
fprintf(stderr, "Error: Problem generating password hash.\n");
return MOSQ_ERR_NOMEM;
}
if((j_password = cJSON_CreateString(password_b64)) == NULL
|| (j_salt = cJSON_CreateString(salt_b64)) == NULL
|| (j_iterations = cJSON_CreateNumber(client.pw.params.sha512_pbkdf2.iterations)) == NULL
){

pw__cleanup(&client.pw);
free(password_b64);
free(salt_b64);
fprintf(stderr, "Error: Out of memory.\n");
return MOSQ_ERR_NOMEM;
}
free(password_b64);
free(salt_b64);

cJSON_DeleteItemFromObject(j_client, "password");
cJSON_DeleteItemFromObject(j_client, "salt");
cJSON_DeleteItemFromObject(j_client, "iterations");
cJSON_DeleteItemFromObject(j_client, "encoded_password");

cJSON_AddItemToObject(j_client, "password", j_password);
cJSON_AddItemToObject(j_client, "salt", j_salt);
cJSON_AddItemToObject(j_client, "iterations", j_iterations);
j_password = NULL;
j_salt = NULL;
j_iterations = NULL;
}else{
if(pw__encode(&client.pw)){
fprintf(stderr, "Error: Out of memory.\n");
pw__cleanup(&client.pw);
return MOSQ_ERR_NOMEM;
}
cJSON *j_encoded_password = cJSON_CreateString(client.pw.encoded_password);
if(!j_encoded_password){
fprintf(stderr, "Error: Out of memory.\n");
pw__cleanup(&client.pw);
return MOSQ_ERR_NOMEM;
}

cJSON_DeleteItemFromObject(j_client, "password");
cJSON_DeleteItemFromObject(j_client, "salt");
cJSON_DeleteItemFromObject(j_client, "iterations");
cJSON_DeleteItemFromObject(j_client, "encoded_password");
cJSON_AddItemToObject(j_client, "encoded_password", j_encoded_password);
cJSON *j_encoded_password = cJSON_CreateString(mosquitto_pw_get_encoded(client.pw));
if(!j_encoded_password){
fprintf(stderr, "Error: Out of memory.\n");
cJSON_Delete(j_tree);
mosquitto_pw_cleanup(client.pw);
return MOSQ_ERR_NOMEM;
}
mosquitto_pw_cleanup(client.pw);

cJSON_DeleteItemFromObject(j_client, "password");
cJSON_DeleteItemFromObject(j_client, "salt");
cJSON_DeleteItemFromObject(j_client, "iterations");
cJSON_DeleteItemFromObject(j_client, "encoded_password");
cJSON_AddItemToObject(j_client, "encoded_password", j_encoded_password);

json_str = cJSON_Print(j_tree);
cJSON_Delete(j_tree);
if(json_str == NULL){
fprintf(stderr, "Error: Out of memory.\n");
pw__cleanup(&client.pw);
return MOSQ_ERR_NOMEM;
}
fptr = fopen(file, "wb");
if(fptr == NULL){
fprintf(stderr, "Error: Unable to write to %s.\n", file);
free(json_str);
pw__cleanup(&client.pw);
return MOSQ_ERR_UNKNOWN;
}
fprintf(fptr, "%s", json_str);
free(json_str);
fclose(fptr);
pw__cleanup(&client.pw);
return MOSQ_ERR_SUCCESS;
}
}
Expand Down
1 change: 0 additions & 1 deletion apps/mosquitto_ctrl/dynsec_group.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
#include "mosquitto.h"
#include "mosquitto_ctrl.h"
#include "json_help.h"
#include "password_mosq.h"

int dynsec_group__create(int argc, char *argv[], cJSON *j_command)
{
Expand Down
1 change: 0 additions & 1 deletion apps/mosquitto_ctrl/dynsec_role.c
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
#include "mosquitto.h"
#include "mosquitto_ctrl.h"
#include "json_help.h"
#include "password_mosq.h"

int dynsec_role__create(int argc, char *argv[], cJSON *j_command)
{
Expand Down
8 changes: 0 additions & 8 deletions apps/mosquitto_passwd/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ if(WITH_TLS)
add_executable(mosquitto_passwd
mosquitto_passwd.c
get_password.c get_password.h
../../common/password_mosq.c ../../common/password_mosq.h
)

target_include_directories(mosquitto_passwd PRIVATE
Expand All @@ -13,13 +12,6 @@ if(WITH_TLS)
"${mosquitto_SOURCE_DIR}/src"
)

if(ARGON2_FOUND)
target_link_libraries(mosquitto_passwd
PRIVATE
argon2
)
endif()

target_link_libraries(mosquitto_passwd
PRIVATE
common-options
Expand Down
8 changes: 2 additions & 6 deletions apps/mosquitto_passwd/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,15 @@ include ${R}/config.mk
LOCAL_CFLAGS+=
LOCAL_CPPFLAGS+=-I${R}/lib
LOCAL_LDFLAGS+=
LOCAL_LDADD+=-lcrypto ${LIB_ARGON2} ${LIBMOSQ_COMMON}
LOCAL_LDADD+=-lcrypto ${LIBMOSQ_COMMON}

.PHONY: all install uninstall clean reallyclean

OBJS= \
mosquitto_passwd.o \
get_password.o \

OBJS_EXTERNAL= \
password_mosq.o
OBJS_EXTERNAL=


ifeq ($(WITH_TLS),yes)
Expand All @@ -35,9 +34,6 @@ mosquitto_passwd.a : ${OBJS} ${OBJS_EXTERNAL}
${OBJS} : %.o: %.c
${CROSS_COMPILE}${CC} $(LOCAL_CPPFLAGS) $(LOCAL_CFLAGS) -c $< -o $@

password_mosq.o : ${R}/common/password_mosq.c ${R}/common/password_mosq.h
${CROSS_COMPILE}${CC} ${LOCAL_CPPFLAGS} $(LOCAL_CFLAGS) -c $< -o $@

install : all
ifeq ($(WITH_TLS),yes)
$(INSTALL) -d "${DESTDIR}$(prefix)/bin"
Expand Down
Loading

0 comments on commit 3851bd9

Please sign in to comment.