2020-09-23 23:59:31 +02:00
|
|
|
#ifndef DYNAMIC_SECURITY_H
|
|
|
|
|
#define DYNAMIC_SECURITY_H
|
|
|
|
|
/*
|
2021-11-03 23:08:24 +01:00
|
|
|
Copyright (c) 2020-2021 Roger Light <roger@atchoo.org>
|
2020-09-23 23:59:31 +02:00
|
|
|
|
|
|
|
|
All rights reserved. This program and the accompanying materials
|
2020-11-25 18:34:21 +01:00
|
|
|
are made available under the terms of the Eclipse Public License 2.0
|
2020-09-23 23:59:31 +02:00
|
|
|
and Eclipse Distribution License v1.0 which accompany this distribution.
|
|
|
|
|
|
|
|
|
|
The Eclipse Public License is available at
|
2020-11-25 18:34:21 +01:00
|
|
|
https://www.eclipse.org/legal/epl-2.0/
|
2020-09-23 23:59:31 +02:00
|
|
|
and the Eclipse Distribution License is available at
|
|
|
|
|
http://www.eclipse.org/org/documents/edl-v10.php.
|
|
|
|
|
|
2021-01-20 12:46:18 +01:00
|
|
|
SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
|
2020-12-01 19:21:59 +01:00
|
|
|
|
2020-09-23 23:59:31 +02:00
|
|
|
Contributors:
|
|
|
|
|
Roger Light - initial implementation and documentation.
|
|
|
|
|
*/
|
|
|
|
|
|
2020-12-04 23:15:19 +01:00
|
|
|
#include <cjson/cJSON.h>
|
2020-09-23 23:59:31 +02:00
|
|
|
#include <uthash.h>
|
|
|
|
|
#include "mosquitto.h"
|
|
|
|
|
#include "password_mosq.h"
|
2021-09-10 00:55:33 +02:00
|
|
|
#include "base64_mosq.h"
|
2022-12-31 15:34:26 +01:00
|
|
|
#include "control_common.h"
|
2020-09-23 23:59:31 +02:00
|
|
|
|
2020-10-28 12:01:26 +01:00
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # ACL types
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
#define ACL_TYPE_PUB_C_RECV "publishClientReceive"
|
|
|
|
|
#define ACL_TYPE_PUB_C_SEND "publishClientSend"
|
|
|
|
|
#define ACL_TYPE_SUB_GENERIC "subscribe"
|
|
|
|
|
#define ACL_TYPE_SUB_LITERAL "subscribeLiteral"
|
|
|
|
|
#define ACL_TYPE_SUB_PATTERN "subscribePattern"
|
|
|
|
|
#define ACL_TYPE_UNSUB_GENERIC "unsubscribe"
|
|
|
|
|
#define ACL_TYPE_UNSUB_LITERAL "unsubscribeLiteral"
|
|
|
|
|
#define ACL_TYPE_UNSUB_PATTERN "unsubscribePattern"
|
|
|
|
|
|
2020-09-23 23:59:31 +02:00
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Error codes
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
#define ERR_USER_NOT_FOUND 10000
|
|
|
|
|
#define ERR_GROUP_NOT_FOUND 10001
|
|
|
|
|
#define ERR_LIST_NOT_FOUND 10002
|
|
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Datatypes
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
struct dynsec__clientlist{
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
struct dynsec__client *client;
|
|
|
|
|
int priority;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct dynsec__grouplist{
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
struct dynsec__group *group;
|
|
|
|
|
int priority;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct dynsec__rolelist{
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
struct dynsec__role *role;
|
|
|
|
|
int priority;
|
2022-08-05 14:03:34 +02:00
|
|
|
char rolename[];
|
2020-09-23 23:59:31 +02:00
|
|
|
};
|
|
|
|
|
|
2022-03-13 00:16:57 +01:00
|
|
|
struct dynsec__kicklist{
|
|
|
|
|
struct dynsec__kicklist *next, *prev;
|
|
|
|
|
char username[];
|
|
|
|
|
};
|
|
|
|
|
|
2020-09-23 23:59:31 +02:00
|
|
|
struct dynsec__client{
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
struct mosquitto_pw pw;
|
|
|
|
|
struct dynsec__rolelist *rolelist;
|
|
|
|
|
struct dynsec__grouplist *grouplist;
|
|
|
|
|
char *clientid;
|
|
|
|
|
char *text_name;
|
|
|
|
|
char *text_description;
|
2020-10-29 16:17:12 +01:00
|
|
|
bool disabled;
|
2022-08-05 14:03:34 +02:00
|
|
|
char username[];
|
2020-09-23 23:59:31 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct dynsec__group{
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
struct dynsec__rolelist *rolelist;
|
|
|
|
|
struct dynsec__clientlist *clientlist;
|
|
|
|
|
char *text_name;
|
|
|
|
|
char *text_description;
|
2022-08-05 14:03:34 +02:00
|
|
|
char groupname[];
|
2020-09-23 23:59:31 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
struct dynsec__acl{
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
int priority;
|
|
|
|
|
bool allow;
|
2022-08-05 14:03:34 +02:00
|
|
|
char topic[];
|
2020-09-23 23:59:31 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct dynsec__acls{
|
2020-10-28 12:01:26 +01:00
|
|
|
struct dynsec__acl *publish_c_send;
|
|
|
|
|
struct dynsec__acl *publish_c_recv;
|
2020-09-23 23:59:31 +02:00
|
|
|
struct dynsec__acl *subscribe_literal;
|
|
|
|
|
struct dynsec__acl *subscribe_pattern;
|
|
|
|
|
struct dynsec__acl *unsubscribe_literal;
|
|
|
|
|
struct dynsec__acl *unsubscribe_pattern;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct dynsec__role{
|
|
|
|
|
UT_hash_handle hh;
|
|
|
|
|
struct dynsec__acls acls;
|
2020-11-03 19:16:44 +01:00
|
|
|
struct dynsec__clientlist *clientlist;
|
|
|
|
|
struct dynsec__grouplist *grouplist;
|
2020-09-23 23:59:31 +02:00
|
|
|
char *text_name;
|
|
|
|
|
char *text_description;
|
2021-11-10 12:07:25 +01:00
|
|
|
bool allow_wildcard_subs;
|
2022-08-05 14:03:34 +02:00
|
|
|
char rolename[];
|
2020-09-23 23:59:31 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct dynsec__acl_default_access{
|
2020-10-28 12:01:26 +01:00
|
|
|
bool publish_c_send;
|
|
|
|
|
bool publish_c_recv;
|
2020-09-23 23:59:31 +02:00
|
|
|
bool subscribe;
|
|
|
|
|
bool unsubscribe;
|
|
|
|
|
};
|
|
|
|
|
|
2022-06-22 18:33:39 +02:00
|
|
|
enum dynsec_pw_init_mode{
|
|
|
|
|
dpwim_file = 1,
|
|
|
|
|
dpwim_env = 2,
|
|
|
|
|
dpwim_random = 3,
|
|
|
|
|
};
|
|
|
|
|
|
2022-01-27 17:09:09 +01:00
|
|
|
struct dynsec__data{
|
2022-02-03 22:50:20 +01:00
|
|
|
char *config_file;
|
2022-06-22 18:33:39 +02:00
|
|
|
char *password_init_file;
|
2022-01-27 17:09:09 +01:00
|
|
|
struct dynsec__client *clients;
|
|
|
|
|
struct dynsec__group *groups;
|
|
|
|
|
struct dynsec__role *roles;
|
|
|
|
|
struct dynsec__group *anonymous_group;
|
2022-03-13 00:16:57 +01:00
|
|
|
struct dynsec__kicklist *kicklist;
|
2022-01-27 17:09:09 +01:00
|
|
|
struct dynsec__acl_default_access default_access;
|
2022-06-22 18:33:39 +02:00
|
|
|
int init_mode;
|
2022-12-27 09:15:38 +01:00
|
|
|
bool need_save;
|
2022-01-27 17:09:09 +01:00
|
|
|
};
|
|
|
|
|
|
2020-09-23 23:59:31 +02:00
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Plugin Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
2022-06-22 18:33:39 +02:00
|
|
|
int dynsec__config_init(struct dynsec__data *data);
|
2022-02-03 22:50:20 +01:00
|
|
|
void dynsec__config_save(struct dynsec__data *data);
|
2022-12-27 09:15:38 +01:00
|
|
|
void dynsec__config_batch_save(struct dynsec__data *data);
|
2022-02-03 22:50:20 +01:00
|
|
|
int dynsec__config_load(struct dynsec__data *data);
|
2022-03-13 23:22:19 +01:00
|
|
|
char *dynsec__config_to_json(struct dynsec__data *data);
|
|
|
|
|
int dynsec__config_from_json(struct dynsec__data *data, const char *json_str);
|
2020-09-23 23:59:31 +02:00
|
|
|
void dynsec__command_reply(cJSON *j_responses, struct mosquitto *context, const char *command, const char *error, const char *correlation_data);
|
2021-12-15 01:10:46 +01:00
|
|
|
int dynsec_control_callback(int event, void *event_data, void *userdata);
|
2020-09-23 23:59:31 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # ACL Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
int dynsec__acl_check_callback(int event, void *event_data, void *userdata);
|
2022-12-31 15:34:26 +01:00
|
|
|
int dynsec__process_set_default_acl_access(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec__process_get_default_acl_access(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
2020-09-23 23:59:31 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Auth Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
int dynsec_auth__pw_hash(struct dynsec__client *client, const char *password, unsigned char *password_hash, int password_hash_len, bool new_password);
|
|
|
|
|
int dynsec_auth__basic_auth_callback(int event, void *event_data, void *userdata);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Client Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
2022-02-03 22:50:20 +01:00
|
|
|
void dynsec_clients__cleanup(struct dynsec__data *data);
|
|
|
|
|
int dynsec_clients__config_load(struct dynsec__data *data, cJSON *tree);
|
|
|
|
|
int dynsec_clients__config_save(struct dynsec__data *data, cJSON *tree);
|
2022-12-31 15:34:26 +01:00
|
|
|
int dynsec_clients__process_add_role(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_create(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_delete(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_disable(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_enable(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_get(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_list(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_modify(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_remove_role(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_set_id(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_clients__process_set_password(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
2022-02-03 22:50:20 +01:00
|
|
|
struct dynsec__client *dynsec_clients__find(struct dynsec__data *data, const char *username);
|
2020-09-23 23:59:31 +02:00
|
|
|
|
|
|
|
|
|
2020-11-18 11:41:04 +01:00
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Client List Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
cJSON *dynsec_clientlist__all_to_json(struct dynsec__clientlist *base_clientlist);
|
|
|
|
|
int dynsec_clientlist__add(struct dynsec__clientlist **base_clientlist, struct dynsec__client *client, int priority);
|
|
|
|
|
void dynsec_clientlist__cleanup(struct dynsec__clientlist **base_clientlist);
|
|
|
|
|
void dynsec_clientlist__remove(struct dynsec__clientlist **base_clientlist, struct dynsec__client *client);
|
2022-03-13 00:16:57 +01:00
|
|
|
void dynsec_clientlist__kick_all(struct dynsec__data *data, struct dynsec__clientlist *base_clientlist);
|
2020-09-23 23:59:31 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Group Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
2022-02-03 22:50:20 +01:00
|
|
|
void dynsec_groups__cleanup(struct dynsec__data *data);
|
|
|
|
|
int dynsec_groups__config_load(struct dynsec__data *data, cJSON *tree);
|
|
|
|
|
int dynsec_groups__add_client(struct dynsec__data *data, const char *username, const char *groupname, int priority, bool update_config);
|
|
|
|
|
int dynsec_groups__config_save(struct dynsec__data *data, cJSON *tree);
|
2022-12-31 15:34:26 +01:00
|
|
|
int dynsec_groups__process_add_client(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_add_role(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_create(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_delete(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_get(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_list(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_modify(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_remove_client(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_remove_role(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_get_anonymous_group(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_groups__process_set_anonymous_group(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
2022-02-03 22:50:20 +01:00
|
|
|
int dynsec_groups__remove_client(struct dynsec__data *data, const char *username, const char *groupname, bool update_config);
|
|
|
|
|
struct dynsec__group *dynsec_groups__find(struct dynsec__data *data, const char *groupname);
|
2020-09-23 23:59:31 +02:00
|
|
|
|
2020-11-18 12:45:31 +01:00
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Group List Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
cJSON *dynsec_grouplist__all_to_json(struct dynsec__grouplist *base_grouplist);
|
|
|
|
|
int dynsec_grouplist__add(struct dynsec__grouplist **base_grouplist, struct dynsec__group *group, int priority);
|
|
|
|
|
void dynsec_grouplist__cleanup(struct dynsec__grouplist **base_grouplist);
|
|
|
|
|
void dynsec_grouplist__remove(struct dynsec__grouplist **base_grouplist, struct dynsec__group *group);
|
|
|
|
|
|
2020-09-23 23:59:31 +02:00
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Role Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
2022-02-03 22:50:20 +01:00
|
|
|
void dynsec_roles__cleanup(struct dynsec__data *data);
|
|
|
|
|
int dynsec_roles__config_load(struct dynsec__data *data, cJSON *tree);
|
|
|
|
|
int dynsec_roles__config_save(struct dynsec__data *data, cJSON *tree);
|
2022-12-31 15:34:26 +01:00
|
|
|
int dynsec_roles__process_add_acl(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_roles__process_create(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_roles__process_delete(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_roles__process_get(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_roles__process_list(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_roles__process_modify(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
|
|
|
|
int dynsec_roles__process_remove_acl(struct dynsec__data *data, struct control_cmd *cmd, struct mosquitto *context);
|
2022-02-03 22:50:20 +01:00
|
|
|
struct dynsec__role *dynsec_roles__find(struct dynsec__data *data, const char *rolename);
|
2020-09-23 23:59:31 +02:00
|
|
|
|
2020-11-18 12:54:13 +01:00
|
|
|
|
|
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Role List Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
int dynsec_rolelist__client_add(struct dynsec__client *client, struct dynsec__role *role, int priority);
|
|
|
|
|
int dynsec_rolelist__client_remove(struct dynsec__client *client, struct dynsec__role *role);
|
|
|
|
|
int dynsec_rolelist__group_add(struct dynsec__group *group, struct dynsec__role *role, int priority);
|
|
|
|
|
void dynsec_rolelist__group_remove(struct dynsec__group *group, struct dynsec__role *role);
|
2022-02-03 22:50:20 +01:00
|
|
|
int dynsec_rolelist__load_from_json(struct dynsec__data *data, cJSON *command, struct dynsec__rolelist **rolelist);
|
2020-11-18 12:54:13 +01:00
|
|
|
void dynsec_rolelist__cleanup(struct dynsec__rolelist **base_rolelist);
|
|
|
|
|
cJSON *dynsec_rolelist__all_to_json(struct dynsec__rolelist *base_rolelist);
|
2020-09-23 23:59:31 +02:00
|
|
|
|
2022-03-13 00:16:57 +01:00
|
|
|
/* ################################################################
|
|
|
|
|
* #
|
|
|
|
|
* # Kick List Functions
|
|
|
|
|
* #
|
|
|
|
|
* ################################################################ */
|
|
|
|
|
|
|
|
|
|
int dynsec_kicklist__add(struct dynsec__data *data, const char *username);
|
|
|
|
|
void dynsec_kicklist__kick(struct dynsec__data *data);
|
|
|
|
|
int dynsec__tick_callback(int event, void *event_data, void *userdata);
|
2022-08-17 17:18:24 +02:00
|
|
|
void dynsec_kicklist__cleanup(struct dynsec__data *data);
|
2022-03-13 00:16:57 +01:00
|
|
|
|
2020-09-23 23:59:31 +02:00
|
|
|
#endif
|
