nicolabs/mosquitto
1
0
Fork 0
mirror of https://github.com/eclipse-mosquitto/mosquitto.git synced 2026-05-09 02:00:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Default to using argon2 for passwords

Browse source
This commit is contained in:
Roger A. Light 2023-11-21 22:53:18 +00:00
parent 7ce732a4a1
commit 05e42f7dbb
3 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apps/mosquitto_ctrl/dynsec.c
View file

@ -564,10 +564,8 @@ static cJSON *init_add_client(const char *username, const char *password, const
{
cJSON *j_client, *j_roles, *j_role;
struct mosquitto_pw pw;
char buf[10];
memset(&pw, 0, sizeof(pw));
pw.hashtype = pw_sha512_pbkdf2;
if(pw__create(&pw, password) != MOSQ_ERR_SUCCESS){
return NULL;
@ -578,7 +576,6 @@ static cJSON *init_add_client(const char *username, const char *password, const
return NULL;
}
snprintf(buf, sizeof(buf), "%d", PW_DEFAULT_ITERATIONS);
if(cJSON_AddStringToObject(j_client, "username", username) == NULL
|| cJSON_AddStringToObject(j_client, "textName", "Dynsec admin user") == NULL
){

10
common/password_mosq.c
View file

@ -106,6 +106,8 @@ static int pw__create_argon2id(struct mosquitto_pw *pw, const char *password)
return MOSQ_ERR_UNKNOWN;
}
#else
UNUSED(pw);
UNUSED(password);
return MOSQ_ERR_NOT_SUPPORTED;
#endif
}
@ -122,6 +124,8 @@ static int pw__verify_argon2id(struct mosquitto_pw *pw, const char *password)
return MOSQ_ERR_AUTH;
}
#else
UNUSED(pw);
UNUSED(password);
return MOSQ_ERR_NOT_SUPPORTED;
#endif
}
@ -139,6 +143,8 @@ static int pw__decode_argon2id(struct mosquitto_pw *pw, const char *password)
return MOSQ_ERR_NOMEM;
}
#else
UNUSED(pw);
UNUSED(password);
return MOSQ_ERR_NOT_SUPPORTED;
#endif
}
@ -471,7 +477,11 @@ int pw__create(struct mosquitto_pw *pw, const char *password)
case pw_sha512:
return pw__create_sha512(pw, password);
default:
#ifdef WITH_ARGON2
return pw__create_argon2id(pw, password);
#else
return pw__create_sha512_pbkdf2(pw, password);
#endif
}
return MOSQ_ERR_INVAL;

4
plugins/dynamic-security/config_init.c
View file

@ -118,7 +118,6 @@ static int generate_password(struct dynsec__data *data, cJSON *j_client, char **
char *pwenv;
memset(&pw, 0, sizeof(struct mosquitto_pw));
pw.hashtype = pw_sha512_pbkdf2;
if(data->init_mode == dpwim_file){
if(get_password_from_init_file(data, password)){
@ -153,9 +152,6 @@ static int generate_password(struct dynsec__data *data, cJSON *j_client, char **
(*password)[20] = '\0';
}
pw.hashtype = pw_sha512_pbkdf2;
pw.params.sha512_pbkdf2.iterations = PW_DEFAULT_ITERATIONS + 1;
if(pw__create(&pw, *password) != MOSQ_ERR_SUCCESS){
free(*password);
*password = NULL;