1 | /*
|
2 | Copyright (c) 2012,2013 Roger Light <roger@atchoo.org>
|
3 | All rights reserved.
|
4 |
|
5 | Redistribution and use in source and binary forms, with or without
|
6 | modification, are permitted provided that the following conditions are met:
|
7 |
|
8 | 1. Redistributions of source code must retain the above copyright notice,
|
9 | this list of conditions and the following disclaimer.
|
10 | 2. Redistributions in binary form must reproduce the above copyright
|
11 | notice, this list of conditions and the following disclaimer in the
|
12 | documentation and/or other materials provided with the distribution.
|
13 | 3. Neither the name of mosquitto nor the names of its
|
14 | contributors may be used to endorse or promote products derived from
|
15 | this software without specific prior written permission.
|
16 |
|
17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
18 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
19 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
20 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
21 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
22 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
23 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
24 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
25 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
26 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
27 | POSSIBILITY OF SUCH DAMAGE.
|
28 | */
|
29 |
|
30 |
|
31 |
|
32 |
|
33 |
|
34 |
|
35 |
|
36 |
|
37 |
|
38 |
|
39 | struct mosquitto_auth_opt {
|
40 | char *key;
|
41 | char *value;
|
42 | };
|
43 |
|
44 | /*
|
45 | * To create an authentication plugin you must include this file then implement
|
46 | * the functions listed below. The resulting code should then be compiled as a
|
47 | * shared library. Using gcc this can be achieved as follows:
|
48 | *
|
49 | * gcc -I<path to mosquitto_plugin.h> -fPIC -shared plugin.c -o plugin.so
|
50 | */
|
51 |
|
52 | /*
|
53 | * Function: mosquitto_auth_plugin_version
|
54 | *
|
55 | * The broker will call this function immediately after loading the plugin to
|
56 | * check it is a supported plugin version. Your code must simply return
|
57 | * MOSQ_AUTH_PLUGIN_VERSION.
|
58 | */
|
59 | int mosquitto_auth_plugin_version(void);
|
60 |
|
61 | /*
|
62 | * Function: mosquitto_auth_plugin_init
|
63 | *
|
64 | * Called after the plugin has been loaded and <mosquitto_auth_plugin_version>
|
65 | * has been called. This will only ever be called once and can be used to
|
66 | * initialise the plugin.
|
67 | *
|
68 | * Parameters:
|
69 | *
|
70 | * user_data : The pointer set here will be passed to the other plugin
|
71 | * functions. Use to hold connection information for example.
|
72 | * auth_opts : Pointer to an array of struct mosquitto_auth_opt, which
|
73 | * provides the plugin options defined in the configuration file.
|
74 | * auth_opt_count : The number of elements in the auth_opts array.
|
75 | *
|
76 | * Return value:
|
77 | * Return 0 on success
|
78 | * Return >0 on failure.
|
79 | */
|
80 | int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count);
|
81 |
|
82 | /*
|
83 | * Function: mosquitto_auth_plugin_cleanup
|
84 | *
|
85 | * Called when the broker is shutting down. This will only ever be called once.
|
86 | * Note that <mosquitto_auth_security_cleanup> will be called directly before
|
87 | * this function.
|
88 | *
|
89 | * Parameters:
|
90 | *
|
91 | * user_data : The pointer provided in <mosquitto_auth_plugin_init>.
|
92 | * auth_opts : Pointer to an array of struct mosquitto_auth_opt, which
|
93 | * provides the plugin options defined in the configuration file.
|
94 | * auth_opt_count : The number of elements in the auth_opts array.
|
95 | *
|
96 | * Return value:
|
97 | * Return 0 on success
|
98 | * Return >0 on failure.
|
99 | */
|
100 | int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count);
|
101 |
|
102 | /*
|
103 | * Function: mosquitto_auth_security_init
|
104 | *
|
105 | * Called when the broker initialises the security functions when it starts up.
|
106 | * If the broker is requested to reload its configuration whilst running,
|
107 | * <mosquitto_auth_security_cleanup> will be called, followed by this function.
|
108 | * In this situation, the reload parameter will be true.
|
109 | *
|
110 | * Parameters:
|
111 | *
|
112 | * user_data : The pointer provided in <mosquitto_auth_plugin_init>.
|
113 | * auth_opts : Pointer to an array of struct mosquitto_auth_opt, which
|
114 | * provides the plugin options defined in the configuration file.
|
115 | * auth_opt_count : The number of elements in the auth_opts array.
|
116 | * reload : If set to false, this is the first time the function has
|
117 | * been called. If true, the broker has received a signal
|
118 | * asking to reload its configuration.
|
119 | *
|
120 | * Return value:
|
121 | * Return 0 on success
|
122 | * Return >0 on failure.
|
123 | */
|
124 | int mosquitto_auth_security_init(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload);
|
125 |
|
126 | /*
|
127 | * Function: mosquitto_auth_security_cleanup
|
128 | *
|
129 | * Called when the broker cleans up the security functions when it shuts down.
|
130 | * If the broker is requested to reload its configuration whilst running,
|
131 | * this function will be called, followed by <mosquitto_auth_security_init>.
|
132 | * In this situation, the reload parameter will be true.
|
133 | *
|
134 | * Parameters:
|
135 | *
|
136 | * user_data : The pointer provided in <mosquitto_auth_plugin_init>.
|
137 | * auth_opts : Pointer to an array of struct mosquitto_auth_opt, which
|
138 | * provides the plugin options defined in the configuration file.
|
139 | * auth_opt_count : The number of elements in the auth_opts array.
|
140 | * reload : If set to false, this is the first time the function has
|
141 | * been called. If true, the broker has received a signal
|
142 | * asking to reload its configuration.
|
143 | *
|
144 | * Return value:
|
145 | * Return 0 on success
|
146 | * Return >0 on failure.
|
147 | */
|
148 | int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_auth_opt *auth_opts, int auth_opt_count, bool reload);
|
149 |
|
150 | /*
|
151 | * Function: mosquitto_auth_acl_check
|
152 | *
|
153 | * Called by the broker when topic access must be checked. access will be one
|
154 | * of MOSQ_ACL_READ (for subscriptions) or MOSQ_ACL_WRITE (for publish). Return
|
155 | * MOSQ_ERR_SUCCESS if access was granted, MOSQ_ERR_ACL_DENIED if access was
|
156 | * not granted, or MOSQ_ERR_UNKNOWN for an application specific error.
|
157 | */
|
158 | int mosquitto_auth_acl_check(void *user_data, const char *clientid, const char *username, const char *topic, int access);
|
159 |
|
160 | /*
|
161 | * Function: mosquitto_auth_unpwd_check
|
162 | *
|
163 | * Called by the broker when a username/password must be checked. Return
|
164 | * MOSQ_ERR_SUCCESS if the user is authenticated, MOSQ_ERR_AUTH if
|
165 | * authentication failed, or MOSQ_ERR_UNKNOWN for an application specific
|
166 | * error.
|
167 | */
|
168 | int mosquitto_auth_unpwd_check(void *user_data, const char *username, const char *password);
|
169 |
|
170 | /*
|
171 | * Function: mosquitto_psk_key_get
|
172 | *
|
173 | * Called by the broker when a client connects to a listener using TLS/PSK.
|
174 | * This is used to retrieve the pre-shared-key associated with a client
|
175 | * identity.
|
176 | *
|
177 | * Examine hint and identity to determine the required PSK (which must be a
|
178 | * hexadecimal string with no leading "0x") and copy this string into key.
|
179 | *
|
180 | * Parameters:
|
181 | * user_data : the pointer provided in <mosquitto_auth_plugin_init>.
|
182 | * hint : the psk_hint for the listener the client is connecting to.
|
183 | * identity : the identity string provided by the client
|
184 | * key : a string where the hex PSK should be copied
|
185 | * max_key_len : the size of key
|
186 | *
|
187 | * Return value:
|
188 | * Return 0 on success.
|
189 | * Return >0 on failure.
|
190 | * Return >0 if this function is not required.
|
191 | */
|
192 | int mosquitto_auth_psk_key_get(void *user_data, const char *hint, const char *identity, char *key, int max_key_len);
|
193 |
|
194 |
|