mosquitto icon indicating copy to clipboard operation
mosquitto copied to clipboard
verified publisher icon eclipse

support colon in username in pwfile via double colon

Open stefanschuermans opened this issue 3 years ago • 2 comments

There are smart IoT devices that use the string represeantation of the MAC address as MQTT user name, i.e., a user name containing colon characters. In basic setups of Mosquitto with authentication based on pwfile, user names could not contain colon characters, because the colon is used as a delimiter.

This commit adds supports for colon characters in user names in pwfile, by interpreting double colons in the user name in pwfile as a single colon in the actual user name.

Signed-off-by: Stefan Schuermans [email protected]

Thank you for contributing your time to the Mosquitto project!

Before you go any further, please note that we cannot accept contributions if you haven't signed the Eclipse Contributor Agreement. If you aren't able to do that, or just don't want to, please describe your bug fix/feature change in an issue. For simple bug fixes it is can be just as easy for us to be told about the problem and then go fix it directly.

Then please check the following list of things we ask for in your pull request:

  • [x] Have you signed the Eclipse Contributor Agreement, using the same email address as you used in your commits?
  • [x] Do each of your commits have a "Signed-off-by" line, with the correct email address? Use "git commit -s" to generate this line for you.
  • [x] If you are contributing a new feature, is your work based off the develop branch?
  • [x] ~If you are contributing a bugfix, is your work based off the fixes branch?~
  • [x] Have you added an explanation of what your changes do and why you'd like us to include them?
  • [x] Have you successfully run make test with your changes locally?

stefanschuermans avatar Aug 19 '22 18:08 stefanschuermans

Isn't it true that the pwfile syntax only allows for a single ':' delimiter character on each line? The password is a base64-encoded hash, so there should be no colons in the password field. So this would mean just checking for the last occurring colon (e.g. using strrchr()) would give you the delimiter between the username and password fields. With that agreement, this change could be made much simpler (no strtok usage or re-implementation needed, no new dynamic memory allocation).

rswindell avatar Dec 02 '22 20:12 rswindell

I have to admit that I did not find the specification of the pwfile syntax. I think the current implementation would take the part between the first colon and the end of the line or the second colon as the password field. I did not want to break the potential option to append additional fields in the future. However, I have no real idea what those could be used for. Your suggestion of using the last colon in the ling to split username/password would solve my issue and it would be way less code. I can change the implementation to use this approach.

stefanschuermans avatar Dec 02 '22 20:12 stefanschuermans