Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
mosquitto-2.0.13
/
plugins
/
dynamic-security
/
groups.c

groups.c 34 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089 
  1. /*
    2. 

  2. Copyright (c) 2020 Roger Light <roger@atchoo.org>
    3. 

  3. 

  4. All rights reserved. This program and the accompanying materials
    5. 

  5. are made available under the terms of the Eclipse Public License 2.0
    6. 

  6. and Eclipse Distribution License v1.0 which accompany this distribution.
    7. 

  7. 

  8. The Eclipse Public License is available at
    9. 

  9.    https://www.eclipse.org/legal/epl-2.0/
    10. 

  10. and the Eclipse Distribution License is available at
    11. 

  11.   http://www.eclipse.org/org/documents/edl-v10.php.
    12. 

  12. 

  13. SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
    14. 

  14. 

  15. Contributors:
    16. 

  16.    Roger Light - initial implementation and documentation.
    17. 

  17. */
    18. 

  18. 

  19. #include "config.h"
    20. 

  20. 

  21. #include <cjson/cJSON.h>
    22. 

  22. #include <stdio.h>
    23. 

  23. #include <uthash.h>
    24. 

  24. 

  25. #include "mosquitto.h"
    26. 

  26. #include "mosquitto_broker.h"
    27. 

  27. #include "json_help.h"
    28. 

  28. 

  29. #include "dynamic_security.h"
    30. 

  30. 

  31. /* ################################################################
    32. 

  32.  * #
    33. 

  33.  * # Plugin global variables
    34. 

  34.  * #
    35. 

  35.  * ################################################################ */
    36. 

  36. 

  37. struct dynsec__group *dynsec_anonymous_group = NULL;
    38. 

  38. 

  39. 

  40. /* ################################################################
    41. 

  41.  * #
    42. 

  42.  * # Function declarations
    43. 

  43.  * #
    44. 

  44.  * ################################################################ */
    45. 

  45. 

  46. static int dynsec__remove_all_clients_from_group(struct dynsec__group *group);
    47. 

  47. static int dynsec__remove_all_roles_from_group(struct dynsec__group *group);
    48. 

  48. static cJSON *add_group_to_json(struct dynsec__group *group);
    49. 

  49. 

  50. 

  51. /* ################################################################
    52. 

  52.  * #
    53. 

  53.  * # Local variables
    54. 

  54.  * #
    55. 

  55.  * ################################################################ */
    56. 

  56. 

  57. static struct dynsec__group *local_groups = NULL;
    58. 

  58. 

  59. 

  60. /* ################################################################
    61. 

  61.  * #
    62. 

  62.  * # Utility functions
    63. 

  63.  * #
    64. 

  64.  * ################################################################ */
    65. 

  65. 

  66. static void group__kick_all(struct dynsec__group *group)
    67. 

  67. {
    68. 

  68. 	if(group == dynsec_anonymous_group){
    69. 

  69. 		mosquitto_kick_client_by_username(NULL, false);
    70. 

  70. 	}
    71. 

  71. 	dynsec_clientlist__kick_all(group->clientlist);
    72. 

  72. }
    73. 

  73. 

  74. 

  75. static int group_cmp(void *a, void *b)
    76. 

  76. {
    77. 

  77. 	struct dynsec__group *group_a = a;
    78. 

  78. 	struct dynsec__group *group_b = b;
    79. 

  79. 

  80. 	return strcmp(group_a->groupname, group_b->groupname);
    81. 

  81. }
    82. 

  82. 

  83. 

  84. struct dynsec__group *dynsec_groups__find(const char *groupname)
    85. 

  85. {
    86. 

  86. 	struct dynsec__group *group = NULL;
    87. 

  87. 

  88. 	if(groupname){
    89. 

  89. 		HASH_FIND(hh, local_groups, groupname, strlen(groupname), group);
    90. 

  90. 	}
    91. 

  91. 	return group;
    92. 

  92. }
    93. 

  93. 

  94. static void group__free_item(struct dynsec__group *group)
    95. 

  95. {
    96. 

  96. 	struct dynsec__group *found_group = NULL;
    97. 

  97. 

  98. 	if(group == NULL) return;
    99. 

  99. 

  100. 	found_group = dynsec_groups__find(group->groupname);
    101. 

  101. 	if(found_group){
    102. 

  102. 		HASH_DEL(local_groups, found_group);
    103. 

  103. 	}
    104. 

  104. 	dynsec__remove_all_clients_from_group(group);
    105. 

  105. 	mosquitto_free(group->text_name);
    106. 

  106. 	mosquitto_free(group->text_description);
    107. 

  107. 	mosquitto_free(group->groupname);
    108. 

  108. 	dynsec_rolelist__cleanup(&group->rolelist);
    109. 

  109. 	mosquitto_free(group);
    110. 

  110. }
    111. 

  111. 

  112. int dynsec_groups__process_add_role(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    113. 

  113. {
    114. 

  114. 	char *groupname, *rolename;
    115. 

  115. 	struct dynsec__group *group;
    116. 

  116. 	struct dynsec__role *role;
    117. 

  117. 	int priority;
    118. 

  118. 	const char *admin_clientid, *admin_username;
    119. 

  119. 	int rc;
    120. 

  120. 

  121. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    122. 

  122. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Invalid/missing groupname", correlation_data);
    123. 

  123. 		return MOSQ_ERR_INVAL;
    124. 

  124. 	}
    125. 

  125. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    126. 

  126. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Group name not valid UTF-8", correlation_data);
    127. 

  127. 		return MOSQ_ERR_INVAL;
    128. 

  128. 	}
    129. 

  129. 

  130. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    131. 

  131. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Invalid/missing rolename", correlation_data);
    132. 

  132. 		return MOSQ_ERR_INVAL;
    133. 

  133. 	}
    134. 

  134. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    135. 

  135. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Role name not valid UTF-8", correlation_data);
    136. 

  136. 		return MOSQ_ERR_INVAL;
    137. 

  137. 	}
    138. 

  138. 	json_get_int(command, "priority", &priority, true, -1);
    139. 

  139. 

  140. 	group = dynsec_groups__find(groupname);
    141. 

  141. 	if(group == NULL){
    142. 

  142. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Group not found", correlation_data);
    143. 

  143. 		return MOSQ_ERR_SUCCESS;
    144. 

  144. 	}
    145. 

  145. 

  146. 	role = dynsec_roles__find(rolename);
    147. 

  147. 	if(role == NULL){
    148. 

  148. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Role not found", correlation_data);
    149. 

  149. 		return MOSQ_ERR_SUCCESS;
    150. 

  150. 	}
    151. 

  151. 

  152. 	admin_clientid = mosquitto_client_id(context);
    153. 

  153. 	admin_username = mosquitto_client_username(context);
    154. 

  154. 

  155. 	rc = dynsec_rolelist__group_add(group, role, priority);
    156. 

  156. 	if(rc == MOSQ_ERR_SUCCESS){
    157. 

  157. 		/* Continue */
    158. 

  158. 	}else if(rc == MOSQ_ERR_ALREADY_EXISTS){
    159. 

  159. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Group is already in this role", correlation_data);
    160. 

  160. 		return MOSQ_ERR_ALREADY_EXISTS;
    161. 

  161. 	}else{
    162. 

  162. 		dynsec__command_reply(j_responses, context, "addGroupRole", "Internal error", correlation_data);
    163. 

  163. 		return MOSQ_ERR_UNKNOWN;
    164. 

  164. 	}
    165. 

  165. 

  166. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | addGroupRole | groupname=%s | rolename=%s | priority=%d",
    167. 

  167. 			admin_clientid, admin_username, groupname, rolename, priority);
    168. 

  168. 

  169. 	dynsec__config_save();
    170. 

  170. 	dynsec__command_reply(j_responses, context, "addGroupRole", NULL, correlation_data);
    171. 

  171. 

  172. 	/* Enforce any changes */
    173. 

  173. 	group__kick_all(group);
    174. 

  174. 

  175. 	return MOSQ_ERR_SUCCESS;
    176. 

  176. }
    177. 

  177. 

  178. 

  179. void dynsec_groups__cleanup(void)
    180. 

  180. {
    181. 

  181. 	struct dynsec__group *group, *group_tmp = NULL;
    182. 

  182. 

  183. 	HASH_ITER(hh, local_groups, group, group_tmp){
    184. 

  184. 		group__free_item(group);
    185. 

  185. 	}
    186. 

  186. }
    187. 

  187. 

  188. 

  189. /* ################################################################
    190. 

  190.  * #
    191. 

  191.  * # Config file load
    192. 

  192.  * #
    193. 

  193.  * ################################################################ */
    194. 

  194. 

  195. int dynsec_groups__config_load(cJSON *tree)
    196. 

  196. {
    197. 

  197. 	cJSON *j_groups, *j_group;
    198. 

  198. 	cJSON *j_clientlist, *j_client, *j_username;
    199. 

  199. 	cJSON *j_roles, *j_role, *j_rolename;
    200. 

  200. 

  201. 	struct dynsec__group *group;
    202. 

  202. 	struct dynsec__role *role;
    203. 

  203. 	char *str;
    204. 

  204. 	int priority;
    205. 

  205. 

  206. 	j_groups = cJSON_GetObjectItem(tree, "groups");
    207. 

  207. 	if(j_groups == NULL){
    208. 

  208. 		return 0;
    209. 

  209. 	}
    210. 

  210. 

  211. 	if(cJSON_IsArray(j_groups) == false){
    212. 

  212. 		return 1;
    213. 

  213. 	}
    214. 

  214. 

  215. 	cJSON_ArrayForEach(j_group, j_groups){
    216. 

  216. 		if(cJSON_IsObject(j_group) == true){
    217. 

  217. 			group = mosquitto_calloc(1, sizeof(struct dynsec__group));
    218. 

  218. 			if(group == NULL){
    219. 

  219. 				return MOSQ_ERR_NOMEM;
    220. 

  220. 			}
    221. 

  221. 

  222. 			/* Group name */
    223. 

  223. 			if(json_get_string(j_group, "groupname", &str, false) != MOSQ_ERR_SUCCESS){
    224. 

  224. 				mosquitto_free(group);
    225. 

  225. 				continue;
    226. 

  226. 			}
    227. 

  227. 			group->groupname = strdup(str);
    228. 

  228. 			if(group->groupname == NULL){
    229. 

  229. 				mosquitto_free(group);
    230. 

  230. 				continue;
    231. 

  231. 			}
    232. 

  232. 

  233. 			/* Text name */
    234. 

  234. 			if(json_get_string(j_group, "textname", &str, false) == MOSQ_ERR_SUCCESS){
    235. 

  235. 				if(str){
    236. 

  236. 					group->text_name = strdup(str);
    237. 

  237. 					if(group->text_name == NULL){
    238. 

  238. 						mosquitto_free(group->groupname);
    239. 

  239. 						mosquitto_free(group);
    240. 

  240. 						continue;
    241. 

  241. 					}
    242. 

  242. 				}
    243. 

  243. 			}
    244. 

  244. 

  245. 			/* Text description */
    246. 

  246. 			if(json_get_string(j_group, "textdescription", &str, false) == MOSQ_ERR_SUCCESS){
    247. 

  247. 				if(str){
    248. 

  248. 					group->text_description = strdup(str);
    249. 

  249. 					if(group->text_description == NULL){
    250. 

  250. 						mosquitto_free(group->text_name);
    251. 

  251. 						mosquitto_free(group->groupname);
    252. 

  252. 						mosquitto_free(group);
    253. 

  253. 						continue;
    254. 

  254. 					}
    255. 

  255. 				}
    256. 

  256. 			}
    257. 

  257. 

  258. 			/* Roles */
    259. 

  259. 			j_roles = cJSON_GetObjectItem(j_group, "roles");
    260. 

  260. 			if(j_roles && cJSON_IsArray(j_roles)){
    261. 

  261. 				cJSON_ArrayForEach(j_role, j_roles){
    262. 

  262. 					if(cJSON_IsObject(j_role)){
    263. 

  263. 						j_rolename = cJSON_GetObjectItem(j_role, "rolename");
    264. 

  264. 						if(j_rolename && cJSON_IsString(j_rolename)){
    265. 

  265. 							json_get_int(j_role, "priority", &priority, true, -1);
    266. 

  266. 							role = dynsec_roles__find(j_rolename->valuestring);
    267. 

  267. 							dynsec_rolelist__group_add(group, role, priority);
    268. 

  268. 						}
    269. 

  269. 					}
    270. 

  270. 				}
    271. 

  271. 			}
    272. 

  272. 

  273. 			/* This must go before clients are loaded, otherwise the group won't be found */
    274. 

  274. 			HASH_ADD_KEYPTR(hh, local_groups, group->groupname, strlen(group->groupname), group);
    275. 

  275. 

  276. 			/* Clients */
    277. 

  277. 			j_clientlist = cJSON_GetObjectItem(j_group, "clients");
    278. 

  278. 			if(j_clientlist && cJSON_IsArray(j_clientlist)){
    279. 

  279. 				cJSON_ArrayForEach(j_client, j_clientlist){
    280. 

  280. 					if(cJSON_IsObject(j_client)){
    281. 

  281. 						j_username = cJSON_GetObjectItem(j_client, "username");
    282. 

  282. 						if(j_username && cJSON_IsString(j_username)){
    283. 

  283. 							json_get_int(j_client, "priority", &priority, true, -1);
    284. 

  284. 							dynsec_groups__add_client(j_username->valuestring, group->groupname, priority, false);
    285. 

  285. 						}
    286. 

  286. 					}
    287. 

  287. 				}
    288. 

  288. 			}
    289. 

  289. 		}
    290. 

  290. 	}
    291. 

  291. 	HASH_SORT(local_groups, group_cmp);
    292. 

  292. 

  293. 	j_group = cJSON_GetObjectItem(tree, "anonymousGroup");
    294. 

  294. 	if(j_group && cJSON_IsString(j_group)){
    295. 

  295. 		dynsec_anonymous_group = dynsec_groups__find(j_group->valuestring);
    296. 

  296. 	}
    297. 

  297. 

  298. 	return 0;
    299. 

  299. }
    300. 

  300. 

  301. 

  302. /* ################################################################
    303. 

  303.  * #
    304. 

  304.  * # Config load and save
    305. 

  305.  * #
    306. 

  306.  * ################################################################ */
    307. 

  307. 

  308. 

  309. static int dynsec__config_add_groups(cJSON *j_groups)
    310. 

  310. {
    311. 

  311. 	struct dynsec__group *group, *group_tmp = NULL;
    312. 

  312. 	cJSON *j_group, *j_clients, *j_roles;
    313. 

  313. 

  314. 	HASH_ITER(hh, local_groups, group, group_tmp){
    315. 

  315. 		j_group = cJSON_CreateObject();
    316. 

  316. 		if(j_group == NULL) return 1;
    317. 

  317. 		cJSON_AddItemToArray(j_groups, j_group);
    318. 

  318. 

  319. 		if(cJSON_AddStringToObject(j_group, "groupname", group->groupname) == NULL
    320. 

  320. 				|| (group->text_name && cJSON_AddStringToObject(j_group, "textname", group->text_name) == NULL)
    321. 

  321. 				|| (group->text_description && cJSON_AddStringToObject(j_group, "textdescription", group->text_description) == NULL)
    322. 

  322. 				){
    323. 

  323. 

  324. 			return 1;
    325. 

  325. 		}
    326. 

  326. 

  327. 		j_roles = dynsec_rolelist__all_to_json(group->rolelist);
    328. 

  328. 		if(j_roles == NULL){
    329. 

  329. 			return 1;
    330. 

  330. 		}
    331. 

  331. 		cJSON_AddItemToObject(j_group, "roles", j_roles);
    332. 

  332. 

  333. 		j_clients = dynsec_clientlist__all_to_json(group->clientlist);
    334. 

  334. 		if(j_clients == NULL){
    335. 

  335. 			return 1;
    336. 

  336. 		}
    337. 

  337. 		cJSON_AddItemToObject(j_group, "clients", j_clients);
    338. 

  338. 	}
    339. 

  339. 

  340. 	return 0;
    341. 

  341. }
    342. 

  342. 

  343. 

  344. int dynsec_groups__config_save(cJSON *tree)
    345. 

  345. {
    346. 

  346. 	cJSON *j_groups;
    347. 

  347. 

  348. 	j_groups = cJSON_CreateArray();
    349. 

  349. 	if(j_groups == NULL){
    350. 

  350. 		return 1;
    351. 

  351. 	}
    352. 

  352. 	cJSON_AddItemToObject(tree, "groups", j_groups);
    353. 

  353. 	if(dynsec__config_add_groups(j_groups)){
    354. 

  354. 		return 1;
    355. 

  355. 	}
    356. 

  356. 

  357. 	if(dynsec_anonymous_group
    358. 

  358. 			&& cJSON_AddStringToObject(tree, "anonymousGroup", dynsec_anonymous_group->groupname) == NULL){
    359. 

  359. 

  360. 		return 1;
    361. 

  361. 	}
    362. 

  362. 

  363. 	return 0;
    364. 

  364. }
    365. 

  365. 

  366. 

  367. int dynsec_groups__process_create(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    368. 

  368. {
    369. 

  369. 	char *groupname, *text_name, *text_description;
    370. 

  370. 	struct dynsec__group *group = NULL;
    371. 

  371. 	int rc = MOSQ_ERR_SUCCESS;
    372. 

  372. 	const char *admin_clientid, *admin_username;
    373. 

  373. 

  374. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    375. 

  375. 		dynsec__command_reply(j_responses, context, "createGroup", "Invalid/missing groupname", correlation_data);
    376. 

  376. 		return MOSQ_ERR_INVAL;
    377. 

  377. 	}
    378. 

  378. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    379. 

  379. 		dynsec__command_reply(j_responses, context, "createGroup", "Group name not valid UTF-8", correlation_data);
    380. 

  380. 		return MOSQ_ERR_INVAL;
    381. 

  381. 	}
    382. 

  382. 

  383. 	if(json_get_string(command, "textname", &text_name, true) != MOSQ_ERR_SUCCESS){
    384. 

  384. 		dynsec__command_reply(j_responses, context, "createGroup", "Invalid/missing textname", correlation_data);
    385. 

  385. 		return MOSQ_ERR_INVAL;
    386. 

  386. 	}
    387. 

  387. 

  388. 	if(json_get_string(command, "textdescription", &text_description, true) != MOSQ_ERR_SUCCESS){
    389. 

  389. 		dynsec__command_reply(j_responses, context, "createGroup", "Invalid/missing textdescription", correlation_data);
    390. 

  390. 		return MOSQ_ERR_INVAL;
    391. 

  391. 	}
    392. 

  392. 

  393. 	group = dynsec_groups__find(groupname);
    394. 

  394. 	if(group){
    395. 

  395. 		dynsec__command_reply(j_responses, context, "createGroup", "Group already exists", correlation_data);
    396. 

  396. 		return MOSQ_ERR_SUCCESS;
    397. 

  397. 	}
    398. 

  398. 

  399. 	group = mosquitto_calloc(1, sizeof(struct dynsec__group));
    400. 

  400. 	if(group == NULL){
    401. 

  401. 		dynsec__command_reply(j_responses, context, "createGroup", "Internal error", correlation_data);
    402. 

  402. 		return MOSQ_ERR_NOMEM;
    403. 

  403. 	}
    404. 

  404. 	group->groupname = strdup(groupname);
    405. 

  405. 	if(group->groupname == NULL){
    406. 

  406. 		dynsec__command_reply(j_responses, context, "createGroup", "Internal error", correlation_data);
    407. 

  407. 		group__free_item(group);
    408. 

  408. 		return MOSQ_ERR_NOMEM;
    409. 

  409. 	}
    410. 

  410. 	if(text_name){
    411. 

  411. 		group->text_name = strdup(text_name);
    412. 

  412. 		if(group->text_name == NULL){
    413. 

  413. 			dynsec__command_reply(j_responses, context, "createGroup", "Internal error", correlation_data);
    414. 

  414. 			group__free_item(group);
    415. 

  415. 			return MOSQ_ERR_NOMEM;
    416. 

  416. 		}
    417. 

  417. 	}
    418. 

  418. 	if(text_description){
    419. 

  419. 		group->text_description = strdup(text_description);
    420. 

  420. 		if(group->text_description == NULL){
    421. 

  421. 			dynsec__command_reply(j_responses, context, "createGroup", "Internal error", correlation_data);
    422. 

  422. 			group__free_item(group);
    423. 

  423. 			return MOSQ_ERR_NOMEM;
    424. 

  424. 		}
    425. 

  425. 	}
    426. 

  426. 

  427. 	rc = dynsec_rolelist__load_from_json(command, &group->rolelist);
    428. 

  428. 	if(rc == MOSQ_ERR_SUCCESS || rc == ERR_LIST_NOT_FOUND){
    429. 

  429. 	}else if(rc == MOSQ_ERR_NOT_FOUND){
    430. 

  430. 		dynsec__command_reply(j_responses, context, "createGroup", "Role not found", correlation_data);
    431. 

  431. 		group__free_item(group);
    432. 

  432. 		return MOSQ_ERR_INVAL;
    433. 

  433. 	}else{
    434. 

  434. 		dynsec__command_reply(j_responses, context, "createGroup", "Internal error", correlation_data);
    435. 

  435. 		group__free_item(group);
    436. 

  436. 		return MOSQ_ERR_INVAL;
    437. 

  437. 	}
    438. 

  438. 

  439. 	HASH_ADD_KEYPTR_INORDER(hh, local_groups, group->groupname, strlen(group->groupname), group, group_cmp);
    440. 

  440. 

  441. 	admin_clientid = mosquitto_client_id(context);
    442. 

  442. 	admin_username = mosquitto_client_username(context);
    443. 

  443. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | createGroup | groupname=%s",
    444. 

  444. 			admin_clientid, admin_username, groupname);
    445. 

  445. 

  446. 	dynsec__config_save();
    447. 

  447. 	dynsec__command_reply(j_responses, context, "createGroup", NULL, correlation_data);
    448. 

  448. 	return MOSQ_ERR_SUCCESS;
    449. 

  449. }
    450. 

  450. 

  451. 

  452. int dynsec_groups__process_delete(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    453. 

  453. {
    454. 

  454. 	char *groupname;
    455. 

  455. 	struct dynsec__group *group;
    456. 

  456. 	const char *admin_clientid, *admin_username;
    457. 

  457. 

  458. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    459. 

  459. 		dynsec__command_reply(j_responses, context, "deleteGroup", "Invalid/missing groupname", correlation_data);
    460. 

  460. 		return MOSQ_ERR_INVAL;
    461. 

  461. 	}
    462. 

  462. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    463. 

  463. 		dynsec__command_reply(j_responses, context, "deleteGroup", "Group name not valid UTF-8", correlation_data);
    464. 

  464. 		return MOSQ_ERR_INVAL;
    465. 

  465. 	}
    466. 

  466. 

  467. 	group = dynsec_groups__find(groupname);
    468. 

  468. 	if(group){
    469. 

  469. 		/* Enforce any changes */
    470. 

  470. 		group__kick_all(group);
    471. 

  471. 

  472. 		dynsec__remove_all_roles_from_group(group);
    473. 

  473. 		group__free_item(group);
    474. 

  474. 		dynsec__config_save();
    475. 

  475. 		dynsec__command_reply(j_responses, context, "deleteGroup", NULL, correlation_data);
    476. 

  476. 

  477. 		admin_clientid = mosquitto_client_id(context);
    478. 

  478. 		admin_username = mosquitto_client_username(context);
    479. 

  479. 		mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | deleteGroup | groupname=%s",
    480. 

  480. 				admin_clientid, admin_username, groupname);
    481. 

  481. 

  482. 		return MOSQ_ERR_SUCCESS;
    483. 

  483. 	}else{
    484. 

  484. 		dynsec__command_reply(j_responses, context, "deleteGroup", "Group not found", correlation_data);
    485. 

  485. 		return MOSQ_ERR_SUCCESS;
    486. 

  486. 	}
    487. 

  487. }
    488. 

  488. 

  489. 

  490. int dynsec_groups__add_client(const char *username, const char *groupname, int priority, bool update_config)
    491. 

  491. {
    492. 

  492. 	struct dynsec__client *client;
    493. 

  493. 	struct dynsec__clientlist *clientlist;
    494. 

  494. 	struct dynsec__group *group;
    495. 

  495. 	int rc;
    496. 

  496. 

  497. 	client = dynsec_clients__find(username);
    498. 

  498. 	if(client == NULL){
    499. 

  499. 		return ERR_USER_NOT_FOUND;
    500. 

  500. 	}
    501. 

  501. 

  502. 	group = dynsec_groups__find(groupname);
    503. 

  503. 	if(group == NULL){
    504. 

  504. 		return ERR_GROUP_NOT_FOUND;
    505. 

  505. 	}
    506. 

  506. 

  507. 	HASH_FIND(hh, group->clientlist, username, strlen(username), clientlist);
    508. 

  508. 	if(clientlist != NULL){
    509. 

  509. 		/* Client is already in the group */
    510. 

  510. 		return MOSQ_ERR_ALREADY_EXISTS;
    511. 

  511. 	}
    512. 

  512. 

  513. 	rc = dynsec_clientlist__add(&group->clientlist, client, priority);
    514. 

  514. 	if(rc){
    515. 

  515. 		return rc;
    516. 

  516. 	}
    517. 

  517. 	rc = dynsec_grouplist__add(&client->grouplist, group, priority);
    518. 

  518. 	if(rc){
    519. 

  519. 		dynsec_clientlist__remove(&group->clientlist, client);
    520. 

  520. 		return rc;
    521. 

  521. 	}
    522. 

  522. 

  523. 	if(update_config){
    524. 

  524. 		dynsec__config_save();
    525. 

  525. 	}
    526. 

  526. 

  527. 	return MOSQ_ERR_SUCCESS;
    528. 

  528. }
    529. 

  529. 

  530. 

  531. int dynsec_groups__process_add_client(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    532. 

  532. {
    533. 

  533. 	char *username, *groupname;
    534. 

  534. 	int rc;
    535. 

  535. 	int priority;
    536. 

  536. 	const char *admin_clientid, *admin_username;
    537. 

  537. 

  538. 	if(json_get_string(command, "username", &username, false) != MOSQ_ERR_SUCCESS){
    539. 

  539. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Invalid/missing username", correlation_data);
    540. 

  540. 		return MOSQ_ERR_INVAL;
    541. 

  541. 	}
    542. 

  542. 	if(mosquitto_validate_utf8(username, (int)strlen(username)) != MOSQ_ERR_SUCCESS){
    543. 

  543. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Username not valid UTF-8", correlation_data);
    544. 

  544. 		return MOSQ_ERR_INVAL;
    545. 

  545. 	}
    546. 

  546. 

  547. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    548. 

  548. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Invalid/missing groupname", correlation_data);
    549. 

  549. 		return MOSQ_ERR_INVAL;
    550. 

  550. 	}
    551. 

  551. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    552. 

  552. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Group name not valid UTF-8", correlation_data);
    553. 

  553. 		return MOSQ_ERR_INVAL;
    554. 

  554. 	}
    555. 

  555. 

  556. 	json_get_int(command, "priority", &priority, true, -1);
    557. 

  557. 

  558. 	rc = dynsec_groups__add_client(username, groupname, priority, true);
    559. 

  559. 	if(rc == MOSQ_ERR_SUCCESS){
    560. 

  560. 		admin_clientid = mosquitto_client_id(context);
    561. 

  561. 		admin_username = mosquitto_client_username(context);
    562. 

  562. 		mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | addGroupClient | groupname=%s | username=%s | priority=%d",
    563. 

  563. 				admin_clientid, admin_username, groupname, username, priority);
    564. 

  564. 

  565. 		dynsec__command_reply(j_responses, context, "addGroupClient", NULL, correlation_data);
    566. 

  566. 	}else if(rc == ERR_USER_NOT_FOUND){
    567. 

  567. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Client not found", correlation_data);
    568. 

  568. 	}else if(rc == ERR_GROUP_NOT_FOUND){
    569. 

  569. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Group not found", correlation_data);
    570. 

  570. 	}else if(rc == MOSQ_ERR_ALREADY_EXISTS){
    571. 

  571. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Client is already in this group", correlation_data);
    572. 

  572. 	}else{
    573. 

  573. 		dynsec__command_reply(j_responses, context, "addGroupClient", "Internal error", correlation_data);
    574. 

  574. 	}
    575. 

  575. 

  576. 	/* Enforce any changes */
    577. 

  577. 	mosquitto_kick_client_by_username(username, false);
    578. 

  578. 

  579. 	return rc;
    580. 

  580. }
    581. 

  581. 

  582. 

  583. static int dynsec__remove_all_clients_from_group(struct dynsec__group *group)
    584. 

  584. {
    585. 

  585. 	struct dynsec__clientlist *clientlist, *clientlist_tmp = NULL;
    586. 

  586. 

  587. 	HASH_ITER(hh, group->clientlist, clientlist, clientlist_tmp){
    588. 

  588. 		/* Remove client stored group reference */
    589. 

  589. 		dynsec_grouplist__remove(&clientlist->client->grouplist, group);
    590. 

  590. 

  591. 		HASH_DELETE(hh, group->clientlist, clientlist);
    592. 

  592. 		mosquitto_free(clientlist);
    593. 

  593. 	}
    594. 

  594. 

  595. 	return MOSQ_ERR_SUCCESS;
    596. 

  596. }
    597. 

  597. 

  598. static int dynsec__remove_all_roles_from_group(struct dynsec__group *group)
    599. 

  599. {
    600. 

  600. 	struct dynsec__rolelist *rolelist, *rolelist_tmp = NULL;
    601. 

  601. 

  602. 	HASH_ITER(hh, group->rolelist, rolelist, rolelist_tmp){
    603. 

  603. 		dynsec_rolelist__group_remove(group, rolelist->role);
    604. 

  604. 	}
    605. 

  605. 

  606. 	return MOSQ_ERR_SUCCESS;
    607. 

  607. }
    608. 

  608. 

  609. int dynsec_groups__remove_client(const char *username, const char *groupname, bool update_config)
    610. 

  610. {
    611. 

  611. 	struct dynsec__client *client;
    612. 

  612. 	struct dynsec__group *group;
    613. 

  613. 

  614. 	client = dynsec_clients__find(username);
    615. 

  615. 	if(client == NULL){
    616. 

  616. 		return ERR_USER_NOT_FOUND;
    617. 

  617. 	}
    618. 

  618. 

  619. 	group = dynsec_groups__find(groupname);
    620. 

  620. 	if(group == NULL){
    621. 

  621. 		return ERR_GROUP_NOT_FOUND;
    622. 

  622. 	}
    623. 

  623. 

  624. 	dynsec_clientlist__remove(&group->clientlist, client);
    625. 

  625. 	dynsec_grouplist__remove(&client->grouplist, group);
    626. 

  626. 

  627. 	if(update_config){
    628. 

  628. 		dynsec__config_save();
    629. 

  629. 	}
    630. 

  630. 	return MOSQ_ERR_SUCCESS;
    631. 

  631. }
    632. 

  632. 

  633. int dynsec_groups__process_remove_client(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    634. 

  634. {
    635. 

  635. 	char *username, *groupname;
    636. 

  636. 	int rc;
    637. 

  637. 	const char *admin_clientid, *admin_username;
    638. 

  638. 

  639. 	if(json_get_string(command, "username", &username, false) != MOSQ_ERR_SUCCESS){
    640. 

  640. 		dynsec__command_reply(j_responses, context, "removeGroupClient", "Invalid/missing username", correlation_data);
    641. 

  641. 		return MOSQ_ERR_INVAL;
    642. 

  642. 	}
    643. 

  643. 	if(mosquitto_validate_utf8(username, (int)strlen(username)) != MOSQ_ERR_SUCCESS){
    644. 

  644. 		dynsec__command_reply(j_responses, context, "removeGroupClient", "Username not valid UTF-8", correlation_data);
    645. 

  645. 		return MOSQ_ERR_INVAL;
    646. 

  646. 	}
    647. 

  647. 

  648. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    649. 

  649. 		dynsec__command_reply(j_responses, context, "removeGroupClient", "Invalid/missing groupname", correlation_data);
    650. 

  650. 		return MOSQ_ERR_INVAL;
    651. 

  651. 	}
    652. 

  652. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    653. 

  653. 		dynsec__command_reply(j_responses, context, "removeGroupClient", "Group name not valid UTF-8", correlation_data);
    654. 

  654. 		return MOSQ_ERR_INVAL;
    655. 

  655. 	}
    656. 

  656. 

  657. 	rc = dynsec_groups__remove_client(username, groupname, true);
    658. 

  658. 	if(rc == MOSQ_ERR_SUCCESS){
    659. 

  659. 		admin_clientid = mosquitto_client_id(context);
    660. 

  660. 		admin_username = mosquitto_client_username(context);
    661. 

  661. 		mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | removeGroupClient | groupname=%s | username=%s",
    662. 

  662. 				admin_clientid, admin_username, groupname, username);
    663. 

  663. 

  664. 		dynsec__command_reply(j_responses, context, "removeGroupClient", NULL, correlation_data);
    665. 

  665. 	}else if(rc == ERR_USER_NOT_FOUND){
    666. 

  666. 		dynsec__command_reply(j_responses, context, "removeGroupClient", "Client not found", correlation_data);
    667. 

  667. 	}else if(rc == ERR_GROUP_NOT_FOUND){
    668. 

  668. 		dynsec__command_reply(j_responses, context, "removeGroupClient", "Group not found", correlation_data);
    669. 

  669. 	}else{
    670. 

  670. 		dynsec__command_reply(j_responses, context, "removeGroupClient", "Internal error", correlation_data);
    671. 

  671. 	}
    672. 

  672. 

  673. 	/* Enforce any changes */
    674. 

  674. 	mosquitto_kick_client_by_username(username, false);
    675. 

  675. 

  676. 	return rc;
    677. 

  677. }
    678. 

  678. 

  679. 

  680. static cJSON *add_group_to_json(struct dynsec__group *group)
    681. 

  681. {
    682. 

  682. 	cJSON *j_group, *jtmp, *j_clientlist, *j_client, *j_rolelist;
    683. 

  683. 	struct dynsec__clientlist *clientlist, *clientlist_tmp = NULL;
    684. 

  684. 

  685. 	j_group = cJSON_CreateObject();
    686. 

  686. 	if(j_group == NULL){
    687. 

  687. 		return NULL;
    688. 

  688. 	}
    689. 

  689. 

  690. 	if(cJSON_AddStringToObject(j_group, "groupname", group->groupname) == NULL
    691. 

  691. 			|| (group->text_name && cJSON_AddStringToObject(j_group, "textname", group->text_name) == NULL)
    692. 

  692. 			|| (group->text_description && cJSON_AddStringToObject(j_group, "textdescription", group->text_description) == NULL)
    693. 

  693. 			|| (j_clientlist = cJSON_AddArrayToObject(j_group, "clients")) == NULL
    694. 

  694. 			){
    695. 

  695. 

  696. 		cJSON_Delete(j_group);
    697. 

  697. 		return NULL;
    698. 

  698. 	}
    699. 

  699. 

  700. 	HASH_ITER(hh, group->clientlist, clientlist, clientlist_tmp){
    701. 

  701. 		j_client = cJSON_CreateObject();
    702. 

  702. 		if(j_client == NULL){
    703. 

  703. 			cJSON_Delete(j_group);
    704. 

  704. 			return NULL;
    705. 

  705. 		}
    706. 

  706. 		cJSON_AddItemToArray(j_clientlist, j_client);
    707. 

  707. 

  708. 		jtmp = cJSON_CreateStringReference(clientlist->client->username);
    709. 

  709. 		if(jtmp == NULL){
    710. 

  710. 			cJSON_Delete(j_group);
    711. 

  711. 			return NULL;
    712. 

  712. 		}
    713. 

  713. 		cJSON_AddItemToObject(j_client, "username", jtmp);
    714. 

  714. 	}
    715. 

  715. 

  716. 	j_rolelist = dynsec_rolelist__all_to_json(group->rolelist);
    717. 

  717. 	if(j_rolelist == NULL){
    718. 

  718. 		cJSON_Delete(j_group);
    719. 

  719. 		return NULL;
    720. 

  720. 	}
    721. 

  721. 	cJSON_AddItemToObject(j_group, "roles", j_rolelist);
    722. 

  722. 

  723. 	return j_group;
    724. 

  724. }
    725. 

  725. 

  726. 

  727. int dynsec_groups__process_list(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    728. 

  728. {
    729. 

  729. 	bool verbose;
    730. 

  730. 	cJSON *tree, *j_groups, *j_group, *j_data;
    731. 

  731. 	struct dynsec__group *group, *group_tmp = NULL;
    732. 

  732. 	int i, count, offset;
    733. 

  733. 	const char *admin_clientid, *admin_username;
    734. 

  734. 

  735. 	json_get_bool(command, "verbose", &verbose, true, false);
    736. 

  736. 	json_get_int(command, "count", &count, true, -1);
    737. 

  737. 	json_get_int(command, "offset", &offset, true, 0);
    738. 

  738. 

  739. 	tree = cJSON_CreateObject();
    740. 

  740. 	if(tree == NULL){
    741. 

  741. 		dynsec__command_reply(j_responses, context, "listGroups", "Internal error", correlation_data);
    742. 

  742. 		return MOSQ_ERR_NOMEM;
    743. 

  743. 	}
    744. 

  744. 

  745. 	if(cJSON_AddStringToObject(tree, "command", "listGroups") == NULL
    746. 

  746. 			|| (j_data = cJSON_AddObjectToObject(tree, "data")) == NULL
    747. 

  747. 			|| cJSON_AddIntToObject(j_data, "totalCount", (int)HASH_CNT(hh, local_groups)) == NULL
    748. 

  748. 			|| (j_groups = cJSON_AddArrayToObject(j_data, "groups")) == NULL
    749. 

  749. 			|| (correlation_data && cJSON_AddStringToObject(tree, "correlationData", correlation_data) == NULL)
    750. 

  750. 			){
    751. 

  751. 

  752. 		cJSON_Delete(tree);
    753. 

  753. 		dynsec__command_reply(j_responses, context, "listGroups", "Internal error", correlation_data);
    754. 

  754. 		return MOSQ_ERR_NOMEM;
    755. 

  755. 	}
    756. 

  756. 

  757. 	i = 0;
    758. 

  758. 	HASH_ITER(hh, local_groups, group, group_tmp){
    759. 

  759. 		if(i>=offset){
    760. 

  760. 			if(verbose){
    761. 

  761. 				j_group = add_group_to_json(group);
    762. 

  762. 				if(j_group == NULL){
    763. 

  763. 					cJSON_Delete(tree);
    764. 

  764. 					dynsec__command_reply(j_responses, context, "listGroups", "Internal error", correlation_data);
    765. 

  765. 					return MOSQ_ERR_NOMEM;
    766. 

  766. 				}
    767. 

  767. 				cJSON_AddItemToArray(j_groups, j_group);
    768. 

  768. 

  769. 			}else{
    770. 

  770. 				j_group = cJSON_CreateString(group->groupname);
    771. 

  771. 				if(j_group){
    772. 

  772. 					cJSON_AddItemToArray(j_groups, j_group);
    773. 

  773. 				}else{
    774. 

  774. 					cJSON_Delete(tree);
    775. 

  775. 					dynsec__command_reply(j_responses, context, "listGroups", "Internal error", correlation_data);
    776. 

  776. 					return MOSQ_ERR_NOMEM;
    777. 

  777. 				}
    778. 

  778. 			}
    779. 

  779. 

  780. 			if(count >= 0){
    781. 

  781. 				count--;
    782. 

  782. 				if(count <= 0){
    783. 

  783. 					break;
    784. 

  784. 				}
    785. 

  785. 			}
    786. 

  786. 		}
    787. 

  787. 		i++;
    788. 

  788. 	}
    789. 

  789. 

  790. 	cJSON_AddItemToArray(j_responses, tree);
    791. 

  791. 

  792. 	admin_clientid = mosquitto_client_id(context);
    793. 

  793. 	admin_username = mosquitto_client_username(context);
    794. 

  794. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | listGroups | verbose=%s | count=%d | offset=%d",
    795. 

  795. 			admin_clientid, admin_username, verbose?"true":"false", count, offset);
    796. 

  796. 

  797. 	return MOSQ_ERR_SUCCESS;
    798. 

  798. }
    799. 

  799. 

  800. 

  801. int dynsec_groups__process_get(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    802. 

  802. {
    803. 

  803. 	char *groupname;
    804. 

  804. 	cJSON *tree, *j_group, *j_data;
    805. 

  805. 	struct dynsec__group *group;
    806. 

  806. 	const char *admin_clientid, *admin_username;
    807. 

  807. 

  808. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    809. 

  809. 		dynsec__command_reply(j_responses, context, "getGroup", "Invalid/missing groupname", correlation_data);
    810. 

  810. 		return MOSQ_ERR_INVAL;
    811. 

  811. 	}
    812. 

  812. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    813. 

  813. 		dynsec__command_reply(j_responses, context, "getGroup", "Group name not valid UTF-8", correlation_data);
    814. 

  814. 		return MOSQ_ERR_INVAL;
    815. 

  815. 	}
    816. 

  816. 

  817. 	tree = cJSON_CreateObject();
    818. 

  818. 	if(tree == NULL){
    819. 

  819. 		dynsec__command_reply(j_responses, context, "getGroup", "Internal error", correlation_data);
    820. 

  820. 		return MOSQ_ERR_NOMEM;
    821. 

  821. 	}
    822. 

  822. 

  823. 	if(cJSON_AddStringToObject(tree, "command", "getGroup") == NULL
    824. 

  824. 			|| (j_data = cJSON_AddObjectToObject(tree, "data")) == NULL
    825. 

  825. 			|| (correlation_data && cJSON_AddStringToObject(tree, "correlationData", correlation_data) == NULL)
    826. 

  826. 			){
    827. 

  827. 

  828. 		cJSON_Delete(tree);
    829. 

  829. 		dynsec__command_reply(j_responses, context, "getGroup", "Internal error", correlation_data);
    830. 

  830. 		return MOSQ_ERR_NOMEM;
    831. 

  831. 	}
    832. 

  832. 

  833. 	group = dynsec_groups__find(groupname);
    834. 

  834. 	if(group){
    835. 

  835. 		j_group = add_group_to_json(group);
    836. 

  836. 		if(j_group == NULL){
    837. 

  837. 			cJSON_Delete(tree);
    838. 

  838. 			dynsec__command_reply(j_responses, context, "getGroup", "Internal error", correlation_data);
    839. 

  839. 			return MOSQ_ERR_NOMEM;
    840. 

  840. 		}
    841. 

  841. 		cJSON_AddItemToObject(j_data, "group", j_group);
    842. 

  842. 	}else{
    843. 

  843. 		cJSON_Delete(tree);
    844. 

  844. 		dynsec__command_reply(j_responses, context, "getGroup", "Group not found", correlation_data);
    845. 

  845. 		return MOSQ_ERR_NOMEM;
    846. 

  846. 	}
    847. 

  847. 

  848. 	cJSON_AddItemToArray(j_responses, tree);
    849. 

  849. 

  850. 	admin_clientid = mosquitto_client_id(context);
    851. 

  851. 	admin_username = mosquitto_client_username(context);
    852. 

  852. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | getGroup | groupname=%s",
    853. 

  853. 			admin_clientid, admin_username, groupname);
    854. 

  854. 

  855. 	return MOSQ_ERR_SUCCESS;
    856. 

  856. }
    857. 

  857. 

  858. 

  859. int dynsec_groups__process_remove_role(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    860. 

  860. {
    861. 

  861. 	char *groupname, *rolename;
    862. 

  862. 	struct dynsec__group *group;
    863. 

  863. 	struct dynsec__role *role;
    864. 

  864. 	const char *admin_clientid, *admin_username;
    865. 

  865. 

  866. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    867. 

  867. 		dynsec__command_reply(j_responses, context, "removeGroupRole", "Invalid/missing groupname", correlation_data);
    868. 

  868. 		return MOSQ_ERR_INVAL;
    869. 

  869. 	}
    870. 

  870. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    871. 

  871. 		dynsec__command_reply(j_responses, context, "removeGroupRole", "Group name not valid UTF-8", correlation_data);
    872. 

  872. 		return MOSQ_ERR_INVAL;
    873. 

  873. 	}
    874. 

  874. 

  875. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    876. 

  876. 		dynsec__command_reply(j_responses, context, "removeGroupRole", "Invalid/missing rolename", correlation_data);
    877. 

  877. 		return MOSQ_ERR_INVAL;
    878. 

  878. 	}
    879. 

  879. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    880. 

  880. 		dynsec__command_reply(j_responses, context, "removeGroupRole", "Role name not valid UTF-8", correlation_data);
    881. 

  881. 		return MOSQ_ERR_INVAL;
    882. 

  882. 	}
    883. 

  883. 

  884. 	group = dynsec_groups__find(groupname);
    885. 

  885. 	if(group == NULL){
    886. 

  886. 		dynsec__command_reply(j_responses, context, "removeGroupRole", "Group not found", correlation_data);
    887. 

  887. 		return MOSQ_ERR_SUCCESS;
    888. 

  888. 	}
    889. 

  889. 

  890. 	role = dynsec_roles__find(rolename);
    891. 

  891. 	if(role == NULL){
    892. 

  892. 		dynsec__command_reply(j_responses, context, "removeGroupRole", "Role not found", correlation_data);
    893. 

  893. 		return MOSQ_ERR_SUCCESS;
    894. 

  894. 	}
    895. 

  895. 

  896. 	dynsec_rolelist__group_remove(group, role);
    897. 

  897. 	dynsec__config_save();
    898. 

  898. 	dynsec__command_reply(j_responses, context, "removeGroupRole", NULL, correlation_data);
    899. 

  899. 

  900. 	/* Enforce any changes */
    901. 

  901. 	group__kick_all(group);
    902. 

  902. 

  903. 	admin_clientid = mosquitto_client_id(context);
    904. 

  904. 	admin_username = mosquitto_client_username(context);
    905. 

  905. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | removeGroupRole | groupname=%s | rolename=%s",
    906. 

  906. 			admin_clientid, admin_username, groupname, rolename);
    907. 

  907. 

  908. 	return MOSQ_ERR_SUCCESS;
    909. 

  909. }
    910. 

  910. 

  911. 

  912. int dynsec_groups__process_modify(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    913. 

  913. {
    914. 

  914. 	char *groupname;
    915. 

  915. 	char *text_name, *text_description;
    916. 

  916. 	struct dynsec__group *group;
    917. 

  917. 	struct dynsec__rolelist *rolelist = NULL;
    918. 

  918. 	char *str;
    919. 

  919. 	int rc;
    920. 

  920. 	int priority;
    921. 

  921. 	cJSON *j_client, *j_clients, *jtmp;
    922. 

  922. 	const char *admin_clientid, *admin_username;
    923. 

  923. 

  924. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    925. 

  925. 		dynsec__command_reply(j_responses, context, "modifyGroup", "Invalid/missing groupname", correlation_data);
    926. 

  926. 		return MOSQ_ERR_INVAL;
    927. 

  927. 	}
    928. 

  928. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    929. 

  929. 		dynsec__command_reply(j_responses, context, "modifyGroup", "Group name not valid UTF-8", correlation_data);
    930. 

  930. 		return MOSQ_ERR_INVAL;
    931. 

  931. 	}
    932. 

  932. 

  933. 	group = dynsec_groups__find(groupname);
    934. 

  934. 	if(group == NULL){
    935. 

  935. 		dynsec__command_reply(j_responses, context, "modifyGroup", "Group not found", correlation_data);
    936. 

  936. 		return MOSQ_ERR_INVAL;
    937. 

  937. 	}
    938. 

  938. 

  939. 	if(json_get_string(command, "textname", &text_name, false) == MOSQ_ERR_SUCCESS){
    940. 

  940. 		str = mosquitto_strdup(text_name);
    941. 

  941. 		if(str == NULL){
    942. 

  942. 			dynsec__command_reply(j_responses, context, "modifyGroup", "Internal error", correlation_data);
    943. 

  943. 			return MOSQ_ERR_NOMEM;
    944. 

  944. 		}
    945. 

  945. 		mosquitto_free(group->text_name);
    946. 

  946. 		group->text_name = str;
    947. 

  947. 	}
    948. 

  948. 

  949. 	if(json_get_string(command, "textdescription", &text_description, false) == MOSQ_ERR_SUCCESS){
    950. 

  950. 		str = mosquitto_strdup(text_description);
    951. 

  951. 		if(str == NULL){
    952. 

  952. 			dynsec__command_reply(j_responses, context, "modifyGroup", "Internal error", correlation_data);
    953. 

  953. 			return MOSQ_ERR_NOMEM;
    954. 

  954. 		}
    955. 

  955. 		mosquitto_free(group->text_description);
    956. 

  956. 		group->text_description = str;
    957. 

  957. 	}
    958. 

  958. 

  959. 	rc = dynsec_rolelist__load_from_json(command, &rolelist);
    960. 

  960. 	if(rc == MOSQ_ERR_SUCCESS){
    961. 

  961. 		dynsec_rolelist__cleanup(&group->rolelist);
    962. 

  962. 		group->rolelist = rolelist;
    963. 

  963. 	}else if(rc == ERR_LIST_NOT_FOUND){
    964. 

  964. 		/* There was no list in the JSON, so no modification */
    965. 

  965. 	}else if(rc == MOSQ_ERR_NOT_FOUND){
    966. 

  966. 		dynsec__command_reply(j_responses, context, "modifyGroup", "Role not found", correlation_data);
    967. 

  967. 		dynsec_rolelist__cleanup(&rolelist);
    968. 

  968. 		group__kick_all(group);
    969. 

  969. 		return MOSQ_ERR_INVAL;
    970. 

  970. 	}else{
    971. 

  971. 		if(rc == MOSQ_ERR_INVAL){
    972. 

  972. 			dynsec__command_reply(j_responses, context, "modifyGroup", "'roles' not an array or missing/invalid rolename", correlation_data);
    973. 

  973. 		}else{
    974. 

  974. 			dynsec__command_reply(j_responses, context, "modifyGroup", "Internal error", correlation_data);
    975. 

  975. 		}
    976. 

  976. 		dynsec_rolelist__cleanup(&rolelist);
    977. 

  977. 		group__kick_all(group);
    978. 

  978. 		return MOSQ_ERR_INVAL;
    979. 

  979. 	}
    980. 

  980. 

  981. 	j_clients = cJSON_GetObjectItem(command, "clients");
    982. 

  982. 	if(j_clients && cJSON_IsArray(j_clients)){
    983. 

  983. 		dynsec__remove_all_clients_from_group(group);
    984. 

  984. 

  985. 		cJSON_ArrayForEach(j_client, j_clients){
    986. 

  986. 			if(cJSON_IsObject(j_client)){
    987. 

  987. 				jtmp = cJSON_GetObjectItem(j_client, "username");
    988. 

  988. 				if(jtmp && cJSON_IsString(jtmp)){
    989. 

  989. 					json_get_int(j_client, "priority", &priority, true, -1);
    990. 

  990. 					dynsec_groups__add_client(jtmp->valuestring, groupname, priority, false);
    991. 

  991. 				}
    992. 

  992. 			}
    993. 

  993. 		}
    994. 

  994. 	}
    995. 

  995. 

  996. 	dynsec__config_save();
    997. 

  997. 

  998. 	dynsec__command_reply(j_responses, context, "modifyGroup", NULL, correlation_data);
    999. 

  999. 

  1000. 	/* Enforce any changes */
    1001. 

  1001. 	group__kick_all(group);
    1002. 

  1002. 

  1003. 	admin_clientid = mosquitto_client_id(context);
    1004. 

  1004. 	admin_username = mosquitto_client_username(context);
    1005. 

  1005. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | modifyGroup | groupname=%s",
    1006. 

  1006. 			admin_clientid, admin_username, groupname);
    1007. 

  1007. 

  1008. 	return MOSQ_ERR_SUCCESS;
    1009. 

  1009. }
    1010. 

  1010. 

  1011. 

  1012. int dynsec_groups__process_set_anonymous_group(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    1013. 

  1013. {
    1014. 

  1014. 	char *groupname;
    1015. 

  1015. 	struct dynsec__group *group = NULL;
    1016. 

  1016. 	const char *admin_clientid, *admin_username;
    1017. 

  1017. 

  1018. 	if(json_get_string(command, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
    1019. 

  1019. 		dynsec__command_reply(j_responses, context, "setAnonymousGroup", "Invalid/missing groupname", correlation_data);
    1020. 

  1020. 		return MOSQ_ERR_INVAL;
    1021. 

  1021. 	}
    1022. 

  1022. 	if(mosquitto_validate_utf8(groupname, (int)strlen(groupname)) != MOSQ_ERR_SUCCESS){
    1023. 

  1023. 		dynsec__command_reply(j_responses, context, "setAnonymousGroup", "Group name not valid UTF-8", correlation_data);
    1024. 

  1024. 		return MOSQ_ERR_INVAL;
    1025. 

  1025. 	}
    1026. 

  1026. 

  1027. 	group = dynsec_groups__find(groupname);
    1028. 

  1028. 	if(group == NULL){
    1029. 

  1029. 		dynsec__command_reply(j_responses, context, "setAnonymousGroup", "Group not found", correlation_data);
    1030. 

  1030. 		return MOSQ_ERR_SUCCESS;
    1031. 

  1031. 	}
    1032. 

  1032. 

  1033. 	dynsec_anonymous_group = group;
    1034. 

  1034. 

  1035. 	dynsec__config_save();
    1036. 

  1036. 	dynsec__command_reply(j_responses, context, "setAnonymousGroup", NULL, correlation_data);
    1037. 

  1037. 

  1038. 	/* Enforce any changes */
    1039. 

  1039. 	mosquitto_kick_client_by_username(NULL, false);
    1040. 

  1040. 

  1041. 	admin_clientid = mosquitto_client_id(context);
    1042. 

  1042. 	admin_username = mosquitto_client_username(context);
    1043. 

  1043. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | setAnonymousGroup | groupname=%s",
    1044. 

  1044. 			admin_clientid, admin_username, groupname);
    1045. 

  1045. 

  1046. 	return MOSQ_ERR_SUCCESS;
    1047. 

  1047. }
    1048. 

  1048. 

  1049. int dynsec_groups__process_get_anonymous_group(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    1050. 

  1050. {
    1051. 

  1051. 	cJSON *tree, *j_data, *j_group;
    1052. 

  1052. 	const char *groupname;
    1053. 

  1053. 	const char *admin_clientid, *admin_username;
    1054. 

  1054. 

  1055. 	UNUSED(command);
    1056. 

  1056. 

  1057. 	tree = cJSON_CreateObject();
    1058. 

  1058. 	if(tree == NULL){
    1059. 

  1059. 		dynsec__command_reply(j_responses, context, "getAnonymousGroup", "Internal error", correlation_data);
    1060. 

  1060. 		return MOSQ_ERR_NOMEM;
    1061. 

  1061. 	}
    1062. 

  1062. 

  1063. 	if(dynsec_anonymous_group){
    1064. 

  1064. 		groupname = dynsec_anonymous_group->groupname;
    1065. 

  1065. 	}else{
    1066. 

  1066. 		groupname = "";
    1067. 

  1067. 	}
    1068. 

  1068. 

  1069. 	if(cJSON_AddStringToObject(tree, "command", "getAnonymousGroup") == NULL
    1070. 

  1070. 			|| (j_data = cJSON_AddObjectToObject(tree, "data")) == NULL
    1071. 

  1071. 			|| (j_group = cJSON_AddObjectToObject(j_data, "group")) == NULL
    1072. 

  1072. 			|| cJSON_AddStringToObject(j_group, "groupname", groupname) == NULL
    1073. 

  1073. 			|| (correlation_data && cJSON_AddStringToObject(tree, "correlationData", correlation_data) == NULL)
    1074. 

  1074. 			){
    1075. 

  1075. 

  1076. 		cJSON_Delete(tree);
    1077. 

  1077. 		dynsec__command_reply(j_responses, context, "getAnonymousGroup", "Internal error", correlation_data);
    1078. 

  1078. 		return MOSQ_ERR_NOMEM;
    1079. 

  1079. 	}
    1080. 

  1080. 

  1081. 	cJSON_AddItemToArray(j_responses, tree);
    1082. 

  1082. 

  1083. 	admin_clientid = mosquitto_client_id(context);
    1084. 

  1084. 	admin_username = mosquitto_client_username(context);
    1085. 

  1085. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | getAnonymousGroup",
    1086. 

  1086. 			admin_clientid, admin_username);
    1087. 

  1087. 

  1088. 	return MOSQ_ERR_SUCCESS;
    1089. 

  1089. }
    1090.