Home Explore Help
Sign In
SoftwareDesign
/
csu3_am335x
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
csu3_am335x
/
EVSE
/
GPL
/
mosquitto-2.0.13
/
plugins
/
dynamic-security
/
roles.c

roles.c 29 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915 
  1. /*
    2. 

  2. Copyright (c) 2020 Roger Light <roger@atchoo.org>
    3. 

  3. 

  4. All rights reserved. This program and the accompanying materials
    5. 

  5. are made available under the terms of the Eclipse Public License 2.0
    6. 

  6. and Eclipse Distribution License v1.0 which accompany this distribution.
    7. 

  7. 

  8. The Eclipse Public License is available at
    9. 

  9.    https://www.eclipse.org/legal/epl-2.0/
    10. 

  10. and the Eclipse Distribution License is available at
    11. 

  11.   http://www.eclipse.org/org/documents/edl-v10.php.
    12. 

  12. 

  13. SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
    14. 

  14. 

  15. Contributors:
    16. 

  16.    Roger Light - initial implementation and documentation.
    17. 

  17. */
    18. 

  18. 

  19. #include "config.h"
    20. 

  20. 

  21. #include <cjson/cJSON.h>
    22. 

  22. #include <stdio.h>
    23. 

  23. #include <string.h>
    24. 

  24. #include <uthash.h>
    25. 

  25. #include <utlist.h>
    26. 

  26. 

  27. #include "dynamic_security.h"
    28. 

  28. #include "json_help.h"
    29. 

  29. #include "mosquitto.h"
    30. 

  30. #include "mosquitto_broker.h"
    31. 

  31. 

  32. 

  33. static cJSON *add_role_to_json(struct dynsec__role *role, bool verbose);
    34. 

  34. static void role__remove_all_clients(struct dynsec__role *role);
    35. 

  35. 

  36. /* ################################################################
    37. 

  37.  * #
    38. 

  38.  * # Local variables
    39. 

  39.  * #
    40. 

  40.  * ################################################################ */
    41. 

  41. 

  42. static struct dynsec__role *local_roles = NULL;
    43. 

  43. 

  44. 

  45. /* ################################################################
    46. 

  46.  * #
    47. 

  47.  * # Utility functions
    48. 

  48.  * #
    49. 

  49.  * ################################################################ */
    50. 

  50. 

  51. static int role_cmp(void *a, void *b)
    52. 

  52. {
    53. 

  53. 	struct dynsec__role *role_a = a;
    54. 

  54. 	struct dynsec__role *role_b = b;
    55. 

  55. 

  56. 	return strcmp(role_a->rolename, role_b->rolename);
    57. 

  57. }
    58. 

  58. 

  59. 

  60. static void role__free_acl(struct dynsec__acl **acl, struct dynsec__acl *item)
    61. 

  61. {
    62. 

  62. 	HASH_DELETE(hh, *acl, item);
    63. 

  63. 	mosquitto_free(item->topic);
    64. 

  64. 	mosquitto_free(item);
    65. 

  65. }
    66. 

  66. 

  67. static void role__free_all_acls(struct dynsec__acl **acl)
    68. 

  68. {
    69. 

  69. 	struct dynsec__acl *iter, *tmp = NULL;
    70. 

  70. 

  71. 	HASH_ITER(hh, *acl, iter, tmp){
    72. 

  72. 		role__free_acl(acl, iter);
    73. 

  73. 	}
    74. 

  74. }
    75. 

  75. 

  76. static void role__free_item(struct dynsec__role *role, bool remove_from_hash)
    77. 

  77. {
    78. 

  78. 	if(remove_from_hash){
    79. 

  79. 		HASH_DEL(local_roles, role);
    80. 

  80. 	}
    81. 

  81. 	dynsec_clientlist__cleanup(&role->clientlist);
    82. 

  82. 	dynsec_grouplist__cleanup(&role->grouplist);
    83. 

  83. 	mosquitto_free(role->text_name);
    84. 

  84. 	mosquitto_free(role->text_description);
    85. 

  85. 	mosquitto_free(role->rolename);
    86. 

  86. 	role__free_all_acls(&role->acls.publish_c_send);
    87. 

  87. 	role__free_all_acls(&role->acls.publish_c_recv);
    88. 

  88. 	role__free_all_acls(&role->acls.subscribe_literal);
    89. 

  89. 	role__free_all_acls(&role->acls.subscribe_pattern);
    90. 

  90. 	role__free_all_acls(&role->acls.unsubscribe_literal);
    91. 

  91. 	role__free_all_acls(&role->acls.unsubscribe_pattern);
    92. 

  92. 	mosquitto_free(role);
    93. 

  93. }
    94. 

  94. 

  95. struct dynsec__role *dynsec_roles__find(const char *rolename)
    96. 

  96. {
    97. 

  97. 	struct dynsec__role *role = NULL;
    98. 

  98. 

  99. 	if(rolename){
    100. 

  100. 		HASH_FIND(hh, local_roles, rolename, strlen(rolename), role);
    101. 

  101. 	}
    102. 

  102. 	return role;
    103. 

  103. }
    104. 

  104. 

  105. 

  106. void dynsec_roles__cleanup(void)
    107. 

  107. {
    108. 

  108. 	struct dynsec__role *role, *role_tmp = NULL;
    109. 

  109. 

  110. 	HASH_ITER(hh, local_roles, role, role_tmp){
    111. 

  111. 		role__free_item(role, true);
    112. 

  112. 	}
    113. 

  113. }
    114. 

  114. 

  115. 

  116. static void role__kick_all(struct dynsec__role *role)
    117. 

  117. {
    118. 

  118. 	struct dynsec__grouplist *grouplist, *grouplist_tmp = NULL;
    119. 

  119. 

  120. 	dynsec_clientlist__kick_all(role->clientlist);
    121. 

  121. 

  122. 	HASH_ITER(hh, role->grouplist, grouplist, grouplist_tmp){
    123. 

  123. 		if(grouplist->group == dynsec_anonymous_group){
    124. 

  124. 			mosquitto_kick_client_by_username(NULL, false);
    125. 

  125. 		}
    126. 

  126. 		dynsec_clientlist__kick_all(grouplist->group->clientlist);
    127. 

  127. 	}
    128. 

  128. }
    129. 

  129. 

  130. 

  131. /* ################################################################
    132. 

  132.  * #
    133. 

  133.  * # Config file load and save
    134. 

  134.  * #
    135. 

  135.  * ################################################################ */
    136. 

  136. 

  137. 

  138. static int add_single_acl_to_json(cJSON *j_array, const char *acl_type, struct dynsec__acl *acl)
    139. 

  139. {
    140. 

  140. 	struct dynsec__acl *iter, *tmp = NULL;
    141. 

  141. 	cJSON *j_acl;
    142. 

  142. 

  143. 	HASH_ITER(hh, acl, iter, tmp){
    144. 

  144. 		j_acl = cJSON_CreateObject();
    145. 

  145. 		if(j_acl == NULL){
    146. 

  146. 			return 1;
    147. 

  147. 		}
    148. 

  148. 		cJSON_AddItemToArray(j_array, j_acl);
    149. 

  149. 

  150. 		if(cJSON_AddStringToObject(j_acl, "acltype", acl_type) == NULL
    151. 

  151. 				|| cJSON_AddStringToObject(j_acl, "topic", iter->topic) == NULL
    152. 

  152. 				|| cJSON_AddIntToObject(j_acl, "priority", iter->priority) == NULL
    153. 

  153. 				|| cJSON_AddBoolToObject(j_acl, "allow", iter->allow) == NULL
    154. 

  154. 				){
    155. 

  155. 

  156. 			return 1;
    157. 

  157. 		}
    158. 

  158. 	}
    159. 

  159. 

  160. 

  161. 	return 0;
    162. 

  162. }
    163. 

  163. 

  164. static int add_acls_to_json(cJSON *j_role, struct dynsec__role *role)
    165. 

  165. {
    166. 

  166. 	cJSON *j_acls;
    167. 

  167. 

  168. 	if((j_acls = cJSON_AddArrayToObject(j_role, "acls")) == NULL){
    169. 

  169. 		return 1;
    170. 

  170. 	}
    171. 

  171. 

  172. 	if(add_single_acl_to_json(j_acls, ACL_TYPE_PUB_C_SEND, role->acls.publish_c_send) != MOSQ_ERR_SUCCESS
    173. 

  173. 			|| add_single_acl_to_json(j_acls, ACL_TYPE_PUB_C_RECV, role->acls.publish_c_recv) != MOSQ_ERR_SUCCESS
    174. 

  174. 			|| add_single_acl_to_json(j_acls, ACL_TYPE_SUB_LITERAL, role->acls.subscribe_literal) != MOSQ_ERR_SUCCESS
    175. 

  175. 			|| add_single_acl_to_json(j_acls, ACL_TYPE_SUB_PATTERN, role->acls.subscribe_pattern) != MOSQ_ERR_SUCCESS
    176. 

  176. 			|| add_single_acl_to_json(j_acls, ACL_TYPE_UNSUB_LITERAL, role->acls.unsubscribe_literal) != MOSQ_ERR_SUCCESS
    177. 

  177. 			|| add_single_acl_to_json(j_acls, ACL_TYPE_UNSUB_PATTERN, role->acls.unsubscribe_pattern) != MOSQ_ERR_SUCCESS
    178. 

  178. 			){
    179. 

  179. 

  180. 		return 1;
    181. 

  181. 	}
    182. 

  182. 	return 0;
    183. 

  183. }
    184. 

  184. 

  185. int dynsec_roles__config_save(cJSON *tree)
    186. 

  186. {
    187. 

  187. 	cJSON *j_roles, *j_role;
    188. 

  188. 	struct dynsec__role *role, *role_tmp = NULL;
    189. 

  189. 

  190. 	if((j_roles = cJSON_AddArrayToObject(tree, "roles")) == NULL){
    191. 

  191. 		return 1;
    192. 

  192. 	}
    193. 

  193. 

  194. 	HASH_ITER(hh, local_roles, role, role_tmp){
    195. 

  195. 		j_role = add_role_to_json(role, true);
    196. 

  196. 		if(j_role == NULL){
    197. 

  197. 			return 1;
    198. 

  198. 		}
    199. 

  199. 		cJSON_AddItemToArray(j_roles, j_role);
    200. 

  200. 	}
    201. 

  201. 

  202. 	return 0;
    203. 

  203. }
    204. 

  204. 

  205. 

  206. static int insert_acl_cmp(struct dynsec__acl *a, struct dynsec__acl *b)
    207. 

  207. {
    208. 

  208. 	return b->priority - a->priority;
    209. 

  209. }
    210. 

  210. 

  211. 

  212. static int dynsec_roles__acl_load(cJSON *j_acls, const char *key, struct dynsec__acl **acllist)
    213. 

  213. {
    214. 

  214. 	cJSON *j_acl, *j_type, *jtmp;
    215. 

  215. 	struct dynsec__acl *acl;
    216. 

  216. 

  217. 	cJSON_ArrayForEach(j_acl, j_acls){
    218. 

  218. 		j_type = cJSON_GetObjectItem(j_acl, "acltype");
    219. 

  219. 		if(j_type == NULL || !cJSON_IsString(j_type) || strcasecmp(j_type->valuestring, key) != 0){
    220. 

  220. 			continue;
    221. 

  221. 		}
    222. 

  222. 		acl = mosquitto_calloc(1, sizeof(struct dynsec__acl));
    223. 

  223. 		if(acl == NULL){
    224. 

  224. 			return 1;
    225. 

  225. 		}
    226. 

  226. 

  227. 		json_get_int(j_acl, "priority", &acl->priority, true, 0);
    228. 

  228. 		json_get_bool(j_acl, "allow", &acl->allow, true, false);
    229. 

  229. 

  230. 		jtmp = cJSON_GetObjectItem(j_acl, "allow");
    231. 

  231. 		if(jtmp && cJSON_IsBool(jtmp)){
    232. 

  232. 			acl->allow = cJSON_IsTrue(jtmp);
    233. 

  233. 		}
    234. 

  234. 

  235. 		jtmp = cJSON_GetObjectItem(j_acl, "topic");
    236. 

  236. 		if(jtmp && cJSON_IsString(jtmp)){
    237. 

  237. 			acl->topic = mosquitto_strdup(jtmp->valuestring);
    238. 

  238. 		}
    239. 

  239. 

  240. 		if(acl->topic == NULL){
    241. 

  241. 			mosquitto_free(acl);
    242. 

  242. 			continue;
    243. 

  243. 		}
    244. 

  244. 

  245. 		HASH_ADD_KEYPTR_INORDER(hh, *acllist, acl->topic, strlen(acl->topic), acl, insert_acl_cmp);
    246. 

  246. 	}
    247. 

  247. 

  248. 	return 0;
    249. 

  249. }
    250. 

  250. 

  251. 

  252. int dynsec_roles__config_load(cJSON *tree)
    253. 

  253. {
    254. 

  254. 	cJSON *j_roles, *j_role, *jtmp, *j_acls;
    255. 

  255. 	struct dynsec__role *role;
    256. 

  256. 

  257. 	j_roles = cJSON_GetObjectItem(tree, "roles");
    258. 

  258. 	if(j_roles == NULL){
    259. 

  259. 		return 0;
    260. 

  260. 	}
    261. 

  261. 

  262. 	if(cJSON_IsArray(j_roles) == false){
    263. 

  263. 		return 1;
    264. 

  264. 	}
    265. 

  265. 

  266. 	cJSON_ArrayForEach(j_role, j_roles){
    267. 

  267. 		if(cJSON_IsObject(j_role) == true){
    268. 

  268. 			role = mosquitto_calloc(1, sizeof(struct dynsec__role));
    269. 

  269. 			if(role == NULL){
    270. 

  270. 				return MOSQ_ERR_NOMEM;
    271. 

  271. 			}
    272. 

  272. 

  273. 			/* Role name */
    274. 

  274. 			jtmp = cJSON_GetObjectItem(j_role, "rolename");
    275. 

  275. 			if(jtmp == NULL){
    276. 

  276. 				mosquitto_free(role);
    277. 

  277. 				continue;
    278. 

  278. 			}
    279. 

  279. 			role->rolename = mosquitto_strdup(jtmp->valuestring);
    280. 

  280. 			if(role->rolename == NULL){
    281. 

  281. 				mosquitto_free(role);
    282. 

  282. 				continue;
    283. 

  283. 			}
    284. 

  284. 

  285. 			/* Text name */
    286. 

  286. 			jtmp = cJSON_GetObjectItem(j_role, "textname");
    287. 

  287. 			if(jtmp != NULL){
    288. 

  288. 				role->text_name = mosquitto_strdup(jtmp->valuestring);
    289. 

  289. 				if(role->text_name == NULL){
    290. 

  290. 					mosquitto_free(role->rolename);
    291. 

  291. 					mosquitto_free(role);
    292. 

  292. 					continue;
    293. 

  293. 				}
    294. 

  294. 			}
    295. 

  295. 

  296. 			/* Text description */
    297. 

  297. 			jtmp = cJSON_GetObjectItem(j_role, "textdescription");
    298. 

  298. 			if(jtmp != NULL){
    299. 

  299. 				role->text_description = mosquitto_strdup(jtmp->valuestring);
    300. 

  300. 				if(role->text_description == NULL){
    301. 

  301. 					mosquitto_free(role->text_name);
    302. 

  302. 					mosquitto_free(role->rolename);
    303. 

  303. 					mosquitto_free(role);
    304. 

  304. 					continue;
    305. 

  305. 				}
    306. 

  306. 			}
    307. 

  307. 

  308. 			/* ACLs */
    309. 

  309. 			j_acls = cJSON_GetObjectItem(j_role, "acls");
    310. 

  310. 			if(j_acls && cJSON_IsArray(j_acls)){
    311. 

  311. 				if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &role->acls.publish_c_send) != 0
    312. 

  312. 						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &role->acls.publish_c_recv) != 0
    313. 

  313. 						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &role->acls.subscribe_literal) != 0
    314. 

  314. 						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &role->acls.subscribe_pattern) != 0
    315. 

  315. 						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &role->acls.unsubscribe_literal) != 0
    316. 

  316. 						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &role->acls.unsubscribe_pattern) != 0
    317. 

  317. 						){
    318. 

  318. 

  319. 					mosquitto_free(role->rolename);
    320. 

  320. 					mosquitto_free(role);
    321. 

  321. 					continue;
    322. 

  322. 				}
    323. 

  323. 			}
    324. 

  324. 

  325. 			HASH_ADD_KEYPTR(hh, local_roles, role->rolename, strlen(role->rolename), role);
    326. 

  326. 		}
    327. 

  327. 	}
    328. 

  328. 	HASH_SORT(local_roles, role_cmp);
    329. 

  329. 

  330. 	return 0;
    331. 

  331. }
    332. 

  332. 

  333. 

  334. int dynsec_roles__process_create(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    335. 

  335. {
    336. 

  336. 	char *rolename;
    337. 

  337. 	char *text_name, *text_description;
    338. 

  338. 	struct dynsec__role *role;
    339. 

  339. 	int rc = MOSQ_ERR_SUCCESS;
    340. 

  340. 	cJSON *j_acls;
    341. 

  341. 	const char *admin_clientid, *admin_username;
    342. 

  342. 

  343. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    344. 

  344. 		dynsec__command_reply(j_responses, context, "createRole", "Invalid/missing rolename", correlation_data);
    345. 

  345. 		return MOSQ_ERR_INVAL;
    346. 

  346. 	}
    347. 

  347. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    348. 

  348. 		dynsec__command_reply(j_responses, context, "createRole", "Role name not valid UTF-8", correlation_data);
    349. 

  349. 		return MOSQ_ERR_INVAL;
    350. 

  350. 	}
    351. 

  351. 

  352. 	if(json_get_string(command, "textname", &text_name, true) != MOSQ_ERR_SUCCESS){
    353. 

  353. 		dynsec__command_reply(j_responses, context, "createRole", "Invalid/missing textname", correlation_data);
    354. 

  354. 		return MOSQ_ERR_INVAL;
    355. 

  355. 	}
    356. 

  356. 

  357. 	if(json_get_string(command, "textdescription", &text_description, true) != MOSQ_ERR_SUCCESS){
    358. 

  358. 		dynsec__command_reply(j_responses, context, "createRole", "Invalid/missing textdescription", correlation_data);
    359. 

  359. 		return MOSQ_ERR_INVAL;
    360. 

  360. 	}
    361. 

  361. 

  362. 	role = dynsec_roles__find(rolename);
    363. 

  363. 	if(role){
    364. 

  364. 		dynsec__command_reply(j_responses, context, "createRole", "Role already exists", correlation_data);
    365. 

  365. 		return MOSQ_ERR_SUCCESS;
    366. 

  366. 	}
    367. 

  367. 

  368. 	role = mosquitto_calloc(1, sizeof(struct dynsec__role));
    369. 

  369. 	if(role == NULL){
    370. 

  370. 		dynsec__command_reply(j_responses, context, "createRole", "Internal error", correlation_data);
    371. 

  371. 		return MOSQ_ERR_NOMEM;
    372. 

  372. 	}
    373. 

  373. 	role->rolename = mosquitto_strdup(rolename);
    374. 

  374. 	if(role->rolename == NULL){
    375. 

  375. 		dynsec__command_reply(j_responses, context, "createRole", "Internal error", correlation_data);
    376. 

  376. 		rc = MOSQ_ERR_NOMEM;
    377. 

  377. 		goto error;
    378. 

  378. 	}
    379. 

  379. 	if(text_name){
    380. 

  380. 		role->text_name = mosquitto_strdup(text_name);
    381. 

  381. 		if(role->text_name == NULL){
    382. 

  382. 			dynsec__command_reply(j_responses, context, "createRole", "Internal error", correlation_data);
    383. 

  383. 			rc = MOSQ_ERR_NOMEM;
    384. 

  384. 			goto error;
    385. 

  385. 		}
    386. 

  386. 	}
    387. 

  387. 	if(text_description){
    388. 

  388. 		role->text_description = mosquitto_strdup(text_description);
    389. 

  389. 		if(role->text_description == NULL){
    390. 

  390. 			dynsec__command_reply(j_responses, context, "createRole", "Internal error", correlation_data);
    391. 

  391. 			rc = MOSQ_ERR_NOMEM;
    392. 

  392. 			goto error;
    393. 

  393. 		}
    394. 

  394. 	}
    395. 

  395. 

  396. 	/* ACLs */
    397. 

  397. 	j_acls = cJSON_GetObjectItem(command, "acls");
    398. 

  398. 	if(j_acls && cJSON_IsArray(j_acls)){
    399. 

  399. 		if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &role->acls.publish_c_send) != 0
    400. 

  400. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &role->acls.publish_c_recv) != 0
    401. 

  401. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &role->acls.subscribe_literal) != 0
    402. 

  402. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &role->acls.subscribe_pattern) != 0
    403. 

  403. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &role->acls.unsubscribe_literal) != 0
    404. 

  404. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &role->acls.unsubscribe_pattern) != 0
    405. 

  405. 				){
    406. 

  406. 

  407. 			dynsec__command_reply(j_responses, context, "createRole", "Internal error", correlation_data);
    408. 

  408. 			rc = MOSQ_ERR_NOMEM;
    409. 

  409. 			goto error;
    410. 

  410. 		}
    411. 

  411. 	}
    412. 

  412. 

  413. 

  414. 	HASH_ADD_KEYPTR_INORDER(hh, local_roles, role->rolename, strlen(role->rolename), role, role_cmp);
    415. 

  415. 

  416. 	dynsec__config_save();
    417. 

  417. 

  418. 	dynsec__command_reply(j_responses, context, "createRole", NULL, correlation_data);
    419. 

  419. 

  420. 	admin_clientid = mosquitto_client_id(context);
    421. 

  421. 	admin_username = mosquitto_client_username(context);
    422. 

  422. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | createRole | rolename=%s",
    423. 

  423. 			admin_clientid, admin_username, rolename);
    424. 

  424. 

  425. 	return MOSQ_ERR_SUCCESS;
    426. 

  426. error:
    427. 

  427. 	if(role){
    428. 

  428. 		role__free_item(role, false);
    429. 

  429. 	}
    430. 

  430. 	return rc;
    431. 

  431. }
    432. 

  432. 

  433. 

  434. static void role__remove_all_clients(struct dynsec__role *role)
    435. 

  435. {
    436. 

  436. 	struct dynsec__clientlist *clientlist, *clientlist_tmp = NULL;
    437. 

  437. 

  438. 	HASH_ITER(hh, role->clientlist, clientlist, clientlist_tmp){
    439. 

  439. 		mosquitto_kick_client_by_username(clientlist->client->username, false);
    440. 

  440. 

  441. 		dynsec_rolelist__client_remove(clientlist->client, role);
    442. 

  442. 	}
    443. 

  443. }
    444. 

  444. 

  445. static void role__remove_all_groups(struct dynsec__role *role)
    446. 

  446. {
    447. 

  447. 	struct dynsec__grouplist *grouplist, *grouplist_tmp = NULL;
    448. 

  448. 

  449. 	HASH_ITER(hh, role->grouplist, grouplist, grouplist_tmp){
    450. 

  450. 		if(grouplist->group == dynsec_anonymous_group){
    451. 

  451. 			mosquitto_kick_client_by_username(NULL, false);
    452. 

  452. 		}
    453. 

  453. 		dynsec_clientlist__kick_all(grouplist->group->clientlist);
    454. 

  454. 

  455. 		dynsec_rolelist__group_remove(grouplist->group, role);
    456. 

  456. 	}
    457. 

  457. }
    458. 

  458. 

  459. int dynsec_roles__process_delete(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    460. 

  460. {
    461. 

  461. 	char *rolename;
    462. 

  462. 	struct dynsec__role *role;
    463. 

  463. 	const char *admin_clientid, *admin_username;
    464. 

  464. 

  465. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    466. 

  466. 		dynsec__command_reply(j_responses, context, "deleteRole", "Invalid/missing rolename", correlation_data);
    467. 

  467. 		return MOSQ_ERR_INVAL;
    468. 

  468. 	}
    469. 

  469. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    470. 

  470. 		dynsec__command_reply(j_responses, context, "deleteRole", "Role name not valid UTF-8", correlation_data);
    471. 

  471. 		return MOSQ_ERR_INVAL;
    472. 

  472. 	}
    473. 

  473. 

  474. 	role = dynsec_roles__find(rolename);
    475. 

  475. 	if(role){
    476. 

  476. 		role__remove_all_clients(role);
    477. 

  477. 		role__remove_all_groups(role);
    478. 

  478. 		role__free_item(role, true);
    479. 

  479. 		dynsec__config_save();
    480. 

  480. 		dynsec__command_reply(j_responses, context, "deleteRole", NULL, correlation_data);
    481. 

  481. 

  482. 		admin_clientid = mosquitto_client_id(context);
    483. 

  483. 		admin_username = mosquitto_client_username(context);
    484. 

  484. 		mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | deleteRole | rolename=%s",
    485. 

  485. 				admin_clientid, admin_username, rolename);
    486. 

  486. 

  487. 		return MOSQ_ERR_SUCCESS;
    488. 

  488. 	}else{
    489. 

  489. 		dynsec__command_reply(j_responses, context, "deleteRole", "Role not found", correlation_data);
    490. 

  490. 		return MOSQ_ERR_SUCCESS;
    491. 

  491. 	}
    492. 

  492. }
    493. 

  493. 

  494. 

  495. static cJSON *add_role_to_json(struct dynsec__role *role, bool verbose)
    496. 

  496. {
    497. 

  497. 	cJSON *j_role = NULL;
    498. 

  498. 

  499. 	if(verbose){
    500. 

  500. 		j_role = cJSON_CreateObject();
    501. 

  501. 		if(j_role == NULL){
    502. 

  502. 			return NULL;
    503. 

  503. 		}
    504. 

  504. 

  505. 		if(cJSON_AddStringToObject(j_role, "rolename", role->rolename) == NULL
    506. 

  506. 				|| (role->text_name && cJSON_AddStringToObject(j_role, "textname", role->text_name) == NULL)
    507. 

  507. 				|| (role->text_description && cJSON_AddStringToObject(j_role, "textdescription", role->text_description) == NULL)
    508. 

  508. 				){
    509. 

  509. 

  510. 			cJSON_Delete(j_role);
    511. 

  511. 			return NULL;
    512. 

  512. 		}
    513. 

  513. 		if(add_acls_to_json(j_role, role)){
    514. 

  514. 			cJSON_Delete(j_role);
    515. 

  515. 			return NULL;
    516. 

  516. 		}
    517. 

  517. 	}else{
    518. 

  518. 		j_role = cJSON_CreateString(role->rolename);
    519. 

  519. 		if(j_role == NULL){
    520. 

  520. 			return NULL;
    521. 

  521. 		}
    522. 

  522. 	}
    523. 

  523. 	return j_role;
    524. 

  524. }
    525. 

  525. 

  526. int dynsec_roles__process_list(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    527. 

  527. {
    528. 

  528. 	bool verbose;
    529. 

  529. 	struct dynsec__role *role, *role_tmp = NULL;
    530. 

  530. 	cJSON *tree, *j_roles, *j_role, *j_data;
    531. 

  531. 	int i, count, offset;
    532. 

  532. 	const char *admin_clientid, *admin_username;
    533. 

  533. 

  534. 	json_get_bool(command, "verbose", &verbose, true, false);
    535. 

  535. 	json_get_int(command, "count", &count, true, -1);
    536. 

  536. 	json_get_int(command, "offset", &offset, true, 0);
    537. 

  537. 

  538. 	tree = cJSON_CreateObject();
    539. 

  539. 	if(tree == NULL){
    540. 

  540. 		dynsec__command_reply(j_responses, context, "listRoles", "Internal error", correlation_data);
    541. 

  541. 		return MOSQ_ERR_NOMEM;
    542. 

  542. 	}
    543. 

  543. 

  544. 	if(cJSON_AddStringToObject(tree, "command", "listRoles") == NULL
    545. 

  545. 			|| (j_data = cJSON_AddObjectToObject(tree, "data")) == NULL
    546. 

  546. 			|| cJSON_AddIntToObject(j_data, "totalCount", (int)HASH_CNT(hh, local_roles)) == NULL
    547. 

  547. 			|| (j_roles = cJSON_AddArrayToObject(j_data, "roles")) == NULL
    548. 

  548. 			|| (correlation_data && cJSON_AddStringToObject(tree, "correlationData", correlation_data) == NULL)
    549. 

  549. 			){
    550. 

  550. 

  551. 		cJSON_Delete(tree);
    552. 

  552. 		dynsec__command_reply(j_responses, context, "listRoles", "Internal error", correlation_data);
    553. 

  553. 		return MOSQ_ERR_NOMEM;
    554. 

  554. 	}
    555. 

  555. 

  556. 	i = 0;
    557. 

  557. 	HASH_ITER(hh, local_roles, role, role_tmp){
    558. 

  558. 		if(i>=offset){
    559. 

  559. 			j_role = add_role_to_json(role, verbose);
    560. 

  560. 			if(j_role == NULL){
    561. 

  561. 				cJSON_Delete(tree);
    562. 

  562. 				dynsec__command_reply(j_responses, context, "listRoles", "Internal error", correlation_data);
    563. 

  563. 				return MOSQ_ERR_NOMEM;
    564. 

  564. 			}
    565. 

  565. 			cJSON_AddItemToArray(j_roles, j_role);
    566. 

  566. 

  567. 			if(count >= 0){
    568. 

  568. 				count--;
    569. 

  569. 				if(count <= 0){
    570. 

  570. 					break;
    571. 

  571. 				}
    572. 

  572. 			}
    573. 

  573. 		}
    574. 

  574. 		i++;
    575. 

  575. 	}
    576. 

  576. 

  577. 	cJSON_AddItemToArray(j_responses, tree);
    578. 

  578. 

  579. 	admin_clientid = mosquitto_client_id(context);
    580. 

  580. 	admin_username = mosquitto_client_username(context);
    581. 

  581. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | listRoles | verbose=%s | count=%d | offset=%d",
    582. 

  582. 			admin_clientid, admin_username, verbose?"true":"false", count, offset);
    583. 

  583. 

  584. 	return MOSQ_ERR_SUCCESS;
    585. 

  585. }
    586. 

  586. 

  587. 

  588. int dynsec_roles__process_add_acl(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    589. 

  589. {
    590. 

  590. 	char *rolename;
    591. 

  591. 	char *topic;
    592. 

  592. 	struct dynsec__role *role;
    593. 

  593. 	cJSON *jtmp, *j_acltype;
    594. 

  594. 	struct dynsec__acl **acllist, *acl;
    595. 

  595. 	int rc;
    596. 

  596. 	const char *admin_clientid, *admin_username;
    597. 

  597. 

  598. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    599. 

  599. 		dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid/missing rolename", correlation_data);
    600. 

  600. 		return MOSQ_ERR_INVAL;
    601. 

  601. 	}
    602. 

  602. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    603. 

  603. 		dynsec__command_reply(j_responses, context, "addRoleACL", "Role name not valid UTF-8", correlation_data);
    604. 

  604. 		return MOSQ_ERR_INVAL;
    605. 

  605. 	}
    606. 

  606. 

  607. 	role = dynsec_roles__find(rolename);
    608. 

  608. 	if(role == NULL){
    609. 

  609. 		dynsec__command_reply(j_responses, context, "addRoleACL", "Role not found", correlation_data);
    610. 

  610. 		return MOSQ_ERR_SUCCESS;
    611. 

  611. 	}
    612. 

  612. 

  613. 	j_acltype = cJSON_GetObjectItem(command, "acltype");
    614. 

  614. 	if(j_acltype == NULL || !cJSON_IsString(j_acltype)){
    615. 

  615. 		dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid/missing acltype", correlation_data);
    616. 

  616. 		return MOSQ_ERR_SUCCESS;
    617. 

  617. 	}
    618. 

  618. 	if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_SEND)){
    619. 

  619. 		acllist = &role->acls.publish_c_send;
    620. 

  620. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_RECV)){
    621. 

  621. 		acllist = &role->acls.publish_c_recv;
    622. 

  622. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_SUB_LITERAL)){
    623. 

  623. 		acllist = &role->acls.subscribe_literal;
    624. 

  624. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_SUB_PATTERN)){
    625. 

  625. 		acllist = &role->acls.subscribe_pattern;
    626. 

  626. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_UNSUB_LITERAL)){
    627. 

  627. 		acllist = &role->acls.unsubscribe_literal;
    628. 

  628. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_UNSUB_PATTERN)){
    629. 

  629. 		acllist = &role->acls.unsubscribe_pattern;
    630. 

  630. 	}else{
    631. 

  631. 		dynsec__command_reply(j_responses, context, "addRoleACL", "Unknown acltype", correlation_data);
    632. 

  632. 		return MOSQ_ERR_SUCCESS;
    633. 

  633. 	}
    634. 

  634. 

  635. 	jtmp = cJSON_GetObjectItem(command, "topic");
    636. 

  636. 	if(jtmp && cJSON_IsString(jtmp)){
    637. 

  637. 		if(mosquitto_validate_utf8(jtmp->valuestring, (int)strlen(jtmp->valuestring)) != MOSQ_ERR_SUCCESS){
    638. 

  638. 			dynsec__command_reply(j_responses, context, "addRoleACL", "Topic not valid UTF-8", correlation_data);
    639. 

  639. 			return MOSQ_ERR_INVAL;
    640. 

  640. 		}
    641. 

  641. 		rc = mosquitto_sub_topic_check(jtmp->valuestring);
    642. 

  642. 		if(rc != MOSQ_ERR_SUCCESS){
    643. 

  643. 			dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid ACL topic", correlation_data);
    644. 

  644. 			return MOSQ_ERR_INVAL;
    645. 

  645. 		}
    646. 

  646. 		topic = mosquitto_strdup(jtmp->valuestring);
    647. 

  647. 		if(topic == NULL){
    648. 

  648. 			dynsec__command_reply(j_responses, context, "addRoleACL", "Internal error", correlation_data);
    649. 

  649. 			return MOSQ_ERR_SUCCESS;
    650. 

  650. 		}
    651. 

  651. 	}else{
    652. 

  652. 		dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid/missing topic", correlation_data);
    653. 

  653. 		return MOSQ_ERR_SUCCESS;
    654. 

  654. 	}
    655. 

  655. 

  656. 	HASH_FIND(hh, *acllist, topic, strlen(topic), acl);
    657. 

  657. 	if(acl){
    658. 

  658. 		mosquitto_free(topic);
    659. 

  659. 		dynsec__command_reply(j_responses, context, "addRoleACL", "ACL with this topic already exists", correlation_data);
    660. 

  660. 		return MOSQ_ERR_SUCCESS;
    661. 

  661. 	}
    662. 

  662. 

  663. 	acl = mosquitto_calloc(1, sizeof(struct dynsec__acl));
    664. 

  664. 	if(acl == NULL){
    665. 

  665. 		mosquitto_free(topic);
    666. 

  666. 		dynsec__command_reply(j_responses, context, "addRoleACL", "Internal error", correlation_data);
    667. 

  667. 		return MOSQ_ERR_SUCCESS;
    668. 

  668. 	}
    669. 

  669. 	acl->topic = topic;
    670. 

  670. 

  671. 	json_get_int(command, "priority", &acl->priority, true, 0);
    672. 

  672. 	json_get_bool(command, "allow", &acl->allow, true, false);
    673. 

  673. 

  674. 	HASH_ADD_KEYPTR_INORDER(hh, *acllist, acl->topic, strlen(acl->topic), acl, insert_acl_cmp);
    675. 

  675. 	dynsec__config_save();
    676. 

  676. 	dynsec__command_reply(j_responses, context, "addRoleACL", NULL, correlation_data);
    677. 

  677. 

  678. 	role__kick_all(role);
    679. 

  679. 

  680. 	admin_clientid = mosquitto_client_id(context);
    681. 

  681. 	admin_username = mosquitto_client_username(context);
    682. 

  682. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | addRoleACL | rolename=%s | acltype=%s | topic=%s | priority=%d | allow=%s",
    683. 

  683. 			admin_clientid, admin_username, rolename, j_acltype->valuestring, topic, acl->priority, acl->allow?"true":"false");
    684. 

  684. 

  685. 	return MOSQ_ERR_SUCCESS;
    686. 

  686. }
    687. 

  687. 

  688. 

  689. int dynsec_roles__process_remove_acl(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    690. 

  690. {
    691. 

  691. 	char *rolename;
    692. 

  692. 	struct dynsec__role *role;
    693. 

  693. 	struct dynsec__acl **acllist, *acl;
    694. 

  694. 	char *topic;
    695. 

  695. 	cJSON *j_acltype;
    696. 

  696. 	int rc;
    697. 

  697. 	const char *admin_clientid, *admin_username;
    698. 

  698. 

  699. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    700. 

  700. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid/missing rolename", correlation_data);
    701. 

  701. 		return MOSQ_ERR_INVAL;
    702. 

  702. 	}
    703. 

  703. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    704. 

  704. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Role name not valid UTF-8", correlation_data);
    705. 

  705. 		return MOSQ_ERR_INVAL;
    706. 

  706. 	}
    707. 

  707. 

  708. 	role = dynsec_roles__find(rolename);
    709. 

  709. 	if(role == NULL){
    710. 

  710. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Role not found", correlation_data);
    711. 

  711. 		return MOSQ_ERR_SUCCESS;
    712. 

  712. 	}
    713. 

  713. 

  714. 	j_acltype = cJSON_GetObjectItem(command, "acltype");
    715. 

  715. 	if(j_acltype == NULL || !cJSON_IsString(j_acltype)){
    716. 

  716. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid/missing acltype", correlation_data);
    717. 

  717. 		return MOSQ_ERR_SUCCESS;
    718. 

  718. 	}
    719. 

  719. 	if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_SEND)){
    720. 

  720. 		acllist = &role->acls.publish_c_send;
    721. 

  721. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_RECV)){
    722. 

  722. 		acllist = &role->acls.publish_c_recv;
    723. 

  723. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_SUB_LITERAL)){
    724. 

  724. 		acllist = &role->acls.subscribe_literal;
    725. 

  725. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_SUB_PATTERN)){
    726. 

  726. 		acllist = &role->acls.subscribe_pattern;
    727. 

  727. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_UNSUB_LITERAL)){
    728. 

  728. 		acllist = &role->acls.unsubscribe_literal;
    729. 

  729. 	}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_UNSUB_PATTERN)){
    730. 

  730. 		acllist = &role->acls.unsubscribe_pattern;
    731. 

  731. 	}else{
    732. 

  732. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Unknown acltype", correlation_data);
    733. 

  733. 		return MOSQ_ERR_SUCCESS;
    734. 

  734. 	}
    735. 

  735. 

  736. 	if(json_get_string(command, "topic", &topic, false)){
    737. 

  737. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid/missing topic", correlation_data);
    738. 

  738. 		return MOSQ_ERR_SUCCESS;
    739. 

  739. 	}
    740. 

  740. 	if(mosquitto_validate_utf8(topic, (int)strlen(topic)) != MOSQ_ERR_SUCCESS){
    741. 

  741. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Topic not valid UTF-8", correlation_data);
    742. 

  742. 		return MOSQ_ERR_INVAL;
    743. 

  743. 	}
    744. 

  744. 	rc = mosquitto_sub_topic_check(topic);
    745. 

  745. 	if(rc != MOSQ_ERR_SUCCESS){
    746. 

  746. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid ACL topic", correlation_data);
    747. 

  747. 		return MOSQ_ERR_INVAL;
    748. 

  748. 	}
    749. 

  749. 

  750. 	HASH_FIND(hh, *acllist, topic, strlen(topic), acl);
    751. 

  751. 	if(acl){
    752. 

  752. 		role__free_acl(acllist, acl);
    753. 

  753. 		dynsec__config_save();
    754. 

  754. 		dynsec__command_reply(j_responses, context, "removeRoleACL", NULL, correlation_data);
    755. 

  755. 

  756. 		role__kick_all(role);
    757. 

  757. 

  758. 		admin_clientid = mosquitto_client_id(context);
    759. 

  759. 		admin_username = mosquitto_client_username(context);
    760. 

  760. 		mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | removeRoleACL | rolename=%s | acltype=%s | topic=%s",
    761. 

  761. 				admin_clientid, admin_username, rolename, j_acltype->valuestring, topic);
    762. 

  762. 

  763. 	}else{
    764. 

  764. 		dynsec__command_reply(j_responses, context, "removeRoleACL", "ACL not found", correlation_data);
    765. 

  765. 	}
    766. 

  766. 

  767. 	return MOSQ_ERR_SUCCESS;
    768. 

  768. }
    769. 

  769. 

  770. 

  771. int dynsec_roles__process_get(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    772. 

  772. {
    773. 

  773. 	char *rolename;
    774. 

  774. 	struct dynsec__role *role;
    775. 

  775. 	cJSON *tree, *j_role, *j_data;
    776. 

  776. 

  777. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    778. 

  778. 		dynsec__command_reply(j_responses, context, "getRole", "Invalid/missing rolename", correlation_data);
    779. 

  779. 		return MOSQ_ERR_INVAL;
    780. 

  780. 	}
    781. 

  781. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    782. 

  782. 		dynsec__command_reply(j_responses, context, "getRole", "Role name not valid UTF-8", correlation_data);
    783. 

  783. 		return MOSQ_ERR_INVAL;
    784. 

  784. 	}
    785. 

  785. 

  786. 	role = dynsec_roles__find(rolename);
    787. 

  787. 	if(role == NULL){
    788. 

  788. 		dynsec__command_reply(j_responses, context, "getRole", "Role not found", correlation_data);
    789. 

  789. 		return MOSQ_ERR_SUCCESS;
    790. 

  790. 	}
    791. 

  791. 

  792. 	tree = cJSON_CreateObject();
    793. 

  793. 	if(tree == NULL){
    794. 

  794. 		dynsec__command_reply(j_responses, context, "getRole", "Internal error", correlation_data);
    795. 

  795. 		return MOSQ_ERR_NOMEM;
    796. 

  796. 	}
    797. 

  797. 

  798. 	if(cJSON_AddStringToObject(tree, "command", "getRole") == NULL
    799. 

  799. 			|| (j_data = cJSON_AddObjectToObject(tree, "data")) == NULL
    800. 

  800. 			|| (correlation_data && cJSON_AddStringToObject(tree, "correlationData", correlation_data) == NULL)
    801. 

  801. 			){
    802. 

  802. 

  803. 		cJSON_Delete(tree);
    804. 

  804. 		dynsec__command_reply(j_responses, context, "getRole", "Internal error", correlation_data);
    805. 

  805. 		return MOSQ_ERR_NOMEM;
    806. 

  806. 	}
    807. 

  807. 

  808. 	j_role = add_role_to_json(role, true);
    809. 

  809. 	if(j_role == NULL){
    810. 

  810. 		cJSON_Delete(tree);
    811. 

  811. 		dynsec__command_reply(j_responses, context, "getRole", "Internal error", correlation_data);
    812. 

  812. 		return MOSQ_ERR_NOMEM;
    813. 

  813. 	}
    814. 

  814. 	cJSON_AddItemToObject(j_data, "role", j_role);
    815. 

  815. 	cJSON_AddItemToArray(j_responses, tree);
    816. 

  816. 

  817. 	return MOSQ_ERR_SUCCESS;
    818. 

  818. }
    819. 

  819. 

  820. 

  821. int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context, cJSON *command, char *correlation_data)
    822. 

  822. {
    823. 

  823. 	char *rolename;
    824. 

  824. 	char *text_name, *text_description;
    825. 

  825. 	struct dynsec__role *role;
    826. 

  826. 	char *str;
    827. 

  827. 	cJSON *j_acls;
    828. 

  828. 	struct dynsec__acl *tmp_publish_c_send = NULL, *tmp_publish_c_recv = NULL;
    829. 

  829. 	struct dynsec__acl *tmp_subscribe_literal = NULL, *tmp_subscribe_pattern = NULL;
    830. 

  830. 	struct dynsec__acl *tmp_unsubscribe_literal = NULL, *tmp_unsubscribe_pattern = NULL;
    831. 

  831. 	const char *admin_clientid, *admin_username;
    832. 

  832. 

  833. 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
    834. 

  834. 		dynsec__command_reply(j_responses, context, "modifyRole", "Invalid/missing rolename", correlation_data);
    835. 

  835. 		return MOSQ_ERR_INVAL;
    836. 

  836. 	}
    837. 

  837. 	if(mosquitto_validate_utf8(rolename, (int)strlen(rolename)) != MOSQ_ERR_SUCCESS){
    838. 

  838. 		dynsec__command_reply(j_responses, context, "modifyRole", "Role name not valid UTF-8", correlation_data);
    839. 

  839. 		return MOSQ_ERR_INVAL;
    840. 

  840. 	}
    841. 

  841. 

  842. 	role = dynsec_roles__find(rolename);
    843. 

  843. 	if(role == NULL){
    844. 

  844. 		dynsec__command_reply(j_responses, context, "modifyRole", "Role does not exist", correlation_data);
    845. 

  845. 		return MOSQ_ERR_INVAL;
    846. 

  846. 	}
    847. 

  847. 

  848. 	if(json_get_string(command, "textname", &text_name, false) == MOSQ_ERR_SUCCESS){
    849. 

  849. 		str = mosquitto_strdup(text_name);
    850. 

  850. 		if(str == NULL){
    851. 

  851. 			dynsec__command_reply(j_responses, context, "modifyRole", "Internal error", correlation_data);
    852. 

  852. 			return MOSQ_ERR_NOMEM;
    853. 

  853. 		}
    854. 

  854. 		mosquitto_free(role->text_name);
    855. 

  855. 		role->text_name = str;
    856. 

  856. 	}
    857. 

  857. 

  858. 	if(json_get_string(command, "textdescription", &text_description, false) == MOSQ_ERR_SUCCESS){
    859. 

  859. 		str = mosquitto_strdup(text_description);
    860. 

  860. 		if(str == NULL){
    861. 

  861. 			dynsec__command_reply(j_responses, context, "modifyRole", "Internal error", correlation_data);
    862. 

  862. 			return MOSQ_ERR_NOMEM;
    863. 

  863. 		}
    864. 

  864. 		mosquitto_free(role->text_description);
    865. 

  865. 		role->text_description = str;
    866. 

  866. 	}
    867. 

  867. 

  868. 	j_acls = cJSON_GetObjectItem(command, "acls");
    869. 

  869. 	if(j_acls && cJSON_IsArray(j_acls)){
    870. 

  870. 		if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &tmp_publish_c_send) != 0
    871. 

  871. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &tmp_publish_c_recv) != 0
    872. 

  872. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &tmp_subscribe_literal) != 0
    873. 

  873. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &tmp_subscribe_pattern) != 0
    874. 

  874. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &tmp_unsubscribe_literal) != 0
    875. 

  875. 				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &tmp_unsubscribe_pattern) != 0
    876. 

  876. 				){
    877. 

  877. 

  878. 			/* Free any that were successful */
    879. 

  879. 			role__free_all_acls(&tmp_publish_c_send);
    880. 

  880. 			role__free_all_acls(&tmp_publish_c_recv);
    881. 

  881. 			role__free_all_acls(&tmp_subscribe_literal);
    882. 

  882. 			role__free_all_acls(&tmp_subscribe_pattern);
    883. 

  883. 			role__free_all_acls(&tmp_unsubscribe_literal);
    884. 

  884. 			role__free_all_acls(&tmp_unsubscribe_pattern);
    885. 

  885. 

  886. 			dynsec__command_reply(j_responses, context, "modifyRole", "Internal error", correlation_data);
    887. 

  887. 			return MOSQ_ERR_NOMEM;
    888. 

  888. 		}
    889. 

  889. 

  890. 		role__free_all_acls(&role->acls.publish_c_send);
    891. 

  891. 		role__free_all_acls(&role->acls.publish_c_recv);
    892. 

  892. 		role__free_all_acls(&role->acls.subscribe_literal);
    893. 

  893. 		role__free_all_acls(&role->acls.subscribe_pattern);
    894. 

  894. 		role__free_all_acls(&role->acls.unsubscribe_literal);
    895. 

  895. 		role__free_all_acls(&role->acls.unsubscribe_pattern);
    896. 

  896. 

  897. 		role->acls.publish_c_send = tmp_publish_c_send;
    898. 

  898. 		role->acls.publish_c_recv = tmp_publish_c_recv;
    899. 

  899. 		role->acls.subscribe_literal = tmp_subscribe_literal;
    900. 

  900. 		role->acls.subscribe_pattern = tmp_subscribe_pattern;
    901. 

  901. 		role->acls.unsubscribe_literal = tmp_unsubscribe_literal;
    902. 

  902. 		role->acls.unsubscribe_pattern = tmp_unsubscribe_pattern;
    903. 

  903. 	}
    904. 

  904. 

  905. 	dynsec__config_save();
    906. 

  906. 

  907. 	dynsec__command_reply(j_responses, context, "modifyRole", NULL, correlation_data);
    908. 

  908. 

  909. 	admin_clientid = mosquitto_client_id(context);
    910. 

  910. 	admin_username = mosquitto_client_username(context);
    911. 

  911. 	mosquitto_log_printf(MOSQ_LOG_INFO, "dynsec: %s/%s | modifyRole | rolename=%s",
    912. 

  912. 			admin_clientid, admin_username, rolename);
    913. 

  913. 

  914. 	return MOSQ_ERR_SUCCESS;
    915. 

  915. }
    916.