Re: [mosquitto-dev] Mosquitto remote_password for bridge with space char

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character

From: Mikkel Kirkgaard Nielsen <miki@xxxxxxxxx>
Date: Fri, 29 Apr 2016 02:32:20 +0200
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0

On 2016-04-28 22:25, Sebastian Koch wrote:
>> I will create a bug in bugzilla and hope there is a fix soon.
> here is the bug (hope you don’t mind i mentioned you and linked this 
> discussion): https://bugs.eclipse.org/bugs/show_bug.cgi?id=492694

No problem, but Roger managed to migrate it to github and commit a fix
before I even saw it; https://github.com/eclipse/mosquitto/issues/150

Although the change solves Sebastian's issue with a space character the
digging around made me aware that the current mosquitto can't facilitate
connections which requires passwords with non-ascii characters.

There might be no broker in existence to require that (I wouldn't know,
I've used only mosquitto). But according to the MQTT standard section
3.1.3.5
(http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc385349246)
the password field is "binary data" not just a section 1.5.3 "UTF-8
encoded string"
(http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718016).

Mosquitto currently regard the password as a string in the internal
"struct mosquitto" of lib/mosquitto_internal.h;

	char *password;

and uses string manipulation functions to process it.

A prominent example is when connecting as a client the number of bytes
to transmit of the password in struct mosquitto is determined using
strlen()
(https://github.com/eclipse/mosquitto/blob/master/lib/send_client_mosq.c#L132).
Likewise when a broker hashes a client's password on authentication
during connect in the default auth plugin
(https://github.com/eclipse/mosquitto/blob/master/src/security_default.c#l783).
Both would truncate the effective length of a binary password in struct
mosquitto at the first occurrence of a byte with value 0.

I don't regard this as a major problem, but if standard adherence and
interoperability is an objective there ought to be a way to specify a
binary password both for bridge connections in configuration file and
when using the client tools.
If not, or until implemented, at least this quirk/deficiency should be
documented somewhere.

-- 
Mikkel

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- [mosquitto-dev] Mosquitto remote_password for bridge with space character
  - From: Sebastian Koch
- Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character
  - From: Sebastian Koch
- Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character
  - From: Mikkel Kirkgaard Nielsen
- Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character
  - From: Sebastian Koch
- Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character
  - From: Sebastian Koch

Prev by Date: Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character
Next by Date: [mosquitto-dev] save mosquitto.db for running instance if persistance if false
Previous by thread: Re: [mosquitto-dev] Mosquitto remote_password for bridge with space character
Next by thread: [mosquitto-dev] save mosquitto.db for running instance if persistance if false
Index(es):
- Date
- Thread

Breadcrumbs