jbertram commented on a change in pull request #3907:
URL: https://github.com/apache/activemq-artemis/pull/3907#discussion_r792921224
##########
File path:
artemis-protocols/artemis-mqtt-protocol/src/main/java/org/apache/activemq/artemis/core/protocol/mqtt/MQTTProtocolHandler.java
##########
@@ -159,89 +176,180 @@ public void act(MqttMessage message) {
break;
case UNSUBACK:
case SUBACK:
+ case PINGREQ: // These are actually handled by the Netty thread
directly so this packet should never make it here
case PINGRESP:
case CONNACK: // The server does not instantiate connections
therefore any CONNACK received over a connection is an invalid control message.
default:
disconnect(true);
}
} catch (Exception e) {
- log.warn("Error processing Control Packet, Disconnecting Client", e);
+ MQTTLogger.LOGGER.errorProcessingControlPacket(message.toString(), e);
+ if (session.is5()) {
+ sendDisconnect(MQTTReasonCodes.IMPLEMENTATION_SPECIFIC_ERROR);
+ }
disconnect(true);
} finally {
ReferenceCountUtil.release(message);
}
}
- /**
- * Called during connection.
+ /*
+ * Scaffolding for "enhanced authentication" implementation.
+ *
+ * See:
+ *
https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901217
+ *
https://docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html#_Toc3901256
+ *
+ * Tests for this are in:
+ *
org.apache.activemq.artemis.tests.integration.mqtt5.spec.controlpackets.AuthTests
+ *
org.apache.activemq.artemis.tests.integration.mqtt5.spec.EnhancedAuthenticationTests
*
- * @param connect
+ * This should integrate somehow with our existing SASL implementation for
challenge/response conversations.
*/
+ void handleAuth(MqttMessage auth) throws Exception {
+ byte[] authenticationData = MQTTUtil.getProperty(byte[].class,
((MqttReasonCodeAndPropertiesVariableHeader)auth.variableHeader()).properties(),
AUTHENTICATION_DATA);
+ String authenticationMethod = MQTTUtil.getProperty(String.class,
((MqttReasonCodeAndPropertiesVariableHeader)auth.variableHeader()).properties(),
AUTHENTICATION_METHOD);
+
+ MqttReasonCodeAndPropertiesVariableHeader header =
(MqttReasonCodeAndPropertiesVariableHeader) auth.variableHeader();
+ if (header.reasonCode() == MQTTReasonCodes.RE_AUTHENTICATE) {
+
+ } else if (header.reasonCode() ==
MQTTReasonCodes.CONTINUE_AUTHENTICATION) {
+
+ } else if (header.reasonCode() == MQTTReasonCodes.SUCCESS) {
+
+ }
+ }
+
void handleConnect(MqttConnectMessage connect) throws Exception {
- final String username = connect.payload().userName();
- final String password = connect.payload().passwordInBytes() == null ?
null : new String( connect.payload().passwordInBytes(), CharsetUtil.UTF_8);
- final String validatedUser = server.validateUser(username, password,
session.getConnection(), session.getProtocolManager().getSecurityDomain());
- if (connection.getTransportConnection().getRedirectTo() == null ||
- !protocolManager.getRedirectHandler().redirect(connection, session,
connect)) {
- connectionEntry.ttl = connect.variableHeader().keepAliveTimeSeconds()
* 1500L;
-
- String clientId = connect.payload().clientIdentifier();
- session.getConnectionManager().connect(clientId, username, password,
connect.variableHeader().isWillFlag(), connect.payload().willMessageInBytes(),
connect.payload().willTopic(), connect.variableHeader().isWillRetain(),
connect.variableHeader().willQos(), connect.variableHeader().isCleanSession(),
validatedUser);
+ if (connection.getTransportConnection().getRedirectTo() == null ||
!protocolManager.getRedirectHandler().redirect(connection, session, connect)) {
+ /* [MQTT-3.1.2-2] Reject unsupported clients. */
+ int packetVersion = connect.variableHeader().version();
+ if (packetVersion != MqttVersion.MQTT_3_1.protocolLevel() &&
+ packetVersion != MqttVersion.MQTT_3_1_1.protocolLevel() &&
+ packetVersion != MqttVersion.MQTT_5.protocolLevel()) {
+
+ {
+ /*
+ * The return code is different here for 3.1.1 vs 5, but since
the broker supports *both* it's not clear
+ * which one should be chosen. Perhaps an acceptor property
could be set to decide. Leaving the existing
Review comment:
I think that's fair. I'll push that change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
