[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] Interface of auth plug-in and complex security policies
|
Hi Ricardo,
> In the context of our research on security for IoT systems we implemented
> some changes in the Mosquitto auth plug-in interface with the broker, and we
> would like ask your opinion about this work.
Great, I'm always interested to hear what other people have been
doing. I've had some plans for auth plugin changes for a while.
> In a nutshell our changes are:
>
> 1 - Additional calls from the broker to the auth plugin when a message is
> delivered to a subscriber, and when a client disconnects, in addition to the
> calls for publish/subscribe.
At the moment the broker makes a check when a message is received from
a client or before a message is delivered to a client. It also makes a
check at subscribe time, but it is not possible to distinguish between
a subscribe ACL and an outgoing message ACL. This is something that
has been discussed on this list relatively recently - with the outcome
that a new MOSQ_ACL_SUBSCRIBE would be introduced.
I'm intrigued by adding calls for when the client disconnects - could
you explain what you hope to use that for?
> 2 - Additional parameters to the auth-plugin for information about the
> topic, payload, and client (e.g. IP address).
Yes, there are already bugs raised around this topic. There definitely
needs to be more information provided.
> 3 - Additional enforcement options to allow the auth-plugin to modify the
> topic, the message payload, and to delay messages in addition to allowing or
> denying only.
My initial thought here is that I'm not sure that an authentication
plugin is the correct place for this - it would be better implemented
in a more general plugin (the interface for which doesn't yet exist of
course). Have you already implemented delaying messages? I feel as
though that could be problematic to do.
> We believe these additional changes could be added to Mosquitto in a future
> release to improve the flexibility of the security management, to allow
> obfuscation of messages, and dynamic context-based policies that are
> enforced not only when clients subscribe but also later when messages are
> delivered to them.
Great, I definitely agree with some of your proposed changes - we'll
have to discuss the rest of them :)
> How is the procedure to suggest/contribute to these changes for the next
> releases of Mosquitto?
The next release of mosquitto, 1.4, is mostly just going through bug
squashing, but I would be pleased to look at it for 1.5. The procedure
for contributing is outlined in this document:
http://git.eclipse.org/c/mosquitto/org.eclipse.mosquitto.git/tree/CONTRIBUTING.md
You should note that for administrative reasons the code in the git
repository is not current, but this will be fixed on the release of
1.4.
Regards,
Roger