mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
iopsys-feed/mosquitto-auth-plugin/Makefile
Sukru Senli 332a35102d mosquitto-auth-plugin: add per-user subnet-based access control with IPv4/IPv6 support 
- Implement whitelist/blacklist subnet filtering for MQTT users
- Add full IPv4 and IPv6 CIDR subnet matching support
- Check subnet restrictions during authentication (MOSQ_EVT_BASIC_AUTH)
- Reject login immediately if subnet check fails (return MOSQ_ERR_AUTH)
- Parse subnet ACL files via auth_opt_subnet_acl_file option
- Support multiple subnets per user (up to 32 allow + 32 deny rules)
- Support both IPv4 (e.g., 192.168.1.0/24) and IPv6 (e.g., 2001:db8::/32) CIDR notation
- Deny rules take precedence over allow rules for both IP versions
- Localhost (127.0.0.1 and ::1) always allowed
- Backward compatible: users without subnet rules are not affected
- Configuration format: 'subnet allow|deny <username> <cidr>'
- Integrates with existing shadow/PAM authentication and topic ACLs
2025-10-29 09:33:49 +00:00

54 lines
1.4 KiB
Makefile
Raw Blame History

#
# Copyright (c) 2022 Genexis B.V.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License 2.0 which is available at
# https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Erik Karlsson - initial implementation
#
include $(TOPDIR)/rules.mk
PKG_NAME:=mosquitto-auth-plugin
PKG_VERSION:=1.2.0
PKG_MAINTAINER:=Erik Karlsson <erik.karlsson@genexis.eu>
PKG_LICENSE:=EPL-2.0
PKG_BUILD_PARALLEL:=1
PKG_CONFIG_DEPENDS:=CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT
include $(INCLUDE_DIR)/package.mk
define Package/mosquitto-auth-plugin
SECTION:=net
CATEGORY:=Network
TITLE:=mosquitto - /etc/shadow authentication plugin
DEPENDS:=+mosquitto-ssl +MOSQUITTO_AUTH_PAM_SUPPORT:libpam
USERID:=mosquitto=200:mosquitto=200 mosquitto=200:shadow=11
endef
define Package/mosquitto-auth-plugin/description
Plugin for the mosquitto MQTT message broker that authenticates
users using /etc/shadow
endef
define Package/mosquitto-auth-plugin/config
source "$(SOURCE)/Config.in"
endef
ifeq ($(CONFIG_MOSQUITTO_AUTH_PAM_SUPPORT),y)
TARGET_CFLAGS+=-DENABLE_PAM_SUPPORT
endif
define Package/mosquitto-auth-plugin/install
$(INSTALL_DIR) $(1)/usr/lib
$(INSTALL_BIN) $(PKG_BUILD_DIR)/mosquitto_auth_plugin.so $(1)/usr/lib/
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,mosquitto-auth-plugin))
Reference in a new issue View git blame Copy permalink