Implement the option to serialize auth checks

Wiebe Cazemier
1 parent be205082
Showing 7 changed files with 86 additions and 1 deletions
CMakeLists.txt
authplugin.cpp
authplugin.h
configfileparser.cpp
settings.h
unscopedlock.cpp
unscopedlock.h
@@ -32,6 +32,7 @@ add_executable(FlashMQ
     mosquittoauthoptcompatwrap.cpp
     settings.cpp
     listener.cpp
+    unscopedlock.cpp
     )
  
 target_link_libraries(FlashMQ pthread dl ssl crypto)
@@ -6,6 +6,10 @@
 #include <dlfcn.h>
  
 #include "exceptions.h"
+#include "unscopedlock.h"
+
+std::mutex AuthPlugin::initMutex;
+std::mutex AuthPlugin::authChecksMutex;
  
 void mosquitto_log_printf(int level, const char *fmt, ...)
 {
@@ -89,6 +93,10 @@ void AuthPlugin::init()
     if (!wanted)
         return;
  
+    UnscopedLock lock(initMutex);
+    if (settings.authPluginSerializeInit)
+        lock.lock();
+
     AuthOptCompatWrap &authOpts = settings.getAuthOptsCompat();
     int result = init_v2(&pluginData, authOpts.head(), authOpts.size());
     if (result != 0)
@@ -113,6 +121,10 @@ void AuthPlugin::securityInit(bool reloading)
     if (!wanted)
         return;
  
+    UnscopedLock lock(initMutex);
+    if (settings.authPluginSerializeInit)
+        lock.lock();
+
     AuthOptCompatWrap &authOpts = settings.getAuthOptsCompat();
     int result = security_init_v2(pluginData, authOpts.head(), authOpts.size(), reloading);
     if (result != 0)
@@ -148,6 +160,10 @@ AuthResult AuthPlugin::aclCheck(const std::string &amp;clientid, const std::string &amp;
         return AuthResult::error;
     }
  
+    UnscopedLock lock(authChecksMutex);
+    if (settings.authPluginSerializeAuthChecks)
+        lock.lock();
+
     int result = acl_check_v2(pluginData, clientid.c_str(), username.c_str(), topic.c_str(), static_cast<int>(access));
     AuthResult result_ = static_cast<AuthResult>(result);
  
@@ -170,6 +186,10 @@ AuthResult AuthPlugin::unPwdCheck(const std::string &amp;username, const std::string
         return AuthResult::error;
     }
  
+    UnscopedLock lock(authChecksMutex);
+    if (settings.authPluginSerializeAuthChecks)
+        lock.lock();
+
     int result = unpwd_check_v2(pluginData, username.c_str(), password.c_str());
     AuthResult r = static_cast<AuthResult>(result);
  
@@ -54,6 +54,9 @@ class AuthPlugin
     F_auth_plugin_unpwd_check_v2 unpwd_check_v2 = nullptr;
     F_auth_plugin_psk_key_get_v2 psk_key_get_v2 = nullptr;
  
+    static std::mutex initMutex;
+    static std::mutex authChecksMutex;
+
     Settings &settings; // A ref because I want it to always be the same as the thread's settings
  
     void *pluginData = nullptr;
@@ -20,7 +20,7 @@ void ConfigFileParser::testKeyValidity(const std::string &amp;key, const std::set&lt;st
     if (valid_key_it == validKeys.end())
     {
         std::ostringstream oss;
-        oss << "Config key '" << key << "' is not valid here.";
+        oss << "Config key '" << key << "' is not valid (here).";
         throw ConfigFileException(oss.str());
     }
 }
@@ -42,6 +42,8 @@ ConfigFileParser::ConfigFileParser(const std::string &amp;path) :
     validKeys.insert("log_file");
     validKeys.insert("allow_unsafe_clientid_chars");
     validKeys.insert("allow_unsafe_username_chars");
+    validKeys.insert("auth_plugin_serialize_init");
+    validKeys.insert("auth_plugin_serialize_auth_checks");
     validKeys.insert("client_initial_buffer_size");
     validKeys.insert("max_packet_size");
  
@@ -228,6 +230,18 @@ void ConfigFileParser::loadFile(bool test)
                     tmpSettings->allowUnsafeUsernameChars = tmp;
                 }
  
+                if (key == "auth_plugin_serialize_init")
+                {
+                    bool tmp = stringTruthiness(value);
+                    tmpSettings->authPluginSerializeInit = tmp;
+                }
+
+                if (key == "auth_plugin_serialize_auth_checks")
+                {
+                    bool tmp = stringTruthiness(value);
+                    tmpSettings->authPluginSerializeAuthChecks = tmp;
+                }
+
                 if (key == "client_initial_buffer_size")
                 {
                     int newVal = std::stoi(value);
@@ -19,6 +19,8 @@ public:
     std::string logPath;
     bool allowUnsafeClientidChars = false;
     bool allowUnsafeUsernameChars = false;
+    bool authPluginSerializeInit = false;
+    bool authPluginSerializeAuthChecks = false;
     int clientInitialBufferSize = 1024; // Must be power of 2
     int maxPacketSize = 268435461; // 256 MB + 5
     std::list<std::shared_ptr<Listener>> listeners; // Default one is created later, when none are defined.
+#include "unscopedlock.h"
+
+UnscopedLock::~UnscopedLock()
+{
+    if (locked)
+    {
+        managedMutex.unlock();
+    }
+}
+
+UnscopedLock::UnscopedLock(std::mutex &mutex) :
+    managedMutex(mutex)
+{
+
+}
+
+void UnscopedLock::lock()
+{
+    managedMutex.lock();
+    locked = true;
+}
+#ifndef UNSCOPEDLOCK_H
+#define UNSCOPEDLOCK_H
+
+#include <mutex>
+
+/**
+ * @brief The UnscopedLock class is a simple variety of the std::lock_guard or std::scoped_lock that allows optional locking using RAII.
+ *
+ * STL doesn't provide a similar feature, or am I missing something? You could do it with smart pointers, but I want to avoid having to
+ * use the free store.
+ */
+class UnscopedLock
+{
+    std::mutex &managedMutex;
+    bool locked = false;
+
+public:
+    ~UnscopedLock();
+
+    UnscopedLock(std::mutex &mutex);
+    void lock();
+};
+
+#endif // UNSCOPEDLOCK_H