Dynsec: Don't allow duplicate c/g/r when loading config

ChangeLog.txt

@@ -28,6 +28,8 @@ Broker:
 - Fix any possible case where a json string might be incorrectly loaded. This
   could have caused a crash if a textname or textdescription field of a role was
   not a string, when loading the dynsec config from file only.
+- Dynsec plugin will not allow duplicate clients/groups/roles when loading
+  config from file, which matches the behaviour for when creating them.
 
 Client library:
 - Use CLOCK_BOOTTIME when available, to keep track of time. This solves the

plugins/dynamic-security/clients.c

@@ -124,18 +124,24 @@ int dynsec_clients__config_load(cJSON *tree)
 
 	cJSON_ArrayForEach(j_client, j_clients){
 		if(cJSON_IsObject(j_client) == true){
-			client = mosquitto_calloc(1, sizeof(struct dynsec__client));
-			if(client == NULL){
-				return MOSQ_ERR_NOMEM;
-			}
-
 			/* Username */
 			char *username;
 			json_get_string(j_client, "username", &username, false);
 			if(!username){
-				mosquitto_free(client);
 				continue;
 			}
+
+			client = dynsec_clients__find(username);
+			if(client){
+				continue;
+			}
+
+			client = mosquitto_calloc(1, sizeof(struct dynsec__client));
+			if(client == NULL){
+				return MOSQ_ERR_NOMEM;
+			}
+
+
 			client->username = mosquitto_strdup(username);
 			if(client->username == NULL){
 				mosquitto_free(client);

plugins/dynamic-security/groups.c

@@ -214,16 +214,20 @@ int dynsec_groups__config_load(cJSON *tree)
 
 	cJSON_ArrayForEach(j_group, j_groups){
 		if(cJSON_IsObject(j_group) == true){
+			/* Group name */
+			if(json_get_string(j_group, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
+				continue;
+			}
+			group = dynsec_groups__find(groupname);
+			if(group){
+				continue;
+			}
+
 			group = mosquitto_calloc(1, sizeof(struct dynsec__group));
 			if(group == NULL){
 				return MOSQ_ERR_NOMEM;
 			}
 
-			/* Group name */
-			if(json_get_string(j_group, "groupname", &groupname, false) != MOSQ_ERR_SUCCESS){
-				mosquitto_free(group);
-				continue;
-			}
 			group->groupname = strdup(groupname);
 			if(group->groupname == NULL){
 				mosquitto_free(group);

plugins/dynamic-security/roles.c

@@ -220,10 +220,19 @@ static int dynsec_roles__acl_load(cJSON *j_acls, const char *key, struct dynsec_
 
 	cJSON_ArrayForEach(j_acl, j_acls){
 		char *acltype;
+		char *topic;
+
 		json_get_string(j_acl, "acltype", &acltype, false);
-		if(!acltype || strcasecmp(acltype, key) != 0){
+		json_get_string(j_acl, "topic", &topic, false);
+
+		if(!acltype || strcasecmp(acltype, key) != 0 || !topic){
 			continue;
 		}
+		HASH_FIND(hh, *acllist, topic, strlen(topic), acl);
+		if(acl){
+			continue;
+		}
+
 		acl = mosquitto_calloc(1, sizeof(struct dynsec__acl));
 		if(acl == NULL){
 			return 1;
@@ -237,11 +246,7 @@ static int dynsec_roles__acl_load(cJSON *j_acls, const char *key, struct dynsec_
 			acl->allow = allow;
 		}
 
-		char *topic;
-		if(json_get_string(j_acl, "topic", &topic, false) == MOSQ_ERR_SUCCESS){
-			acl->topic = mosquitto_strdup(topic);
-		}
-
+		acl->topic = mosquitto_strdup(topic);
 		if(acl->topic == NULL){
 			mosquitto_free(acl);
 			continue;
@@ -270,17 +275,21 @@ int dynsec_roles__config_load(cJSON *tree)
 
 	cJSON_ArrayForEach(j_role, j_roles){
 		if(cJSON_IsObject(j_role) == true){
-			role = mosquitto_calloc(1, sizeof(struct dynsec__role));
-			if(role == NULL){
-				return MOSQ_ERR_NOMEM;
-			}
-
 			/* Role name */
 			char *rolename;
 			if(json_get_string(j_role, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
-				mosquitto_free(role);
 				continue;
 			}
+			role = dynsec_roles__find(rolename);
+			if(role){
+				continue;
+			}
+
+			role = mosquitto_calloc(1, sizeof(struct dynsec__role));
+			if(role == NULL){
+				return MOSQ_ERR_NOMEM;
+			}
+
 			role->rolename = mosquitto_strdup(rolename);
 			if(role->rolename == NULL){
 				mosquitto_free(role);