From caf43291f1d4507ea814fc609c4b6b572ffda99c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Jos=C3=A9=20Nicola?= <juan.nicola@greenbone.net>
Date: Thu, 25 Jan 2024 10:15:07 +0100
Subject: [PATCH] Add: support authenticated connection to MQTT broker (#958)

If ospd-openvas options `--mqtt-broker-user` and `--mqtt-broker-password are
given (or configured in the ospd.conf configuration file), the connection
will be authenticated.
For this to work, MQTT broker must be configured with valid user and pass.
This is disable per default

SC-917
---
 ospd/parser.py         | 19 +++++++++++++++++++
 ospd_openvas/daemon.py |  7 +++++++
 2 files changed, 26 insertions(+)

diff --git a/ospd/parser.py b/ospd/parser.py
index 450054af..3b3f9a36 100644
--- a/ospd/parser.py
+++ b/ospd/parser.py
@@ -207,6 +207,25 @@ def __init__(self, description: str) -> None:
                 'Default %(default)s'
             ),
         )
+        parser.add_argument(
+            '--mqtt-broker-username',
+            default=None,
+            type=str,
+            help=(
+                'Username to connect to MQTT broker for MQTT communication.'
+                'Default %(default)s'
+            ),
+        )
+        parser.add_argument(
+            '--mqtt-broker-password',
+            default=None,
+            type=str,
+            help=(
+                'PASSWORD to connect to MQTT broker for MQTT communication.'
+                'Default %(default)s'
+            ),
+        )
+
         parser.add_argument(
             '--feed-updater',
             default="openvas",
diff --git a/ospd_openvas/daemon.py b/ospd_openvas/daemon.py
index 9d48d46f..8d837499 100644
--- a/ospd_openvas/daemon.py
+++ b/ospd_openvas/daemon.py
@@ -493,6 +493,8 @@ def __init__(
 
         self._mqtt_broker_address = mqtt_broker_address
         self._mqtt_broker_port = mqtt_broker_port
+        self._mqtt_broker_username = kwargs.get('mqtt_broker_username')
+        self._mqtt_broker_password = kwargs.get('mqtt_broker_password')
 
     def init(self, server: BaseServer) -> None:
         notus_handler = NotusResultHandler(self.report_results)
@@ -501,6 +503,11 @@ def init(self, server: BaseServer) -> None:
             client = MQTTClient(
                 self._mqtt_broker_address, self._mqtt_broker_port, "ospd"
             )
+            if self._mqtt_broker_username and self._mqtt_broker_password:
+                client.username_pw_set(
+                    self._mqtt_broker_username, self._mqtt_broker_password
+                )
+
             daemon = MQTTDaemon(client)
             subscriber = MQTTSubscriber(client)