You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 12, 2019. It is now read-only.
I'm having some problems with acl checking. Could you help me?
I've two users manolodd and backenduser.
manolodd has read acces (1) to: mobile/1/0/auth/api/responses/users/%u/#
backend user has rw acces (2) to: mobile/1/0/auth/api/responses/users/#
manolo subscribes to mobile/1/0/auth/api/responses/users/manolodd/#
backenduser publishes to: mobile/1/0/auth/api/reponses/users/manolodd/login
But backenduser is not authorized to publish, although it has rw=2 for mobile/1/0/auth/api/responses/users/# which includes mobile/1/0/auth/api/reponses/users/manolodd/login
This is the log:
1426446906: |-- mosquitto_auth_unpwd_check(backenduser)
1426446906: |-- ** checking backend mysql
1426446906: |-- getuser(backenduser) AUTHENTICATED=1 by mysql
1426446906: |-- mosquitto_auth_acl_check(..., mosqpub/16279-manolodd-, backenduser, mobile/1/0/auth/api/reponses/users/manolodd/login, MOSQ_ACL_WRITE)
1426446906: |-- user backenduser was authenticated in back-end 0 (mysql)
1426446906: |-- mysql: topic_matches(mobile/1/0/auth/api/responses/users/#, mobile/1/0/auth/api/responses/users/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/auth/platform/broadcast/#, mobile/1/0/auth/platform/broadcast/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/anon/api/responses/clients/#, mobile/1/0/anon/api/responses/clients/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/anon/platform/status/#, mobile/1/0/anon/platform/status/#) == 0
1426446906: |-- aclcheck(backenduser, mobile/1/0/auth/api/reponses/users/manolodd/login, 2) AUTHORIZED=0 by mysql
And mosquitto logs:
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: New connection from 192.168.1.100 on port 8883.
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: New client connected from 192.168.1.100 as mosqpub/16362-manolodd- (c1, k60, u'backenduser').
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending CONNACK to mosqpub/16362-manolodd- (0, 0)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Denied PUBLISH from mosqpub/16362-manolodd- (d0, q2, r0, m1, 'mobile/1/0/auth/api/reponses/users/manolodd/login', ... (4 bytes))
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending PUBREC to mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Received PUBREL from mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending PUBCOMP to mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Received DISCONNECT from mosqpub/16362-manolodd-
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Client mosqpub/16362-manolodd- disconnected.
It is a bug?
Thanks
The text was updated successfully, but these errors were encountered:
HI JPMens,
I'm having some problems with acl checking. Could you help me?
I've two users manolodd and backenduser.
manolodd has read acces (1) to: mobile/1/0/auth/api/responses/users/%u/#
backend user has rw acces (2) to: mobile/1/0/auth/api/responses/users/#
manolo subscribes to mobile/1/0/auth/api/responses/users/manolodd/#
backenduser publishes to: mobile/1/0/auth/api/reponses/users/manolodd/login
But backenduser is not authorized to publish, although it has rw=2 for mobile/1/0/auth/api/responses/users/# which includes mobile/1/0/auth/api/reponses/users/manolodd/login
This is the log:
1426446906: |-- mosquitto_auth_unpwd_check(backenduser)
1426446906: |-- ** checking backend mysql
1426446906: |-- getuser(backenduser) AUTHENTICATED=1 by mysql
1426446906: |-- mosquitto_auth_acl_check(..., mosqpub/16279-manolodd-, backenduser, mobile/1/0/auth/api/reponses/users/manolodd/login, MOSQ_ACL_WRITE)
1426446906: |-- user backenduser was authenticated in back-end 0 (mysql)
1426446906: |-- mysql: topic_matches(mobile/1/0/auth/api/responses/users/#, mobile/1/0/auth/api/responses/users/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/auth/platform/broadcast/#, mobile/1/0/auth/platform/broadcast/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/anon/api/responses/clients/#, mobile/1/0/anon/api/responses/clients/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/anon/platform/status/#, mobile/1/0/anon/platform/status/#) == 0
1426446906: |-- aclcheck(backenduser, mobile/1/0/auth/api/reponses/users/manolodd/login, 2) AUTHORIZED=0 by mysql
And mosquitto logs:
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: New connection from 192.168.1.100 on port 8883.
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: New client connected from 192.168.1.100 as mosqpub/16362-manolodd- (c1, k60, u'backenduser').
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending CONNACK to mosqpub/16362-manolodd- (0, 0)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Denied PUBLISH from mosqpub/16362-manolodd- (d0, q2, r0, m1, 'mobile/1/0/auth/api/reponses/users/manolodd/login', ... (4 bytes))
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending PUBREC to mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Received PUBREL from mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending PUBCOMP to mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Received DISCONNECT from mosqpub/16362-manolodd-
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Client mosqpub/16362-manolodd- disconnected.
It is a bug?
Thanks
The text was updated successfully, but these errors were encountered: