Skip to content
This repository has been archived by the owner on Mar 12, 2019. It is now read-only.

ACL check issue? #61

Closed
manolodd opened this issue Mar 15, 2015 · 1 comment
Closed

ACL check issue? #61

manolodd opened this issue Mar 15, 2015 · 1 comment

Comments

@manolodd
Copy link
Contributor

HI JPMens,

I'm having some problems with acl checking. Could you help me?

I've two users manolodd and backenduser.

manolodd has read acces (1) to: mobile/1/0/auth/api/responses/users/%u/#
backend user has rw acces (2) to: mobile/1/0/auth/api/responses/users/#

manolo subscribes to mobile/1/0/auth/api/responses/users/manolodd/#
backenduser publishes to: mobile/1/0/auth/api/reponses/users/manolodd/login

But backenduser is not authorized to publish, although it has rw=2 for mobile/1/0/auth/api/responses/users/# which includes mobile/1/0/auth/api/reponses/users/manolodd/login

This is the log:

1426446906: |-- mosquitto_auth_unpwd_check(backenduser)
1426446906: |-- ** checking backend mysql
1426446906: |-- getuser(backenduser) AUTHENTICATED=1 by mysql
1426446906: |-- mosquitto_auth_acl_check(..., mosqpub/16279-manolodd-, backenduser, mobile/1/0/auth/api/reponses/users/manolodd/login, MOSQ_ACL_WRITE)
1426446906: |-- user backenduser was authenticated in back-end 0 (mysql)
1426446906: |-- mysql: topic_matches(mobile/1/0/auth/api/responses/users/#, mobile/1/0/auth/api/responses/users/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/auth/platform/broadcast/#, mobile/1/0/auth/platform/broadcast/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/anon/api/responses/clients/#, mobile/1/0/anon/api/responses/clients/#) == 0
1426446906: |-- mysql: topic_matches(mobile/1/0/anon/platform/status/#, mobile/1/0/anon/platform/status/#) == 0
1426446906: |-- aclcheck(backenduser, mobile/1/0/auth/api/reponses/users/manolodd/login, 2) AUTHORIZED=0 by mysql

And mosquitto logs:

Mar 15 20:27:19 mosquitto-big mosquitto[5557]: New connection from 192.168.1.100 on port 8883.
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: New client connected from 192.168.1.100 as mosqpub/16362-manolodd- (c1, k60, u'backenduser').
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending CONNACK to mosqpub/16362-manolodd- (0, 0)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Denied PUBLISH from mosqpub/16362-manolodd- (d0, q2, r0, m1, 'mobile/1/0/auth/api/reponses/users/manolodd/login', ... (4 bytes))
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending PUBREC to mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Received PUBREL from mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Sending PUBCOMP to mosqpub/16362-manolodd- (Mid: 1)
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Received DISCONNECT from mosqpub/16362-manolodd-
Mar 15 20:27:19 mosquitto-big mosquitto[5557]: Client mosqpub/16362-manolodd- disconnected.

It is a bug?

Thanks
@manolodd
Copy link
Contributor Author

Arggggg,

I caught it!!!

'mobile/1/0/auth/api/reponses/users/manolodd/login'

"reponses" instead of "responses"

Ufff, four hours lost looking for the solution :-(

Thanks and sorry.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@manolodd