broker configuration read incorrectly (conf.d with per_listener acl settings)

[momoskitto]

version:
mosquitto 1.5.5 on debian

configuration:

mosquitto.conf file:
include_dir /tmp/conf.d

two files in conf.d:
/tmp/conf.d/default.conf:

per_listener_settings true
port 10001

/tmp/conf.d/listener.conf:

listener 10002

allow_anonymous false
acl_file /tmp/mosq-acl
password_file /tmp/mosq-user

acl file /tmp/mosq-acl:

pattern read test/#

password_file /tmp/mosq-user (password is "test"):

tester:$6$s275PjYK6AE3JCbg$XtQEepwbtyoOzwXmGTPRUesjSG2j8tn2zaWpPSMMFs636QnKIxZHdJ3gfLe7OSvsyYEv3D3O/UWovczlSW6vXQ==

steps to reproduce:
use above configuration, connect to port 10002 as user tester1234:

mosquitto_sub --port 10002 -t "#" -u "tester1234" -P "test"

observed behaviour:
the connection to the broker is successful, but the connection should be refused.

misc:

• renaming the configuration files in conf.d so that they might be read in a different order does not seem to change anything
• merging the 2 configuration files in conf.d into a single one (first default.conf followed by listener.conf) works correctly

[ralight]

Thanks for the report, this has been fixed in the fixes branch with two changes, the first to return an error if per_listener_settings is set to true after other security options (which was already happening in the main config file, but not in subsequent files), and the config files are sorted before loading.

[neithanmo]

Hi all..I just compiled and installed mosquitto 1.5.8, And got the same error message:

1554136495: Error: per_listener_settings must be set before any other security settings.
1554136495: Error found at /etc/mosquitto/mosquitto.conf:6.

my configuration file is as followed:

mosquitto.conf

pid_file /var/run/mosquitto.pid 
persistence true           
persistence_location /var/lib/mosquitto/ 
log_dest file /var/log/mosquitto/mosquitto.log
  
include_dir /etc/mosquitto/conf.d

and inside of conf.d directory there is the next configuration file:

per_listener_settings true
connection_messages true 

port 1883
allow_anonymous false
password_file /etc/mosquitto/users
 
listener 8883 0.0.0.0
allow_anonymous true

I got the same error message and any of the security rules works.. even if I joined both config files like this:

  6 per_listener_settings true
  7 
  8 pid_file /var/run/mosquitto.pid
  9 
 10 persistence true           
 11 persistence_location /var/lib/mosquitto/
 12 
 13 log_dest file /var/log/mosquitto/mosquitto.log
 14 
 15 # include_dir /etc/mosquitto/conf.d
 16 
 17 connection_messages true
 18 
 19 port 1883
 20 allow_anonymous false
 21 password_file /etc/mosquitto/users
 22 
 23 listener 8883 0.0.0.0
 24 allow_anonymous true

Some help about it??
Thanks you

[ralight]

Are they your entire config files? I can see in the final example it seems to start at line 6. If I use the config file you have there, it works fine.