User can't connect if acl_file contains no username block #1162

quonb · 2019-02-14T12:58:46Z

If acl_file contains only pattern rules or there is no definition for user then acl__find_acls function returns MOSQ_ERR_INVAL.

mosquitto/src/security_default.c

Lines 645 to 647 in 6b43ba8

 if(context->username && context->acl_list == NULL){ 

 return MOSQ_ERR_INVAL; 

 }

This causes immediate disconnect despite correct username/password pair

mosquitto/src/handle_connect.c

Lines 614 to 615 in 6b43ba8

 rc = acl__find_acls(db, context); 

 if(rc) return rc;

This regression were caused by c40957a

The text was updated successfully, but these errors were encountered:

This only affects the case where a client connects using a username, and the anonymous ACL list is defined but specific user ACLs are not defined. Closes #1162. Thanks to quonb.

ralight · 2019-02-14T17:47:39Z

Thanks for finding this. For information, the description isn't quite right, it only happens if the anonymous ACL list is defined but there are no specific user ACLs. I've pushed a fix to the fixes branch.

ralight closed this as completed Feb 14, 2019

quonb mentioned this issue Feb 15, 2019

ACL issue: not able to connect with username that is not defined in aclfile #1164

Closed

lock bot locked as resolved and limited conversation to collaborators Aug 7, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

User can't connect if acl_file contains no username block #1162

User can't connect if acl_file contains no username block #1162

quonb commented Feb 14, 2019

ralight commented Feb 14, 2019

User can't connect if acl_file contains no username block #1162

User can't connect if acl_file contains no username block #1162

Comments

quonb commented Feb 14, 2019

ralight commented Feb 14, 2019