Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CONNACK Message not sent for Unauthorized Connect Request for Websocket #18

Closed
ralight opened this issue Mar 15, 2016 · 3 comments
Closed

CONNACK Message not sent for Unauthorized Connect Request for Websocket #18

ralight opened this issue Mar 15, 2016 · 3 comments
Labels
Component: mosquitto-broker Type: Bug
Milestone
fixes-next

Comments

@ralight
Copy link
Contributor

ralight commented Mar 15, 2016

migrated from Bugzilla #484761
status UNCONFIRMED severity critical in component Mosquitto for 1.4
Reported in version 1.4 on platform PC
Assigned to: Roger Light

On 2015-12-21 08:43:30 -0500, koray sariteke wrote:

For Authentication, we implemented mosquitto_plugin.h functions.

When we Start mqtt broker in Websocket protocol, CONNACK with result code 5 IS NOT sent back to client. TCP client is disconnected by Mosquitto Server without information.

Up to MQTT RFC
http:https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718035

If a well formed CONNECT Packet is received by the Server, but the Server is unable to process it for some reason, then the Server SHOULD attempt to send a CONNACK packet containing the appropriate non-zero Connect return code from this table. If a server sends a CONNACK packet containing a non-zero return code it MUST then close the Network Connection [MQTT-3.2.2-5].

On 2015-12-21 09:02:10 -0500, koray sariteke wrote:

vi read_handle_server.c +364

ifdef REAL_WITH_TLS_PSK

            }

endif /* REAL_WITH_TLS_PSK */

    }else{

endif /* WITH_TLS */

            if(username_flag){
                    rc = mosquitto_unpwd_check(db, username, password);
                    switch(rc){
                            case MOSQ_ERR_SUCCESS:
                                    break;
                            case MOSQ_ERR_AUTH:
                                    _mosquitto_send_connack(context, 0, CONNACK_REFUSED_NOT_AUTHORIZED);
                                    mqtt3_context_disconnect(db, context);
                                    rc = 0;
                                    goto handle_connect_error;
                                    break;

if mqtt3_context_disconnect(db, context); line removed and rc set to 0, CONNACK sent to client with reason code 5 but TCP connection stays open which is not true state.
@ralight ralight mentioned this issue Apr 23, 2016
Closed
@gmatt76 gmatt76 mentioned this issue Mar 17, 2017
Closed
@sclausen sclausen mentioned this issue Mar 22, 2017
Closed
@ramarro123
Copy link

@ralight i know that this bug it's starting to age as a good wine, but i am pinging you to know if it will be closed as a non issue or if it's still in work.

i am affected from this bug unfortunately, reported on ngx-mqtt as an issue and linked here.

PierreF added a commit to PierreF/mosquitto that referenced this issue Dec 27, 2017
@PierreF
Fix CONNACK not send over WebSocket for bad auth
070eb7c 
When client over WebSockets fail to authenticate, the CONNACK packet was
not sent because the connection was closed too early. Closes eclipse#18.

Signed-off-by: Pierre Fersing <[email protected]>
PierreF added a commit to PierreF/mosquitto that referenced this issue Dec 27, 2017
@PierreF
Fix CONNACK not send over WebSocket for bad auth
2e9856f 
When client over WebSockets fail to authenticate, the CONNACK packet was
not sent because the connection was closed too early. Closes eclipse#18.

Signed-off-by: Pierre Fersing <[email protected]>
@PierreF PierreF mentioned this issue Dec 27, 2017
Merged
@PierreF
Copy link
Contributor

PierreF commented Dec 27, 2017

This is still an issue on fixes and develop. To show the issue, the following Python client show the issue:

cat > /tmp/mosquitto.conf << EOF
listener 1884
protocol websockets
password_file /tmp/password
EOF

touch /tmp/password
mosquitto_passwd -b /tmp/password user pass
mosquitto -c /tmp/mosquitto.conf

import paho.mqtt.client as mqtt

def on_connect(client, userdata, flags, rc):
    print("Yes, got the connack with rc=%s" % rc)
    client.disconnect()

client = mqtt.Client(transport='websockets')
client.on_connect = on_connect
client.username_pw_set('user', 'bad')
client.connect("localhost", 1884)
client.loop_forever()

This will hang because connack is never received. With fix from PR #660 it will terminate and show "Yes, got the connack with rc=5"

ralight pushed a commit that referenced this issue Jan 12, 2018
@PierreF @ralight
Fix CONNACK not send over WebSocket for bad auth
59380ce 
When client over WebSockets fail to authenticate, the CONNACK packet was
not sent because the connection was closed too early. Closes #18.

Signed-off-by: Pierre Fersing <[email protected]>
@ralight ralight added this to the fixes-next milestone Jan 12, 2018
@ralight
Copy link
Contributor Author

ralight commented Jan 12, 2018

This is now fixed in the fixes branch.

@ralight ralight closed this as completed Jan 12, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Aug 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Component: mosquitto-broker Type: Bug
Projects
None yet
Milestone
fixes-next
Development

No branches or pull requests
3 participants
@ralight @PierreF @ramarro123