Mosquitto 2.0.5 SIGHUP disconnects anonymous clients which can't reconnect

[simonaldrich]

Description

I recently upgraded to v2.0.5 on Ubuntu 18.04. I've noticed that when logrotate sends a SIGHUP to mosquitto to reload after compressing logfiles I see disconnects of anonymous clients (previously connected to localhost) which are then never allowed to reconnect. Maybe the reload is ignoring the allow_anonymous directive for the localhost listener?
I can manually reproduce this by SIGHUP'ing mosquitto.

Example:

Configuration

/etc/mosquitto/mosquitto.conf:

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d

/etc/mosquitto/conf.d/tls.conf

# Enable per-listener settings
per_listener_settings true

# Localhost non-TLS listener will allow anonymous access
listener 1883 localhost
allow_anonymous true

# VPN non-TLS listener will disallow anonymous access
listener 1883 192.168.255.1
allow_anonymous false
# Password file configuration is on a per-listener basis
password_file /etc/mosquitto/passwd

# Public-facing TLS listener disallows anonymous access
listener 8883
allow_anonymous false
certfile /etc/letsencrypt/live/<hostname>/cert.pem
cafile /etc/letsencrypt/live/<hostname>/chain.pem
keyfile /etc/letsencrypt/live/<hostname>/privkey.pem
# Password file configuration is on a per-listener basis
password_file /etc/mosquitto/passwd

Commands:

sudo systemctl start mosquitto.service
<wait for anonymous clients to connect>
sudo killall -HUP mosquitto

Logs

/var/log/mosquitto/mosquitto.log

After reloading the configuration note that:

1. The anonymous clients on 127.0.0.1 are disconnected
2. The (authenticated) bridge connection remains connected
3. Reconnection attempts by the anonymous clients on 127.0.0.1 are rejected

1610981476: mosquitto version 2.0.5 starting
1610981476: Config loaded from /etc/mosquitto/mosquitto.conf.
1610981476: Opening ipv4 listen socket on port 1883.
1610981476: Opening ipv4 listen socket on port 1883.
1610981476: Opening ipv4 listen socket on port 8883.
1610981476: Opening ipv6 listen socket on port 8883.
1610981476: mosquitto version 2.0.5 running
1610981476: New connection from 127.0.0.1:48392 on port 1883.
1610981476: New client connected from 127.0.0.1:48392 as mason (p2, c1, k20).
1610981477: New connection from 192.168.255.254:44502 on port 1883.
1610981477: New bridge connected from 192.168.255.254:44502 as dobby.s10-bridge (p2, c0, k60, u'dobby').
1610981489: New connection from 127.0.0.1:45289 on port 1883.
1610981489: New client connected from 127.0.0.1:45289 as alexa.query (p2, c1, k60).
1610981504: Reloading config.
1610981504: Loading config file /etc/mosquitto/conf.d/tls.conf
1610981504: Client mason disconnected.
1610981504: Client alexa.query disconnected.
1610981505: New connection from 127.0.0.1:36019 on port 1883.
1610981505: Client <unknown> disconnected, not authorised.
1610981506: New connection from 127.0.0.1:48400 on port 1883.

[ralight]

Thanks for the detailed write up and great edge case. I've pushed a commit to that fixes this to the fixes branch, it will be part of 2.0.6 in about a week.