Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

using pattern in acl-file without %c or %u gives unwanted permissions #209

Closed
bitfreak25 opened this issue Jul 8, 2016 · 3 comments
Closed

using pattern in acl-file without %c or %u gives unwanted permissions #209

bitfreak25 opened this issue Jul 8, 2016 · 3 comments
Labels
Component: mosquitto-broker
Milestone
1.5.1

Comments

@bitfreak25
Copy link

I've wrote a acl-file like this:

pattern read #

user Student
pattern readwrite #

user Global
pattern readwrite #

and created the 2 users "Student" and "Global". I expected, that a anonymous user could only read the topics, but he cloud write to it.

Changing the acl-file to something like this solved the problem:

topic read #

user Student
topic readwrite #

user Global
topic readwrite #

I've see that I've done a bad mistake, but it confused me, that there was no error or something. So, is it possible to give an error with a wrong acl-file or if better a implementation, that lets "pattern" work like "topic" if there is no %c or %u ?
@ralight
Copy link
Contributor

ralight commented Jul 9, 2016

I'm not sure what the best thing to do here would be. Your original ACL isn't wrong, just not very useful. Perhaps it would be best to produce an error if there isn't a %c or %u in the pattern.

ralight added a commit that referenced this issue Aug 8, 2018
@ralight
ACL patterns that do not contain either %c or %u are now rejected.
39170d1 
Closes #209.

Bug: #209

Signed-off-by: Roger A. Light <[email protected]>
@ralight
Copy link
Contributor

ralight commented Aug 8, 2018

This now rejects patterns that do not contain %c or %u.

@ralight ralight closed this as completed Aug 8, 2018
@ralight ralight added this to the 1.5.1 milestone Aug 8, 2018
@mikini
Copy link

mikini commented Sep 19, 2018

Commit ecb4006 changes the rejection to just emitting a warning. Also see a real world use case discussed in this mailing list thread.

ralight added a commit that referenced this issue Nov 8, 2018
@ralight
ACL patterns that do not contain either %c or %u are now rejected.
20fbed2 
Closes #209.

Bug: #209

Signed-off-by: Roger A. Light <[email protected]>
@lock lock bot locked as resolved and limited conversation to collaborators Aug 7, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Component: mosquitto-broker
Projects
None yet
Milestone
1.5.1
Development

No branches or pull requests
3 participants
@ralight @mikini @bitfreak25