[DynamicSecurity] modifyGroup command does not validate against clients #2598
Labels
Component: mosquitto-broker
Status: Completed
Nothing further to be done with this issue, it can be closed by the requestor or committer.
Type: Bug
Milestone
Comments
|
Thank you, yes, the modify commands need some work to ensure that if there is an error the thing they are modifying remains unchanged. |
ralight
added
Type: Enhancement
|
Do you want me to take a look at it? If it's a small change and you already know how to fix it, it would be great as I wouldn't need to deep dive into the source code. Please let me know. |
|
Thank you for the offer. It wasn't a trivial change, otherwise I would have just done it then. I've made the change now, and for the modifyClient command. |
ralight
added
Type: Bug
Status: Completed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Consider following message on $CONTROL MQTT topic:
{ "commands": [ { "groupname": "groupName", "roles": [ { "rolename": "roleName" } ], "clients": [ { "username": "userName" } ], "command": "modifyGroup" } ] }If the role does not exist, it will result in error stating
Role not found, however, the same does not apply to the nonexistent client - the command goes through successfully and results in empty clients group in database file.I truly believe it is a mistake and should throw error in such case.
Using latest eclipse-mosquitto docker image running on Apple M1.
The text was updated successfully, but these errors were encountered: