ACL admin rights on unallowed topic

[muros-ct]

User with broker/connect profile, on topic (channel) $EDC.{0}...NOTIFY.{1}.>, should not be able to create new topic (have admin rights). User should only have publish rights but not admin or subscirbe.

Steps to reproduce: User with broker/connect profile publishes new message to topic: $EDC/acme/foo/bar/NOTIFY/client-1/baz This effecitvely creates new topic baz. acme is account name client-1 is client id

@riccardomodanese Is that correct behaviour?

[riccardomodanese]

Hi Uros, the subscribe has a different behavior between MQTT 3.1 and 3.1.1 specs. As 3.1 specs says if the device is not allowed to subscribe a topic the server shouldn't throw any error (http://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#subscribe). The 3.1.1 specs introduced an errror code (0x80) that should be used by the server if the client is not allowed to subscribe the topic. (3.9.3 at http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180876). So may this behavior is the root cause of the issue you are noticing?

[stefanomorson]

@muros-ct any news on this topic ?

[riccardomodanese]

After few investigation the bug seems to be confirmed. To better understand the cause a test case should be developed.