Closed deffuseyou closed 4 months ago
There's no issue in the plugin, if you're using a DB as backend you're in charge of writing correct auth logic via your queries, so you need to rewrite this:
auth_opt_pg_aclquery SELECT topic FROM "acl" WHERE (username = $1) AND (rw >= $2)
Look at some old, closed issues, there are some examples in there.
I read the old issue and replaced it with a strict equality rw = $2
. but still the same behavior. as I understood, the database should return all the topics with user
and rw
. I checked the query SELECT topic FROM "acl" WHERE (username = 'user') AND (rw = 3);
I got testtopic/#
and tt2/#
, which are in the database. in the server logs:
mosquitto_1 | time="2024-04-01T18:04:02Z" level=debug msg="Superuser check with backend Postgres"
mosquitto_1 | time="2024-04-01T18:04:02Z" level=debug msg="Acl check with backend Postgres"
mosquitto_1 | time="2024-04-01T18:04:02Z" level=debug msg="Acl is false for user user"
mosquitto_1 | 1711994642: Denied PUBLISH from MQTTool-915234461 (d0, q0, r0, m0, 'testtopic/2', ... (8 bytes))
But 3 is not a valid ACL value, Mosquitto won't ever pass a 3 to be checked. Values are 0, 1, 2 and 4, see https://github.com/iegomez/mosquitto-go-auth?tab=readme-ov-file#acl-access-values.
I think I got it, thank you.
Hello,
I've been working with
mosquitto-go-auth
and have encountered an issue with therw
permission setting that does not behave as expected based on the documentation. Specifically, the permission levels seem to act differently than described when attempting to publish and subscribe to topics. Here's a summary of the behavior I observed:rw
set to1
, I cannot perform any actions (neither publish nor subscribe).rw
set to2
or3
, publishing is possible, but subscribing is not.rw
is set to4
, both publishing and subscribing are allowed.Could you please look into this issue? Any clarification on the expected behavior of the
rw
permission settings or guidance on how to properly configure them would be greatly appreciated.mosqiutto.conf
:compose.yaml
:db
: