Access control is not working

[FernandoGarcia]

Hi!

Sorry for bother again.

I think that plugin is not working to me or I don't understand how it works.

I have this data in my database:

mosquitto.conf is:

auth_plugin /etc/mosquitto/auth-plug.so auth_opt_backends mysql auth_opt_redis_host localhost auth_opt_redis_port 12885 auth_opt_host localhost auth_opt_port 3306 auth_opt_dbname HAC auth_opt_user mqtt_user auth_opt_pass mypass auth_opt_userquery SELECT pw FROM users WHERE username = '%s' auth_opt_superquery SELECT COUNT(*) FROM users WHERE username = '%s' AND super = 1 auth_opt_anonusername AnonymouS

Here I have the user "jjolie" pub/sub to "loc/a" with right password (123456) but according to DB settings it should not be allowed. As shown on "read me" too.

I can too pub/sub with wrong password:

I can sub to a topic that doesn't exist in DB and an user not registered can pub/sub and "jjolie" can sub even with wrong password:

Any suggestion about what I have to check?

I'm using Ubuntu and Mosquitto 1.4.10.

Thanks in advance.

[FernandoGarcia]

Mosquitto is not starting automatically on boot as I told here and here.

I have to start manually.

The strange thing is with "mosquitto", "mosquitto -v" or "mosquitto -d" I can post as shown above but after type this command:

/usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

I can't pub/sub anything even with right password and username.

The result is:

root@MQTT-Server:~# /usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

1478722735: mosquitto version 1.4.10 (build date 2016-11-06 20:16:49+0000) starting 1478722735: Config loaded from /etc/mosquitto/mosquitto.conf. 1478722735: |-- ** auth-plug: startup 1478722735: |-- * Configured order: mysql

1478722735: |-- }}}} MYSQL 1478722735: Opening ipv4 listen socket on port 1883. 1478722735: Opening ipv6 listen socket on port 1883. 1478722738: New connection from 189.40.x.x on port 1883. 1478722738: |-- mosquitto_auth_unpwd_check(fernandogarcia) 1478722738: |-- \ checking backend mysql 1478722738: |-- getuser(fernandogarcia) AUTHENTICATED=0 by none 1478722738: Socket error on client , disconnecting. 1478722744: New connection from 189.40.x.x on port 1883. 1478722744: |-- mosquitto_auth_unpwd_check(fernandogarcia)

root@MQTT-Server:~# mosquitto_pub -d -u "fernandogarcia" -P 123456 -t "topic/response" -m "hello"

Client mosqpub/2135-MQTT-Serve sending CONNECT Client mosqpub/2135-MQTT-Serve received CONNACK Connection Refused: not authorised. Error: The connection was refused.

[FernandoGarcia]

Hi!

It's working now I have reinstalled everything using this commands:

Ubuntu 16.10

command list:

sudo apt-get install perl-doc uuid-dev bsdutils gcc g++ git make dialog libssl-dev libc-ares-dev libcurl4-openssl-dev libmysqlclient-dev libwrap0 libwrap0-dev libwebsockets-dev uthash-dev

Openssl installed by default at /usr/lib/ssl check version and location: openssl version
openssl version -d

sudo adduser --system --no-create-home mosquitto sudo apt-get update wget http://mosquitto.org/files/source/mosquitto-1.4.10.tar.gz tar xvzf mosquitto-1.4.10.tar.gz cd mosquitto-1.4.10 sudo nano config.mk

Change

with_SRV = no

sudo make sudo make install

sudo update-rc.d mosquitto remove sudo git clone https://github.com/Dan-in-CA/mosquitto_unit_file.git sudo cp mosquitto_unit_file/mosquitto.service /etc/systemd/system/mosquitto.service sudo systemctl enable mosquitto.service sudo reboot

check if mosquitto is running

sudo mosquitto -v

git clone https://github.com/redis/hiredis.git cd hiredis sudo make sudo make install cd

git clone https://github.com/jpmens/mosquitto-auth-plug.git cd mosquitto-auth-plug cp config.mk.in config.mk sudo nano config.mk

change MOSQUITTO_SRC = /root/mosquitto-1.4.10 change OPENSSLDIR = /usr/lib/ssl

make gcc -I/root/mosquitto-1.4.10/src/ -I/root/mosquitto-1.4.10/lib/ -fPIC -Wall -Werror -DBE_MYSQL mysql_config --cflags -I/src -DDEBUG=1 -I/usr/lib/ssl/include np.c base64.o -o np -L/usr/lib/ssl/lib -lcrypto -ldl make clean make sudo mv auth-plug.so /etc/mosquitto/ sudo mv /etc/mosquitto/mosquitto.conf.example /etc/mosquitto/mosquitto.conf sudo nano /etc/mosquitto/mosquitto.conf

Edit according to your requirements

I'm sorry by bother you. Best regards.

[FernandoGarcia]

I had errors with this script.

This one worked fine:

[Unit]
Description=Mosquitto MQTT Broker
Documentation=man:mosquitto(8)
Documentation=man:mosquitto.conf(5)
ConditionPathExists=/etc/mosquitto/mosquitto.conf
After=xdk-daemon.service

[Service]
ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
ExecReload=/bin/kill -HUP $MAINPID
User=mosquitto
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target