Mosquitto Auth Wildcard topic not working

Giulio_Loffreda · September 2, 2019, 10:24pm

Hi there

I have a mqtt server with auth plugin enabled.

Almost everything works fine, only topics wildcards can’t deliver messages. And I’m trying to make it working before implement it on Lora App Server.

I’m using MongoDB as backend with this collection:

{
    "_id" : ObjectId("5d696b3a23bb5613fea4c2c0"),
    "username" : "user1",
    "password" : "PBKDF2$sha256$901$jvmyoNAi2GYOELnS$8syPnDylOIpxInBlL14GOLbyAnFHI1bl",
    "superuser" : false,
    "topics" : {
        "article/#" : "rw"
    }
}

Subscribing:

mosquitto_sub -h mqtt.myserver.com -t "article/#" -u user1 -P 123

Publishing:

mosquitto_pub -h mqtt.myserver.com -t "article/1" -m "testing..." -u user1 -P 123

Or

mosquitto_pub -h mqtt.myserver.com -t "article" -m "testing..." -u user1 -P 123

this is the plugin log:

-- mosquitto_auth_unpwd_check(user1)
-- ** checking backend mongo
-- getuser(user1) AUTHENTICATED=1 by mongo
-- mosquitto_auth_acl_check(..., client id not available, user1, article/1, MOSQ_ACL_WRITE)
-- aclcheck(user1, article/1/comments, 2) trying to acl with mongo
-- aclcheck(user1, article/1/comments, 2) AUTHORIZED=1 by mongo
--  Cached  [C909F3664285F35139ED8836043853B5C5F70616] for (client id not available,user1,2)

In any case, when I subscribe to wildcard topics, I can’t get any messages.

However, without wildcards it works perfectly.

Tested before enabling the plugin, Mosquitto works perfectly, which leads me to debug only the plugin and its particularities.

****** EDIT 1 *******
The problem occurs only when Mosquitto is compiled with WITH_WEBSOCKETS=yes otherwise it works.

If WITH_WEBSOCKETS=yes and WebSockets not configured in conf file, wildcard doesn’t work at all, only MOSQ_ACL_WRITE appears on log.

If WITH_WEBSOCKETS=yes and WebSockets configured in conf file, it does work but with certain intermittence and a HUGE delay publishing and receiving the message.

What am I missing with the WebSockets configuration ?

Any help appreciated.

brocaar · September 3, 2019, 10:08am

You might want to report this here: GitHub - eclipse/mosquitto: Eclipse Mosquitto - An open source MQTT broker, as this sounds like a potential bug.

Giulio_Loffreda · September 3, 2019, 1:57pm

Hi @brocaar

Yes, I think so. I’m being knock down with this, it’s really weird and seems to be a bug.

In between, if I can use same thread, as option I saw the GoLang version implemented by @iegomez.
I’m not used with go environment, but installing last goversion 1.12.9 (instead of 1.12.7) I can’t compile the sources.

Can someone help me ?

Thanks

iegomez · September 3, 2019, 3:41pm

Hi. Please open an issue at the repo including the compiling errors and I’ll take a look at it as soon as I get the time.

Giulio_Loffreda · September 3, 2019, 4:37pm

Hi @iegomez

Basically the errors were about dependencies versions.
I managed to install Go 1.12.7 and compile it.

Now I’m dealing with MongoDB backend.

I’m getting this error:

time=“2019-09-03T16:29:36Z” level=debug msg=“checking auth cache for user1”
time=“2019-09-03T16:29:36Z” level=debug msg=“checking user user1 with backend Mongo”
time=“2019-09-03T16:30:06Z” level=debug msg=“Mongo get user error: server selection error: server selection timeout\ncurrent topology: Type: ReplicaSetNoPrimary\nServers:\nAddr: localhost:27017, Type: Unknown, State: Connected, Avergage RTT: 0, Last error: dial tcp 127.0.0.1:27017: connect: connection refused\n”

Even though my parameters are all corrects, I’ve placed a debug on source code mongo.go and got:

time=“2019-09-03T16:29:35Z” level=debug msg=“Host: ip-XXX-XX-XX-XXX.sa-east-1.compute.internal”
time=“2019-09-03T16:29:35Z” level=debug msg=“Port: 27017”
time=“2019-09-03T16:29:35Z” level=debug msg=“Username: mqtt”
time=“2019-09-03T16:29:35Z” level=debug msg=“Password: mqtt123*”
time=“2019-09-03T16:29:35Z” level=debug msg=“DBName: iotBackend”
time=“2019-09-03T16:29:35Z” level=debug msg=“UsersCollection: mqttusers”
time=“2019-09-03T16:29:35Z” level=debug msg="AclsCollection: "

Maybe a relevant information, my Mongo Server isn’t on localhost, but in another VPS on same network and firewall rules are tuned.

if I try connecting to the same database using same credentials in command line I’m getting no problems:

ubuntu@ip-XXX-XX-XX-XXX:~/mosquitto-go-auth$ mongo mongodb://mqtt:mqtt123*@ip-XXX-XX-XX-XXX.sa-east-1.compute.internal:27017/iotBackend
MongoDB shell version v3.6.3
connecting to: mongodb://ip-XXX-XX-XX-XXX.sa-east-1.compute.internal:27017/iotBackend
MongoDB server version: 4.0.11
WARNING: shell and server versions do not match
MongoDB Enterprise rs0:PRIMARY>

The collection mqttusers exists but not acl collection.

Any hint to solve it ?

Thanks

iegomez · September 3, 2019, 7:26pm

I’m not sure, but the specific error you get (Mongo get user error: server selection error: server selection timeout) tends to hint to this too. You could try building some simple Go program that uses the Mongo driver and see if you can get a connection. Anyway, please file an issue at the repo so we don’t mix things here.

Giulio_Loffreda · September 3, 2019, 7:44pm

Ok. Thank you. I will open an issue at the repo.