When a durable client reconnects, its queued messages are now checked against ACLs in case of a change in username/ACL state since it last connected.

Thanks to "web1".

ChangeLog.txt

@@ -15,6 +15,9 @@ Broker:
   clients that connect without a username.
 - Fix subscriptions being deleted when clients subscribed to a topic beginning
   with a $ but that is not $SYS.
+- When a durable client reconnects, its queued messages are now checked
+  against ACLs in case of a change in username/ACL state since it last
+  connected.
 - Anonymous clients are no longer accidently disconnected from the broker
   after a SIGHUP.
 

src/read_handle_server.c

@@ -46,6 +46,7 @@ int mqtt3_handle_connect(struct mosquitto_db *db, struct mosquitto *context)
 	int i;
 	int rc;
 	struct _mosquitto_acl_user *acl_tail;
+	struct mosquitto_client_msg *msg_tail, *msg_prev;
 	int slen;
 #ifdef WITH_TLS
 	X509 *client_cert;
@@ -417,6 +418,34 @@ int mqtt3_handle_connect(struct mosquitto_db *db, struct mosquitto *context)
 		context->is_bridge = true;
 	}
 
+	/* Remove any queued messages that are no longer allowed through ACL,
+	 * assuming a possible change of username. */
+
+	msg_tail = context->msgs;
+	msg_prev = NULL;
+	while(msg_tail){
+		if(msg_tail->direction == mosq_md_out){
+			if(mosquitto_acl_check(db, context, msg_tail->store->msg.topic, MOSQ_ACL_READ) == MOSQ_ERR_ACL_DENIED){
+				msg_tail->store->ref_count--;
+				if(msg_prev){
+					msg_prev->next = msg_tail->next;
+					_mosquitto_free(msg_tail);
+					msg_tail = msg_prev->next;
+				}else{
+					context->msgs = context->msgs->next;
+					_mosquitto_free(msg_tail);
+					msg_tail = context->msgs;
+				}
+			}else{
+				msg_prev = msg_tail;
+				msg_tail = msg_tail->next;
+			}
+		}else{
+			msg_prev = msg_tail;
+			msg_tail = msg_tail->next;
+		}
+	}
+
 	// Add the client ID to the DB hash table here
 	new_cih = _mosquitto_malloc(sizeof(struct _clientid_index_hash));
 	if(!new_cih){