Add ability to deny access to SUBSCRIBE messages.

This is as well as the current read/write accesses. Currently for auth
plugins only.

ChangeLog.txt

@@ -2,6 +2,8 @@
 ==============
 
 Broker:
+- Add ability to deny access to SUBSCRIBE messages as well as the current
+  read/write accesses. Currently for auth plugins only.
 - Reduce calls to malloc through the use of UHPA.
 - Outgoing messages with QoS>1 are no longer retried after a timeout period.
   Messages will be retried when a client reconnects.  This change in behaviour

src/handle_subscribe.c

@@ -110,21 +110,8 @@ int handle__subscribe(struct mosquitto_db *db, struct mosquitto *context)
 			}
 			log__printf(NULL, MOSQ_LOG_DEBUG, "\t%s (QoS %d)", sub, qos);
 
-#if 0
-			/* FIXME
-			 * This section has been disabled temporarily. mosquitto_acl_check
-			 * calls mosquitto_topic_matches_sub, which can't cope with
-			 * checking subscriptions that have wildcards against ACLs that
-			 * have wildcards. Bug #1374291 is related.
-			 *
-			 * It's a very difficult problem when an ACL looks like foo/+/bar
-			 * and a subscription request to foo/# is made.
-			 *
-			 * This should be changed to using MOSQ_ACL_SUBSCRIPTION in the
-			 * future anyway.
-			 */
 			if(context->protocol == mosq_p_mqtt311){
-				rc = mosquitto_acl_check(db, context, sub, MOSQ_ACL_READ);
+				rc = mosquitto_acl_check(db, context, sub, MOSQ_ACL_SUBSCRIBE);
 				switch(rc){
 					case MOSQ_ERR_SUCCESS:
 						break;
@@ -136,7 +123,6 @@ int handle__subscribe(struct mosquitto_db *db, struct mosquitto *context)
 						return rc;
 				}
 			}
-#endif
 
 			if(qos != 0x80){
 				rc2 = sub__add(db, context, sub, qos, &db->subs);

src/mosquitto_plugin.h

@@ -199,7 +199,19 @@ int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_opt *opts,
  * Function: mosquitto_auth_acl_check
  *
  * Called by the broker when topic access must be checked. access will be one
- * of MOSQ_ACL_READ (for subscriptions) or MOSQ_ACL_WRITE (for publish).
+ * of:
+ *  MOSQ_ACL_SUBSCRIBE when a client is asking to subscribe to a topic string.
+ *                     This differs from MOSQ_ACL_READ in that it allows you to
+ *                     deny access to topic strings rather than by pattern. For
+ *                     example, you may use MOSQ_ACL_SUBSCRIBE to deny
+ *                     subscriptions to '#', but allow all topics in
+ *                     MOSQ_ACL_READ. This allows clients to subscribe to any
+ *                     topic they want, but not discover what topics are in use
+ *                     on the server.
+ *  MOSQ_ACL_READ      when a message is about to be sent to a client (i.e. whether
+ *                     it can read that topic or not).
+ *  MOSQ_ACL_WRITE     when a message has been received from a client (i.e. whether
+ *                     it can write to that topic or not).
  *
  * Return:
  *	MOSQ_ERR_SUCCESS if access was granted.

src/security.c

@@ -392,6 +392,9 @@ int mosquitto_acl_check(struct mosquitto_db *db, struct mosquitto *context, cons
 		if(db->auth_plugins[i].version == 3){
 			rc = db->auth_plugins[i].acl_check_v3(db->auth_plugins[i].user_data, access, context, &msg);
 		}else if(db->auth_plugins[i].version == 2){
+			if(access == MOSQ_ACL_SUBSCRIBE){
+				return MOSQ_ERR_SUCCESS;
+			}
 			rc = db->auth_plugins[i].acl_check_v2(db->auth_plugins[i].user_data, context->id, username, topic, access);
 		}else{
 			rc = MOSQ_ERR_INVAL;

src/security_default.c

@@ -238,6 +238,7 @@ int mosquitto_acl_check_default(struct mosquitto_db *db, struct mosquitto *conte
 	if(!db || !context || !topic) return MOSQ_ERR_INVAL;
 	if(!db->acl_list && !db->acl_patterns) return MOSQ_ERR_PLUGIN_DEFER;
 	if(context->bridge) return MOSQ_ERR_SUCCESS;
+	if(access == MOSQ_ACL_SUBSCRIBE) return MOSQ_ERR_SUCCESS; /* FIXME - implement ACL subscription strings. */
 	if(!context->acl_list && !db->acl_patterns) return MOSQ_ERR_ACL_DENIED;
 
 	if(context->acl_list){