Dynsec: Rename ACL types for clarity.

publishBrokerToClient -> publishClientReceive publishClientToBroker -> publishClientSend
5 years ago · a1ad4cfcc4
parent 004bd3c5cd
commit a1ad4cfcc4
13 changed files with 121 additions and 106 deletions
--- a/apps/mosquitto_ctrl/dynsec.c
+++ b/apps/mosquitto_ctrl/dynsec.c
@ -66,7 +66,7 @@ void dynsec__print_usage(void)
 	printf("Get role information:        getRole           <rolename>\n");
 	printf("List all roles:              listRoles         [count [offset]]\n");
 	printf("\naclspec:                     <acltype> <topicFilter> allow|deny\n");
-	printf("acltype:                     publishClientToBroker|publishBrokerToClient\n");
+	printf("acltype:                     publishClientSend|publishClientReceive\n");
 	printf("                              |subscribeLiteral|subscribePattern\n");
 	printf("                              |unsubscribeLiteral|unsubscribePattern\n");
 }
@ -165,8 +165,8 @@ static int dynsec__default_acl_access(int argc, char *argv[], cJSON *j_command)
 		return MOSQ_ERR_INVAL;
 	}

-	if(strcasecmp(acltype, "publishClientToBroker")
-			&& strcasecmp(acltype, "publishBrokerToClient")
+	if(strcasecmp(acltype, "publishClientSend")
+			&& strcasecmp(acltype, "publishClientReceive")
 			&& strcasecmp(acltype, "subscribe")
 			&& strcasecmp(acltype, "unsubscribe")){

@ -244,8 +244,8 @@ static cJSON *init_add_role(const char *rolename)
 		return NULL;
 	}
 	cJSON_AddItemToObject(j_role, "acls", j_acls);
-	if(init_add_acl_to_role(j_acls, "publishClientToBroker", "$CONTROL/dynamic-security/#") == NULL
-			|| init_add_acl_to_role(j_acls, "publishBrokerToClient", "$CONTROL/dynamic-security/#") == NULL
+	if(init_add_acl_to_role(j_acls, "publishClientSend", "$CONTROL/dynamic-security/#") == NULL
+			|| init_add_acl_to_role(j_acls, "publishClientReceive", "$CONTROL/dynamic-security/#") == NULL
 			|| init_add_acl_to_role(j_acls, "subscribePattern", "$CONTROL/dynamic-security/#") == NULL
 			|| init_add_acl_to_role(j_acls, "unsubscribePattern", "#") == NULL
 			){
@ -342,8 +342,8 @@ static cJSON *init_create(const char *username, const char *password, const char
 	 * * Client con not subscribe to topics by default.
 	 * * Client *CAN* unsubscribe from topics by default.
 	 */
-	if(cJSON_AddBoolToObject(j_default_access, "publishClientToBroker", false) == NULL
-			|| cJSON_AddBoolToObject(j_default_access, "publishBrokerToClient", true) == NULL
+	if(cJSON_AddBoolToObject(j_default_access, "publishClientSend", false) == NULL
+			|| cJSON_AddBoolToObject(j_default_access, "publishClientReceive", true) == NULL
 			|| cJSON_AddBoolToObject(j_default_access, "subscribe", false) == NULL
 			|| cJSON_AddBoolToObject(j_default_access, "unsubscribe", true) == NULL
 			){
--- a/apps/mosquitto_ctrl/dynsec_role.c
+++ b/apps/mosquitto_ctrl/dynsec_role.c
@ -129,8 +129,8 @@ int dynsec_role__add_acl(int argc, char *argv[], cJSON *j_command)
 		return MOSQ_ERR_INVAL;
 	}

-	if(strcasecmp(acltype, "publishClientToBroker")
-			&& strcasecmp(acltype, "publishBrokerToClient")
+	if(strcasecmp(acltype, "publishClientSend")
+			&& strcasecmp(acltype, "publishClientReceive")
 			&& strcasecmp(acltype, "subscribe")
 			&& strcasecmp(acltype, "unsubscribe")){

@ -170,8 +170,8 @@ int dynsec_role__remove_acl(int argc, char *argv[], cJSON *j_command)
 		return MOSQ_ERR_INVAL;
 	}

-	if(strcasecmp(acltype, "publishClientToBroker")
-			&& strcasecmp(acltype, "publishBrokerToClient")
+	if(strcasecmp(acltype, "publishClientSend")
+			&& strcasecmp(acltype, "publishClientReceive")
 			&& strcasecmp(acltype, "subscribe")
 			&& strcasecmp(acltype, "unsubscribe")){

--- a/plugins/dynamic-security/README.md
+++ b/plugins/dynamic-security/README.md
@ -36,8 +36,8 @@ Command:
 		{
 			"command": "setDefaultACLAccess",
 			"acls":[
-				{ "acltype": "publishClientToBroker", "allow": false },
-				{ "acltype": "publishBrokerToClient", "allow": false },
+				{ "acltype": "publishClientSend", "allow": false },
+				{ "acltype": "publishClientReceive", "allow": false },
 				{ "acltype": "subscribe", "allow": false },
 				{ "acltype": "unsubscribe", "allow": false }
 			]
--- a/plugins/dynamic-security/acl.c
+++ b/plugins/dynamic-security/acl.c
@ -31,14 +31,14 @@ typedef int (*MOSQ_FUNC_acl_check)(struct mosquitto_evt_acl_check *, struct dyns
 * #
 * ################################################################ */

-static int acl_check_publish_b2c(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist)
+static int acl_check_publish_c_recv(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist)
 {
 	struct dynsec__rolelist *rolelist, *rolelist_tmp;
 	struct dynsec__acl *acl, *acl_tmp;
 	bool result;

 	HASH_ITER(hh, base_rolelist, rolelist, rolelist_tmp){
-		HASH_ITER(hh, rolelist->role->acls.publish_b2c, acl, acl_tmp){
+		HASH_ITER(hh, rolelist->role->acls.publish_c_recv, acl, acl_tmp){
 			mosquitto_topic_matches_sub(acl->topic, ed->topic, &result);
 			if(result){
 				if(acl->allow){
@ -59,14 +59,14 @@ static int acl_check_publish_b2c(struct mosquitto_evt_acl_check *ed, struct dyns
 * #
 * ################################################################ */

-static int acl_check_publish_c2b(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist)
+static int acl_check_publish_c_send(struct mosquitto_evt_acl_check *ed, struct dynsec__rolelist *base_rolelist)
 {
 	struct dynsec__rolelist *rolelist, *rolelist_tmp;
 	struct dynsec__acl *acl, *acl_tmp;
 	bool result;

 	HASH_ITER(hh, base_rolelist, rolelist, rolelist_tmp){
-		HASH_ITER(hh, rolelist->role->acls.publish_c2b, acl, acl_tmp){
+		HASH_ITER(hh, rolelist->role->acls.publish_c_send, acl, acl_tmp){
 			mosquitto_topic_matches_sub(acl->topic, ed->topic, &result);
 			if(result){
 				if(acl->allow){
@ -236,10 +236,10 @@ int dynsec__acl_check_callback(int event, void *event_data, void *userdata)
 			return acl_check(event_data, acl_check_unsubscribe, default_access.unsubscribe);
 			break;
 		case MOSQ_ACL_WRITE: /* Client to broker */
-			return acl_check(event_data, acl_check_publish_c2b, default_access.publish_c2b);
+			return acl_check(event_data, acl_check_publish_c_send, default_access.publish_c_send);
 			break;
 		case MOSQ_ACL_READ:
-			return acl_check(event_data, acl_check_publish_b2c, default_access.publish_b2c);
+			return acl_check(event_data, acl_check_publish_c_recv, default_access.publish_c_recv);
 			break;
 		default:
 			return MOSQ_ERR_PLUGIN_DEFER;
--- a/plugins/dynamic-security/dynamic_security.h
+++ b/plugins/dynamic-security/dynamic_security.h
@ -21,6 +21,21 @@ Contributors:
 #include "mosquitto.h"
 #include "password_mosq.h"

+/* ################################################################
+ * #
+ * # ACL types
+ * #
+ * ################################################################ */
+
+#define ACL_TYPE_PUB_C_RECV "publishClientReceive"
+#define ACL_TYPE_PUB_C_SEND "publishClientSend"
+#define ACL_TYPE_SUB_GENERIC "subscribe"
+#define ACL_TYPE_SUB_LITERAL "subscribeLiteral"
+#define ACL_TYPE_SUB_PATTERN "subscribePattern"
+#define ACL_TYPE_UNSUB_GENERIC "unsubscribe"
+#define ACL_TYPE_UNSUB_LITERAL "unsubscribeLiteral"
+#define ACL_TYPE_UNSUB_PATTERN "unsubscribePattern"
+
 /* ################################################################
 * #
 * # Error codes
@ -87,8 +102,8 @@ struct dynsec__acl{
 };

 struct dynsec__acls{
-	struct dynsec__acl *publish_c2b;
-	struct dynsec__acl *publish_b2c;
+	struct dynsec__acl *publish_c_send;
+	struct dynsec__acl *publish_c_recv;
 	struct dynsec__acl *subscribe_literal;
 	struct dynsec__acl *subscribe_pattern;
 	struct dynsec__acl *unsubscribe_literal;
@ -104,8 +119,8 @@ struct dynsec__role{
 };

 struct dynsec__acl_default_access{
-	bool publish_c2b;
-	bool publish_b2c;
+	bool publish_c_send;
+	bool publish_c_recv;
 	bool subscribe;
 	bool unsubscribe;
 };
--- a/plugins/dynamic-security/plugin.c
+++ b/plugins/dynamic-security/plugin.c
@ -128,13 +128,13 @@ int dynsec__process_default_acl_access(cJSON *j_responses, struct mosquitto *con

 			allow = cJSON_IsTrue(j_allow);

-			if(!strcasecmp(j_acltype->valuestring, "publishClientToBroker")){
-				default_access.publish_c2b = allow;
-			}else if(!strcasecmp(j_acltype->valuestring, "publishBrokerToClient")){
-				default_access.publish_b2c = allow;
-			}else if(!strcasecmp(j_acltype->valuestring, "subscribe")){
+			if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_SEND)){
+				default_access.publish_c_send = allow;
+			}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_PUB_C_RECV)){
+				default_access.publish_c_recv = allow;
+			}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_SUB_GENERIC)){
 				default_access.subscribe = allow;
-			}else if(!strcasecmp(j_acltype->valuestring, "unsubscribe")){
+			}else if(!strcasecmp(j_acltype->valuestring, ACL_TYPE_UNSUB_GENERIC)){
 				default_access.unsubscribe = allow;
 			}
 		}
@ -164,28 +164,28 @@ static int dynsec__general_config_load(cJSON *tree)

 	j_default_access = cJSON_GetObjectItem(tree, "defaultACLAccess");
 	if(j_default_access && cJSON_IsObject(j_default_access)){
-		jtmp = cJSON_GetObjectItem(j_default_access, "publishClientToBroker");
+		jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_PUB_C_SEND);
 		if(jtmp && cJSON_IsBool(jtmp)){
-			default_access.publish_c2b = cJSON_IsTrue(jtmp);
+			default_access.publish_c_send = cJSON_IsTrue(jtmp);
 		}else{
-			default_access.publish_c2b = false;
+			default_access.publish_c_send = false;
 		}

-		jtmp = cJSON_GetObjectItem(j_default_access, "publishBrokerToClient");
+		jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_PUB_C_RECV);
 		if(jtmp && cJSON_IsBool(jtmp)){
-			default_access.publish_b2c = cJSON_IsTrue(jtmp);
+			default_access.publish_c_recv = cJSON_IsTrue(jtmp);
 		}else{
-			default_access.publish_b2c = false;
+			default_access.publish_c_recv = false;
 		}

-		jtmp = cJSON_GetObjectItem(j_default_access, "subscribe");
+		jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_SUB_GENERIC);
 		if(jtmp && cJSON_IsBool(jtmp)){
 			default_access.subscribe = cJSON_IsTrue(jtmp);
 		}else{
 			default_access.subscribe = false;
 		}

-		jtmp = cJSON_GetObjectItem(j_default_access, "unsubscribe");
+		jtmp = cJSON_GetObjectItem(j_default_access, ACL_TYPE_UNSUB_GENERIC);
 		if(jtmp && cJSON_IsBool(jtmp)){
 			default_access.unsubscribe = cJSON_IsTrue(jtmp);
 		}else{
@ -205,10 +205,10 @@ static int dynsec__general_config_save(cJSON *tree)
 	}
 	cJSON_AddItemToObject(tree, "defaultACLAccess", j_default_access);

-	if(cJSON_AddBoolToObject(j_default_access, "publishClientToBroker", default_access.publish_c2b) == NULL
-			|| cJSON_AddBoolToObject(j_default_access, "publishBrokerToClient", default_access.publish_b2c) == NULL
-			|| cJSON_AddBoolToObject(j_default_access, "subscribe", default_access.subscribe) == NULL
-			|| cJSON_AddBoolToObject(j_default_access, "unsubscribe", default_access.unsubscribe) == NULL
+	if(cJSON_AddBoolToObject(j_default_access, ACL_TYPE_PUB_C_SEND, default_access.publish_c_send) == NULL
+			|| cJSON_AddBoolToObject(j_default_access, ACL_TYPE_PUB_C_RECV, default_access.publish_c_recv) == NULL
+			|| cJSON_AddBoolToObject(j_default_access, ACL_TYPE_SUB_GENERIC, default_access.subscribe) == NULL
+			|| cJSON_AddBoolToObject(j_default_access, ACL_TYPE_UNSUB_GENERIC, default_access.unsubscribe) == NULL
 			){

 		return 1;
--- a/plugins/dynamic-security/roles.c
+++ b/plugins/dynamic-security/roles.c
@ -202,8 +202,8 @@ static void role__free_item(struct dynsec__role *role, bool remove_from_hash)
 	mosquitto_free(role->text_name);
 	mosquitto_free(role->text_description);
 	mosquitto_free(role->rolename);
-	role__free_all_acls(&role->acls.publish_c2b);
-	role__free_all_acls(&role->acls.publish_b2c);
+	role__free_all_acls(&role->acls.publish_c_send);
+	role__free_all_acls(&role->acls.publish_c_recv);
 	role__free_all_acls(&role->acls.subscribe_literal);
 	role__free_all_acls(&role->acls.subscribe_pattern);
 	role__free_all_acls(&role->acls.unsubscribe_literal);
@ -273,12 +273,12 @@ static int add_acls_to_json(cJSON *j_role, struct dynsec__role *role)
 		return 1;
 	}

-	if(add_single_acl_to_json(j_acls, "publishClientToBroker", role->acls.publish_c2b) != MOSQ_ERR_SUCCESS
-			|| add_single_acl_to_json(j_acls, "publishBrokerToClient", role->acls.publish_b2c) != MOSQ_ERR_SUCCESS
-			|| add_single_acl_to_json(j_acls, "subscribeLiteral", role->acls.subscribe_literal) != MOSQ_ERR_SUCCESS
-			|| add_single_acl_to_json(j_acls, "subscribePattern", role->acls.subscribe_pattern) != MOSQ_ERR_SUCCESS
-			|| add_single_acl_to_json(j_acls, "unsubscribeLiteral", role->acls.unsubscribe_literal) != MOSQ_ERR_SUCCESS
-			|| add_single_acl_to_json(j_acls, "unsubscribePattern", role->acls.unsubscribe_pattern) != MOSQ_ERR_SUCCESS
+	if(add_single_acl_to_json(j_acls, ACL_TYPE_PUB_C_SEND, role->acls.publish_c_send) != MOSQ_ERR_SUCCESS
+			|| add_single_acl_to_json(j_acls, ACL_TYPE_PUB_C_RECV, role->acls.publish_c_recv) != MOSQ_ERR_SUCCESS
+			|| add_single_acl_to_json(j_acls, ACL_TYPE_SUB_LITERAL, role->acls.subscribe_literal) != MOSQ_ERR_SUCCESS
+			|| add_single_acl_to_json(j_acls, ACL_TYPE_SUB_PATTERN, role->acls.subscribe_pattern) != MOSQ_ERR_SUCCESS
+			|| add_single_acl_to_json(j_acls, ACL_TYPE_UNSUB_LITERAL, role->acls.unsubscribe_literal) != MOSQ_ERR_SUCCESS
+			|| add_single_acl_to_json(j_acls, ACL_TYPE_UNSUB_PATTERN, role->acls.unsubscribe_pattern) != MOSQ_ERR_SUCCESS
 			){

 		return 1;
@ -419,12 +419,12 @@ int dynsec_roles__config_load(cJSON *tree)
 			/* ACLs */
 			j_acls = cJSON_GetObjectItem(j_role, "acls");
 			if(j_acls && cJSON_IsArray(j_acls)){
-				if(dynsec_roles__acl_load(j_acls, "publishClientToBroker", &role->acls.publish_c2b) != 0
-						|| dynsec_roles__acl_load(j_acls, "publishBrokerToClient", &role->acls.publish_b2c) != 0
-						|| dynsec_roles__acl_load(j_acls, "subscribeLiteral", &role->acls.subscribe_literal) != 0
-						|| dynsec_roles__acl_load(j_acls, "subscribePattern", &role->acls.subscribe_pattern) != 0
-						|| dynsec_roles__acl_load(j_acls, "unsubscribeLiteral", &role->acls.unsubscribe_literal) != 0
-						|| dynsec_roles__acl_load(j_acls, "unsubscribePattern", &role->acls.unsubscribe_pattern) != 0
+				if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &role->acls.publish_c_send) != 0
+						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &role->acls.publish_c_recv) != 0
+						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &role->acls.subscribe_literal) != 0
+						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &role->acls.subscribe_pattern) != 0
+						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &role->acls.unsubscribe_literal) != 0
+						|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &role->acls.unsubscribe_pattern) != 0
 						){

 					// FIXME log
@ -503,12 +503,12 @@ int dynsec_roles__process_create(cJSON *j_responses, struct mosquitto *context,
 	/* ACLs */
 	j_acls = cJSON_GetObjectItem(command, "acls");
 	if(j_acls && cJSON_IsArray(j_acls)){
-		if(dynsec_roles__acl_load(j_acls, "publishClientToBroker", &role->acls.publish_c2b) != 0
-				|| dynsec_roles__acl_load(j_acls, "publishBrokerToClient", &role->acls.publish_b2c) != 0
-				|| dynsec_roles__acl_load(j_acls, "subscribeLiteral", &role->acls.subscribe_literal) != 0
-				|| dynsec_roles__acl_load(j_acls, "subscribePattern", &role->acls.subscribe_pattern) != 0
-				|| dynsec_roles__acl_load(j_acls, "unsubscribeLiteral", &role->acls.unsubscribe_literal) != 0
-				|| dynsec_roles__acl_load(j_acls, "unsubscribePattern", &role->acls.unsubscribe_pattern) != 0
+		if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &role->acls.publish_c_send) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &role->acls.publish_c_recv) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &role->acls.subscribe_literal) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &role->acls.subscribe_pattern) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &role->acls.unsubscribe_literal) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &role->acls.unsubscribe_pattern) != 0
 				){

 			dynsec__command_reply(j_responses, context, "createRole", "Internal error", correlation_data);
@ -692,17 +692,17 @@ int dynsec_roles__process_add_acl(cJSON *j_responses, struct mosquitto *context,
 		dynsec__command_reply(j_responses, context, "addRoleACL", "Invalid/missing acltype", correlation_data);
 		return MOSQ_ERR_SUCCESS;
 	}
-	if(!strcasecmp(jtmp->valuestring, "publishClientToBroker")){
-		acllist = &role->acls.publish_c2b;
-	}else if(!strcasecmp(jtmp->valuestring, "publishBrokerToClient")){
-		acllist = &role->acls.publish_b2c;
-	}else if(!strcasecmp(jtmp->valuestring, "subscribeLiteral")){
+	if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_SEND)){
+		acllist = &role->acls.publish_c_send;
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_RECV)){
+		acllist = &role->acls.publish_c_recv;
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_LITERAL)){
 		acllist = &role->acls.subscribe_literal;
-	}else if(!strcasecmp(jtmp->valuestring, "subscribePattern")){
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_PATTERN)){
 		acllist = &role->acls.subscribe_pattern;
-	}else if(!strcasecmp(jtmp->valuestring, "unsubscribeLiteral")){
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_LITERAL)){
 		acllist = &role->acls.unsubscribe_literal;
-	}else if(!strcasecmp(jtmp->valuestring, "unsubscribePattern")){
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_PATTERN)){
 		acllist = &role->acls.unsubscribe_pattern;
 	}else{
 		dynsec__command_reply(j_responses, context, "addRoleACL", "Unknown acltype", correlation_data);
@ -769,17 +769,17 @@ int dynsec_roles__process_remove_acl(cJSON *j_responses, struct mosquitto *conte
 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Invalid/missing acltype", correlation_data);
 		return MOSQ_ERR_SUCCESS;
 	}
-	if(!strcasecmp(jtmp->valuestring, "publishClientToBroker")){
-		acllist = &role->acls.publish_c2b;
-	}else if(!strcasecmp(jtmp->valuestring, "publishBrokerToClient")){
-		acllist = &role->acls.publish_b2c;
-	}else if(!strcasecmp(jtmp->valuestring, "subscribeLiteral")){
+	if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_SEND)){
+		acllist = &role->acls.publish_c_send;
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_PUB_C_RECV)){
+		acllist = &role->acls.publish_c_recv;
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_LITERAL)){
 		acllist = &role->acls.subscribe_literal;
-	}else if(!strcasecmp(jtmp->valuestring, "subscribePattern")){
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_SUB_PATTERN)){
 		acllist = &role->acls.subscribe_pattern;
-	}else if(!strcasecmp(jtmp->valuestring, "unsubscribeLiteral")){
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_LITERAL)){
 		acllist = &role->acls.unsubscribe_literal;
-	}else if(!strcasecmp(jtmp->valuestring, "unsubscribePattern")){
+	}else if(!strcasecmp(jtmp->valuestring, ACL_TYPE_UNSUB_PATTERN)){
 		acllist = &role->acls.unsubscribe_pattern;
 	}else{
 		dynsec__command_reply(j_responses, context, "removeRoleACL", "Unknown acltype", correlation_data);
@ -874,7 +874,7 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context,
 	struct dynsec__role *role;
 	char *str;
 	cJSON *j_acls;
-	struct dynsec__acl *tmp_publish_c2b, *tmp_publish_b2c;
+	struct dynsec__acl *tmp_publish_c_send, *tmp_publish_c_recv;
 	struct dynsec__acl *tmp_subscribe_literal, *tmp_subscribe_pattern;
 	struct dynsec__acl *tmp_unsubscribe_literal, *tmp_unsubscribe_pattern;

@ -911,17 +911,17 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context,

 	j_acls = cJSON_GetObjectItem(command, "acls");
 	if(j_acls && cJSON_IsArray(j_acls)){
-		if(dynsec_roles__acl_load(j_acls, "publishClientToBroker", &tmp_publish_c2b) != 0
-				|| dynsec_roles__acl_load(j_acls, "publishBrokerToClient", &tmp_publish_b2c) != 0
-				|| dynsec_roles__acl_load(j_acls, "subscribeLiteral", &tmp_subscribe_literal) != 0
-				|| dynsec_roles__acl_load(j_acls, "subscribePattern", &tmp_subscribe_pattern) != 0
-				|| dynsec_roles__acl_load(j_acls, "unsubscribeLiteral", &tmp_unsubscribe_literal) != 0
-				|| dynsec_roles__acl_load(j_acls, "unsubscribePattern", &tmp_unsubscribe_pattern) != 0
+		if(dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_SEND, &tmp_publish_c_send) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_PUB_C_RECV, &tmp_publish_c_recv) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_LITERAL, &tmp_subscribe_literal) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_SUB_PATTERN, &tmp_subscribe_pattern) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_LITERAL, &tmp_unsubscribe_literal) != 0
+				|| dynsec_roles__acl_load(j_acls, ACL_TYPE_UNSUB_PATTERN, &tmp_unsubscribe_pattern) != 0
 				){

 			/* Free any that were successful */
-			role__free_all_acls(&tmp_publish_c2b);
-			role__free_all_acls(&tmp_publish_b2c);
+			role__free_all_acls(&tmp_publish_c_send);
+			role__free_all_acls(&tmp_publish_c_recv);
 			role__free_all_acls(&tmp_subscribe_literal);
 			role__free_all_acls(&tmp_subscribe_pattern);
 			role__free_all_acls(&tmp_unsubscribe_literal);
@ -931,15 +931,15 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context,
 			return MOSQ_ERR_NOMEM;
 		}

-		role__free_all_acls(&role->acls.publish_c2b);
-		role__free_all_acls(&role->acls.publish_b2c);
+		role__free_all_acls(&role->acls.publish_c_send);
+		role__free_all_acls(&role->acls.publish_c_recv);
 		role__free_all_acls(&role->acls.subscribe_literal);
 		role__free_all_acls(&role->acls.subscribe_pattern);
 		role__free_all_acls(&role->acls.unsubscribe_literal);
 		role__free_all_acls(&role->acls.unsubscribe_pattern);

-		role->acls.publish_c2b = tmp_publish_c2b;
-		role->acls.publish_b2c = tmp_publish_b2c;
+		role->acls.publish_c_send = tmp_publish_c_send;
+		role->acls.publish_c_recv = tmp_publish_c_recv;
 		role->acls.subscribe_literal = tmp_subscribe_literal;
 		role->acls.subscribe_pattern = tmp_subscribe_pattern;
 		role->acls.unsubscribe_literal = tmp_unsubscribe_literal;
--- a/test/broker/14-dynsec-client.py
+++ b/test/broker/14-dynsec-client.py
@ -73,7 +73,7 @@ suback_packet = mosq_test.gen_suback(mid, 1)
 try:
    os.mkdir(str(port))
    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
 except FileExistsError:
    try:
        os.remove(f"{port}/dynamic-security.json")
--- a/test/broker/14-dynsec-group.py
+++ b/test/broker/14-dynsec-group.py
@ -84,7 +84,7 @@ suback_packet = mosq_test.gen_suback(mid, 1)
 try:
    os.mkdir(str(port))
    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
 except FileExistsError:
    try:
        os.remove(f"{port}/dynamic-security.json")
--- a/test/broker/14-dynsec-modify-client.py
+++ b/test/broker/14-dynsec-modify-client.py
@ -148,7 +148,7 @@ suback_packet = mosq_test.gen_suback(mid, 1)
 try:
    os.mkdir(str(port))
    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
 except FileExistsError:
    try:
        os.remove(f"{port}/dynamic-security.json")
--- a/test/broker/14-dynsec-modify-group.py
+++ b/test/broker/14-dynsec-modify-group.py
@ -135,7 +135,7 @@ suback_packet = mosq_test.gen_suback(mid, 1)
 try:
    os.mkdir(str(port))
    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
 except FileExistsError:
    try:
        os.remove(f"{port}/dynamic-security.json")
--- a/test/broker/14-dynsec-modify-role.py
+++ b/test/broker/14-dynsec-modify-role.py
@ -30,13 +30,13 @@ create_role_command = { "commands": [{
    "textName": "Name", "textDescription": "Description",
    "acls":[
        {
-            "aclType": "publishClientToBroker",
+            "aclType": "publishClientSend",
            "allow": True,
            "topic": "topic/#",
            "priority": 8
        },
        {
-            "aclType": "publishClientToBroker",
+            "aclType": "publishClientSend",
            "allow": True,
            "topic": "topic/2/#",
            "priority": 9
@ -58,13 +58,13 @@ get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol
    'textName': 'Name', 'textDescription': 'Description',
    'acls': [
        {
-            "aclType": "publishClientToBroker",
+            "aclType": "publishClientSend",
            "topic": "topic/2/#",
            "allow": True,
            "priority": 9
        },
        {
-            "aclType": "publishClientToBroker",
+            "aclType": "publishClientSend",
            "topic": "topic/#",
            "allow": True,
            "priority": 8
@ -77,13 +77,13 @@ get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol
    'textName': 'Modified name', 'textDescription': 'Modified description',
    'acls': [
        {
-            "aclType": "publishClientToBroker",
+            "aclType": "publishClientSend",
            "topic": "topic/2/#",
            "allow": True,
            "priority": 9
        },
        {
-            "aclType": "publishClientToBroker",
+            "aclType": "publishClientSend",
            "topic": "topic/#",
            "allow": True,
            "priority": 8
@ -102,7 +102,7 @@ suback_packet = mosq_test.gen_suback(mid, 1)
 try:
    os.mkdir(str(port))
    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
 except FileExistsError:
    try:
        os.remove(f"{port}/dynamic-security.json")
--- a/test/broker/14-dynsec-role.py
+++ b/test/broker/14-dynsec-role.py
@ -42,7 +42,7 @@ create_group_response = {'responses':[{"command":"createGroup","correlationData"

 create_role_command = { "commands": [{'command': 'createRole', 'correlationData': '3',
    "roleName": "basic", "acls":[
-    {"aclType":"publishClientToBroker", "topic": "out/#", "priority":3, "allow": True}], "textName":"name", "textDescription":"desc"
+    {"aclType":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textName":"name", "textDescription":"desc"
    }]}
 create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '3'}]}

@ -61,7 +61,7 @@ list_roles_verbose_command1 = { "commands": [{
 }
 list_roles_verbose_response1 = {'responses': [{'command': 'listRoles', 'data':
    {'totalCount':1, 'roles': [{'roleName': 'basic', "textName": "name", "textDescription": "desc",
-    'acls': [{'aclType':'publishClientToBroker', 'topic': 'out/#', 'priority': 3, 'allow': True}]
+    'acls': [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}]
    }]}, 'correlationData': '21'}]}

 add_acl_command = {"commands": [{'command': "addRoleACL", "roleName":"basic", "aclType":"subscribeLiteral",
@ -73,14 +73,14 @@ list_roles_verbose_command2 = { "commands": [{
 }
 list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':1, 'roles':
    [{'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls':
-    [{'aclType':'publishClientToBroker', 'topic': 'out/#', 'priority': 3, 'allow': True},
+    [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
    {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
    }]}, 'correlationData': '22'}]}

 get_role_command = {"commands": [{'command': "getRole", "roleName":"basic"}]}
 get_role_response = {'responses': [{'command': 'getRole', 'data': {'role':
    {'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls':
-    [{'aclType':'publishClientToBroker', 'topic': 'out/#', 'priority': 3, 'allow': True},
+    [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
    {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
    }}}]}

@ -126,7 +126,7 @@ suback_packet = mosq_test.gen_suback(mid, 1)
 try:
    os.mkdir(str(port))
    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientToBroker":"allow", "publishBrokerToClient":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
 except FileExistsError:
    try:
        os.remove(f"{port}/dynamic-security.json")