Temporarily disable ACL checks on subscriptions when using MQTT v3.1.1.

This is due to the complexity of checking wildcard ACLs against wildcard
subscriptions. This does not have a negative impact on security because
checks are still made before a message is sent to a client.  Fixes bug

Thanks to Jan-Piet Mens and Christoph Krey.

ChangeLog.txt

@@ -5,6 +5,11 @@ Broker:
 - Fix possible memory leak when using a topic that has a leading slash. Fixes
   bug #1360985.
 - Fix saving persistent database on Windows.
+- Temporarily disable ACL checks on subscriptions when using MQTT v3.1.1. This
+  is due to the complexity of checking wildcard ACLs against wildcard
+  subscriptions. This does not have a negative impact on security because
+  checks are still made before a message is sent to a client.
+  Fixes bug #1374291.
 
 Client library:
 - Fix mutex being incorrectly passed by value. Fixes bug #1373785.

src/read_handle_server.c

@@ -634,6 +634,19 @@ int mqtt3_handle_subscribe(struct mosquitto_db *db, struct mosquitto *context)
 			}
 			_mosquitto_log_printf(NULL, MOSQ_LOG_DEBUG, "\t%s (QoS %d)", sub, qos);
 
+#if 0
+			/* FIXME
+			 * This section has been disabled temporarily. mosquitto_acl_check
+			 * calls mosquitto_topic_matches_sub, which can't cope with
+			 * checking subscriptions that have wildcards against ACLs that
+			 * have wildcards. Bug #1374291 is related.
+			 *
+			 * It's a very difficult problem when an ACL looks like foo/+/bar
+			 * and a subscription request to foo/# is made.
+			 *
+			 * This should be changed to using MOSQ_ACL_SUBSCRIPTION in the
+			 * future anyway.
+			 */
 			if(context->protocol == mosq_p_mqtt311){
 				rc = mosquitto_acl_check(db, context, sub, MOSQ_ACL_READ);
 				switch(rc){
@@ -647,6 +660,7 @@ int mqtt3_handle_subscribe(struct mosquitto_db *db, struct mosquitto *context)
 						return rc;
 				}
 			}
+#endif
 
 			if(qos != 0x80){
 				rc2 = mqtt3_sub_add(db, context, sub, qos, &db->subs);