From ffbdad93b4eac4dc8d975b08ce487490fb194fc6 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Thu, 9 Aug 2018 14:32:02 +0100
Subject: [PATCH] Don't reject ACL patterns without %u or %c, just warn.

Using `pattern blah/#` is a legitimate method of getting a global ACL.
We shouldn't be changing behaviour in a fixes release.
---
 ChangeLog.txt          | 4 ++--
 src/security_default.c | 6 ++----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 7bcde30a..aa07d78c 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -16,8 +16,8 @@ Broker:
   Closes #851.
 - Fix problem opening listeners on Pi caused by unsigned char being default.
   Found via #849.
-- ACL patterns that do not contain either %c or %u are now rejected. Closes
-  #209.
+- ACL patterns that do not contain either %c or %u now produce a warning in
+  the log. Closes #209.
 - Fix bridge publishing failing when per_listener_settings was true. Closes
   #860.
 - Fix `use_identity_as_username true` not working. Closes #833.
diff --git a/src/security_default.c b/src/security_default.c
index d78ada48..73d20f81 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -280,11 +280,9 @@ int add__acl_pattern(struct mosquitto__security_options *security_opts, const ch
 	}
 
 	if(acl->ccount == 0 && acl->ucount == 0){
-		log__printf(NULL, MOSQ_LOG_ERR,
-				"Error: ACL pattern '%s' does not contain '%%c' or '%%u'.",
+		log__printf(NULL, MOSQ_LOG_WARNING,
+				"Warning: ACL pattern '%s' does not contain '%%c' or '%%u'.",
 				topic);
-
-		return MOSQ_ERR_INVAL;
 	}
 
 	if(security_opts->acl_patterns){