Mosquitto auth plug in ACL check wont get called for subscriptions

Question

I am using mosquitto 1.4.5 build.

I am trying to have a separate plug-in do the ACL check for mosquitto broker's topic subscription and publish using the provided header.

Just to test the auth plug-in's integration I have just printed a message as follows with the use of provided header for mosquitto auth plug in ( mosquitto_plugin.h ).

int mosquitto_auth_acl_check(void *user_data, const char *clientid, const char *username, const char *topic, int access)
{
   mosquitto_log_printf( MOSQ_LOG_INFO , "ACL Check called");
   return MOSQ_ERR_SUCCESS;
}

After making the shared object and having the config file's auth_plugin attribute changed I tried with a client simulation to see if Subscribe and Publish would call the mosquitto_auth_acl_check. What I realized is despite what it says in the provided header's comments, it never gets called for subscription.

In publishing scenario, i can see the ACL Check called message being logged, therefore can assume that it calls the function.

In subscription scenario the message is not being logged therefore i am assuming that the function is not being called.

What could be the reason for it to be not called only for subscription?

Answer 1

It's not currently called on subscription because of the relative difficulty of comparing a wildcard subscription against a wildcard acl.

ACLs are checked at the point when a message is about to be sent to a client, which amounts to the same thing but isn't as efficient.