Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-6183

MQTT protocol violation when publishing/subscribing not allowed topics

XMLWordPrintable

      we are validating the MQTT protocol implementation before moving from AMQ 6 to 7 and we found a behavior that seems not compliant with the specifications. The publish/subscribe on a not allowed topics (by security pugin) leed the broker to drop the client connection. MQTT 3.1 (from MQTT 3.1 official documentation -

      https://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt-v3r1.html#subscribe

      )

      SUBSCRIBE:

      Note that if a server implementation does not authorize a SUBSCRIBE request to be made by a client, it has no way of informing that client. It must therefore make a positive acknowledgement with a SUBACK, and the client will not be informed that it was not authorized to subscribe.

      AMQ7 drop the connection

       

      PUBLISH:

      Note that if a server implementation does not authorize a PUBLISH to be made by a client, it has no way of informing that client. It must therefore make a positive acknowledgement, according to the normal QoS rules, and the client will not be informed that it was not authorized to publish the message.

      AMQ7 drop the connection

       

       

      MQTT 3.1.1 (from MQTT 3.1.1 official documentation (

      https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718063

      ):

      SUBSCRIBE:

      no specific action to be taken except for: When the Server receives a SUBSCRIBE Packet from a Client, the Server MUST respond with a SUBACK Packet (so the connection should be kept active)

      AMQ7 drop the connection

       

      PUBLISH:

      If a Server implementation does not authorize a PUBLISH to be performed by a Client; it has no way of informing that Client. It MUST either make a positive acknowledgement, according to the normal QoS rules, or close the Network Connection [MQTT-3.3.5-2]. So, to be aligned with 3.1 specifications can the broker just make positive acknowledgement without dropping the connection?

        1. broker.xml
          9 kB
          Roger Hui
        2. mqtt-protocol-test.tar.bz2
          5 kB
          Roger Hui
        3. Screenshot from 2022-02-23 17-22-31.png
          227 kB
          Roger Hui

              rhn-support-jbertram Justin Bertram
              rhn-support-whui Roger Hui
              Oleg Sushchenko Oleg Sushchenko
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: