From caed16f57b316eaadea1f3a4a0fb84be2e65fcb9 Mon Sep 17 00:00:00 2001 From: zhouzb Date: Wed, 4 Mar 2020 14:04:34 +0800 Subject: [PATCH] Fix `acl_deny_action` --- src/emqx_channel.erl | 28 +++++++++++++++++++++++++--- src/emqx_packet.erl | 5 +++-- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/src/emqx_channel.erl b/src/emqx_channel.erl index cce2e1f97..3b08a77ef 100644 --- a/src/emqx_channel.erl +++ b/src/emqx_channel.erl @@ -287,7 +287,7 @@ handle_in(?PUBCOMP_PACKET(PacketId, _ReasonCode), Channel = #channel{session = S end; handle_in(Packet = ?SUBSCRIBE_PACKET(PacketId, Properties, TopicFilters), - Channel = #channel{clientinfo = ClientInfo}) -> + Channel = #channel{clientinfo = ClientInfo = #{zone := Zone}}) -> case emqx_packet:check(Packet) of ok -> TopicFilters1 = parse_topic_filters(TopicFilters), TopicFilters2 = enrich_subid(Properties, TopicFilters1), @@ -296,7 +296,15 @@ handle_in(Packet = ?SUBSCRIBE_PACKET(PacketId, Properties, TopicFilters), TopicFilters2 ), {ReasonCodes, NChannel} = process_subscribe(TopicFilters3, Channel), - handle_out(suback, {PacketId, ReasonCodes}, NChannel); + case emqx_zone:get_env(Zone, acl_deny_action, ignore) =:= disconnect andalso + lists:any(fun(ReasonCode) -> + ReasonCode =:= ?RC_NOT_AUTHORIZED + end, ReasonCodes) of + true -> + handle_out(disconnect, ?RC_NOT_AUTHORIZED, NChannel); + false -> + handle_out(suback, {PacketId, ReasonCodes}, NChannel) + end; {error, ReasonCode} -> handle_out(disconnect, ReasonCode, Channel) end; @@ -373,7 +381,8 @@ process_connect(ConnPkt = #mqtt_packet_connect{clean_start = CleanStart}, %% Process Publish %%-------------------------------------------------------------------- -process_publish(Packet = ?PUBLISH_PACKET(_QoS, Topic, PacketId), Channel) -> +process_publish(Packet = ?PUBLISH_PACKET(QoS, Topic, PacketId), + Channel = #channel{clientinfo = #{zone := Zone}}) -> case pipeline([fun process_alias/2, fun check_pub_alias/2, fun check_pub_acl/2, @@ -382,6 +391,19 @@ process_publish(Packet = ?PUBLISH_PACKET(_QoS, Topic, PacketId), Channel) -> {ok, NPacket, NChannel} -> Msg = packet_to_message(NPacket, NChannel), do_publish(PacketId, Msg, NChannel); + {error, ReasonCode, NChannel} when ReasonCode =:= ?RC_NOT_AUTHORIZED -> + ?LOG(warning, "Cannot publish message to ~s due to ~s.", + [Topic, emqx_reason_codes:text(ReasonCode)]), + case emqx_zone:get_env(Zone, acl_deny_action, ignore) of + ignore -> + case QoS of + ?QOS_0 -> {ok, NChannel}; + _ -> + handle_out(puback, {PacketId, ReasonCode}, NChannel) + end; + disconnect -> + handle_out(disconnect, ReasonCode, NChannel) + end; {error, ReasonCode, NChannel} -> ?LOG(warning, "Cannot publish message to ~s due to ~s.", [Topic, emqx_reason_codes:text(ReasonCode)]), diff --git a/src/emqx_packet.erl b/src/emqx_packet.erl index 354229f99..b229a3e07 100644 --- a/src/emqx_packet.erl +++ b/src/emqx_packet.erl @@ -478,8 +478,9 @@ format_variable(#mqtt_packet_publish{topic_name = TopicName, packet_id = PacketId}) -> io_lib:format("Topic=~s, PacketId=~p", [TopicName, PacketId]); -format_variable(#mqtt_packet_puback{packet_id = PacketId}) -> - io_lib:format("PacketId=~p", [PacketId]); +format_variable(#mqtt_packet_puback{packet_id = PacketId, + reason_code = ReasonCode}) -> + io_lib:format("PacketId=~p, ReasonCode=~p", [PacketId, ReasonCode]); format_variable(#mqtt_packet_subscribe{packet_id = PacketId, topic_filters = TopicFilters}) ->