From 4290847b9dedcf9b9a39697b9d04a9ac9180dd85 Mon Sep 17 00:00:00 2001 From: firest Date: Wed, 9 Nov 2022 17:47:47 +0800 Subject: [PATCH 1/3] feat: filter out messages which the source client is banned when delivering the retained message --- apps/emqx_modules/test/emqx_delayed_SUITE.erl | 3 +- .../src/emqx_retainer_dispatcher.erl | 16 +++++++- .../test/emqx_retainer_SUITE.erl | 41 +++++++++++++++++++ 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/apps/emqx_modules/test/emqx_delayed_SUITE.erl b/apps/emqx_modules/test/emqx_delayed_SUITE.erl index 5864646ad..3d1576b0b 100644 --- a/apps/emqx_modules/test/emqx_delayed_SUITE.erl +++ b/apps/emqx_modules/test/emqx_delayed_SUITE.erl @@ -37,8 +37,7 @@ }). all() -> - [t_banned_delayed]. -%% emqx_common_test_helpers:all(?MODULE). + emqx_common_test_helpers:all(?MODULE). init_per_suite(Config) -> ok = emqx_common_test_helpers:load_config(emqx_modules_schema, ?BASE_CONF, #{ diff --git a/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl b/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl index f52fd982c..c4df41ca4 100644 --- a/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl +++ b/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl @@ -20,6 +20,7 @@ -include("emqx_retainer.hrl"). -include_lib("emqx/include/logger.hrl"). +-include_lib("snabbkaffe/include/snabbkaffe.hrl"). %% API -export([ @@ -286,7 +287,20 @@ do_deliver(Msgs, DeliverNum, Pid, Topic, Limiter) -> end. do_deliver([Msg | T], Pid, Topic) -> - Pid ! {deliver, Topic, Msg}, + case emqx_banned:look_up({clientid, Msg#message.from}) of + [] -> + Pid ! {deliver, Topic, Msg}, + ok; + _ -> + ?tp( + notice, + ignore_retained_message_deliver, + #{ + reason => "client is banned", + clienid => Msg#message.from + } + ) + end, do_deliver(T, Pid, Topic); do_deliver([], _, _) -> ok. diff --git a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl index 09e6c4bb4..86eaa4255 100644 --- a/apps/emqx_retainer/test/emqx_retainer_SUITE.erl +++ b/apps/emqx_retainer/test/emqx_retainer_SUITE.erl @@ -639,6 +639,47 @@ test_disable_then_start(_Config) -> ?assertNotEqual([], gproc_pool:active_workers(emqx_retainer_dispatcher)), ok. +t_deliver_when_banned(_) -> + ClientId = <<"c1">>, + + {ok, C1} = emqtt:start_link([{clientid, ClientId}, {clean_start, true}, {proto_ver, v5}]), + {ok, _} = emqtt:connect(C1), + + lists:foreach( + fun(I) -> + Topic = erlang:list_to_binary(io_lib:format("retained/~p", [I])), + emqtt:publish( + C1, + Topic, + <<"this is a retained message">>, + [{qos, 0}, {retain, true}] + ) + end, + lists:seq(1, 3) + ), + + Now = erlang:system_time(second), + Who = {clientid, ClientId}, + emqx_banned:create(#{ + who => Who, + by => <<"test">>, + reason => <<"test">>, + at => Now, + until => Now + 120 + }), + + timer:sleep(100), + snabbkaffe:start_trace(), + {ok, #{}, [0]} = emqtt:subscribe(C1, <<"retained/+">>, [{qos, 0}, {rh, 0}]), + timer:sleep(500), + + Trace = snabbkaffe:collect_trace(), + ?assertEqual(3, length(?of_kind(ignore_retained_message_deliver, Trace))), + snabbkaffe:stop(), + emqx_banned:delete(Who), + {ok, #{}, [0]} = emqtt:unsubscribe(C1, <<"retained/+">>), + ok = emqtt:disconnect(C1). + %%-------------------------------------------------------------------- %% Helper functions %%-------------------------------------------------------------------- From cd2cf15677a2c0d328fab0e0f464dcd2ab3252df Mon Sep 17 00:00:00 2001 From: firest Date: Wed, 9 Nov 2022 18:18:59 +0800 Subject: [PATCH 2/3] chore: update changes --- changes/v5.0.11-en.md | 3 +++ changes/v5.0.11-zh.md | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/changes/v5.0.11-en.md b/changes/v5.0.11-en.md index 9fbc2225f..e020590b2 100644 --- a/changes/v5.0.11-en.md +++ b/changes/v5.0.11-en.md @@ -2,5 +2,8 @@ ## Enhancements +- Improve the integration of the `banned` and the `retain` feature [#9326](https://github.com/emqx/emqx/pull/9326). + The retained messages that its source client is banned will be filtered out when they are delivered. + ## Bug fixes diff --git a/changes/v5.0.11-zh.md b/changes/v5.0.11-zh.md index cea0f10fb..c8a143d94 100644 --- a/changes/v5.0.11-zh.md +++ b/changes/v5.0.11-zh.md @@ -2,4 +2,8 @@ ## 增强 -## 修复 +- 增强 `封禁` 和 `保留消息` 这两个功能的集成性 [#9332](https://github.com/emqx/emqx/pull/9332)。 + 现在投递保留消息前,会先过滤掉来源客户端被封禁了的那些消息。 + +## Bug fixes + From 6b0de714bc9b98bad1b0b4db998e881f60e76c85 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 10 Nov 2022 10:23:26 +0800 Subject: [PATCH 3/3] chore: bump retainer version --- apps/emqx_retainer/src/emqx_retainer.app.src | 2 +- apps/emqx_retainer/src/emqx_retainer_dispatcher.erl | 2 +- changes/v5.0.11-en.md | 4 ++-- changes/v5.0.11-zh.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/emqx_retainer/src/emqx_retainer.app.src b/apps/emqx_retainer/src/emqx_retainer.app.src index c49794cfe..844277ba6 100644 --- a/apps/emqx_retainer/src/emqx_retainer.app.src +++ b/apps/emqx_retainer/src/emqx_retainer.app.src @@ -2,7 +2,7 @@ {application, emqx_retainer, [ {description, "EMQX Retainer"}, % strict semver, bump manually! - {vsn, "5.0.6"}, + {vsn, "5.0.7"}, {modules, []}, {registered, [emqx_retainer_sup]}, {applications, [kernel, stdlib, emqx]}, diff --git a/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl b/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl index c4df41ca4..abecbbeb1 100644 --- a/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl +++ b/apps/emqx_retainer/src/emqx_retainer_dispatcher.erl @@ -297,7 +297,7 @@ do_deliver([Msg | T], Pid, Topic) -> ignore_retained_message_deliver, #{ reason => "client is banned", - clienid => Msg#message.from + clientid => Msg#message.from } ) end, diff --git a/changes/v5.0.11-en.md b/changes/v5.0.11-en.md index e020590b2..e9f005949 100644 --- a/changes/v5.0.11-en.md +++ b/changes/v5.0.11-en.md @@ -2,8 +2,8 @@ ## Enhancements -- Improve the integration of the `banned` and the `retain` feature [#9326](https://github.com/emqx/emqx/pull/9326). - The retained messages that its source client is banned will be filtered out when they are delivered. +- Security enhancement for retained messages [#9326](https://github.com/emqx/emqx/pull/9326). + The retained messages will not be published if the publisher client is banned. ## Bug fixes diff --git a/changes/v5.0.11-zh.md b/changes/v5.0.11-zh.md index c8a143d94..edf3418e4 100644 --- a/changes/v5.0.11-zh.md +++ b/changes/v5.0.11-zh.md @@ -2,7 +2,7 @@ ## 增强 -- 增强 `封禁` 和 `保留消息` 这两个功能的集成性 [#9332](https://github.com/emqx/emqx/pull/9332)。 +- 增强 `保留消息` 的安全性 [#9332](https://github.com/emqx/emqx/pull/9332)。 现在投递保留消息前,会先过滤掉来源客户端被封禁了的那些消息。 ## Bug fixes