Uploaded image for project: 'OASIS Message Queuing Telemetry Transport (MQTT) TC'
  1. OASIS Message Queuing Telemetry Transport (MQTT) TC
  2. MQTT-52

Handling permission problems

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.1
    • Component/s: core
    • Labels:
      None
    • Proposal:
      Hide

      The 3.1.1 specification should provide a clarification to promote better clients client side error handling, retry and recovery behavior.

      Change Publish (WD13 844)

      If a server implementation does not authorize a PUBLISH to be performed by a client; it has no way of informing that client. It MUST either make a positive acknowledgement, according to the normal QoS rules or disconnect the TCP session.

      Change Subscribe (WD13 979)

      The Payload of a SUBSCRIBE packet MUST contain at least one topic filter / QoS pair. A SUBSCRIBE packet with no payload is a protocol violation.

      Remove 991 - 995 (WD13) See MQTT Issue-52 ... authorized to subscribe.

      Change from 997

      A SUBACK Packet MUST be sent to the Client by the Server containing a return code for each topic filter/QoS pair. The Server might grant a lower maximum QoS than the subscriber requested. The QoS of Payload Messages sent in response to a subscription MUST be the minimum of the QoS of the originally published message and the maximum QoS granted by the Server.

      Change table under 3.9.3 SUBACK Payload to have 4 values, all bits used, remove reserved/granted QoS to read return code.

      0x00 - Success - Maximum QoS0
      0x01 - Success - Maximum QoS1
      0x02 - Success - Maximum QoS2
      0x80 - Failure

      All other return codes are reserved and MUST NOT be used

      <add to non normative example for failed>

      change 1048 -

      substitute "return codes" for "granted QoS's"

      Show
      The 3.1.1 specification should provide a clarification to promote better clients client side error handling, retry and recovery behavior. Change Publish (WD13 844) If a server implementation does not authorize a PUBLISH to be performed by a client; it has no way of informing that client. It MUST either make a positive acknowledgement, according to the normal QoS rules or disconnect the TCP session. Change Subscribe (WD13 979) The Payload of a SUBSCRIBE packet MUST contain at least one topic filter / QoS pair. A SUBSCRIBE packet with no payload is a protocol violation. Remove 991 - 995 (WD13) See MQTT Issue-52 ... authorized to subscribe. Change from 997 A SUBACK Packet MUST be sent to the Client by the Server containing a return code for each topic filter/QoS pair. The Server might grant a lower maximum QoS than the subscriber requested. The QoS of Payload Messages sent in response to a subscription MUST be the minimum of the QoS of the originally published message and the maximum QoS granted by the Server. Change table under 3.9.3 SUBACK Payload to have 4 values, all bits used, remove reserved/granted QoS to read return code. 0x00 - Success - Maximum QoS0 0x01 - Success - Maximum QoS1 0x02 - Success - Maximum QoS2 0x80 - Failure All other return codes are reserved and MUST NOT be used <add to non normative example for failed> change 1048 - substitute "return codes" for "granted QoS's"
    • Resolution:
      Hide

      Resolved in WD15

      Show
      Resolved in WD15

      Description

      What should a server do if a client attempts to perform an operation that is disallowed?
      For example:
      1. Attempts to publish to a topic for which they do not have permission

      The input specification (which is not based on RFC2119 terminology) provides ambiguous guidance for such a scenario.

      "Note that if a server implementation does not authorize a PUBLISH to be made by a client; it has no way of informing that client. It must therefore make a positive acknowledgement, according to the normal QoS rules, and the client will not be informed that it was not authorized to publish the message."

      This behavior is problematic (strictly enforced or not) since a valid client talking to a poorly configured server will continue to process work unaware of the problem. In practice it is very difficult, if not impossible, to write a client application with error handling and recovery logic to defend against it.

        Attachments

          Activity

            People

            • Assignee:
              andrew_banks Andrew Banks (Inactive)
              Reporter:
              coppen Richard Coppen
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: