Fix invalid behaviour in dynsec plugin.

This occurred if a group or client was deleted before a role that was
attached to the group or client is deleted.

Closes #1998. Thanks to Willem Eradus.

ChangeLog.txt

@@ -9,6 +9,9 @@ Broker:
   /var/lib/mosquitto/mosquitto.db.new. Closes #1978.
 - Fix potential intermittent initial bridge connections when using poll().
 - Fix `bind_interface` option. Closes #1999.
+- Fix invalid behaviour in dynsec plugin if a group or client is deleted
+  before a role that was attached to the group or client is deleted.
+  Closes #1998.
 
 Apps:
 - Disallow control characters in mosquitto_passwd usernames.

plugins/dynamic-security/clients.c

@@ -35,6 +35,7 @@ Contributors:
  * ################################################################ */
 
 static int dynsec__remove_client_from_all_groups(const char *username);
+static void client__remove_all_roles(struct dynsec__client *client);
 
 /* ################################################################
  * #
@@ -482,6 +483,7 @@ int dynsec_clients__process_delete(cJSON *j_responses, struct mosquitto *context
 	client = dynsec_clients__find(username);
 	if(client){
 		dynsec__remove_client_from_all_groups(username);
+		client__remove_all_roles(client);
 		client__free_item(client);
 		dynsec__config_save();
 		dynsec__command_reply(j_responses, context, "deleteClient", NULL, correlation_data);

plugins/dynamic-security/groups.c

@@ -44,6 +44,7 @@ struct dynsec__group *dynsec_anonymous_group = NULL;
  * ################################################################ */
 
 static int dynsec__remove_all_clients_from_group(struct dynsec__group *group);
+static int dynsec__remove_all_roles_from_group(struct dynsec__group *group);
 static cJSON *add_group_to_json(struct dynsec__group *group);
 
 
@@ -460,6 +461,7 @@ int dynsec_groups__process_delete(cJSON *j_responses, struct mosquitto *context,
 		/* Enforce any changes */
 		group__kick_all(group);
 
+		dynsec__remove_all_roles_from_group(group);
 		group__free_item(group);
 		dynsec__config_save();
 		dynsec__command_reply(j_responses, context, "deleteGroup", NULL, correlation_data);
@@ -583,6 +585,17 @@ static int dynsec__remove_all_clients_from_group(struct dynsec__group *group)
 	return MOSQ_ERR_SUCCESS;
 }
 
+static int dynsec__remove_all_roles_from_group(struct dynsec__group *group)
+{
+	struct dynsec__rolelist *rolelist, *rolelist_tmp;
+
+	HASH_ITER(hh, group->rolelist, rolelist, rolelist_tmp){
+		dynsec_rolelist__group_remove(group, rolelist->role);
+	}
+
+	return MOSQ_ERR_SUCCESS;
+}
+
 int dynsec_groups__remove_client(const char *username, const char *groupname, bool update_config)
 {
 	struct dynsec__client *client;