From 2ed2426a33518762c9210512521ca6e41f68ccbb Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Thu, 16 Apr 2015 23:24:07 +0800 Subject: [PATCH] access_control --- apps/emqttd/src/emqttd_auth_anonymous.erl | 2 +- apps/emqttd/src/emqttd_auth_clientid.erl | 2 +- apps/emqttd/src/emqttd_auth_username.erl | 2 ++ apps/emqttd/src/emqttd_http.erl | 2 +- apps/emqttd/src/emqttd_protocol.erl | 10 ++++---- rel/files/app.config | 28 ++++++++++++----------- 6 files changed, 25 insertions(+), 21 deletions(-) diff --git a/apps/emqttd/src/emqttd_auth_anonymous.erl b/apps/emqttd/src/emqttd_auth_anonymous.erl index ef206a1ae..4e4285fee 100644 --- a/apps/emqttd/src/emqttd_auth_anonymous.erl +++ b/apps/emqttd/src/emqttd_auth_anonymous.erl @@ -28,7 +28,7 @@ -author('feng@emqtt.io'). --behaviour(emqttd_auth). +-behaviour(emqttd_auth_mod). -export([init/1, check/3, description/0]). diff --git a/apps/emqttd/src/emqttd_auth_clientid.erl b/apps/emqttd/src/emqttd_auth_clientid.erl index bde3ce398..2d3fab999 100644 --- a/apps/emqttd/src/emqttd_auth_clientid.erl +++ b/apps/emqttd/src/emqttd_auth_clientid.erl @@ -34,7 +34,7 @@ lookup_clientid/1, remove_clientid/1, all_clientids/0]). --behaviour(emqttd_auth). +-behaviour(emqttd_auth_mod). %% emqttd_auth callbacks -export([init/1, check/3, description/0]). diff --git a/apps/emqttd/src/emqttd_auth_username.erl b/apps/emqttd/src/emqttd_auth_username.erl index 884c66bc4..6407be5d7 100644 --- a/apps/emqttd/src/emqttd_auth_username.erl +++ b/apps/emqttd/src/emqttd_auth_username.erl @@ -30,6 +30,8 @@ -include("emqttd.hrl"). +-behaviour(emqttd_auth_mod). + -export([add_user/2, remove_user/1, lookup_user/1, all_users/0]). diff --git a/apps/emqttd/src/emqttd_http.erl b/apps/emqttd/src/emqttd_http.erl index 3983cd3e8..5dd17dc19 100644 --- a/apps/emqttd/src/emqttd_http.erl +++ b/apps/emqttd/src/emqttd_http.erl @@ -78,7 +78,7 @@ authorized(Req) -> false; "Basic " ++ BasicAuth -> {Username, Password} = user_passwd(BasicAuth), - case emqttd_auth:login(#mqtt_client{username = Username}, Password) of + case emqttd_access_control:auth(#mqtt_client{username = Username}, Password) of ok -> true; {error, Reason} -> diff --git a/apps/emqttd/src/emqttd_protocol.erl b/apps/emqttd/src/emqttd_protocol.erl index 694a6ec35..9dea71419 100644 --- a/apps/emqttd/src/emqttd_protocol.erl +++ b/apps/emqttd/src/emqttd_protocol.erl @@ -123,7 +123,7 @@ handle(Packet = ?CONNECT_PACKET(Var), State = #proto_state{peername = Peername = case validate_connect(Var, State) of ?CONNACK_ACCEPT -> Client = #mqtt_client{clientid = ClientId, username = Username, ipaddr = Addr}, - case emqttd_auth:login(Client, Password) of + case emqttd_access_control:auth(Client, Password) of ok -> ClientId1 = clientid(ClientId, State), start_keepalive(KeepAlive), @@ -146,7 +146,7 @@ handle(Packet = ?CONNECT_PACKET(Var), State = #proto_state{peername = Peername = handle(Packet = ?PUBLISH_PACKET(?QOS_0, Topic, _PacketId, _Payload), State = #proto_state{clientid = ClientId, session = Session}) -> - case emqttd_acl:check({client(State), publish, Topic}) of + case emqttd_access_control:check_acl(client(State), publish, Topic) of allow -> emqttd_session:publish(Session, ClientId, {?QOS_0, emqtt_message:from_packet(Packet)}); deny -> @@ -156,7 +156,7 @@ handle(Packet = ?PUBLISH_PACKET(?QOS_0, Topic, _PacketId, _Payload), handle(Packet = ?PUBLISH_PACKET(?QOS_1, Topic, PacketId, _Payload), State = #proto_state{clientid = ClientId, session = Session}) -> - case emqttd_acl:check({client(State), publish, Topic}) of + case emqttd_access_control:check_acl(client(State), publish, Topic) of allow -> emqttd_session:publish(Session, ClientId, {?QOS_1, emqtt_message:from_packet(Packet)}), send(?PUBACK_PACKET(?PUBACK, PacketId), State); @@ -167,7 +167,7 @@ handle(Packet = ?PUBLISH_PACKET(?QOS_1, Topic, PacketId, _Payload), handle(Packet = ?PUBLISH_PACKET(?QOS_2, Topic, PacketId, _Payload), State = #proto_state{clientid = ClientId, session = Session}) -> - case emqttd_acl:check({client(State), publish, Topic}) of + case emqttd_access_control:check_acl({client(State), publish, Topic}) of allow -> NewSession = emqttd_session:publish(Session, ClientId, {?QOS_2, emqtt_message:from_packet(Packet)}), send(?PUBACK_PACKET(?PUBREC, PacketId), State#proto_state{session = NewSession}); @@ -191,7 +191,7 @@ handle(?PUBACK_PACKET(Type, PacketId), State = #proto_state{session = Session}) {ok, NewState}; handle(?SUBSCRIBE_PACKET(PacketId, TopicTable), State = #proto_state{clientid = ClientId, session = Session}) -> - AllowDenies = [emqttd_acl:check({client(State), subscribe, Topic}) || {Topic, _Qos} <- TopicTable], + AllowDenies = [emqttd_access_control:check_acl(client(State), subscribe, Topic) || {Topic, _Qos} <- TopicTable], case lists:member(deny, AllowDenies) of true -> %%TODO: return 128 QoS when deny... diff --git a/rel/files/app.config b/rel/files/app.config index e0f811513..6e94bc81e 100644 --- a/rel/files/app.config +++ b/rel/files/app.config @@ -40,19 +40,21 @@ {logger, {lager, info}} ]}, {emqttd, [ - %% Authetication. , Anonymous Default - {auth, [ - %% authentication with username, password - %{username, []}, - %% authentication with clientid - %{clientid, [{password, no}, {file, "etc/clients.config"}]}, - %% allow all - {anonymous, []} - ]}, - %% ACL config - {acl, [ - %% User internal ACL module - {internal, [{file, "etc/acl.config"}, {nomatch, allow}]} + {access_control, [ + %% Authetication. , Anonymous Default + {auth, [ + %% authentication with username, password + %{username, []}, + %% authentication with clientid + %{clientid, [{password, no}, {file, "etc/clients.config"}]}, + %% allow all + {anonymous, []} + ]}, + %% ACL config + {acl, [ + %% User internal ACL module + {internal, [{file, "etc/acl.config"}, {nomatch, allow}]} + ]} ]}, %% Packet {packet, [