yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

access_control

This commit is contained in:
Feng Lee 2015-04-16 23:24:07 +08:00
parent ec48b186c6
commit 2ed2426a33
6 changed files with 25 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqttd/src/emqttd_auth_anonymous.erl
View File

@ -28,7 +28,7 @@
-author('feng@emqtt.io'). -author('feng@emqtt.io').
-behaviour(emqttd_auth). -behaviour(emqttd_auth_mod).
-export([init/1, check/3, description/0]). -export([init/1, check/3, description/0]).

2
apps/emqttd/src/emqttd_auth_clientid.erl
View File

@ -34,7 +34,7 @@
lookup_clientid/1, remove_clientid/1, lookup_clientid/1, remove_clientid/1,
all_clientids/0]). all_clientids/0]).
-behaviour(emqttd_auth). -behaviour(emqttd_auth_mod).
%% emqttd_auth callbacks %% emqttd_auth callbacks
-export([init/1, check/3, description/0]). -export([init/1, check/3, description/0]).

2
apps/emqttd/src/emqttd_auth_username.erl
View File

@ -30,6 +30,8 @@
-include("emqttd.hrl"). -include("emqttd.hrl").
-behaviour(emqttd_auth_mod).
-export([add_user/2, remove_user/1, -export([add_user/2, remove_user/1,
lookup_user/1, all_users/0]). lookup_user/1, all_users/0]).

2
apps/emqttd/src/emqttd_http.erl
View File

@ -78,7 +78,7 @@ authorized(Req) ->
false; false;
"Basic " ++ BasicAuth -> "Basic " ++ BasicAuth ->
{Username, Password} = user_passwd(BasicAuth), {Username, Password} = user_passwd(BasicAuth),
case emqttd_auth:login(#mqtt_client{username = Username}, Password) of case emqttd_access_control:auth(#mqtt_client{username = Username}, Password) of
ok -> ok ->
true; true;
{error, Reason} -> {error, Reason} ->

10
apps/emqttd/src/emqttd_protocol.erl
View File

@ -123,7 +123,7 @@ handle(Packet = ?CONNECT_PACKET(Var), State = #proto_state{peername = Peername =
case validate_connect(Var, State) of case validate_connect(Var, State) of
?CONNACK_ACCEPT -> ?CONNACK_ACCEPT ->
Client = #mqtt_client{clientid = ClientId, username = Username, ipaddr = Addr}, Client = #mqtt_client{clientid = ClientId, username = Username, ipaddr = Addr},
case emqttd_auth:login(Client, Password) of case emqttd_access_control:auth(Client, Password) of
ok -> ok ->
ClientId1 = clientid(ClientId, State), ClientId1 = clientid(ClientId, State),
start_keepalive(KeepAlive), start_keepalive(KeepAlive),
@ -146,7 +146,7 @@ handle(Packet = ?CONNECT_PACKET(Var), State = #proto_state{peername = Peername =
handle(Packet = ?PUBLISH_PACKET(?QOS_0, Topic, _PacketId, _Payload), handle(Packet = ?PUBLISH_PACKET(?QOS_0, Topic, _PacketId, _Payload),
State = #proto_state{clientid = ClientId, session = Session}) -> State = #proto_state{clientid = ClientId, session = Session}) ->
case emqttd_acl:check({client(State), publish, Topic}) of case emqttd_access_control:check_acl(client(State), publish, Topic) of
allow -> allow ->
emqttd_session:publish(Session, ClientId, {?QOS_0, emqtt_message:from_packet(Packet)}); emqttd_session:publish(Session, ClientId, {?QOS_0, emqtt_message:from_packet(Packet)});
deny -> deny ->
@ -156,7 +156,7 @@ handle(Packet = ?PUBLISH_PACKET(?QOS_0, Topic, _PacketId, _Payload),
handle(Packet = ?PUBLISH_PACKET(?QOS_1, Topic, PacketId, _Payload), handle(Packet = ?PUBLISH_PACKET(?QOS_1, Topic, PacketId, _Payload),
State = #proto_state{clientid = ClientId, session = Session}) -> State = #proto_state{clientid = ClientId, session = Session}) ->
case emqttd_acl:check({client(State), publish, Topic}) of case emqttd_access_control:check_acl(client(State), publish, Topic) of
allow -> allow ->
emqttd_session:publish(Session, ClientId, {?QOS_1, emqtt_message:from_packet(Packet)}), emqttd_session:publish(Session, ClientId, {?QOS_1, emqtt_message:from_packet(Packet)}),
send(?PUBACK_PACKET(?PUBACK, PacketId), State); send(?PUBACK_PACKET(?PUBACK, PacketId), State);
@ -167,7 +167,7 @@ handle(Packet = ?PUBLISH_PACKET(?QOS_1, Topic, PacketId, _Payload),
handle(Packet = ?PUBLISH_PACKET(?QOS_2, Topic, PacketId, _Payload), handle(Packet = ?PUBLISH_PACKET(?QOS_2, Topic, PacketId, _Payload),
State = #proto_state{clientid = ClientId, session = Session}) -> State = #proto_state{clientid = ClientId, session = Session}) ->
case emqttd_acl:check({client(State), publish, Topic}) of case emqttd_access_control:check_acl({client(State), publish, Topic}) of
allow -> allow ->
NewSession = emqttd_session:publish(Session, ClientId, {?QOS_2, emqtt_message:from_packet(Packet)}), NewSession = emqttd_session:publish(Session, ClientId, {?QOS_2, emqtt_message:from_packet(Packet)}),
send(?PUBACK_PACKET(?PUBREC, PacketId), State#proto_state{session = NewSession}); send(?PUBACK_PACKET(?PUBREC, PacketId), State#proto_state{session = NewSession});
@ -191,7 +191,7 @@ handle(?PUBACK_PACKET(Type, PacketId), State = #proto_state{session = Session})
{ok, NewState}; {ok, NewState};
handle(?SUBSCRIBE_PACKET(PacketId, TopicTable), State = #proto_state{clientid = ClientId, session = Session}) -> handle(?SUBSCRIBE_PACKET(PacketId, TopicTable), State = #proto_state{clientid = ClientId, session = Session}) ->
AllowDenies = [emqttd_acl:check({client(State), subscribe, Topic}) || {Topic, _Qos} <- TopicTable], AllowDenies = [emqttd_access_control:check_acl(client(State), subscribe, Topic) || {Topic, _Qos} <- TopicTable],
case lists:member(deny, AllowDenies) of case lists:member(deny, AllowDenies) of
true -> true ->
%%TODO: return 128 QoS when deny... %%TODO: return 128 QoS when deny...

2
rel/files/app.config
View File

@ -40,6 +40,7 @@
{logger, {lager, info}} {logger, {lager, info}}
]}, ]},
{emqttd, [ {emqttd, [
{access_control, [
%% Authetication. , Anonymous Default %% Authetication. , Anonymous Default
{auth, [ {auth, [
%% authentication with username, password %% authentication with username, password
@ -53,6 +54,7 @@
{acl, [ {acl, [
%% User internal ACL module %% User internal ACL module
{internal, [{file, "etc/acl.config"}, {nomatch, allow}]} {internal, [{file, "etc/acl.config"}, {nomatch, allow}]}
]}
]}, ]},
%% Packet %% Packet
{packet, [ {packet, [