yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ldap plugin

This commit is contained in:
Feng Lee 2015-05-12 10:41:29 +08:00
parent c7878b8b75
commit 2f5d0306d3
13 changed files with 126 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
plugins/emqttd_auth_ldap/README.md
View File

@ -1,9 +1,25 @@
# emqttd_auth_ldap
LDAP Authentication Plugin.
## Overview
## Plugin config
Authentication with LDAP.
## Plugin Config
```
{emqttd_auth_ldap, [
{servers, ["localhost"]},
{port, 389},
{timeout, 30},
{user_dn, "uid=$u,ou=People,dc=example,dc=com"},
{ssl, fasle},
{sslopts, [
{"certfile", "ssl.crt"},
{"keyfile", "ssl.key"}]}
]}
```
```
## Load Plugin
Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded automatically.

0
plugins/emqttd_auth_ldap/etc/app.config → plugins/emqttd_auth_ldap/etc/plugin.config
View File

12
plugins/emqttd_auth_ldap/src/emqttd_auth_ldap.erl
View File

@ -20,11 +20,7 @@
%%% SOFTWARE.
%%%-----------------------------------------------------------------------------
%%% @doc
<<<<<<< HEAD
%%% LDAP Authentication Module.
=======
%%% LDAP authentication module.
>>>>>>> c6e92388798302ae3b44286f444505d1c385aba7
%%%
%%% @end
%%%-----------------------------------------------------------------------------
@ -38,7 +34,6 @@
-export([init/1, check/3, description/0]).
<<<<<<< HEAD
-record(state, {servers, user_dn, options}).
init(Opts) ->
@ -91,11 +86,4 @@ fill(Username, UserDn) ->
fun("$u") -> Username;
(S) -> S
end, string:tokens(UserDn, ",="))).
=======
init(Opts) -> {ok, Opts}.
check(_Client, _Password, _Opts) -> ingore.
description() -> "LDAP authentication module".
>>>>>>> c6e92388798302ae3b44286f444505d1c385aba7

30
plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_app.erl
View File

@ -1,4 +1,3 @@
<<<<<<< HEAD
%%%-----------------------------------------------------------------------------
%%% Copyright (c) 2012-2015 eMQTT.IO, All Rights Reserved.
%%%
@ -21,7 +20,7 @@
%%% SOFTWARE.
%%%-----------------------------------------------------------------------------
%%% @doc
%%% ldap authentication app.
%%% LDAP Authentication APP.
%%%
%%% @end
%%%-----------------------------------------------------------------------------
@ -40,8 +39,8 @@
%%%=============================================================================
start(_StartType, _StartArgs) ->
Opts = application:get_all_env(emqttd_auth_ldap, ldap),
emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Opts),
Env = application:get_all_env(emqttd_auth_ldap),
emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env),
supervisor:start_link({local, ?MODULE}, ?MODULE, []).
prep_stop(State) ->
@ -51,31 +50,10 @@ stop(_State) ->
ok.
%%%=============================================================================
%%% Supervisor callbacks
%%% Supervisor callbacks(Dummy)
%%%=============================================================================
init([]) ->
{ok, { {one_for_one, 5, 10}, []} }.
=======
-module(emqttd_auth_ldap_app).
-behaviour(application).
%% Application callbacks
-export([start/2, stop/1]).
%% ===================================================================
%% Application callbacks
%% ===================================================================
start(_StartType, _StartArgs) ->
{ok, Sup} = emqttd_auth_ldap_sup:start_link(),
Env = application:get_all_env(),
emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env),
{ok, Sup}.
stop(_State) ->
emqttd_access_control:unregister_mod(auth, emqttd_auth_ldap),
ok.
>>>>>>> c6e92388798302ae3b44286f444505d1c385aba7

27
plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_sup.erl
View File

@ -1,27 +0,0 @@
-module(emqttd_auth_ldap_sup).
-behaviour(supervisor).
%% API
-export([start_link/0]).
%% Supervisor callbacks
-export([init/1]).
%% Helper macro for declaring children of supervisor
-define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}).
%% ===================================================================
%% API functions
%% ===================================================================
start_link() ->
supervisor:start_link({local, ?MODULE}, ?MODULE, []).
%% ===================================================================
%% Supervisor callbacks
%% ===================================================================
init([]) ->
{ok, { {one_for_one, 5, 10}, []} }.

32
plugins/emqttd_auth_mysql/README.md
View File

@ -2,7 +2,32 @@
Authentication with user table of MySQL database.
## User Table
## etc/plugin.config
```erlang
[
{emysql, [
{pool, 4},
{host, "localhost"},
{port, 3306},
{username, ""},
{password, ""},
{database, "mqtt"},
{encoding, utf8}
]},
{emqttd_auth_mysql, [
{user_table, mqtt_users},
%% plain password only
{password_hash, plain},
{field_mapper, [
{username, username},
{password, password}
]}
]}
].
```
## Users Table(Demo)
Notice: This is a demo table. You could authenticate with any user tables.
@ -18,8 +43,7 @@ CREATE TABLE `mqtt_users` (
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
```
## Plugins config
Please configure 'etc/plugins.config' to loade emysql and emqttd_auth_mysql plugins.
## Load Plugin
Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded by the broker.

18
plugins/emqttd_auth_mysql/etc/plugin.config Normal file
View File

@ -0,0 +1,18 @@
[
{emysql, [
{pool, 4},
{host, "localhost"},
{port, 3306},
{username, "root"},
{password, "public"},
{database, "mqtt"},
{encoding, utf8}
]},
{emqttd_auth_mysql, [
{users_table, mqtt_users},
{field_mapper, [
{username, username},
{password, password, plain}
]}
]}
].

4
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.app.src
View File

@ -1,7 +1,7 @@
{application, emqttd_auth_mysql,
[
{description, ""},
{vsn, "0.1"},
{description, "emqttd MySQL Authentication Plugin"},
{vsn, "1.0"},
{registered, []},
{applications, [
kernel,

36
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.erl
View File

@ -20,7 +20,7 @@
%%% SOFTWARE.
%%%-----------------------------------------------------------------------------
%%% @doc
%%% emqttd authentication by mysql user table.
%%% emqttd authentication by mysql 'user' table.
%%%
%%% @end
%%%-----------------------------------------------------------------------------
@ -34,22 +34,42 @@
-export([init/1, check/3, description/0]).
-record(state, {user_tab}).
-record(state, {user_table, name_field, pass_field, pass_hash}).
init(Opts) ->
UserTab = proplists:get_value(user_table, Opts, mqtt_users),
{ok, #state{user_tab = UserTab}}.
Mapper = proplists:get_value(field_mapper, Opts),
{ok, #state{user_table = proplists:get_value(user_table, Opts, mqtt_users),
name_field = proplists:get_value(username, Mapper),
pass_field = proplists:get_value(password, Mapper),
pass_hash = proplists:get_value(Opts, password_hash)}}.
check(#mqtt_client{username = undefined}, _Password, _State) ->
{error, "Username undefined"};
check(_Client, undefined, _State) ->
{error, "Password undefined"};
check(#mqtt_client{username = Username}, Password, #state{user_tab = UserTab}) ->
%%TODO: hash password...
case emysql:select(UserTab, {'and', {username, Username}, {password, Password}}) of
{ok, []} -> {error, "Username or Password not match"};
check(#mqtt_client{username = Username}, Password,
#state{user_table = UserTab, pass_hash = Type,
name_field = NameField, pass_field = PassField}) ->
Where = {'and', {NameField, Username}, {PassField, hash(Type, Password)}},
case emysql:select(UserTab, Where) of
{ok, []} -> {error, "Username or Password "};
{ok, _Record} -> ok
end.
description() -> "Authentication by MySQL".
hash(plain, Password) ->
Password;
hash(md5, Password) ->
hexstring(crypto:hash(md5, Password));
hash(sha, Password) ->
hexstring(crypto:hash(sha, Password)).
hexstring(<<X:128/big-unsigned-integer>>) ->
lists:flatten(io_lib:format("~32.16.0b", [X]));
hexstring(<<X:160/big-unsigned-integer>>) ->
lists:flatten(io_lib:format("~40.16.0b", [X])).

31
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_app.erl
View File

@ -20,27 +20,40 @@
%%% SOFTWARE.
%%%-----------------------------------------------------------------------------
%%% @doc
%%% mysql authentication app.
%%% emqttd mysql authentication app.
%%%
%%% @end
%%%-----------------------------------------------------------------------------
-module(emqttd_auth_mysql_app).
-behaviour(application).
%% Application callbacks
-export([start/2, stop/1]).
-export([start/2, prep_stop/1, stop/1]).
%% ===================================================================
%% Application callbacks
%% ===================================================================
-behaviour(supervisor).
%% Supervisor callbacks
-export([init/1]).
%%%=============================================================================
%%% Application callbacks
%%%=============================================================================
start(_StartType, _StartArgs) ->
{ok, Sup} = emqttd_auth_mysql_sup:start_link(),
Env = application:get_all_env(),
emqttd_access_control:register_mod(auth, emqttd_auth_mysql, Env),
{ok, Sup}.
supervisor:start_link({local, ?MODULE}, ?MODULE, []).
prep_stop(State) ->
emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql), State.
stop(_State) ->
emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql),
ok.
%%%=============================================================================
%%% Supervisor callbacks(Dummy)
%%%=============================================================================
init([]) ->
{ok, { {one_for_one, 5, 10}, []} }.

27
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_sup.erl
View File

@ -1,27 +0,0 @@
-module(emqttd_auth_mysql_sup).
-behaviour(supervisor).
%% API
-export([start_link/0]).
%% Supervisor callbacks
-export([init/1]).
%% Helper macro for declaring children of supervisor
-define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}).
%% ===================================================================
%% API functions
%% ===================================================================
start_link() ->
supervisor:start_link({local, ?MODULE}, ?MODULE, []).
%% ===================================================================
%% Supervisor callbacks
%% ===================================================================
init([]) ->
{ok, { {one_for_one, 5, 10}, []} }.

3
plugins/emysql/src/emysql_sup.erl
View File

@ -21,7 +21,7 @@ start_link(Opts) ->
supervisor:start_link({local, ?MODULE}, ?MODULE, Opts).
init(Opts) ->
PoolSize = proplists:get_value(pool_size, Opts,
PoolSize = proplists:get_value(pool, Opts,
erlang:system_info(schedulers)),
{ok, {{one_for_one, 10, 10},
[{emysql, {emysql, start_link, [PoolSize]}, transient,
@ -31,3 +31,4 @@ init(Opts) ->
}
}.

4
rel/files/emqttd.config
View File

@ -62,8 +62,8 @@
{packet, [
%% Max ClientId Length Allowed
{max_clientid_len, 1024},
%% Max Packet Size Allowed, 4K default
{max_packet_size, 4096}
%% Max Packet Size Allowed, 64K default
{max_packet_size, 65536}
]},
%% Client
{client, [