diff --git a/plugins/emqttd_auth_ldap/README.md b/plugins/emqttd_auth_ldap/README.md index d4bc562e6..aa86de0e8 100644 --- a/plugins/emqttd_auth_ldap/README.md +++ b/plugins/emqttd_auth_ldap/README.md @@ -1,9 +1,25 @@ -# emqttd_auth_ldap -LDAP Authentication Plugin. +## Overview -## Plugin config +Authentication with LDAP. + +## Plugin Config + +``` + {emqttd_auth_ldap, [ + {servers, ["localhost"]}, + {port, 389}, + {timeout, 30}, + {user_dn, "uid=$u,ou=People,dc=example,dc=com"}, + {ssl, fasle}, + {sslopts, [ + {"certfile", "ssl.crt"}, + {"keyfile", "ssl.key"}]} + ]} ``` -``` +## Load Plugin + +Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded automatically. + diff --git a/plugins/emqttd_auth_ldap/etc/app.config b/plugins/emqttd_auth_ldap/etc/plugin.config similarity index 100% rename from plugins/emqttd_auth_ldap/etc/app.config rename to plugins/emqttd_auth_ldap/etc/plugin.config diff --git a/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap.erl b/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap.erl index 7ba2baee8..02fb4d121 100644 --- a/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap.erl +++ b/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap.erl @@ -20,11 +20,7 @@ %%% SOFTWARE. %%%----------------------------------------------------------------------------- %%% @doc -<<<<<<< HEAD %%% LDAP Authentication Module. -======= -%%% LDAP authentication module. ->>>>>>> c6e92388798302ae3b44286f444505d1c385aba7 %%% %%% @end %%%----------------------------------------------------------------------------- @@ -38,7 +34,6 @@ -export([init/1, check/3, description/0]). -<<<<<<< HEAD -record(state, {servers, user_dn, options}). init(Opts) -> @@ -91,11 +86,4 @@ fill(Username, UserDn) -> fun("$u") -> Username; (S) -> S end, string:tokens(UserDn, ",="))). -======= -init(Opts) -> {ok, Opts}. - -check(_Client, _Password, _Opts) -> ingore. - -description() -> "LDAP authentication module". ->>>>>>> c6e92388798302ae3b44286f444505d1c385aba7 diff --git a/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_app.erl b/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_app.erl index 27adba7c4..2e0060712 100644 --- a/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_app.erl +++ b/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_app.erl @@ -1,4 +1,3 @@ -<<<<<<< HEAD %%%----------------------------------------------------------------------------- %%% Copyright (c) 2012-2015 eMQTT.IO, All Rights Reserved. %%% @@ -21,7 +20,7 @@ %%% SOFTWARE. %%%----------------------------------------------------------------------------- %%% @doc -%%% ldap authentication app. +%%% LDAP Authentication APP. %%% %%% @end %%%----------------------------------------------------------------------------- @@ -40,8 +39,8 @@ %%%============================================================================= start(_StartType, _StartArgs) -> - Opts = application:get_all_env(emqttd_auth_ldap, ldap), - emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Opts), + Env = application:get_all_env(emqttd_auth_ldap), + emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env), supervisor:start_link({local, ?MODULE}, ?MODULE, []). prep_stop(State) -> @@ -51,31 +50,10 @@ stop(_State) -> ok. %%%============================================================================= -%%% Supervisor callbacks +%%% Supervisor callbacks(Dummy) %%%============================================================================= init([]) -> {ok, { {one_for_one, 5, 10}, []} }. -======= --module(emqttd_auth_ldap_app). --behaviour(application). - -%% Application callbacks --export([start/2, stop/1]). - -%% =================================================================== -%% Application callbacks -%% =================================================================== - -start(_StartType, _StartArgs) -> - {ok, Sup} = emqttd_auth_ldap_sup:start_link(), - Env = application:get_all_env(), - emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env), - {ok, Sup}. - -stop(_State) -> - emqttd_access_control:unregister_mod(auth, emqttd_auth_ldap), - ok. ->>>>>>> c6e92388798302ae3b44286f444505d1c385aba7 diff --git a/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_sup.erl b/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_sup.erl deleted file mode 100644 index e3ce043de..000000000 --- a/plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_sup.erl +++ /dev/null @@ -1,27 +0,0 @@ --module(emqttd_auth_ldap_sup). - --behaviour(supervisor). - -%% API --export([start_link/0]). - -%% Supervisor callbacks --export([init/1]). - -%% Helper macro for declaring children of supervisor --define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}). - -%% =================================================================== -%% API functions -%% =================================================================== - -start_link() -> - supervisor:start_link({local, ?MODULE}, ?MODULE, []). - -%% =================================================================== -%% Supervisor callbacks -%% =================================================================== - -init([]) -> - {ok, { {one_for_one, 5, 10}, []} }. - diff --git a/plugins/emqttd_auth_mysql/README.md b/plugins/emqttd_auth_mysql/README.md index 736f0fae2..481a8f3e7 100644 --- a/plugins/emqttd_auth_mysql/README.md +++ b/plugins/emqttd_auth_mysql/README.md @@ -2,7 +2,32 @@ Authentication with user table of MySQL database. -## User Table +## etc/plugin.config + +```erlang +[ + {emysql, [ + {pool, 4}, + {host, "localhost"}, + {port, 3306}, + {username, ""}, + {password, ""}, + {database, "mqtt"}, + {encoding, utf8} + ]}, + {emqttd_auth_mysql, [ + {user_table, mqtt_users}, + %% plain password only + {password_hash, plain}, + {field_mapper, [ + {username, username}, + {password, password} + ]} + ]} +]. +``` + +## Users Table(Demo) Notice: This is a demo table. You could authenticate with any user tables. @@ -18,8 +43,7 @@ CREATE TABLE `mqtt_users` ( ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; ``` -## Plugins config - -Please configure 'etc/plugins.config' to loade emysql and emqttd_auth_mysql plugins. +## Load Plugin +Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded by the broker. diff --git a/plugins/emqttd_auth_mysql/etc/plugin.config b/plugins/emqttd_auth_mysql/etc/plugin.config new file mode 100644 index 000000000..bb9a5817e --- /dev/null +++ b/plugins/emqttd_auth_mysql/etc/plugin.config @@ -0,0 +1,18 @@ +[ + {emysql, [ + {pool, 4}, + {host, "localhost"}, + {port, 3306}, + {username, "root"}, + {password, "public"}, + {database, "mqtt"}, + {encoding, utf8} + ]}, + {emqttd_auth_mysql, [ + {users_table, mqtt_users}, + {field_mapper, [ + {username, username}, + {password, password, plain} + ]} + ]} +]. diff --git a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.app.src b/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.app.src index 9094f9e77..965e1825e 100644 --- a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.app.src +++ b/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.app.src @@ -1,7 +1,7 @@ {application, emqttd_auth_mysql, [ - {description, ""}, - {vsn, "0.1"}, + {description, "emqttd MySQL Authentication Plugin"}, + {vsn, "1.0"}, {registered, []}, {applications, [ kernel, diff --git a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.erl b/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.erl index 0ba398249..cf2d32cbc 100644 --- a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.erl +++ b/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.erl @@ -20,7 +20,7 @@ %%% SOFTWARE. %%%----------------------------------------------------------------------------- %%% @doc -%%% emqttd authentication by mysql user table. +%%% emqttd authentication by mysql 'user' table. %%% %%% @end %%%----------------------------------------------------------------------------- @@ -34,22 +34,42 @@ -export([init/1, check/3, description/0]). --record(state, {user_tab}). +-record(state, {user_table, name_field, pass_field, pass_hash}). init(Opts) -> - UserTab = proplists:get_value(user_table, Opts, mqtt_users), - {ok, #state{user_tab = UserTab}}. + Mapper = proplists:get_value(field_mapper, Opts), + {ok, #state{user_table = proplists:get_value(user_table, Opts, mqtt_users), + name_field = proplists:get_value(username, Mapper), + pass_field = proplists:get_value(password, Mapper), + pass_hash = proplists:get_value(Opts, password_hash)}}. check(#mqtt_client{username = undefined}, _Password, _State) -> {error, "Username undefined"}; check(_Client, undefined, _State) -> {error, "Password undefined"}; -check(#mqtt_client{username = Username}, Password, #state{user_tab = UserTab}) -> - %%TODO: hash password... - case emysql:select(UserTab, {'and', {username, Username}, {password, Password}}) of - {ok, []} -> {error, "Username or Password not match"}; +check(#mqtt_client{username = Username}, Password, + #state{user_table = UserTab, pass_hash = Type, + name_field = NameField, pass_field = PassField}) -> + Where = {'and', {NameField, Username}, {PassField, hash(Type, Password)}}, + case emysql:select(UserTab, Where) of + {ok, []} -> {error, "Username or Password "}; {ok, _Record} -> ok end. description() -> "Authentication by MySQL". +hash(plain, Password) -> + Password; + +hash(md5, Password) -> + hexstring(crypto:hash(md5, Password)); + +hash(sha, Password) -> + hexstring(crypto:hash(sha, Password)). + +hexstring(<>) -> + lists:flatten(io_lib:format("~32.16.0b", [X])); + +hexstring(<>) -> + lists:flatten(io_lib:format("~40.16.0b", [X])). + diff --git a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_app.erl b/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_app.erl index 80b3f37f2..86881a4bb 100644 --- a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_app.erl +++ b/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_app.erl @@ -20,27 +20,40 @@ %%% SOFTWARE. %%%----------------------------------------------------------------------------- %%% @doc -%%% mysql authentication app. +%%% emqttd mysql authentication app. %%% %%% @end %%%----------------------------------------------------------------------------- -module(emqttd_auth_mysql_app). -behaviour(application). - %% Application callbacks --export([start/2, stop/1]). +-export([start/2, prep_stop/1, stop/1]). -%% =================================================================== -%% Application callbacks -%% =================================================================== +-behaviour(supervisor). +%% Supervisor callbacks +-export([init/1]). + +%%%============================================================================= +%%% Application callbacks +%%%============================================================================= start(_StartType, _StartArgs) -> - {ok, Sup} = emqttd_auth_mysql_sup:start_link(), Env = application:get_all_env(), emqttd_access_control:register_mod(auth, emqttd_auth_mysql, Env), - {ok, Sup}. + supervisor:start_link({local, ?MODULE}, ?MODULE, []). + +prep_stop(State) -> + emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql), State. stop(_State) -> - emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql), ok. + +%%%============================================================================= +%%% Supervisor callbacks(Dummy) +%%%============================================================================= + +init([]) -> + {ok, { {one_for_one, 5, 10}, []} }. + + diff --git a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_sup.erl b/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_sup.erl deleted file mode 100644 index f2fc9e0b1..000000000 --- a/plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_sup.erl +++ /dev/null @@ -1,27 +0,0 @@ --module(emqttd_auth_mysql_sup). - --behaviour(supervisor). - -%% API --export([start_link/0]). - -%% Supervisor callbacks --export([init/1]). - -%% Helper macro for declaring children of supervisor --define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}). - -%% =================================================================== -%% API functions -%% =================================================================== - -start_link() -> - supervisor:start_link({local, ?MODULE}, ?MODULE, []). - -%% =================================================================== -%% Supervisor callbacks -%% =================================================================== - -init([]) -> - {ok, { {one_for_one, 5, 10}, []} }. - diff --git a/plugins/emysql/src/emysql_sup.erl b/plugins/emysql/src/emysql_sup.erl index fde735c61..b915f3593 100644 --- a/plugins/emysql/src/emysql_sup.erl +++ b/plugins/emysql/src/emysql_sup.erl @@ -21,7 +21,7 @@ start_link(Opts) -> supervisor:start_link({local, ?MODULE}, ?MODULE, Opts). init(Opts) -> - PoolSize = proplists:get_value(pool_size, Opts, + PoolSize = proplists:get_value(pool, Opts, erlang:system_info(schedulers)), {ok, {{one_for_one, 10, 10}, [{emysql, {emysql, start_link, [PoolSize]}, transient, @@ -31,3 +31,4 @@ init(Opts) -> } }. + diff --git a/rel/files/emqttd.config b/rel/files/emqttd.config index 6681abbae..a60107c76 100644 --- a/rel/files/emqttd.config +++ b/rel/files/emqttd.config @@ -62,8 +62,8 @@ {packet, [ %% Max ClientId Length Allowed {max_clientid_len, 1024}, - %% Max Packet Size Allowed, 4K default - {max_packet_size, 4096} + %% Max Packet Size Allowed, 64K default + {max_packet_size, 65536} ]}, %% Client {client, [