yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ldap plugin

This commit is contained in:
Feng Lee 2015-05-12 10:41:29 +08:00
parent c7878b8b75
commit 2f5d0306d3
13 changed files with 126 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
plugins/emqttd_auth_ldap/README.md
View File

@ -1,9 +1,25 @@
# emqttd_auth_ldap
LDAP Authentication Plugin. ## Overview
## Plugin config Authentication with LDAP.
## Plugin Config
```
{emqttd_auth_ldap, [
{servers, ["localhost"]},
{port, 389},
{timeout, 30},
{user_dn, "uid=$u,ou=People,dc=example,dc=com"},
{ssl, fasle},
{sslopts, [
{"certfile", "ssl.crt"},
{"keyfile", "ssl.key"}]}
]}
``` ```
``` ## Load Plugin
Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded automatically.

0
plugins/emqttd_auth_ldap/etc/app.config → plugins/emqttd_auth_ldap/etc/plugin.config
View File

12
plugins/emqttd_auth_ldap/src/emqttd_auth_ldap.erl
View File

@ -20,11 +20,7 @@
%%% SOFTWARE. %%% SOFTWARE.
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
%%% @doc %%% @doc
<<<<<<< HEAD
%%% LDAP Authentication Module. %%% LDAP Authentication Module.
=======
%%% LDAP authentication module.
>>>>>>> c6e92388798302ae3b44286f444505d1c385aba7
%%% %%%
%%% @end %%% @end
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
@ -38,7 +34,6 @@
-export([init/1, check/3, description/0]). -export([init/1, check/3, description/0]).
<<<<<<< HEAD
-record(state, {servers, user_dn, options}). -record(state, {servers, user_dn, options}).
init(Opts) -> init(Opts) ->
@ -91,11 +86,4 @@ fill(Username, UserDn) ->
fun("$u") -> Username; fun("$u") -> Username;
(S) -> S (S) -> S
end, string:tokens(UserDn, ",="))). end, string:tokens(UserDn, ",="))).
=======
init(Opts) -> {ok, Opts}.
check(_Client, _Password, _Opts) -> ingore.
description() -> "LDAP authentication module".
>>>>>>> c6e92388798302ae3b44286f444505d1c385aba7

30
plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_app.erl
View File

@ -1,4 +1,3 @@
<<<<<<< HEAD
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
%%% Copyright (c) 2012-2015 eMQTT.IO, All Rights Reserved. %%% Copyright (c) 2012-2015 eMQTT.IO, All Rights Reserved.
%%% %%%
@ -21,7 +20,7 @@
%%% SOFTWARE. %%% SOFTWARE.
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
%%% @doc %%% @doc
%%% ldap authentication app. %%% LDAP Authentication APP.
%%% %%%
%%% @end %%% @end
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
@ -40,8 +39,8 @@
%%%============================================================================= %%%=============================================================================
start(_StartType, _StartArgs) -> start(_StartType, _StartArgs) ->
Opts = application:get_all_env(emqttd_auth_ldap, ldap), Env = application:get_all_env(emqttd_auth_ldap),
emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Opts), emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env),
supervisor:start_link({local, ?MODULE}, ?MODULE, []). supervisor:start_link({local, ?MODULE}, ?MODULE, []).
prep_stop(State) -> prep_stop(State) ->
@ -51,31 +50,10 @@ stop(_State) ->
ok. ok.
%%%============================================================================= %%%=============================================================================
%%% Supervisor callbacks %%% Supervisor callbacks(Dummy)
%%%============================================================================= %%%=============================================================================
init([]) -> init([]) ->
{ok, { {one_for_one, 5, 10}, []} }. {ok, { {one_for_one, 5, 10}, []} }.
=======
-module(emqttd_auth_ldap_app).
-behaviour(application).
%% Application callbacks
-export([start/2, stop/1]).
%% ===================================================================
%% Application callbacks
%% ===================================================================
start(_StartType, _StartArgs) ->
{ok, Sup} = emqttd_auth_ldap_sup:start_link(),
Env = application:get_all_env(),
emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env),
{ok, Sup}.
stop(_State) ->
emqttd_access_control:unregister_mod(auth, emqttd_auth_ldap),
ok.
>>>>>>> c6e92388798302ae3b44286f444505d1c385aba7

27
plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_sup.erl
View File

@ -1,27 +0,0 @@
-module(emqttd_auth_ldap_sup).
-behaviour(supervisor).
%% API
-export([start_link/0]).
%% Supervisor callbacks
-export([init/1]).
%% Helper macro for declaring children of supervisor
-define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}).
%% ===================================================================
%% API functions
%% ===================================================================
start_link() ->
supervisor:start_link({local, ?MODULE}, ?MODULE, []).
%% ===================================================================
%% Supervisor callbacks
%% ===================================================================
init([]) ->
{ok, { {one_for_one, 5, 10}, []} }.

32
plugins/emqttd_auth_mysql/README.md
View File

@ -2,7 +2,32 @@
Authentication with user table of MySQL database. Authentication with user table of MySQL database.
## User Table ## etc/plugin.config
```erlang
[
{emysql, [
{pool, 4},
{host, "localhost"},
{port, 3306},
{username, ""},
{password, ""},
{database, "mqtt"},
{encoding, utf8}
]},
{emqttd_auth_mysql, [
{user_table, mqtt_users},
%% plain password only
{password_hash, plain},
{field_mapper, [
{username, username},
{password, password}
]}
]}
].
```
## Users Table(Demo)
Notice: This is a demo table. You could authenticate with any user tables. Notice: This is a demo table. You could authenticate with any user tables.
@ -18,8 +43,7 @@ CREATE TABLE `mqtt_users` (
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
``` ```
## Plugins config ## Load Plugin
Please configure 'etc/plugins.config' to loade emysql and emqttd_auth_mysql plugins.
Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded by the broker.

18
plugins/emqttd_auth_mysql/etc/plugin.config Normal file
View File

@ -0,0 +1,18 @@
[
{emysql, [
{pool, 4},
{host, "localhost"},
{port, 3306},
{username, "root"},
{password, "public"},
{database, "mqtt"},
{encoding, utf8}
]},
{emqttd_auth_mysql, [
{users_table, mqtt_users},
{field_mapper, [
{username, username},
{password, password, plain}
]}
]}
].

4
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.app.src
View File

@ -1,7 +1,7 @@
{application, emqttd_auth_mysql, {application, emqttd_auth_mysql,
[ [
{description, ""}, {description, "emqttd MySQL Authentication Plugin"},
{vsn, "0.1"}, {vsn, "1.0"},
{registered, []}, {registered, []},
{applications, [ {applications, [
kernel, kernel,

36
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.erl
View File

@ -20,7 +20,7 @@
%%% SOFTWARE. %%% SOFTWARE.
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
%%% @doc %%% @doc
%%% emqttd authentication by mysql user table. %%% emqttd authentication by mysql 'user' table.
%%% %%%
%%% @end %%% @end
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
@ -34,22 +34,42 @@
-export([init/1, check/3, description/0]). -export([init/1, check/3, description/0]).
-record(state, {user_tab}). -record(state, {user_table, name_field, pass_field, pass_hash}).
init(Opts) -> init(Opts) ->
UserTab = proplists:get_value(user_table, Opts, mqtt_users), Mapper = proplists:get_value(field_mapper, Opts),
{ok, #state{user_tab = UserTab}}. {ok, #state{user_table = proplists:get_value(user_table, Opts, mqtt_users),
name_field = proplists:get_value(username, Mapper),
pass_field = proplists:get_value(password, Mapper),
pass_hash = proplists:get_value(Opts, password_hash)}}.
check(#mqtt_client{username = undefined}, _Password, _State) -> check(#mqtt_client{username = undefined}, _Password, _State) ->
{error, "Username undefined"}; {error, "Username undefined"};
check(_Client, undefined, _State) -> check(_Client, undefined, _State) ->
{error, "Password undefined"}; {error, "Password undefined"};
check(#mqtt_client{username = Username}, Password, #state{user_tab = UserTab}) -> check(#mqtt_client{username = Username}, Password,
%%TODO: hash password... #state{user_table = UserTab, pass_hash = Type,
case emysql:select(UserTab, {'and', {username, Username}, {password, Password}}) of name_field = NameField, pass_field = PassField}) ->
{ok, []} -> {error, "Username or Password not match"}; Where = {'and', {NameField, Username}, {PassField, hash(Type, Password)}},
case emysql:select(UserTab, Where) of
{ok, []} -> {error, "Username or Password "};
{ok, _Record} -> ok {ok, _Record} -> ok
end. end.
description() -> "Authentication by MySQL". description() -> "Authentication by MySQL".
hash(plain, Password) ->
Password;
hash(md5, Password) ->
hexstring(crypto:hash(md5, Password));
hash(sha, Password) ->
hexstring(crypto:hash(sha, Password)).
hexstring(<<X:128/big-unsigned-integer>>) ->
lists:flatten(io_lib:format("~32.16.0b", [X]));
hexstring(<<X:160/big-unsigned-integer>>) ->
lists:flatten(io_lib:format("~40.16.0b", [X])).

31
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_app.erl
View File

@ -20,27 +20,40 @@
%%% SOFTWARE. %%% SOFTWARE.
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
%%% @doc %%% @doc
%%% mysql authentication app. %%% emqttd mysql authentication app.
%%% %%%
%%% @end %%% @end
%%%----------------------------------------------------------------------------- %%%-----------------------------------------------------------------------------
-module(emqttd_auth_mysql_app). -module(emqttd_auth_mysql_app).
-behaviour(application). -behaviour(application).
%% Application callbacks %% Application callbacks
-export([start/2, stop/1]). -export([start/2, prep_stop/1, stop/1]).
%% =================================================================== -behaviour(supervisor).
%% Application callbacks %% Supervisor callbacks
%% =================================================================== -export([init/1]).
%%%=============================================================================
%%% Application callbacks
%%%=============================================================================
start(_StartType, _StartArgs) -> start(_StartType, _StartArgs) ->
{ok, Sup} = emqttd_auth_mysql_sup:start_link(),
Env = application:get_all_env(), Env = application:get_all_env(),
emqttd_access_control:register_mod(auth, emqttd_auth_mysql, Env), emqttd_access_control:register_mod(auth, emqttd_auth_mysql, Env),
{ok, Sup}. supervisor:start_link({local, ?MODULE}, ?MODULE, []).
prep_stop(State) ->
emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql), State.
stop(_State) -> stop(_State) ->
emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql),
ok. ok.
%%%=============================================================================
%%% Supervisor callbacks(Dummy)
%%%=============================================================================
init([]) ->
{ok, { {one_for_one, 5, 10}, []} }.

27
plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_sup.erl
View File

@ -1,27 +0,0 @@
-module(emqttd_auth_mysql_sup).
-behaviour(supervisor).
%% API
-export([start_link/0]).
%% Supervisor callbacks
-export([init/1]).
%% Helper macro for declaring children of supervisor
-define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}).
%% ===================================================================
%% API functions
%% ===================================================================
start_link() ->
supervisor:start_link({local, ?MODULE}, ?MODULE, []).
%% ===================================================================
%% Supervisor callbacks
%% ===================================================================
init([]) ->
{ok, { {one_for_one, 5, 10}, []} }.

3
plugins/emysql/src/emysql_sup.erl
View File

@ -21,7 +21,7 @@ start_link(Opts) ->
supervisor:start_link({local, ?MODULE}, ?MODULE, Opts). supervisor:start_link({local, ?MODULE}, ?MODULE, Opts).
init(Opts) -> init(Opts) ->
PoolSize = proplists:get_value(pool_size, Opts, PoolSize = proplists:get_value(pool, Opts,
erlang:system_info(schedulers)), erlang:system_info(schedulers)),
{ok, {{one_for_one, 10, 10}, {ok, {{one_for_one, 10, 10},
[{emysql, {emysql, start_link, [PoolSize]}, transient, [{emysql, {emysql, start_link, [PoolSize]}, transient,
@ -31,3 +31,4 @@ init(Opts) ->
} }
}. }.

4
rel/files/emqttd.config
View File

@ -62,8 +62,8 @@
{packet, [ {packet, [
%% Max ClientId Length Allowed %% Max ClientId Length Allowed
{max_clientid_len, 1024}, {max_clientid_len, 1024},
%% Max Packet Size Allowed, 4K default %% Max Packet Size Allowed, 64K default
{max_packet_size, 4096} {max_packet_size, 65536}
]}, ]},
%% Client %% Client
{client, [ {client, [