diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl index deea23402..7da78a998 100644 --- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl +++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl @@ -63,10 +63,8 @@ check(ClientInfo = #{ clientid := Clientid emqx_metrics:inc(?AUTH_METRICS(ignore)), ok; List -> - case [ Hash || <> <- lists:sort(fun emqx_auth_mnesia_cli:comparing/2, List), - Hash =:= hash(NPassword, Salt, HashType) - ] of - [] -> + case match_password(NPassword, HashType, List) of + false -> ?LOG(error, "[Mnesia] Auth from mnesia failed: ~p", [ClientInfo]), emqx_metrics:inc(?AUTH_METRICS(failure)), {stop, AuthResult#{anonymous => false, auth_result => password_error}}; @@ -78,7 +76,34 @@ check(ClientInfo = #{ clientid := Clientid description() -> "Authentication with Mnesia". +match_password(Password, HashType, HashList) -> + lists:any( + fun(Secret) -> + case is_salt_hash(Secret, HashType) of + true -> + <> = Secret, + Hash =:= hash(Password, Salt, HashType); + _ -> + Secret =:= hash(Password, HashType) + end + end, HashList). + +hash(undefined, HashType) -> + hash(<<>>, HashType); +hash(Password, HashType) -> + emqx_passwd:hash(HashType, Password). + hash(undefined, SaltBin, HashType) -> hash(<<>>, SaltBin, HashType); hash(Password, SaltBin, HashType) -> emqx_passwd:hash(HashType, <>). + +is_salt_hash(_, plain) -> + true; +is_salt_hash(Secret, HashType) -> + not (byte_size(Secret) == len(HashType)). + +len(md5) -> 32; +len(sha) -> 40; +len(sha256) -> 64; +len(sha512) -> 128. diff --git a/sync-apps.sh b/sync-apps.sh index 85cca416d..ab4a75004 100755 --- a/sync-apps.sh +++ b/sync-apps.sh @@ -78,7 +78,7 @@ extract_zip(){ mv "apps/${repo}-${vsn}/" "apps/$app/" } -extract_zip "emqx_auth_mnesia" "e4.2.2" "e4.2.2" +extract_zip "emqx_auth_mnesia" "e4.2.3" "e4.2.3" for app in ${apps[@]}; do extract_zip "$app" "$default_vsn" done