From 4f0bd74f878e42e8a41a26a8355327ff7787efeb Mon Sep 17 00:00:00 2001 From: turtled Date: Wed, 29 Mar 2017 15:28:24 +0800 Subject: [PATCH] #777 --- etc/emq.conf | 3 +++ priv/emq.schema | 6 ++++++ src/emqttd_access_control.erl | 14 ++++---------- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/etc/emq.conf b/etc/emq.conf index 6b8e784f4..286bd4163 100644 --- a/etc/emq.conf +++ b/etc/emq.conf @@ -100,6 +100,9 @@ log.crash.file = {{ platform_log_dir }}/crash.log ## Allow Anonymous authentication mqtt.allow_anonymous = true +## ACL nomatch +mqtt.acl_nomatch = allow + ## Default ACL File mqtt.acl_file = {{ platform_etc_dir }}/acl.conf diff --git a/priv/emq.schema b/priv/emq.schema index 2ed196e2c..2760438f9 100644 --- a/priv/emq.schema +++ b/priv/emq.schema @@ -307,6 +307,12 @@ end}. {datatype, {enum, [true, false]}} ]}. +%% @doc ACL nomatch +{mapping, "mqtt.acl_nomatch", "emqttd.acl_nomatch", [ + {default, allow}, + {datatype, {enum, [allow, deny]}} +]}. + %% @doc Default ACL File {mapping, "mqtt.acl_file", "emqttd.acl_file", [ {datatype, string}, diff --git a/src/emqttd_access_control.erl b/src/emqttd_access_control.erl index 65d0c76f5..283d42a78 100644 --- a/src/emqttd_access_control.erl +++ b/src/emqttd_access_control.erl @@ -71,16 +71,10 @@ auth(Client, Password, [{Mod, State, _Seq} | Mods]) -> PubSub :: pubsub(), Topic :: binary()). check_acl(Client, PubSub, Topic) when ?PS(PubSub) -> - case lookup_mods(acl) of - [] -> case emqttd:env(allow_anonymous, false) of - true -> allow; - false -> deny - end; - AclMods -> check_acl(Client, PubSub, Topic, AclMods) - end. -check_acl(#mqtt_client{client_id = ClientId}, PubSub, Topic, []) -> - lager:error("ACL: nomatch for ~s ~s ~s", [ClientId, PubSub, Topic]), - allow; + check_acl(Client, PubSub, Topic, lookup_mods(acl)). + +check_acl(_Client, _PubSub, _Topic, []) -> + emqttd:env(acl_nomatch, allow); check_acl(Client, PubSub, Topic, [{Mod, State, _Seq}|AclMods]) -> case Mod:check_acl({Client, PubSub, Topic}, State) of allow -> allow;