refactor: rename gssapi to kerberos
gssapi is the type kerberos is the backend.
This commit is contained in:
zmstone
parent
30420f0481
commit
6364bab0a6
|
|
@ -2,15 +2,15 @@
|
||||||
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
|
|
||||||
-ifndef(EMQX_AUTH_GSSAPI_HRL).
|
-ifndef(EMQX_AUTH_KERBEROS_HRL).
|
||||||
-define(EMQX_AUTH_GSSAPI_HRL, true).
|
-define(EMQX_AUTH_KERBEROS_HRL, true).
|
||||||
|
|
||||||
-define(AUTHN_MECHANISM_GSSAPI, gssapi).
|
-define(AUTHN_MECHANISM_GSSAPI, gssapi).
|
||||||
-define(AUTHN_MECHANISM_GSSAPI_BIN, <<"gssapi">>).
|
-define(AUTHN_MECHANISM_GSSAPI_BIN, <<"gssapi">>).
|
||||||
|
|
||||||
-define(AUTHN_BACKEND, gssapi).
|
-define(AUTHN_BACKEND, kerberos).
|
||||||
-define(AUTHN_BACKEND_BIN, <<"gssapi">>).
|
-define(AUTHN_BACKEND_BIN, <<"kerberos">>).
|
||||||
|
|
||||||
-define(AUTHN_TYPE_GSSAPI, {?AUTHN_MECHANISM_GSSAPI, ?AUTHN_BACKEND}).
|
-define(AUTHN_TYPE_KERBEROS, {?AUTHN_MECHANISM_GSSAPI, ?AUTHN_BACKEND}).
|
||||||
|
|
||||||
-endif.
|
-endif.
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
{application, emqx_auth_gssapi, [
|
{application, emqx_auth_kerberos, [
|
||||||
{description, "EMQX gssapi Authentication"},
|
{description, "EMQX Kerberos Authentication"},
|
||||||
{vsn, "0.1.0"},
|
{vsn, "0.1.0"},
|
||||||
{registered, []},
|
{registered, []},
|
||||||
{mod, {emqx_auth_gssapi_app, []}},
|
{mod, {emqx_auth_kerberos_app, []}},
|
||||||
{applications, [
|
{applications, [
|
||||||
kernel,
|
kernel,
|
||||||
stdlib,
|
stdlib,
|
||||||
|
|
@ -2,19 +2,19 @@
|
||||||
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
|
|
||||||
-module(emqx_auth_gssapi_app).
|
-module(emqx_auth_kerberos_app).
|
||||||
|
|
||||||
-include("emqx_auth_gssapi.hrl").
|
-include("emqx_auth_kerberos.hrl").
|
||||||
|
|
||||||
-behaviour(application).
|
-behaviour(application).
|
||||||
|
|
||||||
-export([start/2, stop/1]).
|
-export([start/2, stop/1]).
|
||||||
|
|
||||||
start(_StartType, _StartArgs) ->
|
start(_StartType, _StartArgs) ->
|
||||||
ok = emqx_authn:register_provider(?AUTHN_TYPE_GSSAPI, emqx_authn_gssapi),
|
ok = emqx_authn:register_provider(?AUTHN_TYPE_KERBEROS, emqx_authn_kerberos),
|
||||||
{ok, Sup} = emqx_auth_gssapi_sup:start_link(),
|
{ok, Sup} = emqx_auth_kerberos_sup:start_link(),
|
||||||
{ok, Sup}.
|
{ok, Sup}.
|
||||||
|
|
||||||
stop(_State) ->
|
stop(_State) ->
|
||||||
ok = emqx_authn:deregister_provider(?AUTHN_TYPE_GSSAPI),
|
ok = emqx_authn:deregister_provider(?AUTHN_TYPE_KERBEROS),
|
||||||
ok.
|
ok.
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
|
|
||||||
-module(emqx_auth_gssapi_sup).
|
-module(emqx_auth_kerberos_sup).
|
||||||
|
|
||||||
-behaviour(supervisor).
|
-behaviour(supervisor).
|
||||||
|
|
||||||
|
|
@ -2,9 +2,9 @@
|
||||||
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
|
|
||||||
-module(emqx_authn_gssapi).
|
-module(emqx_authn_kerberos).
|
||||||
|
|
||||||
-include("emqx_auth_gssapi.hrl").
|
-include("emqx_auth_kerberos.hrl").
|
||||||
-include_lib("emqx_auth/include/emqx_authn.hrl").
|
-include_lib("emqx_auth/include/emqx_authn.hrl").
|
||||||
-include_lib("typerefl/include/types.hrl").
|
-include_lib("typerefl/include/types.hrl").
|
||||||
|
|
||||||
|
|
@ -44,7 +44,7 @@ destroy(_) ->
|
||||||
|
|
||||||
authenticate(
|
authenticate(
|
||||||
#{
|
#{
|
||||||
auth_method := <<"GSSAPI">>,
|
auth_method := <<"GSSAPI-KERBEROS">>,
|
||||||
auth_data := AuthData,
|
auth_data := AuthData,
|
||||||
auth_cache := AuthCache
|
auth_cache := AuthCache
|
||||||
},
|
},
|
||||||
|
|
@ -71,7 +71,7 @@ auth_new(Principal) ->
|
||||||
{ok, SaslConn} ->
|
{ok, SaslConn} ->
|
||||||
{ok, SaslConn};
|
{ok, SaslConn};
|
||||||
Error ->
|
Error ->
|
||||||
?TRACE_AUTHN_PROVIDER("sasl_gssapi_new_failed", #{
|
?TRACE_AUTHN_PROVIDER("sasl_kerberos_new_failed", #{
|
||||||
reason => Error,
|
reason => Error,
|
||||||
sasl_function => "server_server_new"
|
sasl_function => "server_server_new"
|
||||||
}),
|
}),
|
||||||
|
|
@ -86,7 +86,7 @@ auth_begin(SaslConn, ClientToken) ->
|
||||||
sasl_auth:server_done(SaslConn),
|
sasl_auth:server_done(SaslConn),
|
||||||
{ok, #{}, ServerToken};
|
{ok, #{}, ServerToken};
|
||||||
Reason ->
|
Reason ->
|
||||||
?TRACE_AUTHN_PROVIDER("sasl_gssapi_start_failed", #{
|
?TRACE_AUTHN_PROVIDER("sasl_kerberos_start_failed", #{
|
||||||
reason => Reason,
|
reason => Reason,
|
||||||
sasl_function => "server_server_start"
|
sasl_function => "server_server_start"
|
||||||
}),
|
}),
|
||||||
|
|
@ -102,7 +102,7 @@ auth_continue(SaslConn, ClientToken) ->
|
||||||
sasl_auth:server_done(SaslConn),
|
sasl_auth:server_done(SaslConn),
|
||||||
{ok, #{}, ServerToken};
|
{ok, #{}, ServerToken};
|
||||||
Reason ->
|
Reason ->
|
||||||
?TRACE_AUTHN_PROVIDER("sasl_gssapi_step_failed", #{
|
?TRACE_AUTHN_PROVIDER("sasl_kerberos_step_failed", #{
|
||||||
reason => Reason,
|
reason => Reason,
|
||||||
sasl_function => "server_server_step"
|
sasl_function => "server_server_step"
|
||||||
}),
|
}),
|
||||||
|
|
@ -2,9 +2,9 @@
|
||||||
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
|
|
||||||
-module(emqx_authn_gssapi_schema).
|
-module(emqx_authn_kerberos_schema).
|
||||||
|
|
||||||
-include("emqx_auth_gssapi.hrl").
|
-include("emqx_auth_kerberos.hrl").
|
||||||
-include_lib("hocon/include/hoconsc.hrl").
|
-include_lib("hocon/include/hoconsc.hrl").
|
||||||
|
|
||||||
-behaviour(emqx_authn_schema).
|
-behaviour(emqx_authn_schema).
|
||||||
|
|
@ -20,7 +20,7 @@
|
||||||
namespace() -> "authn".
|
namespace() -> "authn".
|
||||||
|
|
||||||
refs() ->
|
refs() ->
|
||||||
[?R_REF(gssapi)].
|
[?R_REF(kerberos)].
|
||||||
|
|
||||||
select_union_member(#{
|
select_union_member(#{
|
||||||
<<"mechanism">> := ?AUTHN_MECHANISM_GSSAPI_BIN, <<"backend">> := ?AUTHN_BACKEND_BIN
|
<<"mechanism">> := ?AUTHN_MECHANISM_GSSAPI_BIN, <<"backend">> := ?AUTHN_BACKEND_BIN
|
||||||
|
|
@ -34,7 +34,7 @@ select_union_member(#{<<"mechanism">> := ?AUTHN_MECHANISM_GSSAPI_BIN}) ->
|
||||||
select_union_member(_) ->
|
select_union_member(_) ->
|
||||||
undefined.
|
undefined.
|
||||||
|
|
||||||
fields(gssapi) ->
|
fields(kerberos) ->
|
||||||
emqx_authn_schema:common_fields() ++
|
emqx_authn_schema:common_fields() ++
|
||||||
[
|
[
|
||||||
{mechanism, emqx_authn_schema:mechanism(?AUTHN_MECHANISM_GSSAPI)},
|
{mechanism, emqx_authn_schema:mechanism(?AUTHN_MECHANISM_GSSAPI)},
|
||||||
|
|
@ -58,7 +58,7 @@ fields(gssapi) ->
|
||||||
})}
|
})}
|
||||||
].
|
].
|
||||||
|
|
||||||
desc(gssapi) ->
|
desc(kerberos) ->
|
||||||
"Settings for GSSAPI authentication.";
|
"Settings for Kerberos authentication.";
|
||||||
desc(_) ->
|
desc(_) ->
|
||||||
undefined.
|
undefined.
|
||||||
|
|
@ -57,7 +57,7 @@ authn_mods(ee) ->
|
||||||
authn_mods(ce) ++
|
authn_mods(ce) ++
|
||||||
[
|
[
|
||||||
emqx_gcp_device_authn_schema,
|
emqx_gcp_device_authn_schema,
|
||||||
emqx_authn_gssapi_schema
|
emqx_authn_kerberos_schema
|
||||||
].
|
].
|
||||||
|
|
||||||
authz() ->
|
authz() ->
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
emqx_authn_gssapi_schema {
|
emqx_authn_kerberos_schema {
|
||||||
|
|
||||||
principal {
|
principal {
|
||||||
label: "Kerberos Principal"
|
label: "Kerberos Principal"
|
||||||
desc: """~
|
desc: """~
|
||||||
SASL GSSAPI authentication Kerberos principal.
|
Server Kerberos principal.
|
||||||
For example <code>mqtt/node1.example.com@MY_REALM.EXAMPLE.COM</code>.
|
For example <code>mqtt/emqx-cluster-1.example.com@MY_REALM.EXAMPLE.COM</code>.
|
||||||
NOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.~"""
|
NOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.~"""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -24,7 +24,7 @@ server_fqdn {
|
||||||
keytab_file {
|
keytab_file {
|
||||||
label: "Keytab File"
|
label: "Keytab File"
|
||||||
desc: """~
|
desc: """~
|
||||||
SASL GSSAPI authentication Kerberos keytab file path.
|
Kerberos keytab file path.
|
||||||
NOTE: This file has to be placed in EMQX nodes.~"""
|
NOTE: This file has to be placed in EMQX nodes.~"""
|
||||||
}
|
}
|
||||||
|
|
||||||
Loading…
Reference in New Issue