chore(sync-apps): sync emqx_auth_mnesia e4.2.3
This commit is contained in:
Zaiming Shi
parent
a2b4e50a8d
commit
86895ddc24
|
|
@ -192,7 +192,7 @@ cli(_) ->
|
||||||
, {"acl add _all <Topic> <Action> <Access>", "Add $all acl"}
|
, {"acl add _all <Topic> <Action> <Access>", "Add $all acl"}
|
||||||
, {"acl del clientid <Clientid> <Topic>", "Delete clientid acl"}
|
, {"acl del clientid <Clientid> <Topic>", "Delete clientid acl"}
|
||||||
, {"acl del username <Username> <Topic>", "Delete username acl"}
|
, {"acl del username <Username> <Topic>", "Delete username acl"}
|
||||||
, {"acl del _all, <Topic>", "Delete $all acl"}
|
, {"acl del _all <Topic>", "Delete $all acl"}
|
||||||
]).
|
]).
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -63,10 +63,8 @@ check(ClientInfo = #{ clientid := Clientid
|
||||||
emqx_metrics:inc(?AUTH_METRICS(ignore)),
|
emqx_metrics:inc(?AUTH_METRICS(ignore)),
|
||||||
ok;
|
ok;
|
||||||
List ->
|
List ->
|
||||||
case [ Hash || <<Salt:4/binary, Hash/binary>> <- lists:sort(fun emqx_auth_mnesia_cli:comparing/2, List),
|
case match_password(NPassword, HashType, List) of
|
||||||
Hash =:= hash(NPassword, Salt, HashType)
|
false ->
|
||||||
] of
|
|
||||||
[] ->
|
|
||||||
?LOG(error, "[Mnesia] Auth from mnesia failed: ~p", [ClientInfo]),
|
?LOG(error, "[Mnesia] Auth from mnesia failed: ~p", [ClientInfo]),
|
||||||
emqx_metrics:inc(?AUTH_METRICS(failure)),
|
emqx_metrics:inc(?AUTH_METRICS(failure)),
|
||||||
{stop, AuthResult#{anonymous => false, auth_result => password_error}};
|
{stop, AuthResult#{anonymous => false, auth_result => password_error}};
|
||||||
|
|
@ -78,7 +76,34 @@ check(ClientInfo = #{ clientid := Clientid
|
||||||
|
|
||||||
description() -> "Authentication with Mnesia".
|
description() -> "Authentication with Mnesia".
|
||||||
|
|
||||||
|
match_password(Password, HashType, HashList) ->
|
||||||
|
lists:any(
|
||||||
|
fun(Secret) ->
|
||||||
|
case is_salt_hash(Secret, HashType) of
|
||||||
|
true ->
|
||||||
|
<<Salt:4/binary, Hash/binary>> = Secret,
|
||||||
|
Hash =:= hash(Password, Salt, HashType);
|
||||||
|
_ ->
|
||||||
|
Secret =:= hash(Password, HashType)
|
||||||
|
end
|
||||||
|
end, HashList).
|
||||||
|
|
||||||
|
hash(undefined, HashType) ->
|
||||||
|
hash(<<>>, HashType);
|
||||||
|
hash(Password, HashType) ->
|
||||||
|
emqx_passwd:hash(HashType, Password).
|
||||||
|
|
||||||
hash(undefined, SaltBin, HashType) ->
|
hash(undefined, SaltBin, HashType) ->
|
||||||
hash(<<>>, SaltBin, HashType);
|
hash(<<>>, SaltBin, HashType);
|
||||||
hash(Password, SaltBin, HashType) ->
|
hash(Password, SaltBin, HashType) ->
|
||||||
emqx_passwd:hash(HashType, <<SaltBin/binary, Password/binary>>).
|
emqx_passwd:hash(HashType, <<SaltBin/binary, Password/binary>>).
|
||||||
|
|
||||||
|
is_salt_hash(_, plain) ->
|
||||||
|
true;
|
||||||
|
is_salt_hash(Secret, HashType) ->
|
||||||
|
not (byte_size(Secret) == len(HashType)).
|
||||||
|
|
||||||
|
len(md5) -> 32;
|
||||||
|
len(sha) -> 40;
|
||||||
|
len(sha256) -> 64;
|
||||||
|
len(sha512) -> 128.
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,6 @@
|
||||||
start(_StartType, _StartArgs) ->
|
start(_StartType, _StartArgs) ->
|
||||||
{ok, Sup} = emqx_auth_mnesia_sup:start_link(),
|
{ok, Sup} = emqx_auth_mnesia_sup:start_link(),
|
||||||
emqx_ctl:register_command(clientid, {emqx_auth_mnesia_cli, auth_clientid_cli}, []),
|
emqx_ctl:register_command(clientid, {emqx_auth_mnesia_cli, auth_clientid_cli}, []),
|
||||||
emqx_ctl:register_command(username, {emqx_auth_mnesia_cli, auth_username_cli}, []),
|
|
||||||
emqx_ctl:register_command(user, {emqx_auth_mnesia_cli, auth_username_cli}, []),
|
emqx_ctl:register_command(user, {emqx_auth_mnesia_cli, auth_username_cli}, []),
|
||||||
emqx_ctl:register_command(acl, {emqx_acl_mnesia_cli, cli}, []),
|
emqx_ctl:register_command(acl, {emqx_acl_mnesia_cli, cli}, []),
|
||||||
load_auth_hook(),
|
load_auth_hook(),
|
||||||
|
|
@ -46,7 +45,6 @@ prep_stop(State) ->
|
||||||
emqx:unhook('client.authenticate', fun emqx_auth_mnesia:check/3),
|
emqx:unhook('client.authenticate', fun emqx_auth_mnesia:check/3),
|
||||||
emqx:unhook('client.check_acl', fun emqx_acl_mnesia:check_acl/5),
|
emqx:unhook('client.check_acl', fun emqx_acl_mnesia:check_acl/5),
|
||||||
emqx_ctl:unregister_command(clientid),
|
emqx_ctl:unregister_command(clientid),
|
||||||
emqx_ctl:unregister_command(username),
|
|
||||||
emqx_ctl:unregister_command(user),
|
emqx_ctl:unregister_command(user),
|
||||||
emqx_ctl:unregister_command(acl),
|
emqx_ctl:unregister_command(acl),
|
||||||
State.
|
State.
|
||||||
|
|
|
||||||
|
|
@ -175,7 +175,7 @@ auth_username_cli(["del", Username]) ->
|
||||||
end;
|
end;
|
||||||
|
|
||||||
auth_username_cli(_) ->
|
auth_username_cli(_) ->
|
||||||
emqx_ctl:usage([{"users list", "List username auth rules"},
|
emqx_ctl:usage([{"user list", "List username auth rules"},
|
||||||
{"users add <Username> <Password>", "Add username auth rule"},
|
{"user add <Username> <Password>", "Add username auth rule"},
|
||||||
{"users update <Username> <NewPassword>", "Update username auth rule"},
|
{"user update <Username> <NewPassword>", "Update username auth rule"},
|
||||||
{"users del <Username>", "Delete username auth rule"}]).
|
{"user del <Username>", "Delete username auth rule"}]).
|
||||||
|
|
|
||||||
|
|
@ -78,7 +78,7 @@ extract_zip(){
|
||||||
mv "apps/${repo}-${vsn}/" "apps/$app/"
|
mv "apps/${repo}-${vsn}/" "apps/$app/"
|
||||||
}
|
}
|
||||||
|
|
||||||
extract_zip "emqx_auth_mnesia" "e4.2.2" "e4.2.2"
|
extract_zip "emqx_auth_mnesia" "e4.2.3" "e4.2.3"
|
||||||
for app in ${apps[@]}; do
|
for app in ${apps[@]}; do
|
||||||
extract_zip "$app" "$default_vsn"
|
extract_zip "$app" "$default_vsn"
|
||||||
done
|
done
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue