feat: add a quick deny option to allow_anonymous config
prior to this change, allow_anonymous is only true | false when set to 'false', even if the client is connected without a username, the auth backends will be invoked. this commit introduced a new config value `false_quick_deny` to deny access immediately without involving auth backends
This commit is contained in:
Zaiming (Stone) Shi
parent
ad7c2456e6
commit
998f79070d
|
|
@ -807,7 +807,7 @@ end}.
|
||||||
%% @doc Allow anonymous authentication.
|
%% @doc Allow anonymous authentication.
|
||||||
{mapping, "allow_anonymous", "emqx.allow_anonymous", [
|
{mapping, "allow_anonymous", "emqx.allow_anonymous", [
|
||||||
{default, false},
|
{default, false},
|
||||||
{datatype, {enum, [true, false]}}
|
{datatype, {enum, [true, false, false_quick_deny]}}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
%% @doc ACL nomatch.
|
%% @doc ACL nomatch.
|
||||||
|
|
@ -962,7 +962,7 @@ end}.
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
{mapping, "zone.$name.allow_anonymous", "emqx.zones", [
|
{mapping, "zone.$name.allow_anonymous", "emqx.zones", [
|
||||||
{datatype, {enum, [true, false]}}
|
{datatype, {enum, [true, false, false_quick_deny]}}
|
||||||
]}.
|
]}.
|
||||||
|
|
||||||
{mapping, "zone.$name.acl_nomatch", "emqx.zones", [
|
{mapping, "zone.$name.acl_nomatch", "emqx.zones", [
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
%% the emqx `release' version, which in turn is comprised of several
|
%% the emqx `release' version, which in turn is comprised of several
|
||||||
%% apps, one of which is this. See `emqx_release.hrl' for more
|
%% apps, one of which is this. See `emqx_release.hrl' for more
|
||||||
%% info.
|
%% info.
|
||||||
{vsn, "4.3.17"}, % strict semver, bump manually!
|
{vsn, "4.3.18"}, % strict semver, bump manually!
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, []},
|
{registered, []},
|
||||||
{applications, [ kernel
|
{applications, [ kernel
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,15 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.3.16",
|
[{"4.3.17",[{load_module,emqx_access_control,brutal_purge,soft_purge,[]}]},
|
||||||
[{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
{"4.3.16",
|
||||||
|
[{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_access_rule,brutal_purge,soft_purge,[]},
|
{load_module,emqx_access_rule,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
{load_module,emqx_channel,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -17,7 +19,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -41,7 +43,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -68,7 +70,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -101,7 +103,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -138,7 +140,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -177,7 +179,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -216,7 +218,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -259,7 +261,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -302,7 +304,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -345,7 +347,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -388,7 +390,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -431,7 +433,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -474,7 +476,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -517,7 +519,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
{load_module,emqx_logger_textfmt,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -560,7 +562,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_hooks,brutal_purge,soft_purge,[]},
|
{load_module,emqx_hooks,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -605,7 +607,7 @@
|
||||||
[{add_module,emqx_calendar},
|
[{add_module,emqx_calendar},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{add_module,emqx_exclusive_subscription},
|
{add_module,emqx_exclusive_subscription},
|
||||||
{apply, {emqx_exclusive_subscription, on_add_module, []}},
|
{apply,{emqx_exclusive_subscription,on_add_module,[]}},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
{load_module,emqx_broker,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_hooks,brutal_purge,soft_purge,[]},
|
{load_module,emqx_hooks,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -650,8 +652,10 @@
|
||||||
{load_module,emqx_message,brutal_purge,soft_purge,[]},
|
{load_module,emqx_message,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.3.16",
|
[{"4.3.17",[{load_module,emqx_access_control,brutal_purge,soft_purge,[]}]},
|
||||||
[{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
{"4.3.16",
|
||||||
|
[{load_module,emqx_access_control,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_plugins,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
{load_module,emqx_metrics,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_access_rule,brutal_purge,soft_purge,[]},
|
{load_module,emqx_access_rule,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -660,11 +664,11 @@
|
||||||
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
{load_module,emqx_ctl,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription}]},
|
{delete_module,emqx_exclusive_subscription}]},
|
||||||
{"4.3.15",
|
{"4.3.15",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -687,7 +691,7 @@
|
||||||
{load_module,emqx_app,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_app,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.14",
|
{"4.3.14",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -713,7 +717,7 @@
|
||||||
{load_module,emqx_hooks,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_hooks,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.13",
|
{"4.3.13",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -745,7 +749,7 @@
|
||||||
{load_module,emqx_connection,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_connection,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.12",
|
{"4.3.12",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -780,7 +784,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.11",
|
{"4.3.11",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -817,7 +821,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.10",
|
{"4.3.10",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -854,7 +858,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.9",
|
{"4.3.9",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -895,7 +899,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.8",
|
{"4.3.8",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -936,7 +940,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.7",
|
{"4.3.7",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -977,7 +981,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.6",
|
{"4.3.6",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -1018,7 +1022,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.5",
|
{"4.3.5",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -1059,7 +1063,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.4",
|
{"4.3.4",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -1100,7 +1104,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.3",
|
{"4.3.3",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -1141,7 +1145,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.2",
|
{"4.3.2",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -1182,7 +1186,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.1",
|
{"4.3.1",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -1225,7 +1229,7 @@
|
||||||
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_limiter,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.0",
|
{"4.3.0",
|
||||||
[{delete_module,emqx_calendar},
|
[{delete_module,emqx_calendar},
|
||||||
{apply, {emqx_exclusive_subscription, on_delete_module, []}},
|
{apply,{emqx_exclusive_subscription,on_delete_module,[]}},
|
||||||
{delete_module,emqx_exclusive_subscription},
|
{delete_module,emqx_exclusive_subscription},
|
||||||
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
{load_module,emqx_topic,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
{load_module,emqx_mqtt_caps,brutal_purge,soft_purge,[]},
|
||||||
|
|
|
||||||
|
|
@ -33,15 +33,13 @@
|
||||||
|
|
||||||
-spec(authenticate(emqx_types:clientinfo()) -> {ok, result()} | {error, term()}).
|
-spec(authenticate(emqx_types:clientinfo()) -> {ok, result()} | {error, term()}).
|
||||||
authenticate(ClientInfo = #{zone := Zone}) ->
|
authenticate(ClientInfo = #{zone := Zone}) ->
|
||||||
AuthResult = default_auth_result(Zone),
|
ok = emqx_metrics:inc('client.authenticate'),
|
||||||
case
|
Username = maps:get(username, ClientInfo, undefined),
|
||||||
begin ok = emqx_metrics:inc('client.authenticate'),
|
{MaybeStop, AuthResult} = default_auth_result(Username, Zone),
|
||||||
emqx_zone:get_env(Zone, bypass_auth_plugins, false)
|
case MaybeStop of
|
||||||
end
|
stop ->
|
||||||
of
|
|
||||||
true ->
|
|
||||||
return_auth_result(AuthResult);
|
return_auth_result(AuthResult);
|
||||||
false ->
|
continue ->
|
||||||
return_auth_result(emqx_hooks:run_fold('client.authenticate', [ClientInfo], AuthResult))
|
return_auth_result(emqx_hooks:run_fold('client.authenticate', [ClientInfo], AuthResult))
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
|
@ -91,10 +89,29 @@ inc_acl_metrics(cache_hit) ->
|
||||||
emqx_metrics:inc('client.acl.cache_hit').
|
emqx_metrics:inc('client.acl.cache_hit').
|
||||||
|
|
||||||
%% Auth
|
%% Auth
|
||||||
default_auth_result(Zone) ->
|
default_auth_result(Username, Zone) ->
|
||||||
case emqx_zone:get_env(Zone, allow_anonymous, false) of
|
IsAnonymous = (Username =:= undefined orelse Username =:= <<>>),
|
||||||
true -> #{auth_result => success, anonymous => true};
|
AllowAnonymous = emqx_zone:get_env(Zone, allow_anonymous, false),
|
||||||
false -> #{auth_result => not_authorized, anonymous => false}
|
Bypass = emqx_zone:get_env(Zone, bypass_auth_plugins, false),
|
||||||
|
%% the `anonymous` filed in auth result does not mean the client is
|
||||||
|
%% connected without username, but if the auth result is based on
|
||||||
|
%% allowing anonymous access.
|
||||||
|
IsResultBasedOnAllowAnonymous =
|
||||||
|
case AllowAnonymous of
|
||||||
|
true -> true;
|
||||||
|
_ -> false
|
||||||
|
end,
|
||||||
|
Result = case AllowAnonymous of
|
||||||
|
true -> #{auth_result => success, anonymous => IsResultBasedOnAllowAnonymous};
|
||||||
|
_ -> #{auth_result => not_authorized, anonymous => IsResultBasedOnAllowAnonymous}
|
||||||
|
end,
|
||||||
|
case {IsAnonymous, AllowAnonymous} of
|
||||||
|
{true, false_quick_deny} ->
|
||||||
|
{stop, Result};
|
||||||
|
_ when Bypass ->
|
||||||
|
{stop, Result};
|
||||||
|
_ ->
|
||||||
|
{continue, Result}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
-compile({inline, [return_auth_result/1]}).
|
-compile({inline, [return_auth_result/1]}).
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,12 @@ t_authenticate(_) ->
|
||||||
emqx_zone:set_env(zone, allow_anonymous, true),
|
emqx_zone:set_env(zone, allow_anonymous, true),
|
||||||
?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
|
?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
|
||||||
|
|
||||||
|
t_authenticate_fast_fail(_) ->
|
||||||
|
emqx_zone:set_env(zone, allow_anonymous, false_quick_deny),
|
||||||
|
?assertMatch({error, _}, emqx_access_control:authenticate(clientinfo())),
|
||||||
|
emqx_zone:set_env(zone, allow_anonymous, true),
|
||||||
|
?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
|
||||||
|
|
||||||
t_check_acl(_) ->
|
t_check_acl(_) ->
|
||||||
emqx_zone:set_env(zone, acl_nomatch, deny),
|
emqx_zone:set_env(zone, acl_nomatch, deny),
|
||||||
application:set_env(emqx, enable_acl_cache, false),
|
application:set_env(emqx, enable_acl_cache, false),
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue