From b0917e665c431d88242790295b9512b8a6a3dd94 Mon Sep 17 00:00:00 2001 From: Feng Lee Date: Sat, 15 Oct 2016 13:49:51 +0800 Subject: [PATCH] etc/acl.conf --- etc/acl.conf | 29 +++++++++++++++++++++++++++++ src/emqttd_acl_anonymous.erl | 35 ----------------------------------- src/emqttd_acl_internal.erl | 18 ++++++------------ src/emqttd_app.erl | 11 +++++++++++ src/emqttd_auth_anonymous.erl | 29 ----------------------------- 5 files changed, 46 insertions(+), 76 deletions(-) create mode 100644 etc/acl.conf delete mode 100644 src/emqttd_acl_anonymous.erl delete mode 100644 src/emqttd_auth_anonymous.erl diff --git a/etc/acl.conf b/etc/acl.conf new file mode 100644 index 000000000..3cb3b8c52 --- /dev/null +++ b/etc/acl.conf @@ -0,0 +1,29 @@ +%%-------------------------------------------------------------------- +%% +%% [ACL](https://github.com/emqtt/emqttd/wiki/ACL) +%% +%% -type who() :: all | binary() | +%% {ipaddr, esockd_access:cidr()} | +%% {client, binary()} | +%% {user, binary()}. +%% +%% -type access() :: subscribe | publish | pubsub. +%% +%% -type topic() :: binary(). +%% +%% -type rule() :: {allow, all} | +%% {allow, who(), access(), list(topic())} | +%% {deny, all} | +%% {deny, who(), access(), list(topic())}. +%% +%%-------------------------------------------------------------------- + +{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}. + +{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}. + +{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}. + +{allow, all}. + + diff --git a/src/emqttd_acl_anonymous.erl b/src/emqttd_acl_anonymous.erl deleted file mode 100644 index ef80457fd..000000000 --- a/src/emqttd_acl_anonymous.erl +++ /dev/null @@ -1,35 +0,0 @@ -%%-------------------------------------------------------------------- -%% Copyright (c) 2012-2016 Feng Lee . -%% -%% Licensed under the Apache License, Version 2.0 (the "License"); -%% you may not use this file except in compliance with the License. -%% You may obtain a copy of the License at -%% -%% http://www.apache.org/licenses/LICENSE-2.0 -%% -%% Unless required by applicable law or agreed to in writing, software -%% distributed under the License is distributed on an "AS IS" BASIS, -%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -%% See the License for the specific language governing permissions and -%% limitations under the License. -%%-------------------------------------------------------------------- - --module(emqttd_acl_anonymous). - --behaviour(emqttd_acl_mod). - -%% ACL callbacks --export([init/1, check_acl/2, reload_acl/1, description/0]). - -init(Opts) -> - {ok, Opts}. - -check_acl(_Who, _State) -> - allow. - -reload_acl(_State) -> - ok. - -description() -> - "Anonymous ACL". - diff --git a/src/emqttd_acl_internal.erl b/src/emqttd_acl_internal.erl index 282fb77a4..610cf91a3 100644 --- a/src/emqttd_acl_internal.erl +++ b/src/emqttd_acl_internal.erl @@ -46,18 +46,12 @@ all_rules() -> %%-------------------------------------------------------------------- %% @doc Init internal ACL --spec(init(Opts :: list()) -> {ok, State :: any()}). -init(Opts) -> +-spec(init([File :: string()]) -> {ok, State :: any()}). +init([File]) -> ets:new(?ACL_RULE_TAB, [set, public, named_table, {read_concurrency, true}]), - case proplists:get_value(config, Opts) of - undefined -> - {ok, #state{}}; - File -> - Default = proplists:get_value(nomatch, Opts, allow), - State = #state{config = File, nomatch = Default}, - true = load_rules_from_file(State), - {ok, State} - end. + State = #state{config = File}, + true = load_rules_from_file(State), + {ok, State}. load_rules_from_file(#state{config = AclFile}) -> {ok, Terms} = file:consult(AclFile), @@ -118,7 +112,7 @@ reload_acl(#state{config = undefined}) -> reload_acl(State) -> case catch load_rules_from_file(State) of {'EXIT', Error} -> {error, Error}; - _ -> ok + true -> ok end. %% @doc ACL Module Description diff --git a/src/emqttd_app.erl b/src/emqttd_app.erl index 3f15fdf31..bec092b52 100644 --- a/src/emqttd_app.erl +++ b/src/emqttd_app.erl @@ -46,6 +46,7 @@ start(_StartType, _StartArgs) -> {ok, Sup} = emqttd_sup:start_link(), start_servers(Sup), emqttd_cli:load(), + register_acl_mod(), load_all_mods(), emqttd_plugins:init(), emqttd_plugins:load(), @@ -140,6 +141,16 @@ worker_spec(Module, Opts) when is_atom(Module) -> worker_spec(M, F, A) -> {M, {M, F, A}, permanent, 10000, worker, [M]}. +%%-------------------------------------------------------------------- +%% Register default ACL File +%%-------------------------------------------------------------------- + +register_acl_mod() -> + case emqttd:env(acl_file) of + {ok, File} -> emqttd_access_control:register_mod(acl, emqttd_acl_internal, [File]); + undefined -> ok + end. + %%-------------------------------------------------------------------- %% Load Modules %%-------------------------------------------------------------------- diff --git a/src/emqttd_auth_anonymous.erl b/src/emqttd_auth_anonymous.erl deleted file mode 100644 index 8acdb7bf0..000000000 --- a/src/emqttd_auth_anonymous.erl +++ /dev/null @@ -1,29 +0,0 @@ -%%-------------------------------------------------------------------- -%% Copyright (c) 2012-2016 Feng Lee . -%% -%% Licensed under the Apache License, Version 2.0 (the "License"); -%% you may not use this file except in compliance with the License. -%% You may obtain a copy of the License at -%% -%% http://www.apache.org/licenses/LICENSE-2.0 -%% -%% Unless required by applicable law or agreed to in writing, software -%% distributed under the License is distributed on an "AS IS" BASIS, -%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -%% See the License for the specific language governing permissions and -%% limitations under the License. -%%-------------------------------------------------------------------- - -%% @doc Anonymous Authentication Module --module(emqttd_auth_anonymous). - --behaviour(emqttd_auth_mod). - --export([init/1, check/3, description/0]). - -init(Opts) -> {ok, Opts}. - -check(_Client, _Password, _Opts) -> ok. - -description() -> "Anonymous Authentication Module". -