diff --git a/apps/emqx_auth_http/src/emqx_acl_http.erl b/apps/emqx_auth_http/src/emqx_acl_http.erl index e18527179..079e623d7 100644 --- a/apps/emqx_auth_http/src/emqx_acl_http.erl +++ b/apps/emqx_auth_http/src/emqx_acl_http.erl @@ -43,7 +43,9 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path := ClientInfo1 = ClientInfo#{access => access(PubSub), topic => Topic}, Username = maps:get(username, ClientInfo1, undefined), case check_acl_request(ACLParams, ClientInfo1) of - {ok, 200, <<"ignore">>} -> ok; + {ok, 200, <<"ignore">>} -> + ?LOG(debug, "ignored, ~s to topic ~ts, username: ~ts", + [PubSub, Topic, Username]); {ok, 200, _Body} -> ?LOG(debug, "Allow ~s to topic ~ts, username: ~ts", [PubSub, Topic, Username]), diff --git a/apps/emqx_auth_http/src/emqx_auth_http.appup.src b/apps/emqx_auth_http/src/emqx_auth_http.appup.src index 3f167d768..f661c36d2 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http.appup.src +++ b/apps/emqx_auth_http/src/emqx_auth_http.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.10", + [{"4.3.11", + [{load_module,emqx_auth_http,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]}, + {"4.3.10", [{load_module,emqx_auth_http,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]}, {"4.3.9", @@ -45,7 +48,10 @@ {load_module,emqx_auth_http_cli,brutal_purge,soft_purge,[]}]}, {<<"4.3.[0-1]">>,[{restart_application,emqx_auth_http}]}, {<<".*">>,[]}], - [{"4.3.10", + [{"4.3.11", + [{load_module,emqx_auth_http,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]}, + {"4.3.10", [{load_module,emqx_auth_http,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]}, {"4.3.9", diff --git a/apps/emqx_auth_http/src/emqx_auth_http.erl b/apps/emqx_auth_http/src/emqx_auth_http.erl index c7710ae94..7318688fd 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http.erl +++ b/apps/emqx_auth_http/src/emqx_auth_http.erl @@ -39,7 +39,7 @@ check(ClientInfo, AuthResult, #{auth := AuthParms = #{path := Path}, Username = maps:get(username, ClientInfo, undefined), case authenticate(AuthParms, ClientInfo) of {ok, 200, <<"ignore">>} -> - ok; + ?LOG(debug, "Auth ignored, path: ~ts, username: ~ts", [Path, Username]); {ok, 200, Body} -> ?LOG(debug, "Auth succeeded from path: ~ts, username: ~ts", [Path, Username]), IsSuperuser = is_superuser(SuperParams, ClientInfo), diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src index 1407592b0..bfd53173d 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src @@ -1,7 +1,8 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.4.8", + [{"4.4.9",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + {"4.4.8", [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {<<"4\\.4\\.[2-7]">>, @@ -9,7 +10,8 @@ {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, {<<"4\\.4\\.[0-1]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}], - [{"4.4.8", + [{"4.4.9",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + {"4.4.8", [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {<<"4\\.4\\.[2-7]">>, diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl index dd3b2dbc9..4fed0912e 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl @@ -41,15 +41,15 @@ check(ClientInfo, AuthResult, State) -> check_auth(ClientInfo, AuthResult, #{from := From, checklists := Checklists}) -> case maps:find(From, ClientInfo) of error -> - ok; + ?LOG(debug, "Auth ignored, ~p not found in Client: ~p", [From, ClientInfo]); {ok, undefined} -> - ok; + ?LOG(debug, "Auth ignored, ~p undefined, Client: ~p", [From, ClientInfo]); {ok, Token} -> case emqx_auth_jwt_svr:verify(Token) of {error, not_found} -> - ok; + ?LOG_SENSITIVE(debug, "Auth ignored, ~p not_found, Client: ~p", [Token, ClientInfo]); {error, not_token} -> - ok; + ?LOG_SENSITIVE(debug, "Auth ignored, ~p not_token, Client: ~p", [Token, ClientInfo]); {error, Reason} -> ?LOG_SENSITIVE(debug, "Auth from JWT failed, Client: ~p, Reason: ~p", diff --git a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl index 8faeed913..554f7c5a9 100644 --- a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl +++ b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl @@ -28,7 +28,9 @@ check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) -> case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of - ok -> ok; + ok -> ?LOG_SENSITIVE(debug, + "[LDAP] ACL ignored, Topic: ~p, Action: ~p for Client: ~p", + [Topic, PubSub, ClientInfo]); {stop, allow} -> ?LOG_SENSITIVE(debug, "[LDAP] Allow Topic: ~p, Action: ~p for Client: ~p", diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src index 01b29895f..0104e9620 100644 --- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src +++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.6", + [{"4.3.7", + [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]}, + {"4.3.6", [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]}, {"4.3.5", @@ -24,7 +27,10 @@ {load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.6", + [{"4.3.7", + [{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]}, + {"4.3.6", [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]}, {"4.3.5", diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl b/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl index d1d73784d..497d98901 100644 --- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl +++ b/apps/emqx_auth_ldap/src/emqx_auth_ldap.erl @@ -59,13 +59,15 @@ check(ClientInfo = #{username := Username, password := Password}, AuthResult, case CheckResult of ok -> ?LOG_SENSITIVE(debug, - "[LDAP] Auth from ldap succeeded, Client: ~p", + "[LDAP] Auth succeeded, Client: ~p", [ClientInfo]), {stop, AuthResult#{auth_result => success, anonymous => false}}; {error, not_found} -> - ok; + ?LOG_SENSITIVE(debug, + "[LDAP] Auth ignored, Client: ~p", + [ClientInfo]); {error, ResultCode} -> - ?LOG_SENSITIVE(error, "[LDAP] Auth from ldap failed: ~p", [ResultCode]), + ?LOG_SENSITIVE(error, "[LDAP] Auth failed: ~p", [ResultCode]), {stop, AuthResult#{auth_result => ResultCode, anonymous => false}} end. diff --git a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl index 928dcc608..9ff52ea85 100644 --- a/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl +++ b/apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl @@ -54,7 +54,9 @@ check_acl(ClientInfo = #{ clientid := Clientid }, PubSub, Topic, _NoMatchAction, [Topic, PubSub, ClientInfo]), {stop, deny}; _ -> - ok + ?LOG_SENSITIVE(debug, + "[Mnesia] ACL ignored, Topic: ~p, Action: ~p for Client: ~p", + [Topic, PubSub, ClientInfo]) end. description() -> "Acl with Mnesia". diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src index 36e4437fd..74d194dd3 100644 --- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src +++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.10", + [{"4.3.11", + [{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]}, + {"4.3.10", [{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]}, {"4.3.9", @@ -47,7 +50,10 @@ {load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.10", + [{"4.3.11", + [{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]}, + {"4.3.10", [{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]}, {"4.3.9", diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl index 35bea5fde..bd1215d70 100644 --- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl +++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl @@ -60,19 +60,17 @@ check(ClientInfo = #{ clientid := Clientid MatchSpec = ets:fun2ms(fun({?TABLE, {clientid, X}, Password, InterTime}) when X =:= Clientid-> Password; ({?TABLE, {username, X}, Password, InterTime}) when X =:= Username andalso X =/= undefined -> Password end), + Info = maps:without([password], ClientInfo), case ets:select(?TABLE, MatchSpec) of [] -> - ok; + ?LOG(debug, "[Mnesia] Auth ignored, Client: ~p", [Info]); List -> case match_password(NPassword, HashType, List) of false -> - Info = maps:without([password], ClientInfo), ?LOG(info, "[Mnesia] Auth from mnesia failed: ~p", [Info]), {stop, AuthResult#{anonymous => false, auth_result => password_error}}; _ -> - ?LOG_SENSITIVE(debug, - "[Mnesia] Auth from mnesia succeeded, Client: ~p", - [ClientInfo]), + ?LOG(debug,"[Mnesia] Auth from mnesia succeeded, Client: ~p", [Info]), {stop, AuthResult#{anonymous => false, auth_result => success}} end end. diff --git a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl b/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl index 2f069478b..aae7532eb 100644 --- a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl +++ b/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl @@ -35,7 +35,9 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery}) maps:from_list(emqx_auth_mongo:replvars(Selector, ClientInfo)) end, SelectorList), case emqx_auth_mongo:query_multi(Pool, Coll, SelectorMapList) of - [] -> ok; + [] -> ?LOG_SENSITIVE(debug, + "[MongoDB] ACL ignored, Topic: ~p, Action: ~p for Client: ~p", + [Topic, PubSub, ClientInfo]); Rows -> try match(ClientInfo, Topic, topics(PubSub, Rows)) of matched -> @@ -50,7 +52,7 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery}) {stop, deny} catch _Err:Reason-> - ?LOG(error, "[MongoDB] Check mongo ~p ACL failed, got ACL config: ~p, error: :~p", + ?LOG(error, "[MongoDB] ACL ignored, check mongo ~p ACL failed, got ACL config: ~p, error: ~p", [PubSub, Rows, Reason]), ignore end diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo.appup.src b/apps/emqx_auth_mongo/src/emqx_auth_mongo.appup.src index b3c2b92ef..9d500d005 100644 --- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.appup.src +++ b/apps/emqx_auth_mongo/src/emqx_auth_mongo.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.4.5", + [{"4.4.6", + [{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]}, + {"4.4.5", [{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]}, {"4.4.4", @@ -22,7 +25,10 @@ {load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.4.5", + [{"4.4.6", + [{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]}, + {"4.4.5", [{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]}, {"4.4.4", diff --git a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl b/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl index 9ca272c65..94bced3fa 100644 --- a/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl +++ b/apps/emqx_auth_mongo/src/emqx_auth_mongo.erl @@ -52,10 +52,11 @@ check(ClientInfo = #{password := Password}, AuthResult, hash = HashType, selector = Selector} = AuthQuery, Pool = maps:get(pool, Env, ?APP), case query(Pool, Collection, maps:from_list(replvars(Selector, ClientInfo))) of - undefined -> ok; + undefined -> + ?LOG_SENSITIVE(debug, "[MongoDB] Auth ignored, Client: ~p", [ClientInfo]); {error, Reason} -> ?tp(emqx_auth_mongo_check_authn_error, #{error => Reason}), - ?LOG_SENSITIVE(error, "[MongoDB] Can't connect to MongoDB server: ~0p", [Reason]), + ?LOG_SENSITIVE(error, "[MongoDB] Auth failed, Can't connect to MongoDB server: ~0p", [Reason]), {stop, AuthResult#{auth_result => not_authorized, anonymous => false}}; UserMap -> Result = case [maps:get(Field, UserMap, undefined) || Field <- Fields] of @@ -69,7 +70,7 @@ check(ClientInfo = #{password := Password}, AuthResult, ok -> ?tp(emqx_auth_mongo_superuser_check_authn_ok, #{}), ?LOG_SENSITIVE(debug, - "[MongoDB] Auth from mongo succeeded, Client: ~p", + "[MongoDB] Auth succeeded, Client: ~p", [ClientInfo]), {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo), anonymous => false, diff --git a/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl b/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl index a5b0f86b2..81c34b602 100644 --- a/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl +++ b/apps/emqx_auth_mysql/src/emqx_acl_mysql.erl @@ -28,7 +28,10 @@ check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) -> case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of - ok -> ok; + ok -> + ?LOG_SENSITIVE(debug, + "[MySQL] ACL ignored, Topic: ~p, Action: ~p for Client: ~p", + [Topic, PubSub, ClientInfo]); {stop, allow} -> ?LOG_SENSITIVE(debug, "[MySQL] Allow Topic: ~p, Action: ~p for Client: ~p", diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src b/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src index a0a6b036d..8c166751a 100644 --- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src +++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.4", + [{"4.3.5", + [{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]}, + {"4.3.4", [{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]}, @@ -20,7 +23,10 @@ {load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.4", + [{"4.3.5", + [{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]}, + {"4.3.4", [{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]}, diff --git a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl b/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl index 94045e1ad..ca991f008 100644 --- a/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl +++ b/apps/emqx_auth_mysql/src/emqx_auth_mysql.erl @@ -46,16 +46,14 @@ check(ClientInfo = #{password := Password}, AuthResult, end, case CheckPass of ok -> - ?LOG_SENSITIVE(debug, - "[MySQL] Auth from mysql succeeded, Client: ~p", - [ClientInfo]), + ?LOG_SENSITIVE(debug, "[MySQL] Auth succeeded, Client: ~p", [ClientInfo]), {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo), anonymous => false, auth_result => success}}; {error, not_found} -> - ok; + ?LOG_SENSITIVE(debug, "[MySQL] Auth ignored, Client: ~p", [ClientInfo]); {error, ResultCode} -> - ?LOG_SENSITIVE(error, "[MySQL] Auth from mysql failed: ~p", [ResultCode]), + ?LOG_SENSITIVE(error, "[MySQL] Auth failed: ~p", [ResultCode]), {stop, AuthResult#{auth_result => ResultCode, anonymous => false}} end. diff --git a/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl b/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl index 1afb93975..f4aa3ddfa 100644 --- a/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl +++ b/apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl @@ -32,7 +32,10 @@ do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAc ok; do_check_acl(Pool, ClientInfo, PubSub, Topic, _NoMatchAction, #{acl_query := {AclSql, AclParams}}) -> case emqx_auth_pgsql_cli:equery(Pool, AclSql, AclParams, ClientInfo) of - {ok, _, []} -> ok; + {ok, _, []} -> + ?LOG_SENSITIVE(debug, + "[Postgres] ACL ignored, Topic: ~p, Action: ~p for Client: ~p", + [Topic, PubSub, ClientInfo]); {ok, _, Rows} -> Rules = filter(PubSub, compile(Rows)), case match(ClientInfo, Topic, Rules) of diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src index 98826f918..7a661c5c7 100644 --- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src +++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.4.4", + [{"4.4.5", + [{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]}, + {"4.4.4", [{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]}, {"4.4.3", @@ -14,7 +17,10 @@ {load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.4.4", + [{"4.4.5", + [{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}, + {load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}]}, + {"4.4.4", [{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]}, {"4.4.3", diff --git a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl index 8f75c1279..e7826bc49 100644 --- a/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl +++ b/apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl @@ -45,16 +45,14 @@ check(ClientInfo = #{password := Password}, AuthResult, end, case CheckPass of ok -> - ?LOG_SENSITIVE(debug, - "[Postgres] Auth from pgsql succeeded, Client: ~p", - [ClientInfo]), + ?LOG_SENSITIVE(debug, "[Postgres] Auth succeeded, Client: ~p", [ClientInfo]), {stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo), anonymous => false, auth_result => success}}; {error, not_found} -> - ok; + ?LOG_SENSITIVE(debug, "[Postgres] Auth ignored, Client: ~p", [ClientInfo]); {error, ResultCode} -> - ?LOG_SENSITIVE(error, "[Postgres] Auth from pgsql failed: ~p", [ResultCode]), + ?LOG_SENSITIVE(error, "[Postgres] Auth failed: ~p", [ResultCode]), {stop, AuthResult#{auth_result => ResultCode, anonymous => false}} end. diff --git a/apps/emqx_auth_redis/src/emqx_acl_redis.erl b/apps/emqx_auth_redis/src/emqx_acl_redis.erl index 74a68905c..6c41261c5 100644 --- a/apps/emqx_auth_redis/src/emqx_acl_redis.erl +++ b/apps/emqx_auth_redis/src/emqx_acl_redis.erl @@ -30,7 +30,10 @@ check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Config) check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl_cmd := AclCmd, timeout := Timeout, type := Type, pool := Pool}) -> case emqx_auth_redis_cli:q(Pool, Type, AclCmd, ClientInfo, Timeout) of - {ok, []} -> ok; + {ok, []} -> + ?LOG_SENSITIVE(debug, + "[Redis] ACL ignored, Topic: ~p, Action: ~p for Client: ~p", + [Topic, PubSub, ClientInfo]); {ok, Rules} -> case match(ClientInfo, PubSub, Topic, Rules) of allow -> diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src b/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src index 9e99fa763..a2728cfee 100644 --- a/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src +++ b/apps/emqx_auth_redis/src/emqx_auth_redis.appup.src @@ -1,7 +1,9 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.5",[{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]}, + [{"4.3.5", + [{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]}, {"4.3.4", [{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]}, @@ -20,7 +22,9 @@ {load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.5",[{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]}, + [{"4.3.5", + [{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]}, {"4.3.4", [{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}, {load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]}, diff --git a/apps/emqx_auth_redis/src/emqx_auth_redis.erl b/apps/emqx_auth_redis/src/emqx_auth_redis.erl index 2b8f75574..711d85667 100644 --- a/apps/emqx_auth_redis/src/emqx_auth_redis.erl +++ b/apps/emqx_auth_redis/src/emqx_auth_redis.erl @@ -47,15 +47,15 @@ check(ClientInfo = #{password := Password}, AuthResult, end, case CheckPass of ok -> - ?LOG_SENSITIVE(debug, "[Redis] Auth from redis succeeded, Client: ~p", [ClientInfo]), + ?LOG_SENSITIVE(debug, "[Redis] Auth succeeded, Client: ~p", [ClientInfo]), IsSuperuser = is_superuser(Pool, Type, SuperCmd, ClientInfo, Timeout), {stop, AuthResult#{is_superuser => IsSuperuser, anonymous => false, auth_result => success}}; {error, not_found} -> - ok; + ?LOG_SENSITIVE(debug, "[Redis] Auth ignored, Client: ~p", [ClientInfo]); {error, ResultCode} -> - ?LOG_SENSITIVE(error, "[Redis] Auth from redis failed: ~p", [ResultCode]), + ?LOG_SENSITIVE(error, "[Redis] Auth failed: ~p", [ResultCode]), {stop, AuthResult#{auth_result => ResultCode, anonymous => false}} end.