yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9943 from lafirest/fix/more_logs 

fix(auth): add more detailed logs for auth/acl
This commit is contained in:
Xinyu Liu 2023-02-09 18:41:50 +08:00 committed by GitHub
parent a4bada457b 6129d1dd4f
commit df3c114938
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 226 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/emqx_auth_http/src/emqx_acl_http.erl
View File

@ -44,7 +44,10 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path :=
Username = maps:get(username, ClientInfo1, undefined),
case check_acl_request(ACLParams, ClientInfo1) of
{ok, 200, <<"ignore">>} -> ok;
{ok, 200, _Body} -> {stop, allow};
{ok, 200, _Body} ->
?LOG(debug, "Allow ~s to topic ~ts, username: ~ts",
[PubSub, Topic, Username]),
{stop, allow};
{ok, Code, _Body} ->
?LOG(warning, "Deny ~s to topic ~ts, username: ~ts, http response code: ~p",
[PubSub, Topic, Username, Code]),
@ -74,4 +77,3 @@ check_acl_request(ACLParams =
access(subscribe) -> 1;
access(publish) -> 2.

2
apps/emqx_auth_http/src/emqx_auth_http.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_http,
[{description, "EMQ X Authentication/ACL with HTTP API"},
{vsn, "4.3.10"}, % strict semver, bump manually!
{vsn, "4.3.11"}, % strict semver, bump manually!
{modules, []},
{registered, [emqx_auth_http_sup]},
{applications, [kernel,stdlib,ehttpc]},

16
apps/emqx_auth_http/src/emqx_auth_http.appup.src
View File

@ -1,7 +1,13 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.3.9",[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
[{"4.3.10",
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
{"4.3.9",
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
{"4.3.8",
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
@ -39,7 +45,13 @@
{load_module,emqx_auth_http_cli,brutal_purge,soft_purge,[]}]},
{<<"4.3.[0-1]">>,[{restart_application,emqx_auth_http}]},
{<<".*">>,[]}],
[{"4.3.9",[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
[{"4.3.10",
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
{"4.3.9",
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
{"4.3.8",
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},

5
apps/emqx_auth_http/src/emqx_auth_http.erl
View File

@ -41,19 +41,20 @@ check(ClientInfo, AuthResult, #{auth := AuthParms = #{path := Path},
{ok, 200, <<"ignore">>} ->
ok;
{ok, 200, Body} ->
?LOG(debug, "Auth succeeded from path: ~ts, username: ~ts", [Path, Username]),
IsSuperuser = is_superuser(SuperParams, ClientInfo),
{stop, AuthResult#{is_superuser => IsSuperuser,
auth_result => success,
anonymous => false,
mountpoint => mountpoint(Body, ClientInfo)}};
{ok, Code, _Body} ->
?LOG(warning, "Deny connection from path: ~s, username: ~ts, http "
?LOG(warning, "Deny connection from path: ~ts, username: ~ts, http "
"response code: ~p",
[Path, Username, Code]),
{stop, AuthResult#{auth_result => http_to_connack_error(Code),
anonymous => false}};
{error, Error} ->
?LOG_SENSITIVE(warning, "Deny connection from path: ~s, username: ~ts, due to "
?LOG_SENSITIVE(warning, "Deny connection from path: ~ts, username: ~ts, due to "
"request http-server failed: ~0p", [Path, Username, Error]),
%%FIXME later: server_unavailable is not right.
{stop, AuthResult#{auth_result => server_unavailable,

8
apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src
View File

@ -1,13 +1,17 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.4.8",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
[{"4.4.8",
[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[2-7]">>,
[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[0-1]">>,[{restart_application,emqx_auth_jwt}]},
{<<".*">>,[]}],
[{"4.4.8",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
[{"4.4.8",
[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[2-7]">>,
[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},

6
apps/emqx_auth_jwt/src/emqx_auth_jwt.erl
View File

@ -51,8 +51,14 @@ check_auth(ClientInfo, AuthResult, #{from := From, checklists := Checklists}) ->
{error, not_token} ->
ok;
{error, Reason} ->
?LOG_SENSITIVE(debug,
"Auth from JWT failed, Client: ~p, Reason: ~p",
[ClientInfo, Reason]),
{stop, AuthResult#{auth_result => Reason, anonymous => false}};
{ok, Claims} ->
?LOG_SENSITIVE(debug,
"Auth from JWT succeeded, Client: ~p",
[ClientInfo]),
{stop, maps:merge(AuthResult, verify_claims(Checklists, Claims, ClientInfo))}
end
end.

12
apps/emqx_auth_ldap/src/emqx_acl_ldap.erl
View File

@ -29,8 +29,16 @@
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) ->
case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of
ok -> ok;
{stop, allow} -> {stop, allow};
{stop, deny} -> {stop, deny}
{stop, allow} ->
?LOG_SENSITIVE(debug,
"[LDAP] Allow Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, allow};
{stop, deny} ->
?LOG_SENSITIVE(debug,
"[LDAP] Deny Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, deny}
end.
do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->

2
apps/emqx_auth_ldap/src/emqx_auth_ldap.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_ldap,
[{description, "EMQ X Authentication/ACL with LDAP"},
{vsn, "4.3.6"}, % strict semver, bump manually!
{vsn, "4.3.7"}, % strict semver, bump manually!
{modules, []},
{registered, [emqx_auth_ldap_sup]},
{applications, [kernel,stdlib,eldap2,ecpool]},

10
apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src
View File

@ -1,7 +1,10 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.3.5",
[{"4.3.6",
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
{"4.3.5",
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
@ -21,7 +24,10 @@
{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.3.5",
[{"4.3.6",
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
{"4.3.5",
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},

3
apps/emqx_auth_ldap/src/emqx_auth_ldap.erl
View File

@ -58,6 +58,9 @@ check(ClientInfo = #{username := Username, password := Password}, AuthResult,
end,
case CheckResult of
ok ->
?LOG_SENSITIVE(debug,
"[LDAP] Auth from ldap succeeded, Client: ~p",
[ClientInfo]),
{stop, AuthResult#{auth_result => success, anonymous => false}};
{error, not_found} ->
ok;

7
apps/emqx_auth_mnesia/src/emqx_acl_mnesia.erl
View File

@ -17,6 +17,7 @@
-module(emqx_acl_mnesia).
-include("emqx_auth_mnesia.hrl").
-include_lib("emqx/include/logger.hrl").
%% ACL Callbacks
-export([ init/0
@ -43,8 +44,14 @@ check_acl(ClientInfo = #{ clientid := Clientid }, PubSub, Topic, _NoMatchAction,
case match(ClientInfo, PubSub, Topic, Acls) of
allow ->
?LOG_SENSITIVE(debug,
"[Mnesia] Allow Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, allow};
deny ->
?LOG_SENSITIVE(debug,
"[Mnesia] Deny Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, deny};
_ ->
ok

2
apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_mnesia,
[{description, "EMQ X Authentication with Mnesia"},
{vsn, "4.3.10"}, % strict semver, bump manually
{vsn, "4.3.11"}, % strict semver, bump manually
{modules, []},
{registered, []},
{applications, [kernel,stdlib,mnesia]},

40
apps/emqx_auth_mnesia/src/emqx_auth_mnesia.appup.src
View File

@ -1,13 +1,25 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.3.9",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{"4.3.8",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
[{"4.3.10",
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]},
{"4.3.9",
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{"4.3.8",
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{"4.3.7",
[{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[5-6]">>,
[{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_db,brutal_purge,soft_purge,[]},
@ -35,13 +47,25 @@
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.3.9",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{"4.3.8",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
[{"4.3.10",
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]},
{"4.3.9",
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{"4.3.8",
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{"4.3.7",
[{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[5-6]">>,
[{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mnesia_db,brutal_purge,soft_purge,[]},

3
apps/emqx_auth_mnesia/src/emqx_auth_mnesia.erl
View File

@ -70,6 +70,9 @@ check(ClientInfo = #{ clientid := Clientid
?LOG(info, "[Mnesia] Auth from mnesia failed: ~p", [Info]),
{stop, AuthResult#{anonymous => false, auth_result => password_error}};
_ ->
?LOG_SENSITIVE(debug,
"[Mnesia] Auth from mnesia succeeded, Client: ~p",
[ClientInfo]),
{stop, AuthResult#{anonymous => false, auth_result => success}}
end
end.

12
apps/emqx_auth_mongo/src/emqx_acl_mongo.erl
View File

@ -38,8 +38,16 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery})
[] -> ok;
Rows ->
try match(ClientInfo, Topic, topics(PubSub, Rows)) of
matched -> {stop, allow};
nomatch -> {stop, deny}
matched ->
?LOG_SENSITIVE(debug,
"[MongoDB] Allow Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, allow};
nomatch ->
?LOG_SENSITIVE(debug,
"[MongoDB] Deny Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, deny}
catch
_Err:Reason->
?LOG(error, "[MongoDB] Check mongo ~p ACL failed, got ACL config: ~p, error: :~p",

2
apps/emqx_auth_mongo/src/emqx_auth_mongo.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_mongo,
[{description, "EMQ X Authentication/ACL with MongoDB"},
{vsn, "4.4.5"}, % strict semver, bump manually!
{vsn, "4.4.6"}, % strict semver, bump manually!
{modules, []},
{registered, [emqx_auth_mongo_sup]},
{applications, [kernel,stdlib,mongodb,ecpool]},

28
apps/emqx_auth_mongo/src/emqx_auth_mongo.appup.src
View File

@ -1,12 +1,19 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.4.4",[{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
[{"4.4.5",
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{"4.4.4",
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[2-3]">>,
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{"4.4.1",
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo_sup,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{"4.4.0",
@ -15,12 +22,19 @@
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.4.4",[{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[2-3]">>,
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
[{"4.4.5",
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{"4.4.4",
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[2-3]">>,
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{"4.4.1",
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo_sup,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
{"4.4.0",

3
apps/emqx_auth_mongo/src/emqx_auth_mongo.erl
View File

@ -68,6 +68,9 @@ check(ClientInfo = #{password := Password}, AuthResult,
case Result of
ok ->
?tp(emqx_auth_mongo_superuser_check_authn_ok, #{}),
?LOG_SENSITIVE(debug,
"[MongoDB] Auth from mongo succeeded, Client: ~p",
[ClientInfo]),
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
anonymous => false,
auth_result => success}};

12
apps/emqx_auth_mysql/src/emqx_acl_mysql.erl
View File

@ -29,8 +29,16 @@
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
ok -> ok;
{stop, allow} -> {stop, allow};
{stop, deny} -> {stop, deny}
{stop, allow} ->
?LOG_SENSITIVE(debug,
"[MySQL] Allow Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, allow};
{stop, deny} ->
?LOG_SENSITIVE(debug,
"[MySQL] Allow Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, deny}
end.
do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->

2
apps/emqx_auth_mysql/src/emqx_auth_mysql.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_mysql,
[{description, "EMQ X Authentication/ACL with MySQL"},
{vsn, "4.3.4"}, % strict semver, bump manually!
{vsn, "4.3.5"}, % strict semver, bump manually!
{modules, []},
{registered, [emqx_auth_mysql_sup]},
{applications, [kernel,stdlib,mysql,ecpool]},

24
apps/emqx_auth_mysql/src/emqx_auth_mysql.appup.src
View File

@ -1,10 +1,17 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.3.3",
[{"4.3.4",
[{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
{"4.3.3",
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[1-2]">>,
[{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
{"4.3.0",
@ -13,11 +20,17 @@
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.3.3",
[{"4.3.4",
[{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
{"4.3.3",
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[1-2]">>,
[{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
{"4.3.0",
@ -25,5 +38,4 @@
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}]
}.
{<<".*">>,[]}]}.

3
apps/emqx_auth_mysql/src/emqx_auth_mysql.erl
View File

@ -46,6 +46,9 @@ check(ClientInfo = #{password := Password}, AuthResult,
end,
case CheckPass of
ok ->
?LOG_SENSITIVE(debug,
"[MySQL] Auth from mysql succeeded, Client: ~p",
[ClientInfo]),
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
anonymous => false,
auth_result => success}};

15
apps/emqx_auth_pgsql/src/emqx_acl_pgsql.erl
View File

@ -36,9 +36,17 @@ do_check_acl(Pool, ClientInfo, PubSub, Topic, _NoMatchAction, #{acl_query := {Ac
{ok, _, Rows} ->
Rules = filter(PubSub, compile(Rows)),
case match(ClientInfo, Topic, Rules) of
{matched, allow} -> {stop, allow};
{matched, deny} -> {stop, deny};
nomatch -> ok
{matched, allow} ->
?LOG_SENSITIVE(debug,
"[Postgres] Allow Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, allow};
{matched, deny} ->
?LOG_SENSITIVE(debug,
"[Postgres] Deny Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, deny};
nomatch -> ok
end;
{error, Reason} ->
?LOG(error, "[Postgres] do_check_acl error: ~p~n", [Reason]),
@ -105,4 +113,3 @@ empty(null) -> true;
empty("") -> true;
empty(<<>>) -> true;
empty(_) -> false.

2
apps/emqx_auth_pgsql/src/emqx_auth_pgsql.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_pgsql,
[{description, "EMQ X Authentication/ACL with PostgreSQL"},
{vsn, "4.4.4"}, % strict semver, bump manually!
{vsn, "4.4.5"}, % strict semver, bump manually!
{modules, []},
{registered, [emqx_auth_pgsql_sup]},
{applications, [kernel,stdlib,epgsql,ecpool]},

23
apps/emqx_auth_pgsql/src/emqx_auth_pgsql.appup.src
View File

@ -1,20 +1,29 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.4.3",
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
[{"4.4.4",
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
{"4.4.3",
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[0-2]">>,
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.4.3",
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
[{"4.4.4",
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
{"4.4.3",
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
{<<"4\\.4\\.[0-2]">>,
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}]}.

3
apps/emqx_auth_pgsql/src/emqx_auth_pgsql.erl
View File

@ -45,6 +45,9 @@ check(ClientInfo = #{password := Password}, AuthResult,
end,
case CheckPass of
ok ->
?LOG_SENSITIVE(debug,
"[Postgres] Auth from pgsql succeeded, Client: ~p",
[ClientInfo]),
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
anonymous => false,
auth_result => success}};

13
apps/emqx_auth_redis/src/emqx_acl_redis.erl
View File

@ -33,8 +33,16 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult,
{ok, []} -> ok;
{ok, Rules} ->
case match(ClientInfo, PubSub, Topic, Rules) of
allow -> {stop, allow};
nomatch -> {stop, deny}
allow ->
?LOG_SENSITIVE(debug,
"[Redis] Allow Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, allow};
nomatch ->
?LOG_SENSITIVE(debug,
"[Redis] Deny Topic: ~p, Action: ~p for Client: ~p",
[Topic, PubSub, ClientInfo]),
{stop, deny}
end;
{error, Reason} ->
?LOG(error, "[Redis] do_check_acl error: ~p", [Reason]),
@ -71,4 +79,3 @@ feed_var(Str, Var, Val) ->
b2i(Bin) -> list_to_integer(binary_to_list(Bin)).
description() -> "Redis ACL Module".

2
apps/emqx_auth_redis/src/emqx_auth_redis.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_auth_redis,
[{description, "EMQ X Authentication/ACL with Redis"},
{vsn, "4.3.4"}, % strict semver, bump manually!
{vsn, "4.3.5"}, % strict semver, bump manually!
{modules, []},
{registered, [emqx_auth_redis_sup]},
{applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},

20
apps/emqx_auth_redis/src/emqx_auth_redis.appup.src
View File

@ -1,11 +1,15 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"4.3.3",
[{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
[{"4.3.4",
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
{"4.3.3",
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[1-2]">>,
[{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
{"4.3.0",
@ -14,11 +18,15 @@
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.3.3",
[{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
[{"4.3.4",
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
{"4.3.3",
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
{<<"4\\.3\\.[1-2]">>,
[{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
{"4.3.0",

2
changes/v4.4.15-en.md
View File

@ -14,6 +14,8 @@
- Now the corresponding session will be kicked when client is banned by `clientid` [#9904](https://github.com/emqx/emqx/pull/9904).
- Add more debug logs for authentication and ACL [#9943](https://github.com/emqx/emqx/pull/9943).
## Bug fixes
- Fixed an error when forward MQTT messages with User-Property using the `republish` action [#9942](https://github.com/emqx/emqx/pull/9942).

2
changes/v4.4.15-zh.md
View File

@ -14,6 +14,8 @@
- 现在客户端通过 `clientid` 被封禁时将会踢掉对应的会话 [#9904](https://github.com/emqx/emqx/pull/9904)。
- 为认证和授权添加了更多调试日志 [#9943](https://github.com/emqx/emqx/pull/9943)。
## 修复
- 修复使用 `消息重发布` 动作转发带 User-Property 的 MQTT 消息时出错的问题 [#9942](https://github.com/emqx/emqx/pull/9942)。