Merge pull request #9943 from lafirest/fix/more_logs
fix(auth): add more detailed logs for auth/acl
This commit is contained in:
Xinyu Liu
GitHub
commit
df3c114938
|
|
@ -44,7 +44,10 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path :=
|
||||||
Username = maps:get(username, ClientInfo1, undefined),
|
Username = maps:get(username, ClientInfo1, undefined),
|
||||||
case check_acl_request(ACLParams, ClientInfo1) of
|
case check_acl_request(ACLParams, ClientInfo1) of
|
||||||
{ok, 200, <<"ignore">>} -> ok;
|
{ok, 200, <<"ignore">>} -> ok;
|
||||||
{ok, 200, _Body} -> {stop, allow};
|
{ok, 200, _Body} ->
|
||||||
|
?LOG(debug, "Allow ~s to topic ~ts, username: ~ts",
|
||||||
|
[PubSub, Topic, Username]),
|
||||||
|
{stop, allow};
|
||||||
{ok, Code, _Body} ->
|
{ok, Code, _Body} ->
|
||||||
?LOG(warning, "Deny ~s to topic ~ts, username: ~ts, http response code: ~p",
|
?LOG(warning, "Deny ~s to topic ~ts, username: ~ts, http response code: ~p",
|
||||||
[PubSub, Topic, Username, Code]),
|
[PubSub, Topic, Username, Code]),
|
||||||
|
|
@ -74,4 +77,3 @@ check_acl_request(ACLParams =
|
||||||
|
|
||||||
access(subscribe) -> 1;
|
access(subscribe) -> 1;
|
||||||
access(publish) -> 2.
|
access(publish) -> 2.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_auth_http,
|
{application, emqx_auth_http,
|
||||||
[{description, "EMQ X Authentication/ACL with HTTP API"},
|
[{description, "EMQ X Authentication/ACL with HTTP API"},
|
||||||
{vsn, "4.3.10"}, % strict semver, bump manually!
|
{vsn, "4.3.11"}, % strict semver, bump manually!
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, [emqx_auth_http_sup]},
|
{registered, [emqx_auth_http_sup]},
|
||||||
{applications, [kernel,stdlib,ehttpc]},
|
{applications, [kernel,stdlib,ehttpc]},
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,13 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.3.9",[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
|
[{"4.3.10",
|
||||||
|
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.9",
|
||||||
|
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.8",
|
{"4.3.8",
|
||||||
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -39,7 +45,13 @@
|
||||||
{load_module,emqx_auth_http_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_http_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4.3.[0-1]">>,[{restart_application,emqx_auth_http}]},
|
{<<"4.3.[0-1]">>,[{restart_application,emqx_auth_http}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.3.9",[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
|
[{"4.3.10",
|
||||||
|
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.9",
|
||||||
|
[{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_http,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.8",
|
{"4.3.8",
|
||||||
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_http_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_http,brutal_purge,soft_purge,[]},
|
||||||
|
|
|
||||||
|
|
@ -41,19 +41,20 @@ check(ClientInfo, AuthResult, #{auth := AuthParms = #{path := Path},
|
||||||
{ok, 200, <<"ignore">>} ->
|
{ok, 200, <<"ignore">>} ->
|
||||||
ok;
|
ok;
|
||||||
{ok, 200, Body} ->
|
{ok, 200, Body} ->
|
||||||
|
?LOG(debug, "Auth succeeded from path: ~ts, username: ~ts", [Path, Username]),
|
||||||
IsSuperuser = is_superuser(SuperParams, ClientInfo),
|
IsSuperuser = is_superuser(SuperParams, ClientInfo),
|
||||||
{stop, AuthResult#{is_superuser => IsSuperuser,
|
{stop, AuthResult#{is_superuser => IsSuperuser,
|
||||||
auth_result => success,
|
auth_result => success,
|
||||||
anonymous => false,
|
anonymous => false,
|
||||||
mountpoint => mountpoint(Body, ClientInfo)}};
|
mountpoint => mountpoint(Body, ClientInfo)}};
|
||||||
{ok, Code, _Body} ->
|
{ok, Code, _Body} ->
|
||||||
?LOG(warning, "Deny connection from path: ~s, username: ~ts, http "
|
?LOG(warning, "Deny connection from path: ~ts, username: ~ts, http "
|
||||||
"response code: ~p",
|
"response code: ~p",
|
||||||
[Path, Username, Code]),
|
[Path, Username, Code]),
|
||||||
{stop, AuthResult#{auth_result => http_to_connack_error(Code),
|
{stop, AuthResult#{auth_result => http_to_connack_error(Code),
|
||||||
anonymous => false}};
|
anonymous => false}};
|
||||||
{error, Error} ->
|
{error, Error} ->
|
||||||
?LOG_SENSITIVE(warning, "Deny connection from path: ~s, username: ~ts, due to "
|
?LOG_SENSITIVE(warning, "Deny connection from path: ~ts, username: ~ts, due to "
|
||||||
"request http-server failed: ~0p", [Path, Username, Error]),
|
"request http-server failed: ~0p", [Path, Username, Error]),
|
||||||
%%FIXME later: server_unavailable is not right.
|
%%FIXME later: server_unavailable is not right.
|
||||||
{stop, AuthResult#{auth_result => server_unavailable,
|
{stop, AuthResult#{auth_result => server_unavailable,
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,17 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.4.8",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
|
[{"4.4.8",
|
||||||
|
[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.4\\.[2-7]">>,
|
{<<"4\\.4\\.[2-7]">>,
|
||||||
[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.4\\.[0-1]">>,[{restart_application,emqx_auth_jwt}]},
|
{<<"4\\.4\\.[0-1]">>,[{restart_application,emqx_auth_jwt}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.4.8",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
|
[{"4.4.8",
|
||||||
|
[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.4\\.[2-7]">>,
|
{<<"4\\.4\\.[2-7]">>,
|
||||||
[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]},
|
||||||
|
|
|
||||||
|
|
@ -51,8 +51,14 @@ check_auth(ClientInfo, AuthResult, #{from := From, checklists := Checklists}) ->
|
||||||
{error, not_token} ->
|
{error, not_token} ->
|
||||||
ok;
|
ok;
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"Auth from JWT failed, Client: ~p, Reason: ~p",
|
||||||
|
[ClientInfo, Reason]),
|
||||||
{stop, AuthResult#{auth_result => Reason, anonymous => false}};
|
{stop, AuthResult#{auth_result => Reason, anonymous => false}};
|
||||||
{ok, Claims} ->
|
{ok, Claims} ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"Auth from JWT succeeded, Client: ~p",
|
||||||
|
[ClientInfo]),
|
||||||
{stop, maps:merge(AuthResult, verify_claims(Checklists, Claims, ClientInfo))}
|
{stop, maps:merge(AuthResult, verify_claims(Checklists, Claims, ClientInfo))}
|
||||||
end
|
end
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
|
|
@ -29,8 +29,16 @@
|
||||||
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) ->
|
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) ->
|
||||||
case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of
|
case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of
|
||||||
ok -> ok;
|
ok -> ok;
|
||||||
{stop, allow} -> {stop, allow};
|
{stop, allow} ->
|
||||||
{stop, deny} -> {stop, deny}
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[LDAP] Allow Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, allow};
|
||||||
|
{stop, deny} ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[LDAP] Deny Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, deny}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
|
do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_auth_ldap,
|
{application, emqx_auth_ldap,
|
||||||
[{description, "EMQ X Authentication/ACL with LDAP"},
|
[{description, "EMQ X Authentication/ACL with LDAP"},
|
||||||
{vsn, "4.3.6"}, % strict semver, bump manually!
|
{vsn, "4.3.7"}, % strict semver, bump manually!
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, [emqx_auth_ldap_sup]},
|
{registered, [emqx_auth_ldap_sup]},
|
||||||
{applications, [kernel,stdlib,eldap2,ecpool]},
|
{applications, [kernel,stdlib,eldap2,ecpool]},
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,10 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.3.5",
|
[{"4.3.6",
|
||||||
|
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.5",
|
||||||
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
|
||||||
|
|
@ -21,7 +24,10 @@
|
||||||
{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.3.5",
|
[{"4.3.6",
|
||||||
|
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.5",
|
||||||
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_ldap,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_ldap_cli,brutal_purge,soft_purge,[]}]},
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,9 @@ check(ClientInfo = #{username := Username, password := Password}, AuthResult,
|
||||||
end,
|
end,
|
||||||
case CheckResult of
|
case CheckResult of
|
||||||
ok ->
|
ok ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[LDAP] Auth from ldap succeeded, Client: ~p",
|
||||||
|
[ClientInfo]),
|
||||||
{stop, AuthResult#{auth_result => success, anonymous => false}};
|
{stop, AuthResult#{auth_result => success, anonymous => false}};
|
||||||
{error, not_found} ->
|
{error, not_found} ->
|
||||||
ok;
|
ok;
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@
|
||||||
-module(emqx_acl_mnesia).
|
-module(emqx_acl_mnesia).
|
||||||
|
|
||||||
-include("emqx_auth_mnesia.hrl").
|
-include("emqx_auth_mnesia.hrl").
|
||||||
|
-include_lib("emqx/include/logger.hrl").
|
||||||
|
|
||||||
%% ACL Callbacks
|
%% ACL Callbacks
|
||||||
-export([ init/0
|
-export([ init/0
|
||||||
|
|
@ -43,8 +44,14 @@ check_acl(ClientInfo = #{ clientid := Clientid }, PubSub, Topic, _NoMatchAction,
|
||||||
|
|
||||||
case match(ClientInfo, PubSub, Topic, Acls) of
|
case match(ClientInfo, PubSub, Topic, Acls) of
|
||||||
allow ->
|
allow ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[Mnesia] Allow Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
{stop, allow};
|
{stop, allow};
|
||||||
deny ->
|
deny ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[Mnesia] Deny Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
{stop, deny};
|
{stop, deny};
|
||||||
_ ->
|
_ ->
|
||||||
ok
|
ok
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_auth_mnesia,
|
{application, emqx_auth_mnesia,
|
||||||
[{description, "EMQ X Authentication with Mnesia"},
|
[{description, "EMQ X Authentication with Mnesia"},
|
||||||
{vsn, "4.3.10"}, % strict semver, bump manually
|
{vsn, "4.3.11"}, % strict semver, bump manually
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, []},
|
{registered, []},
|
||||||
{applications, [kernel,stdlib,mnesia]},
|
{applications, [kernel,stdlib,mnesia]},
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,25 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.3.9",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
[{"4.3.10",
|
||||||
{"4.3.8",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.9",
|
||||||
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.8",
|
||||||
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.7",
|
{"4.3.7",
|
||||||
[{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.3\\.[5-6]">>,
|
{<<"4\\.3\\.[5-6]">>,
|
||||||
[{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_mnesia_db,brutal_purge,soft_purge,[]},
|
{load_module,emqx_acl_mnesia_db,brutal_purge,soft_purge,[]},
|
||||||
|
|
@ -35,13 +47,25 @@
|
||||||
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]},
|
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.3.9",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
[{"4.3.10",
|
||||||
{"4.3.8",[{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.9",
|
||||||
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.8",
|
||||||
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.7",
|
{"4.3.7",
|
||||||
[{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_acl_mnesia_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.3\\.[5-6]">>,
|
{<<"4\\.3\\.[5-6]">>,
|
||||||
[{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_mnesia,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mnesia_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mnesia,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mnesia_api,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_mnesia_db,brutal_purge,soft_purge,[]},
|
{load_module,emqx_acl_mnesia_db,brutal_purge,soft_purge,[]},
|
||||||
|
|
|
||||||
|
|
@ -70,6 +70,9 @@ check(ClientInfo = #{ clientid := Clientid
|
||||||
?LOG(info, "[Mnesia] Auth from mnesia failed: ~p", [Info]),
|
?LOG(info, "[Mnesia] Auth from mnesia failed: ~p", [Info]),
|
||||||
{stop, AuthResult#{anonymous => false, auth_result => password_error}};
|
{stop, AuthResult#{anonymous => false, auth_result => password_error}};
|
||||||
_ ->
|
_ ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[Mnesia] Auth from mnesia succeeded, Client: ~p",
|
||||||
|
[ClientInfo]),
|
||||||
{stop, AuthResult#{anonymous => false, auth_result => success}}
|
{stop, AuthResult#{anonymous => false, auth_result => success}}
|
||||||
end
|
end
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
|
|
@ -38,8 +38,16 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult, Env = #{aclquery := AclQuery})
|
||||||
[] -> ok;
|
[] -> ok;
|
||||||
Rows ->
|
Rows ->
|
||||||
try match(ClientInfo, Topic, topics(PubSub, Rows)) of
|
try match(ClientInfo, Topic, topics(PubSub, Rows)) of
|
||||||
matched -> {stop, allow};
|
matched ->
|
||||||
nomatch -> {stop, deny}
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[MongoDB] Allow Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, allow};
|
||||||
|
nomatch ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[MongoDB] Deny Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, deny}
|
||||||
catch
|
catch
|
||||||
_Err:Reason->
|
_Err:Reason->
|
||||||
?LOG(error, "[MongoDB] Check mongo ~p ACL failed, got ACL config: ~p, error: :~p",
|
?LOG(error, "[MongoDB] Check mongo ~p ACL failed, got ACL config: ~p, error: :~p",
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_auth_mongo,
|
{application, emqx_auth_mongo,
|
||||||
[{description, "EMQ X Authentication/ACL with MongoDB"},
|
[{description, "EMQ X Authentication/ACL with MongoDB"},
|
||||||
{vsn, "4.4.5"}, % strict semver, bump manually!
|
{vsn, "4.4.6"}, % strict semver, bump manually!
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, [emqx_auth_mongo_sup]},
|
{registered, [emqx_auth_mongo_sup]},
|
||||||
{applications, [kernel,stdlib,mongodb,ecpool]},
|
{applications, [kernel,stdlib,mongodb,ecpool]},
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,19 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.4.4",[{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
[{"4.4.5",
|
||||||
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.4.4",
|
||||||
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.4\\.[2-3]">>,
|
{<<"4\\.4\\.[2-3]">>,
|
||||||
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.4.1",
|
{"4.4.1",
|
||||||
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mongo_sup,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mongo_sup,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.4.0",
|
{"4.4.0",
|
||||||
|
|
@ -15,12 +22,19 @@
|
||||||
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.4.4",[{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
[{"4.4.5",
|
||||||
{<<"4\\.4\\.[2-3]">>,
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.4.4",
|
||||||
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
|
{<<"4\\.4\\.[2-3]">>,
|
||||||
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.4.1",
|
{"4.4.1",
|
||||||
[{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_mongo,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mongo_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mongo_sup,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mongo_sup,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mongo,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.4.0",
|
{"4.4.0",
|
||||||
|
|
|
||||||
|
|
@ -68,6 +68,9 @@ check(ClientInfo = #{password := Password}, AuthResult,
|
||||||
case Result of
|
case Result of
|
||||||
ok ->
|
ok ->
|
||||||
?tp(emqx_auth_mongo_superuser_check_authn_ok, #{}),
|
?tp(emqx_auth_mongo_superuser_check_authn_ok, #{}),
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[MongoDB] Auth from mongo succeeded, Client: ~p",
|
||||||
|
[ClientInfo]),
|
||||||
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
|
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
|
||||||
anonymous => false,
|
anonymous => false,
|
||||||
auth_result => success}};
|
auth_result => success}};
|
||||||
|
|
|
||||||
|
|
@ -29,8 +29,16 @@
|
||||||
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
|
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, #{pool := Pool} = State) ->
|
||||||
case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
|
case do_check_acl(Pool, ClientInfo, PubSub, Topic, NoMatchAction, State) of
|
||||||
ok -> ok;
|
ok -> ok;
|
||||||
{stop, allow} -> {stop, allow};
|
{stop, allow} ->
|
||||||
{stop, deny} -> {stop, deny}
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[MySQL] Allow Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, allow};
|
||||||
|
{stop, deny} ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[MySQL] Allow Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, deny}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
|
do_check_acl(_Pool, #{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_auth_mysql,
|
{application, emqx_auth_mysql,
|
||||||
[{description, "EMQ X Authentication/ACL with MySQL"},
|
[{description, "EMQ X Authentication/ACL with MySQL"},
|
||||||
{vsn, "4.3.4"}, % strict semver, bump manually!
|
{vsn, "4.3.5"}, % strict semver, bump manually!
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, [emqx_auth_mysql_sup]},
|
{registered, [emqx_auth_mysql_sup]},
|
||||||
{applications, [kernel,stdlib,mysql,ecpool]},
|
{applications, [kernel,stdlib,mysql,ecpool]},
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,17 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.3.3",
|
[{"4.3.4",
|
||||||
[{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.3",
|
||||||
|
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.3\\.[1-2]">>,
|
{<<"4\\.3\\.[1-2]">>,
|
||||||
[{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.0",
|
{"4.3.0",
|
||||||
|
|
@ -13,11 +20,17 @@
|
||||||
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.3.3",
|
[{"4.3.4",
|
||||||
[{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.3",
|
||||||
|
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.3\\.[1-2]">>,
|
{<<"4\\.3\\.[1-2]">>,
|
||||||
[{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_mysql_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.0",
|
{"4.3.0",
|
||||||
|
|
@ -25,5 +38,4 @@
|
||||||
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mysql_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_mysql,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_acl_mysql,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}]
|
{<<".*">>,[]}]}.
|
||||||
}.
|
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,9 @@ check(ClientInfo = #{password := Password}, AuthResult,
|
||||||
end,
|
end,
|
||||||
case CheckPass of
|
case CheckPass of
|
||||||
ok ->
|
ok ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[MySQL] Auth from mysql succeeded, Client: ~p",
|
||||||
|
[ClientInfo]),
|
||||||
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
|
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
|
||||||
anonymous => false,
|
anonymous => false,
|
||||||
auth_result => success}};
|
auth_result => success}};
|
||||||
|
|
|
||||||
|
|
@ -36,9 +36,17 @@ do_check_acl(Pool, ClientInfo, PubSub, Topic, _NoMatchAction, #{acl_query := {Ac
|
||||||
{ok, _, Rows} ->
|
{ok, _, Rows} ->
|
||||||
Rules = filter(PubSub, compile(Rows)),
|
Rules = filter(PubSub, compile(Rows)),
|
||||||
case match(ClientInfo, Topic, Rules) of
|
case match(ClientInfo, Topic, Rules) of
|
||||||
{matched, allow} -> {stop, allow};
|
{matched, allow} ->
|
||||||
{matched, deny} -> {stop, deny};
|
?LOG_SENSITIVE(debug,
|
||||||
nomatch -> ok
|
"[Postgres] Allow Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, allow};
|
||||||
|
{matched, deny} ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[Postgres] Deny Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, deny};
|
||||||
|
nomatch -> ok
|
||||||
end;
|
end;
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?LOG(error, "[Postgres] do_check_acl error: ~p~n", [Reason]),
|
?LOG(error, "[Postgres] do_check_acl error: ~p~n", [Reason]),
|
||||||
|
|
@ -105,4 +113,3 @@ empty(null) -> true;
|
||||||
empty("") -> true;
|
empty("") -> true;
|
||||||
empty(<<>>) -> true;
|
empty(<<>>) -> true;
|
||||||
empty(_) -> false.
|
empty(_) -> false.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_auth_pgsql,
|
{application, emqx_auth_pgsql,
|
||||||
[{description, "EMQ X Authentication/ACL with PostgreSQL"},
|
[{description, "EMQ X Authentication/ACL with PostgreSQL"},
|
||||||
{vsn, "4.4.4"}, % strict semver, bump manually!
|
{vsn, "4.4.5"}, % strict semver, bump manually!
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, [emqx_auth_pgsql_sup]},
|
{registered, [emqx_auth_pgsql_sup]},
|
||||||
{applications, [kernel,stdlib,epgsql,ecpool]},
|
{applications, [kernel,stdlib,epgsql,ecpool]},
|
||||||
|
|
|
||||||
|
|
@ -1,20 +1,29 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.4.3",
|
[{"4.4.4",
|
||||||
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.4.3",
|
||||||
|
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.4\\.[0-2]">>,
|
{<<"4\\.4\\.[0-2]">>,
|
||||||
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.4.3",
|
[{"4.4.4",
|
||||||
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.4.3",
|
||||||
|
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.4\\.[0-2]">>,
|
{<<"4\\.4\\.[0-2]">>,
|
||||||
[{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_pgsql,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_pgsql_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_pgsql,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_pgsql_app,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}]}.
|
{<<".*">>,[]}]}.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -45,6 +45,9 @@ check(ClientInfo = #{password := Password}, AuthResult,
|
||||||
end,
|
end,
|
||||||
case CheckPass of
|
case CheckPass of
|
||||||
ok ->
|
ok ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[Postgres] Auth from pgsql succeeded, Client: ~p",
|
||||||
|
[ClientInfo]),
|
||||||
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
|
{stop, AuthResult#{is_superuser => is_superuser(Pool, SuperQuery, ClientInfo),
|
||||||
anonymous => false,
|
anonymous => false,
|
||||||
auth_result => success}};
|
auth_result => success}};
|
||||||
|
|
|
||||||
|
|
@ -33,8 +33,16 @@ check_acl(ClientInfo, PubSub, Topic, _AclResult,
|
||||||
{ok, []} -> ok;
|
{ok, []} -> ok;
|
||||||
{ok, Rules} ->
|
{ok, Rules} ->
|
||||||
case match(ClientInfo, PubSub, Topic, Rules) of
|
case match(ClientInfo, PubSub, Topic, Rules) of
|
||||||
allow -> {stop, allow};
|
allow ->
|
||||||
nomatch -> {stop, deny}
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[Redis] Allow Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, allow};
|
||||||
|
nomatch ->
|
||||||
|
?LOG_SENSITIVE(debug,
|
||||||
|
"[Redis] Deny Topic: ~p, Action: ~p for Client: ~p",
|
||||||
|
[Topic, PubSub, ClientInfo]),
|
||||||
|
{stop, deny}
|
||||||
end;
|
end;
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?LOG(error, "[Redis] do_check_acl error: ~p", [Reason]),
|
?LOG(error, "[Redis] do_check_acl error: ~p", [Reason]),
|
||||||
|
|
@ -71,4 +79,3 @@ feed_var(Str, Var, Val) ->
|
||||||
b2i(Bin) -> list_to_integer(binary_to_list(Bin)).
|
b2i(Bin) -> list_to_integer(binary_to_list(Bin)).
|
||||||
|
|
||||||
description() -> "Redis ACL Module".
|
description() -> "Redis ACL Module".
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{application, emqx_auth_redis,
|
{application, emqx_auth_redis,
|
||||||
[{description, "EMQ X Authentication/ACL with Redis"},
|
[{description, "EMQ X Authentication/ACL with Redis"},
|
||||||
{vsn, "4.3.4"}, % strict semver, bump manually!
|
{vsn, "4.3.5"}, % strict semver, bump manually!
|
||||||
{modules, []},
|
{modules, []},
|
||||||
{registered, [emqx_auth_redis_sup]},
|
{registered, [emqx_auth_redis_sup]},
|
||||||
{applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},
|
{applications, [kernel,stdlib,eredis,eredis_cluster,ecpool]},
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,15 @@
|
||||||
%% -*- mode: erlang -*-
|
%% -*- mode: erlang -*-
|
||||||
%% Unless you know what you are doing, DO NOT edit manually!!
|
%% Unless you know what you are doing, DO NOT edit manually!!
|
||||||
{VSN,
|
{VSN,
|
||||||
[{"4.3.3",
|
[{"4.3.4",
|
||||||
[{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.3",
|
||||||
|
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.3\\.[1-2]">>,
|
{<<"4\\.3\\.[1-2]">>,
|
||||||
[{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.0",
|
{"4.3.0",
|
||||||
|
|
@ -14,11 +18,15 @@
|
||||||
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
|
||||||
{<<".*">>,[]}],
|
{<<".*">>,[]}],
|
||||||
[{"4.3.3",
|
[{"4.3.4",
|
||||||
[{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]}]},
|
||||||
|
{"4.3.3",
|
||||||
|
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]}]},
|
||||||
{<<"4\\.3\\.[1-2]">>,
|
{<<"4\\.3\\.[1-2]">>,
|
||||||
[{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
|
[{load_module,emqx_acl_redis,brutal_purge,soft_purge,[]},
|
||||||
|
{load_module,emqx_auth_redis_cli,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
|
{load_module,emqx_auth_redis_app,brutal_purge,soft_purge,[]},
|
||||||
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
|
{load_module,emqx_auth_redis,brutal_purge,soft_purge,[]}]},
|
||||||
{"4.3.0",
|
{"4.3.0",
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,8 @@
|
||||||
|
|
||||||
- Now the corresponding session will be kicked when client is banned by `clientid` [#9904](https://github.com/emqx/emqx/pull/9904).
|
- Now the corresponding session will be kicked when client is banned by `clientid` [#9904](https://github.com/emqx/emqx/pull/9904).
|
||||||
|
|
||||||
|
- Add more debug logs for authentication and ACL [#9943](https://github.com/emqx/emqx/pull/9943).
|
||||||
|
|
||||||
## Bug fixes
|
## Bug fixes
|
||||||
|
|
||||||
- Fixed an error when forward MQTT messages with User-Property using the `republish` action [#9942](https://github.com/emqx/emqx/pull/9942).
|
- Fixed an error when forward MQTT messages with User-Property using the `republish` action [#9942](https://github.com/emqx/emqx/pull/9942).
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,8 @@
|
||||||
|
|
||||||
- 现在客户端通过 `clientid` 被封禁时将会踢掉对应的会话 [#9904](https://github.com/emqx/emqx/pull/9904)。
|
- 现在客户端通过 `clientid` 被封禁时将会踢掉对应的会话 [#9904](https://github.com/emqx/emqx/pull/9904)。
|
||||||
|
|
||||||
|
- 为认证和授权添加了更多调试日志 [#9943](https://github.com/emqx/emqx/pull/9943)。
|
||||||
|
|
||||||
## 修复
|
## 修复
|
||||||
|
|
||||||
- 修复使用 `消息重发布` 动作转发带 User-Property 的 MQTT 消息时出错的问题 [#9942](https://github.com/emqx/emqx/pull/9942)。
|
- 修复使用 `消息重发布` 动作转发带 User-Property 的 MQTT 消息时出错的问题 [#9942](https://github.com/emqx/emqx/pull/9942)。
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue