remove is_superuser/2 callback
This commit is contained in:
Feng
parent
aa3c8b2821
commit
f510ab894f
|
|
@ -60,6 +60,7 @@ auth(_Client, _Password, []) ->
|
|||
auth(Client, Password, [{Mod, State, _Seq} | Mods]) ->
|
||||
case catch Mod:check(Client, Password, State) of
|
||||
ok -> ok;
|
||||
{ok, IsSuper} -> {ok, IsSuper};
|
||||
ignore -> auth(Client, Password, Mods);
|
||||
{error, Reason} -> {error, Reason};
|
||||
{'EXIT', Error} -> {error, Error}
|
||||
|
|
|
|||
|
|
@ -19,13 +19,11 @@
|
|||
|
||||
-behaviour(emqttd_auth_mod).
|
||||
|
||||
-export([init/1, check/3, is_superuser/2, description/0]).
|
||||
-export([init/1, check/3, description/0]).
|
||||
|
||||
init(Opts) -> {ok, Opts}.
|
||||
|
||||
check(_Client, _Password, _Opts) -> ok.
|
||||
|
||||
is_superuser(_Client, _Opts) -> false.
|
||||
|
||||
description() -> "Anonymous Authentication Module".
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@
|
|||
-behaviour(emqttd_auth_mod).
|
||||
|
||||
%% emqttd_auth_mod callbacks
|
||||
-export([init/1, check/3, is_superuser/2, description/0]).
|
||||
-export([init/1, check/3, description/0]).
|
||||
|
||||
-define(AUTH_CLIENTID_TAB, mqtt_auth_clientid).
|
||||
|
||||
|
|
@ -88,8 +88,6 @@ check(#mqtt_client{client_id = ClientId}, Password, [{password, yes}|_]) ->
|
|||
_ -> {error, password_error}
|
||||
end.
|
||||
|
||||
is_superuser(_Client, _Opts) -> false.
|
||||
|
||||
description() -> "ClientId authentication module".
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -30,13 +30,11 @@
|
|||
|
||||
-callback(init(AuthOpts :: list()) -> {ok, State :: any()}).
|
||||
|
||||
-callback(check(Client, Password, State) -> ok | ignore | {error, string()} when
|
||||
-callback(check(Client, Password, State) -> ok | | {ok, boolean()} | ignore | {error, string()} when
|
||||
Client :: mqtt_client(),
|
||||
Password :: binary(),
|
||||
State :: any()).
|
||||
|
||||
-callback(is_superuser(Client :: mqtt_client(), State :: any()) -> boolean()).
|
||||
|
||||
-callback(description() -> string()).
|
||||
|
||||
-else.
|
||||
|
|
@ -44,7 +42,7 @@
|
|||
-export([behaviour_info/1]).
|
||||
|
||||
behaviour_info(callbacks) ->
|
||||
[{init, 1}, {check, 3}, {is_superuser, 2}, {description, 0}];
|
||||
[{init, 1}, {check, 3}, {description, 0}];
|
||||
behaviour_info(_Other) ->
|
||||
undefined.
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
-export([add_user/2, remove_user/1, lookup_user/1, all_users/0]).
|
||||
|
||||
%% emqttd_auth callbacks
|
||||
-export([init/1, check/3, is_superuser/2, description/0]).
|
||||
-export([init/1, check/3, description/0]).
|
||||
|
||||
-define(AUTH_USERNAME_TAB, mqtt_auth_username).
|
||||
|
||||
|
|
@ -146,8 +146,6 @@ check(#mqtt_client{username = Username}, Password, _Opts) ->
|
|||
end
|
||||
end.
|
||||
|
||||
is_superuser(_Client, _Opts) -> false.
|
||||
|
||||
description() ->
|
||||
"Username password authentication module".
|
||||
|
||||
|
|
@ -162,5 +160,5 @@ md5_hash(SaltBin, Password) ->
|
|||
erlang:md5(<<SaltBin/binary, Password/binary>>).
|
||||
|
||||
salt() ->
|
||||
emqttd_time:seed(), Salt = random:uniform(16#ffffffff), <<Salt:32>>.
|
||||
emqttd_time:seed(), Salt = rand:uniform(16#ffffffff), <<Salt:32>>.
|
||||
|
||||
|
|
|
|||
|
|
@ -159,12 +159,8 @@ process(Packet = ?CONNECT_PACKET(Var), State0) ->
|
|||
{ReturnCode1, SessPresent, State3} =
|
||||
case validate_connect(Var, State1) of
|
||||
?CONNACK_ACCEPT ->
|
||||
Client = client(State1),
|
||||
case emqttd_access_control:auth(Client, Password) of
|
||||
ok ->
|
||||
%% Is Superuser?
|
||||
IsSuperuser = emqttd_access_control:is_superuser(Client),
|
||||
|
||||
case authenticate(client(State1), Password) of
|
||||
{ok, IsSuperuser} ->
|
||||
%% Generate clientId if null
|
||||
State2 = maybe_set_clientid(State1),
|
||||
|
||||
|
|
@ -190,7 +186,9 @@ process(Packet = ?CONNECT_PACKET(Var), State0) ->
|
|||
%% Run hooks
|
||||
emqttd:run_hooks('client.connected', [ReturnCode1], client(State3)),
|
||||
%% Send connack
|
||||
send(?CONNACK_PACKET(ReturnCode1, sp(SessPresent)), State3);
|
||||
send(?CONNACK_PACKET(ReturnCode1, sp(SessPresent)), State3),
|
||||
%% stop if authentication failure
|
||||
stop_if_auth_failure(ReturnCode1, State3);
|
||||
|
||||
process(Packet = ?PUBLISH_PACKET(_Qos, Topic, _PacketId, _Payload), State = #proto_state{is_superuser = IsSuper}) ->
|
||||
case IsSuper orelse allow == check_acl(publish, Topic, client(State)) of
|
||||
|
|
@ -302,6 +300,12 @@ trace(send, Packet, ProtoState) ->
|
|||
redeliver({?PUBREL, PacketId}, State) ->
|
||||
send(?PUBREL_PACKET(PacketId), State).
|
||||
|
||||
stop_if_auth_failure(RC, State) when RC == ?CONNACK_CREDENTIALS; RC == ?CONNACK_AUTH ->
|
||||
{stop, {shutdown, auth_failure}, State};
|
||||
|
||||
stop_if_auth_failure(_RC, State) ->
|
||||
{ok, State}.
|
||||
|
||||
shutdown(_Error, #proto_state{client_id = undefined}) ->
|
||||
ignore;
|
||||
|
||||
|
|
@ -435,6 +439,13 @@ parse_topic_table(TopicTable) ->
|
|||
parse_topics(Topics) ->
|
||||
[emqttd_topic:parse(Topic) || Topic <- Topics].
|
||||
|
||||
authenticate(Client, Password) ->
|
||||
case emqttd_access_control:auth(Client, Password) of
|
||||
ok -> {ok, false};
|
||||
{ok, IsSuper} -> {ok, IsSuper};
|
||||
{error, Error} -> {error, Error}
|
||||
end.
|
||||
|
||||
%% PUBLISH ACL is cached in process dictionary.
|
||||
check_acl(publish, Topic, Client) ->
|
||||
IfCache = emqttd:conf(cache_acl, true),
|
||||
|
|
|
|||
Loading…
Reference in New Issue