remove is_superuser/2 callback
This commit is contained in:
Feng
parent
aa3c8b2821
commit
f510ab894f
|
|
@ -60,6 +60,7 @@ auth(_Client, _Password, []) ->
|
||||||
auth(Client, Password, [{Mod, State, _Seq} | Mods]) ->
|
auth(Client, Password, [{Mod, State, _Seq} | Mods]) ->
|
||||||
case catch Mod:check(Client, Password, State) of
|
case catch Mod:check(Client, Password, State) of
|
||||||
ok -> ok;
|
ok -> ok;
|
||||||
|
{ok, IsSuper} -> {ok, IsSuper};
|
||||||
ignore -> auth(Client, Password, Mods);
|
ignore -> auth(Client, Password, Mods);
|
||||||
{error, Reason} -> {error, Reason};
|
{error, Reason} -> {error, Reason};
|
||||||
{'EXIT', Error} -> {error, Error}
|
{'EXIT', Error} -> {error, Error}
|
||||||
|
|
|
||||||
|
|
@ -19,13 +19,11 @@
|
||||||
|
|
||||||
-behaviour(emqttd_auth_mod).
|
-behaviour(emqttd_auth_mod).
|
||||||
|
|
||||||
-export([init/1, check/3, is_superuser/2, description/0]).
|
-export([init/1, check/3, description/0]).
|
||||||
|
|
||||||
init(Opts) -> {ok, Opts}.
|
init(Opts) -> {ok, Opts}.
|
||||||
|
|
||||||
check(_Client, _Password, _Opts) -> ok.
|
check(_Client, _Password, _Opts) -> ok.
|
||||||
|
|
||||||
is_superuser(_Client, _Opts) -> false.
|
|
||||||
|
|
||||||
description() -> "Anonymous Authentication Module".
|
description() -> "Anonymous Authentication Module".
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@
|
||||||
-behaviour(emqttd_auth_mod).
|
-behaviour(emqttd_auth_mod).
|
||||||
|
|
||||||
%% emqttd_auth_mod callbacks
|
%% emqttd_auth_mod callbacks
|
||||||
-export([init/1, check/3, is_superuser/2, description/0]).
|
-export([init/1, check/3, description/0]).
|
||||||
|
|
||||||
-define(AUTH_CLIENTID_TAB, mqtt_auth_clientid).
|
-define(AUTH_CLIENTID_TAB, mqtt_auth_clientid).
|
||||||
|
|
||||||
|
|
@ -88,8 +88,6 @@ check(#mqtt_client{client_id = ClientId}, Password, [{password, yes}|_]) ->
|
||||||
_ -> {error, password_error}
|
_ -> {error, password_error}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
is_superuser(_Client, _Opts) -> false.
|
|
||||||
|
|
||||||
description() -> "ClientId authentication module".
|
description() -> "ClientId authentication module".
|
||||||
|
|
||||||
%%--------------------------------------------------------------------
|
%%--------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
|
@ -30,13 +30,11 @@
|
||||||
|
|
||||||
-callback(init(AuthOpts :: list()) -> {ok, State :: any()}).
|
-callback(init(AuthOpts :: list()) -> {ok, State :: any()}).
|
||||||
|
|
||||||
-callback(check(Client, Password, State) -> ok | ignore | {error, string()} when
|
-callback(check(Client, Password, State) -> ok | | {ok, boolean()} | ignore | {error, string()} when
|
||||||
Client :: mqtt_client(),
|
Client :: mqtt_client(),
|
||||||
Password :: binary(),
|
Password :: binary(),
|
||||||
State :: any()).
|
State :: any()).
|
||||||
|
|
||||||
-callback(is_superuser(Client :: mqtt_client(), State :: any()) -> boolean()).
|
|
||||||
|
|
||||||
-callback(description() -> string()).
|
-callback(description() -> string()).
|
||||||
|
|
||||||
-else.
|
-else.
|
||||||
|
|
@ -44,7 +42,7 @@
|
||||||
-export([behaviour_info/1]).
|
-export([behaviour_info/1]).
|
||||||
|
|
||||||
behaviour_info(callbacks) ->
|
behaviour_info(callbacks) ->
|
||||||
[{init, 1}, {check, 3}, {is_superuser, 2}, {description, 0}];
|
[{init, 1}, {check, 3}, {description, 0}];
|
||||||
behaviour_info(_Other) ->
|
behaviour_info(_Other) ->
|
||||||
undefined.
|
undefined.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@
|
||||||
-export([add_user/2, remove_user/1, lookup_user/1, all_users/0]).
|
-export([add_user/2, remove_user/1, lookup_user/1, all_users/0]).
|
||||||
|
|
||||||
%% emqttd_auth callbacks
|
%% emqttd_auth callbacks
|
||||||
-export([init/1, check/3, is_superuser/2, description/0]).
|
-export([init/1, check/3, description/0]).
|
||||||
|
|
||||||
-define(AUTH_USERNAME_TAB, mqtt_auth_username).
|
-define(AUTH_USERNAME_TAB, mqtt_auth_username).
|
||||||
|
|
||||||
|
|
@ -146,8 +146,6 @@ check(#mqtt_client{username = Username}, Password, _Opts) ->
|
||||||
end
|
end
|
||||||
end.
|
end.
|
||||||
|
|
||||||
is_superuser(_Client, _Opts) -> false.
|
|
||||||
|
|
||||||
description() ->
|
description() ->
|
||||||
"Username password authentication module".
|
"Username password authentication module".
|
||||||
|
|
||||||
|
|
@ -162,5 +160,5 @@ md5_hash(SaltBin, Password) ->
|
||||||
erlang:md5(<<SaltBin/binary, Password/binary>>).
|
erlang:md5(<<SaltBin/binary, Password/binary>>).
|
||||||
|
|
||||||
salt() ->
|
salt() ->
|
||||||
emqttd_time:seed(), Salt = random:uniform(16#ffffffff), <<Salt:32>>.
|
emqttd_time:seed(), Salt = rand:uniform(16#ffffffff), <<Salt:32>>.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -159,12 +159,8 @@ process(Packet = ?CONNECT_PACKET(Var), State0) ->
|
||||||
{ReturnCode1, SessPresent, State3} =
|
{ReturnCode1, SessPresent, State3} =
|
||||||
case validate_connect(Var, State1) of
|
case validate_connect(Var, State1) of
|
||||||
?CONNACK_ACCEPT ->
|
?CONNACK_ACCEPT ->
|
||||||
Client = client(State1),
|
case authenticate(client(State1), Password) of
|
||||||
case emqttd_access_control:auth(Client, Password) of
|
{ok, IsSuperuser} ->
|
||||||
ok ->
|
|
||||||
%% Is Superuser?
|
|
||||||
IsSuperuser = emqttd_access_control:is_superuser(Client),
|
|
||||||
|
|
||||||
%% Generate clientId if null
|
%% Generate clientId if null
|
||||||
State2 = maybe_set_clientid(State1),
|
State2 = maybe_set_clientid(State1),
|
||||||
|
|
||||||
|
|
@ -190,7 +186,9 @@ process(Packet = ?CONNECT_PACKET(Var), State0) ->
|
||||||
%% Run hooks
|
%% Run hooks
|
||||||
emqttd:run_hooks('client.connected', [ReturnCode1], client(State3)),
|
emqttd:run_hooks('client.connected', [ReturnCode1], client(State3)),
|
||||||
%% Send connack
|
%% Send connack
|
||||||
send(?CONNACK_PACKET(ReturnCode1, sp(SessPresent)), State3);
|
send(?CONNACK_PACKET(ReturnCode1, sp(SessPresent)), State3),
|
||||||
|
%% stop if authentication failure
|
||||||
|
stop_if_auth_failure(ReturnCode1, State3);
|
||||||
|
|
||||||
process(Packet = ?PUBLISH_PACKET(_Qos, Topic, _PacketId, _Payload), State = #proto_state{is_superuser = IsSuper}) ->
|
process(Packet = ?PUBLISH_PACKET(_Qos, Topic, _PacketId, _Payload), State = #proto_state{is_superuser = IsSuper}) ->
|
||||||
case IsSuper orelse allow == check_acl(publish, Topic, client(State)) of
|
case IsSuper orelse allow == check_acl(publish, Topic, client(State)) of
|
||||||
|
|
@ -302,6 +300,12 @@ trace(send, Packet, ProtoState) ->
|
||||||
redeliver({?PUBREL, PacketId}, State) ->
|
redeliver({?PUBREL, PacketId}, State) ->
|
||||||
send(?PUBREL_PACKET(PacketId), State).
|
send(?PUBREL_PACKET(PacketId), State).
|
||||||
|
|
||||||
|
stop_if_auth_failure(RC, State) when RC == ?CONNACK_CREDENTIALS; RC == ?CONNACK_AUTH ->
|
||||||
|
{stop, {shutdown, auth_failure}, State};
|
||||||
|
|
||||||
|
stop_if_auth_failure(_RC, State) ->
|
||||||
|
{ok, State}.
|
||||||
|
|
||||||
shutdown(_Error, #proto_state{client_id = undefined}) ->
|
shutdown(_Error, #proto_state{client_id = undefined}) ->
|
||||||
ignore;
|
ignore;
|
||||||
|
|
||||||
|
|
@ -435,6 +439,13 @@ parse_topic_table(TopicTable) ->
|
||||||
parse_topics(Topics) ->
|
parse_topics(Topics) ->
|
||||||
[emqttd_topic:parse(Topic) || Topic <- Topics].
|
[emqttd_topic:parse(Topic) || Topic <- Topics].
|
||||||
|
|
||||||
|
authenticate(Client, Password) ->
|
||||||
|
case emqttd_access_control:auth(Client, Password) of
|
||||||
|
ok -> {ok, false};
|
||||||
|
{ok, IsSuper} -> {ok, IsSuper};
|
||||||
|
{error, Error} -> {error, Error}
|
||||||
|
end.
|
||||||
|
|
||||||
%% PUBLISH ACL is cached in process dictionary.
|
%% PUBLISH ACL is cached in process dictionary.
|
||||||
check_acl(publish, Topic, Client) ->
|
check_acl(publish, Topic, Client) ->
|
||||||
IfCache = emqttd:conf(cache_acl, true),
|
IfCache = emqttd:conf(cache_acl, true),
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue