ldap plugin

plugins/emqttd_auth_ldap/README.md

@@ -1,9 +1,25 @@
-# emqttd_auth_ldap
 
-LDAP Authentication Plugin.
+## Overview
 
-## Plugin config
+Authentication with LDAP.
+
+## Plugin Config
+
+```
+ {emqttd_auth_ldap, [
+    {servers, ["localhost"]},
+    {port, 389},
+    {timeout, 30},
+    {user_dn, "uid=$u,ou=People,dc=example,dc=com"},
+    {ssl, fasle},
+    {sslopts, [
+        {"certfile", "ssl.crt"},
+        {"keyfile", "ssl.key"}]}
+ ]}
 
 ```
 
-``` 
+## Load Plugin
+
+Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded automatically.
+

plugins/emqttd_auth_ldap/src/emqttd_auth_ldap.erl

@@ -20,11 +20,7 @@
 %%% SOFTWARE.
 %%%-----------------------------------------------------------------------------
 %%% @doc
-<<<<<<< HEAD
 %%% LDAP Authentication Module.
-=======
-%%% LDAP authentication module.
->>>>>>> c6e92388798302ae3b44286f444505d1c385aba7
 %%%
 %%% @end
 %%%-----------------------------------------------------------------------------
@@ -38,7 +34,6 @@
 
 -export([init/1, check/3, description/0]).
 
-<<<<<<< HEAD
 -record(state, {servers, user_dn, options}).
 
 init(Opts) ->
@@ -91,11 +86,4 @@ fill(Username, UserDn) ->
             fun("$u") -> Username;
                 (S) -> S
             end, string:tokens(UserDn, ",="))).
-=======
-init(Opts) -> {ok, Opts}.
-
-check(_Client, _Password, _Opts) -> ingore.
-
-description() -> "LDAP authentication module".
->>>>>>> c6e92388798302ae3b44286f444505d1c385aba7
 

plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_app.erl

@@ -1,4 +1,3 @@
-<<<<<<< HEAD
 %%%-----------------------------------------------------------------------------
 %%% Copyright (c) 2012-2015 eMQTT.IO, All Rights Reserved.
 %%%
@@ -21,7 +20,7 @@
 %%% SOFTWARE.
 %%%-----------------------------------------------------------------------------
 %%% @doc
-%%% ldap authentication app.
+%%% LDAP Authentication APP.
 %%%
 %%% @end
 %%%-----------------------------------------------------------------------------
@@ -40,8 +39,8 @@
 %%%=============================================================================
 
 start(_StartType, _StartArgs) ->
-    Opts = application:get_all_env(emqttd_auth_ldap, ldap),
-    emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Opts),
+    Env = application:get_all_env(emqttd_auth_ldap),
+    emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env),
     supervisor:start_link({local, ?MODULE}, ?MODULE, []).
 
 prep_stop(State) ->
@@ -51,31 +50,10 @@ stop(_State) ->
     ok.
 
 %%%=============================================================================
-%%% Supervisor callbacks
+%%% Supervisor callbacks(Dummy)
 %%%=============================================================================
 
 init([]) ->
     {ok, { {one_for_one, 5, 10}, []} }.
 
-=======
--module(emqttd_auth_ldap_app).
-
--behaviour(application).
 
-%% Application callbacks
--export([start/2, stop/1]).
-
-%% ===================================================================
-%% Application callbacks
-%% ===================================================================
-
-start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqttd_auth_ldap_sup:start_link(),
-    Env = application:get_all_env(),
-    emqttd_access_control:register_mod(auth, emqttd_auth_ldap, Env),
-    {ok, Sup}.
-
-stop(_State) ->
-    emqttd_access_control:unregister_mod(auth, emqttd_auth_ldap),
-    ok.
->>>>>>> c6e92388798302ae3b44286f444505d1c385aba7

plugins/emqttd_auth_ldap/src/emqttd_auth_ldap_sup.erl

@@ -1,27 +0,0 @@
--module(emqttd_auth_ldap_sup).
-
--behaviour(supervisor).
-
-%% API
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-%% Helper macro for declaring children of supervisor
--define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}).
-
-%% ===================================================================
-%% API functions
-%% ===================================================================
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-%% ===================================================================
-%% Supervisor callbacks
-%% ===================================================================
-
-init([]) ->
-    {ok, { {one_for_one, 5, 10}, []} }.
-

plugins/emqttd_auth_mysql/README.md

@@ -2,7 +2,32 @@
 
 Authentication with user table of MySQL database.
 
-## User Table
+## etc/plugin.config
+
+```erlang
+[
+ {emysql, [
+    {pool,      4},
+    {host,      "localhost"},
+    {port,      3306},
+    {username,  ""}, 
+    {password,  ""},
+    {database,  "mqtt"},
+    {encoding,  utf8}
+ ]},
+ {emqttd_auth_mysql, [
+    {user_table, mqtt_users},
+    %% plain password only
+    {password_hash, plain},
+    {field_mapper, [
+        {username, username},
+        {password, password}
+    ]}
+ ]}
+].
+```
+
+## Users Table(Demo)
 
 Notice: This is a demo table. You could authenticate with any user tables.
 
@@ -18,8 +43,7 @@ CREATE TABLE `mqtt_users` (
 ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
 ```
 
-## Plugins config
-
-Please configure 'etc/plugins.config' to loade emysql and emqttd_auth_mysql plugins.
+## Load Plugin
 
+Merge the'etc/plugin.config' to emqttd/etc/plugins.config, and the plugin will be loaded by the  broker.
 

plugins/emqttd_auth_mysql/etc/plugin.config

@@ -0,0 +1,18 @@
+[
+ {emysql, [
+    {pool,      4},
+    {host,      "localhost"},
+    {port,      3306},
+    {username,  "root"}, 
+    {password,  "public"},
+    {database,  "mqtt"},
+    {encoding,  utf8}
+ ]},
+ {emqttd_auth_mysql, [
+    {users_table, mqtt_users},
+    {field_mapper, [
+        {username, username},
+        {password, password, plain}
+    ]}
+ ]}
+].

plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.app.src

@@ -1,7 +1,7 @@
 {application, emqttd_auth_mysql,
  [
-  {description, ""},
-  {vsn, "0.1"},
+  {description, "emqttd MySQL Authentication Plugin"},
+  {vsn, "1.0"},
   {registered, []},
   {applications, [
                   kernel,

plugins/emqttd_auth_mysql/src/emqttd_auth_mysql.erl

@@ -20,7 +20,7 @@
 %%% SOFTWARE.
 %%%-----------------------------------------------------------------------------
 %%% @doc
-%%% emqttd authentication by mysql user table.
+%%% emqttd authentication by mysql 'user' table.
 %%%
 %%% @end
 %%%-----------------------------------------------------------------------------
@@ -34,22 +34,42 @@
 
 -export([init/1, check/3, description/0]).
 
--record(state, {user_tab}).
+-record(state, {user_table, name_field, pass_field, pass_hash}).
 
 init(Opts) -> 
-    UserTab = proplists:get_value(user_table, Opts, mqtt_users),
-    {ok, #state{user_tab = UserTab}}.
+    Mapper = proplists:get_value(field_mapper, Opts),
+    {ok, #state{user_table  = proplists:get_value(user_table, Opts, mqtt_users),
+                name_field = proplists:get_value(username, Mapper),
+                pass_field = proplists:get_value(password, Mapper),
+                pass_hash = proplists:get_value(Opts, password_hash)}}.
 
 check(#mqtt_client{username = undefined}, _Password, _State) ->
     {error, "Username undefined"};
 check(_Client, undefined, _State) ->
     {error, "Password undefined"};
-check(#mqtt_client{username = Username}, Password, #state{user_tab = UserTab}) ->
-    %%TODO: hash password...
-    case emysql:select(UserTab, {'and', {username, Username}, {password, Password}}) of
-        {ok, []} -> {error, "Username or Password not match"};
+check(#mqtt_client{username = Username}, Password,
+      #state{user_table = UserTab, pass_hash = Type,
+             name_field = NameField, pass_field = PassField}) ->
+    Where = {'and', {NameField, Username}, {PassField, hash(Type, Password)}},
+    case emysql:select(UserTab, Where) of
+        {ok, []} -> {error, "Username or Password "};
         {ok, _Record} -> ok
     end.
 
 description() -> "Authentication by MySQL".
 
+hash(plain, Password) ->
+    Password;
+
+hash(md5, Password) ->
+    hexstring(crypto:hash(md5, Password));
+
+hash(sha, Password) ->
+    hexstring(crypto:hash(sha, Password)).
+
+hexstring(<<X:128/big-unsigned-integer>>) ->
+    lists:flatten(io_lib:format("~32.16.0b", [X]));
+
+hexstring(<<X:160/big-unsigned-integer>>) ->
+    lists:flatten(io_lib:format("~40.16.0b", [X])).
+

plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_app.erl

@@ -20,27 +20,40 @@
 %%% SOFTWARE.
 %%%-----------------------------------------------------------------------------
 %%% @doc
-%%% mysql authentication app.
+%%% emqttd mysql authentication app.
 %%%
 %%% @end
 %%%-----------------------------------------------------------------------------
 -module(emqttd_auth_mysql_app).
 
 -behaviour(application).
-
 %% Application callbacks
--export([start/2, stop/1]).
+-export([start/2, prep_stop/1, stop/1]).
 
-%% ===================================================================
-%% Application callbacks
-%% ===================================================================
+-behaviour(supervisor).
+%% Supervisor callbacks
+-export([init/1]).
+
+%%%=============================================================================
+%%% Application callbacks
+%%%=============================================================================
 
 start(_StartType, _StartArgs) ->
-    {ok, Sup} = emqttd_auth_mysql_sup:start_link(),
     Env = application:get_all_env(),
     emqttd_access_control:register_mod(auth, emqttd_auth_mysql, Env),
-    {ok, Sup}.
+    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
+
+prep_stop(State) ->
+    emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql), State.
 
 stop(_State) ->
-    emqttd_access_control:unregister_mod(auth, emqttd_auth_mysql),
     ok.
+
+%%%=============================================================================
+%%% Supervisor callbacks(Dummy)
+%%%=============================================================================
+
+init([]) ->
+    {ok, { {one_for_one, 5, 10}, []} }.
+
+

plugins/emqttd_auth_mysql/src/emqttd_auth_mysql_sup.erl

@@ -1,27 +0,0 @@
--module(emqttd_auth_mysql_sup).
-
--behaviour(supervisor).
-
-%% API
--export([start_link/0]).
-
-%% Supervisor callbacks
--export([init/1]).
-
-%% Helper macro for declaring children of supervisor
--define(CHILD(I, Type), {I, {I, start_link, []}, permanent, 5000, Type, [I]}).
-
-%% ===================================================================
-%% API functions
-%% ===================================================================
-
-start_link() ->
-    supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-
-%% ===================================================================
-%% Supervisor callbacks
-%% ===================================================================
-
-init([]) ->
-    {ok, { {one_for_one, 5, 10}, []} }.
-

plugins/emysql/src/emysql_sup.erl

@@ -21,7 +21,7 @@ start_link(Opts) ->
     supervisor:start_link({local, ?MODULE}, ?MODULE, Opts).  
 
 init(Opts) ->
-    PoolSize = proplists:get_value(pool_size, Opts,
+    PoolSize = proplists:get_value(pool, Opts,
                                    erlang:system_info(schedulers)),
     {ok, {{one_for_one, 10, 10},
 		  [{emysql, {emysql, start_link, [PoolSize]}, transient,
@@ -31,3 +31,4 @@ init(Opts) ->
 		}
 	}.
 	
+

rel/files/emqttd.config

@@ -62,8 +62,8 @@
         {packet, [
             %% Max ClientId Length Allowed
             {max_clientid_len, 1024},
-            %% Max Packet Size Allowed, 4K default
-            {max_packet_size,  4096}
+            %% Max Packet Size Allowed, 64K default
+            {max_packet_size,  65536}
         ]},
         %% Client
         {client, [