Inicio Explorar Axuda
Iniciar sesión
kennyh
/
emqx4.3
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

remove is_superuser/2 callback

Feng %!s(int64=9) %!d(string=hai) anos
pai
aa3c8b2821
achega
f510ab894f
Modificáronse 6 ficheiros con 25 adicións e 21 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 0
      src/emqttd_access_control.erl
  2. 1 3
      src/emqttd_auth_anonymous.erl
  3. 1 3
      src/emqttd_auth_clientid.erl
  4. 2 4
      src/emqttd_auth_mod.erl
  5. 2 4
      src/emqttd_auth_username.erl
  6. 18 7
      src/emqttd_protocol.erl

+ 1 - 0
src/emqttd_access_control.erl
Ver ficheiro 

@@ -60,6 +60,7 @@ auth(_Client, _Password, []) ->
 
 auth(Client, Password, [{Mod, State, _Seq} | Mods]) ->
 
     case catch Mod:check(Client, Password, State) of
 
         ok              -> ok;
 
+        {ok, IsSuper}   -> {ok, IsSuper};
 
         ignore          -> auth(Client, Password, Mods);
 
         {error, Reason} -> {error, Reason};
 
         {'EXIT', Error} -> {error, Error}

+ 1 - 3
src/emqttd_auth_anonymous.erl
Ver ficheiro 

@@ -19,13 +19,11 @@
 
 
 -behaviour(emqttd_auth_mod).
 
 
--export([init/1, check/3, is_superuser/2, description/0]).
 
+-export([init/1, check/3, description/0]).
 
 
 init(Opts) -> {ok, Opts}.
 
 
 check(_Client, _Password, _Opts) -> ok.
 
 
-is_superuser(_Client, _Opts) -> false.
 
-
 
 description() -> "Anonymous Authentication Module".

+ 1 - 3
src/emqttd_auth_clientid.erl
Ver ficheiro 

@@ -24,7 +24,7 @@
 
 -behaviour(emqttd_auth_mod).
 
 
 %% emqttd_auth_mod callbacks
 
--export([init/1, check/3, is_superuser/2, description/0]).
 
+-export([init/1, check/3, description/0]).
 
 
 -define(AUTH_CLIENTID_TAB, mqtt_auth_clientid).
 
 
@@ -88,8 +88,6 @@ check(#mqtt_client{client_id = ClientId}, Password, [{password, yes}|_]) ->
 
         _ -> {error, password_error}
 
     end.
 
 
-is_superuser(_Client, _Opts) -> false.
 
-
 
 description() -> "ClientId authentication module".
 
 
 %%--------------------------------------------------------------------

+ 2 - 4
src/emqttd_auth_mod.erl
Ver ficheiro 

@@ -30,13 +30,11 @@
 
 
 -callback(init(AuthOpts :: list()) -> {ok, State :: any()}).
 
 
--callback(check(Client, Password, State) -> ok | ignore | {error, string()} when
 
+-callback(check(Client, Password, State) -> ok | | {ok, boolean()} | ignore | {error, string()} when
 
         Client   :: mqtt_client(),
 
         Password :: binary(),
 
         State    :: any()).
 
 
--callback(is_superuser(Client :: mqtt_client(), State :: any()) -> boolean()).
 
-
 
 -callback(description() -> string()).
 
 
 -else.
 
@@ -44,7 +42,7 @@
 
 -export([behaviour_info/1]).
 
 
 behaviour_info(callbacks) ->
 
-    [{init, 1}, {check, 3}, {is_superuser, 2}, {description, 0}];
 
+    [{init, 1}, {check, 3}, {description, 0}];
 
 behaviour_info(_Other) ->
 
     undefined.

+ 2 - 4
src/emqttd_auth_username.erl
Ver ficheiro 

@@ -31,7 +31,7 @@
 
 -export([add_user/2, remove_user/1, lookup_user/1, all_users/0]).
 
 
 %% emqttd_auth callbacks
 
--export([init/1, check/3, is_superuser/2, description/0]).
 
+-export([init/1, check/3, description/0]).
 
 
 -define(AUTH_USERNAME_TAB, mqtt_auth_username).
 
 
@@ -146,8 +146,6 @@ check(#mqtt_client{username = Username}, Password, _Opts) ->
 
             end
 
     end.
 
 
-is_superuser(_Client, _Opts) -> false.
 
-
 
 description() ->
 
     "Username password authentication module".
 
 
@@ -162,5 +160,5 @@ md5_hash(SaltBin, Password) ->
 
     erlang:md5(<<SaltBin/binary, Password/binary>>).
 
 
 salt() ->
 
-    emqttd_time:seed(), Salt = random:uniform(16#ffffffff), <<Salt:32>>.
 
+    emqttd_time:seed(), Salt = rand:uniform(16#ffffffff), <<Salt:32>>.

+ 18 - 7
src/emqttd_protocol.erl
Ver ficheiro 

@@ -159,12 +159,8 @@ process(Packet = ?CONNECT_PACKET(Var), State0) ->
 
     {ReturnCode1, SessPresent, State3} =
 
     case validate_connect(Var, State1) of
 
         ?CONNACK_ACCEPT ->
 
-            Client = client(State1),
 
-            case emqttd_access_control:auth(Client, Password) of
 
-                ok ->
 
-                    %% Is Superuser?
 
-                    IsSuperuser = emqttd_access_control:is_superuser(Client),
 
-
 
+            case authenticate(client(State1), Password) of
 
+                {ok, IsSuperuser} ->
 
                     %% Generate clientId if null
 
                     State2 = maybe_set_clientid(State1),
 
 
@@ -190,7 +186,9 @@ process(Packet = ?CONNECT_PACKET(Var), State0) ->
 
     %% Run hooks
 
     emqttd:run_hooks('client.connected', [ReturnCode1], client(State3)),
 
     %% Send connack
 
-    send(?CONNACK_PACKET(ReturnCode1, sp(SessPresent)), State3);
 
+    send(?CONNACK_PACKET(ReturnCode1, sp(SessPresent)), State3),
 
+    %% stop if authentication failure
 
+    stop_if_auth_failure(ReturnCode1, State3);
 
 
 process(Packet = ?PUBLISH_PACKET(_Qos, Topic, _PacketId, _Payload), State = #proto_state{is_superuser = IsSuper}) ->
 
     case IsSuper orelse allow == check_acl(publish, Topic, client(State)) of
 
@@ -302,6 +300,12 @@ trace(send, Packet, ProtoState) ->
 
 redeliver({?PUBREL, PacketId}, State) ->
 
     send(?PUBREL_PACKET(PacketId), State).
 
 
+stop_if_auth_failure(RC, State) when RC == ?CONNACK_CREDENTIALS; RC == ?CONNACK_AUTH ->
 
+    {stop, {shutdown, auth_failure}, State};
 
+
 
+stop_if_auth_failure(_RC, State) ->
 
+    {ok, State}.
 
+
 
 shutdown(_Error, #proto_state{client_id = undefined}) ->
 
     ignore;
 
 
@@ -435,6 +439,13 @@ parse_topic_table(TopicTable) ->
 
 parse_topics(Topics) ->
 
     [emqttd_topic:parse(Topic) || Topic <- Topics].
 
 
+authenticate(Client, Password) ->
 
+    case emqttd_access_control:auth(Client, Password) of
 
+        ok             -> {ok, false};
 
+        {ok, IsSuper}  -> {ok, IsSuper};
 
+        {error, Error} -> {error, Error}
 
+    end.
 
+
 
 %% PUBLISH ACL is cached in process dictionary.
 
 check_acl(publish, Topic, Client) ->
 
     IfCache = emqttd:conf(cache_acl, true),