用于订阅的 Mosquitto-auth-plugin ACL [英] Mosquitto-auth-plugin ACL for subscription
问题描述
我目前正在使用 mosquitto broker 来看看我是否可以用它构建一些有趣的东西,我遇到了这个名为 mosquitto-auth-plugin 的身份验证插件.
I am currently using the mosquitto broker to see if I can build something interesting with it and I came across this plugin for authentication called mosquitto-auth-plugin.
我遵循了插件的文档,我使用 postgres 作为后端表.它似乎在用户身份验证方面起作用.谈到 ACL,我发现发布 ACL 就在现场,但订阅 ACL 是我无法理解的东西.
I followed the documentation of the plugin and I am using postgres as the back-end table. It seems to be working with respect to user authentication. When it comes to ACL I find the publish ACL is on spot but the subscription ACL is something I am not able to wrap my mind around.
|-- GETTING USERS: karthik
1546887525: |-- getuser(karthik) AUTHENTICATED=1 by postgres
1546887525: New client connected from 127.0.0.1 as karthik (c1, k60, u'karthik').
1546887525: No will message specified.
1546887525: Sending CONNACK to karthik (0, 0)
1546887525: Received SUBSCRIBE from karthik
1546887525: test/test (QoS 0)
1546887525: |-- mosquitto_auth_acl_check(..., client id not available, karthik, test/test, MOSQ_ACL_WRITE)
1546887525: |-- SUPERUSER: karthik
1546887525: |-- user is 0
1546887525: |-- USERNAME: karthik, TOPIC: test/test, acc: 4
1546887525: |-- aclcheck(karthik, test/test, 4) AUTHORIZED=0 by none
1546887525: Sending SUBACK to karthik
正如你所看到的,我怀疑'acc:4'中的'4'是什么意思?我在插件的文档中没有找到.如果我在数据库中创建另一个用户名条目并将读/写访问权限设置为 4(除了最初设置的读/写访问权限),我发现订阅 ACL 正常工作并检查身份验证.
As you can see my doubt is what the '4' in 'acc:4' signify? I did not find that in the documentation of the plugin. If I create another username entry in the database with the read/write access set to 4 (in addition to the read/write access initially set), I find the ACL for subscription works properly and checks for an authentication.
我想知道是否应该更改 mosquitto 配置以解决此问题?我想我错过了一个简单但关键的细节......感谢任何帮助!另外,我附上了配置文件
I am wondering if I should make changes to the mosquitto configuration to resolve this issue? I suppose I am missing out on a simple yet key detail... any assistance is appreciated! Also, I've attached the config file
auth_plugin /home/auth-plug.so
auth_opt_backends postgres
auth_opt_host localhost
auth_opt_port 5432
auth_opt_dbname test_db
auth_opt_user postgres
auth_opt_pass lolol
auth_opt_userquery SELECT password FROM clients WHERE username = $1 limit 1
auth_opt_superquery SELECT COALESCE(COUNT(*),0) FROM clients WHERE username = $1 AND super = 1
auth_opt_aclquery SELECT topic FROM mqttacl WHERE (username = $1) AND (rw & $2) > 0
推荐答案
解决了问题.在新的 mosquitto 1.5 版本中,MOSQ_ACL_SUBSCRIBE 是一项额外的增强功能,并且在 ACL 检查中引入了一个额外的位.该值现在从 0 到 7(由于 3 位)而不是 0-3(由于 2 位)变化.
Solved the issue. In the new mosquitto 1.5 release the MOSQ_ACL_SUBSCRIBE is an additional enhancement that has been introduced and an additional bit has been introduced in the ACL check. The value now varies from 0 to 7 (because of 3 bits) instead of 0-3 (owing to 2 bits).
所以现在数据库中 ACL 表的读/写值必须在 0 到 7 之间变化.
So now the read/write value on your ACL table in the database must vary from 0 to 7.
- 0:无权限
- 1:读取
- 2:写
- 3:读写
- 4:订阅
- 5:阅读&订阅
- 6:写&订阅
- 7:读取、写入和订阅
希望它对和我一样面临同样问题的人有所帮助:D!
Hope it helps for people who are facing the same issue as I was :D!
这篇关于用于订阅的 Mosquitto-auth-plugin ACL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!