emqx / emqx-auth-mysql Goto Github PK
View Code? Open in Web Editor NEWAuthentication, ACL with MySQL Database
Home Page: https://www.emqx.com
License: Apache License 2.0
Authentication, ACL with MySQL Database
Home Page: https://www.emqx.com
License: Apache License 2.0
For auth query:
auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
for my table with email as username and table name users i have written:
auth.mysql.auth_query = select password, email as username from users having username = '%u' limit 1
I have different field name for username column and you cant write alias in where clause. hence im using HAVING.
But still my above query not working.
Please help.
I installed Erlang/OTP 19 on my Windows 7 64bit, and downloaded emq-auth-mysql source, but when i build source with command: make && make test i get errors:
erlang.mk:73: *** Unable to detect platform. Please open a ticket with the outpu
t of uname -a.. Stop.
I don't have knowledge about Erlang/OTP language and a newbie with emqttd
My question is: can i compiling emqttd plugins on Windows? and how can i do it?
I'm having difficulties with subscriptions with + and # :
Example:
ACL table:
INSERT INTO mqtt_acl
(allow
, ipaddr
, username
, access
, topic
) VALUES
(1, NULL, 'user1', 3, 'test/1-1/wtf'),
(1, NULL, 'user1', 3, 'test/1-2/wtf'),
(1, NULL, 'user1', 3, 'test/1-3/wtf'),
(1, NULL, 'user1', 3, 'test/1-4/wtf'),
(1, NULL, 'user1', 3, 'test/1-5/wtf'),
(1, NULL, 'user2', 3, 'test/2-1/wtf'),
(1, NULL, 'user2', 3, 'test/2-2/wtf'),
(1, NULL, 'user2', 3, 'test/2-3/wtf'),
(1, NULL, 'user3', 3, 'test/3-1/wtf'),
(1, NULL, 'user3', 3, 'test/3-2/wtf');
And when I'm trying to subs to test/+/wtf for user "user3" and getting Cannot SUBSCRIBE [{<<"test/+/wtf">>,[{qos,0}]}] for ACL Deny
why it's happening? I thought I got subs to topics test/3-1/wtf test/3-2/wtf
If I creating acl for test/+/wtf this user getting all topics, not only this two.
Running mysql-server under docker : _IP 172.17.0.3_
With mysql_user privilegede to acess mysql-server from any host
Running emqx-edge broker under docker ( with --link mysql_server_name) : _IP 172.17.0.2_
After execute /bin/sh in emqx-edge container, i installed mysql-client to test if the connection with mysql-server on other docker container and I was successful to connect (mysql -h 172.17.0.3 -u user -p).
Before edit /etc/plugins/emqx_auth_mysql.conf on docker emqx-edge container to acess de mysql-server container, with
auto.mysql.server = 172.17.0.3:3306
auth.mysql.username = mysql_user
auth.mysql.password = mysql_server_password
I tried to load a mysql plugin with:
emqx_ctl plugin load emqx_auth_mysql
But a got:
Load plugin emqx_auth_mysql error: {emqx_auth_mysql,
{bad_return,
{{emqx_auth_mysql_app,start,[normal,[]]},
{'EXIT',
{{badmatch,
{error,
{shutdown,
{failed_to_start_child,
emqx_auth_mysql,
{shutdown,
{failed_to_start_child,
worker_sup,
{shutdown,
{failed_to_start_child,
{worker,1},
{{badmatch,
{error,econnrefused}},
[{mysql_conn,init,1,[]},
{gen_server,init_it,2,[]},
{gen_server,init_it,6,[]},
{proc_lib,init_p_do_apply,
3,[]}]}}}}}}}}},
[{emqx_auth_mysql_app,start,2,[]},
{application_master,start_it_old,4,
[]}]}}}}}.
请问一下SuperUser主要用途是什么,在文档里面没看到
I have enable emqttd_plugin_mysql. Does anyone know how to create user/password with SHA256 in mqtt_user table when I use emqttd_plugin_mysql?
Hi,
I am using the windows version of emqx 4.0.0 and create the corresponding mysql database and tables for user authentication and acl. But when I load the plugin, it gives me the below error:
D:\tmp\emqx\bin>emqx_ctl plugins load emqx_auth_mysql Load plugin emqx_auth_mysql error: {emqx_auth_mysql, {bad_return, {{emqx_auth_mysql_app,start,[normal,[]]}, {'EXIT', {{badmatch, {error, {shutdown, {failed_to_start_child, emqx_auth_mysql, {shutdown, {failed_to_start_child, worker_sup, {shutdown, {failed_to_start_child, {worker,1}, {{auth_method, <<"caching_sha2_password">>}, [{mysql_protocol, build_handshake_response,5, [{file, "d:/a/emqx-rel/emqx-rel/_build/emqx/lib/mysql/src/mysql_protocol.erl"}, {line,386}]}, {mysql_protocol,handshake, 7, [{file, "d:/a/emqx-rel/emqx-rel/_build/emqx/lib/mysql/src/mysql_protocol.erl"}, {line,72}]}, {mysql_conn,init,1, [{file, "d:/a/emqx-rel/emqx-rel/_build/emqx/lib/mysql/src/mysql_conn.erl"}, {line,108}]}, {gen_server,init_it,2, [{file,"gen_server.erl"}, {line,374}]}, {gen_server,init_it,6, [{file,"gen_server.erl"}, {line,342}]}, {proc_lib,init_p_do_apply, 3, [{file,"proc_lib.erl"}, {line,249}]}]}}}}}}}}}, [{emqx_auth_mysql_app,start,2, [{file, "d:/a/emqx-rel/emqx-rel/_build/emqx/lib/emqx_auth_mysql/src/emqx_auth_mysql_app.erl"}, {line,38}]}, {application_master,start_it_old,4, [{file,"application_master.erl"}, {line,277}]}]}}}}}.
could u please tell me how can I solve this? Thanks a lot.
whether auth.mysql.auth_query supports SUBSTRING_INDEX,UNHEX in emq_auth_mysql.conf ?
Just wondering which is used so I can ensure the same method is used inserting passwords via python.
Hi, i have setup a EMQ node under docker.
And added the right EVN var to connect to mysql.
Also added the tables and filled some users.
When anonymous i cant connect. But when using the right user and credentials i can.
but then i have setup some ACL rules. But the system doest apply them correctly.
Since i have added -e EMQ_AUTH__MYSQL__ACL_NOMATCH="deny" all the not matching topics should return a deny, but it isnt. I can pub/sub to all even if there is no ACL rule at all.
docker run -d \
--name emq1 \
-p 18083:18083 \
-p 1883:1883 \
-p 8883:8883 \
-p 4369:4369 \
-p 6000-6020:6000-6020 \
-e EMQ_ADMIN_PASSWORD=**** \
-e EMQ_MQTT__ALLOW_ANONYMOUS=false \
-e EMQ_LOADED_PLUGINS="emq_auth_mysql,emq_recon,emq_modules,emq_retainer,emq_dashboard" \
-e EMQ_AUTH__MYSQL__SERVER=**** \
-e EMQ_AUTH__MYSQL__USERNAME=db_user \
-e EMQ_AUTH__MYSQL__PASSWORD=****\
-e EMQ_AUTH__MYSQL__DATABASE=db_name \
-e EMQ_AUTH__MYSQL__ACL_NOMATCH="deny" \
-e EMQ_AUTH__MYSQL__PASSWORD_HASH=plain \
-e EMQ_AUTH__MYSQL__AUTH_QUERY="SELECT password FROM mqtt_user WHERE username = '%u' LIMIT 1" \
-e EMQ_AUTH__MYSQL__SUPER_QUERY="select is_superuser from mqtt_user where username = '%u' limit 1" \
-e EMQ_AUTH__MYSQL__ACL_QUERY="select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'" \
-e EMQ_NAME="emq1" \
-e EMQ_HOST="127.0.0.1" \
emq:latest
What is going wrong?
I don't know how to add user because the algorithm to generate password hash is unknown. Could you give me some information about that?
Environment
Version | |
---|---|
OS | CentOS Linux release 7.6.1810 (Core) |
Erlang/OTP | 20 |
emqttd | 2.3.6 |
MySQL | 5.6.40 |
Description
Use plugins/emqx_auth_mysql
to authentication and ACL verify with MySQL Database.
But username
within dollar sign($) can't pass ACL verify.
Please follow testing steps below, use username within dollar sign([email protected]) and username without dollar sign(
mqtt_user
table.mysql> select * from mqtt_user;
+----+-------------------------+---------------------+------+--------------+---------+
| id | username | password | salt | is_superuser | created |
+----+-------------------------+---------------------+------+--------------+---------+
| 1 | server | ******************* | NULL | 1 | NULL |
| 2 | cline | ******************* | NULL | 0 | NULL |
| 3 | [email protected] | ******************* | NULL | 0 | NULL |
| 4 | [email protected] | ******************* | NULL | 0 | NULL |
+----+-------------------------+---------------------+------+--------------+---------+
mqtt_acl
table. (Use username: [email protected]
)mysql> select * from mqtt_acl;
+----+-------+--------+-----------------------+-----------+--------+-------------------------------------------+
| id | allow | ipaddr | username | clientid | access | topic |
+----+-------+--------+-----------------------+-----------+--------+-------------------------------------------+
| 13 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/# |
| 14 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/resp |
| 15 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/job |
| 16 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/activeuser |
| 17 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/# |
| 18 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/resp |
| 19 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/job |
| 20 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/activeuser |
| 26 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/# |
| 27 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/status |
| 28 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/# |
| 29 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/status |
| 30 | 1 | null | [email protected] | null | 2 | out/ugroup/10918/device/30258/status |
| 31 | 1 | null | [email protected] | null | 2 | out/ugroup/10918/device/30258/status |
+----+-------+--------+-----------------------+-----------+--------+-------------------------------------------+
Websocket
) to connect as [email protected]
and attempt to subscribe topic out/ugroup/10918/#
./opt/ramdisk/emqttd/log/erlang.log.1
shows the client can not subscribe.[2019-07-04 02:50:56][on_client_connected] clientid:mqttjs_96dcbb3099, username:[email protected] returncode:0
02:51:07.076 [error] Client(mqttjs_96dcbb3099@60.*.*.*:49328): Cannot SUBSCRIBE [{<<"out/ugroup/10918/#">>,[{qos,0}]}] for ACL Deny
mqtt_acl
table. (Use username: [email protected]
)mysql> update mqtt_acl set username = '[email protected]';
mysql> select * from mqtt_acl;
+----+-------+--------+-----------------------+-----------+--------+-------------------------------------------+
| id | allow | ipaddr | username | clientid | access | topic |
+----+-------+--------+-----------------------+-----------+--------+-------------------------------------------+
| 13 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/# |
| 14 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/resp |
| 15 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/job |
| 16 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/activeuser |
| 17 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/# |
| 18 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/resp |
| 19 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/job |
| 20 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/activeuser |
| 26 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/# |
| 27 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/status |
| 28 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/# |
| 29 | 1 | null | [email protected] | null | 1 | out/ugroup/10918/device/30258/status |
| 30 | 1 | null | [email protected] | null | 2 | out/ugroup/10918/device/30258/status |
| 31 | 1 | null | [email protected] | null | 2 | out/ugroup/10918/device/30258/status |
+----+-------+--------+-----------------------+-----------+--------+-------------------------------------------+
Websocket
) to re-connect as [email protected]
and attempt to subscribe topic out/ugroup/10918/#
. Subscribe success.out/ugroup/10918/device/30258/status
success.[2019-07-04 02:49:17][on_client_connected] clientid:mqttjs_96dcbb3099, username:[email protected] returncode:0
[2019-07-04 02:49:45][on_message_publish] clientid:mqttjs_96dcbb3099, username:[email protected], topic:out/ugroup/10918/device/30258/status, payload:1, qos:0, retain:false
[2019-07-04 02:49:45][on_message_delivered] clientid:mqttjs_96dcbb3099, username:[email protected], topic:out/ugroup/10918/device/30258/status, payload:1, qos:0, retain:false
There is /etc/plugins/emq_auth_mysql.conf
setting:
##--------------------------------------------------------------------
## MySQL Auth/ACL Plugin
##--------------------------------------------------------------------
auth.mysql.server = <MySQL Hostname>:3306
auth.mysql.pool = 8
auth.mysql.username = <MySQL Username>
auth.mysql.password = <MySQL Password>
auth.mysql.database = mqtt
## Authentication query.
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
## Password hash.
auth.mysql.password_hash = sha256
## Superuser query.
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
## ACL query.
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
We have no idea why, is username within dollar sign cause?
If need more information, please tell me.
Thanks.
2019/07/08 12:18(UTF+8)
Update the mqtt topic format in table mqtt_acl
at this issue.
topic format most be out/ugroup/<UserID>/<Name>
or our/ugroup/<UserID>/device/<DeviceID>/<Name>
.
PBKDF2 doesn't work even with the test data, throws pbkdf2
login failed for password_error
Details of the environment
I tried to use emqttd_plugin_mysql load error on emqttd-ubuntu64-0.15.0-beta-20160131 but I get the following error. Can anyone help?
./bin/emqttd_ctl plugins load emqttd_plugin_mysql
load plugin error: {emqttd_plugin_mysql,
{bad_return,
{{emqttd_plugin_mysql,start,[normal,[]]},
{'EXIT',
{{badmatch,{error,existed}},
[{emqttd_plugin_mysql,start,2,
[{file,"src/emqttd_plugin_mysql.erl"},
{line,45}]},
{application_master,start_it_old,4,
[{file,"application_master.erl"},
{line,273}]}]}}}}}
I have tried with user with mysql_native_password and caching_sha2_password
Both dint work
In logs I am getting following error
2019-05-15 12:03:03.188 [info] supervisor: {<0.2268.0>,ecpool_pool_sup}
started: [{pid,<0.2269.0>},
{id,pool},
{mfargs,{ecpool_pool,start_link,
[emqx_auth_mysql,
[{pool_size,8},
{auto_reconnect,1},
{host,"localhost"},
{port,3306},
{user,"mqtttestuser"},
{password,"MqttTestUserPass123"},
{database,"mqtt"},
{encoding,utf8},
{keep_alive,true}]]}},
{restart_type,transient},
{shutdown,65535},
{child_type,worker}]
2019-05-15 12:03:03.192 [error] crasher:
initial call: mysql:init/1
pid: <0.2272.0>
registered_name: []
exception error: {auth_method,<<"caching_sha2_password">>}
in function mysql_protocol:build_handshake_response/5 (src/mysql_protocol.erl, line 310)
in call from mysql_protocol:handshake/7 (src/mysql_protocol.erl, line 64)
in call from mysql:init/1 (src/mysql.erl, line 499)
in call from gen_server:init_it/2 (gen_server.erl, line 374)
in call from gen_server:init_it/6 (gen_server.erl, line 342)
ancestors: [<0.2271.0>,<0.2270.0>,<0.2268.0>,emqx_auth_mysql_sup,
<0.2266.0>]
message_queue_len: 0
messages: []
links: [<0.2271.0>,#Port<0.49>]
dictionary: []
trap_exit: false
status: running
heap_size: 987
stack_size: 27
reductions: 1093
neighbours:
2019-05-15 12:03:03.193 [error] supervisor: {<0.2270.0>,ecpool_worker_sup}
errorContext: start_error
reason: {{auth_method,<<"caching_sha2_password">>},
[{mysql_protocol,build_handshake_response,5,
[{file,"src/mysql_protocol.erl"},{line,310}]},
{mysql_protocol,handshake,7,
[{file,"src/mysql_protocol.erl"},{line,64}]},
{mysql,init,1,[{file,"src/mysql.erl"},{line,499}]},
{gen_server,init_it,2,[{file,"gen_server.erl"},{line,374}]},
{gen_server,init_it,6,[{file,"gen_server.erl"},{line,342}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,249}]}]}
offender: [{pid,undefined},
{id,{worker,1}},
{mfargs,{ecpool_worker,start_link,
[emqx_auth_mysql,1,emqx_auth_mysql_cli,
[{pool_size,8},
{auto_reconnect,1},
{host,"localhost"},
{port,3306},
{user,"mqtttestuser"},
{password,"MqttTestUserPass123"},
{database,"mqtt"},
{encoding,utf8},
{keep_alive,true}]]}},
{restart_type,transient},
{shutdown,5000},
{child_type,worker}]
2019-05-15 12:03:03.194 [error] crasher:
initial call: ecpool_worker:init/1
pid: <0.2271.0>
registered_name: []
exception exit: {{auth_method,<<"caching_sha2_password">>},
[{mysql_protocol,build_handshake_response,5,
[{file,"src/mysql_protocol.erl"},
{line,310}]},
{mysql_protocol,handshake,7,
[{file,"src/mysql_protocol.erl"},
{line,64}]},
{mysql,init,1,[{file,"src/mysql.erl"},{line,499}]},
{gen_server,init_it,2,
[{file,"gen_server.erl"},{line,374}]},
{gen_server,init_it,6,
[{file,"gen_server.erl"},{line,342}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,249}]}]}
in function gen_server:init_it/6 (gen_server.erl, line 358)
ancestors: [<0.2270.0>,<0.2268.0>,emqx_auth_mysql_sup,<0.2266.0>]
message_queue_len: 0
messages: []
links: [<0.2270.0>,<0.2272.0>]
dictionary: []
trap_exit: true
status: running
heap_size: 610
stack_size: 27
reductions: 350
neighbours:
neighbour:
pid: <0.2272.0>
registered_name: []
initial call: mysql:init/1
current_function: {io_lib_format,build,2}
ancestors: [<0.2271.0>,<0.2270.0>,<0.2268.0>,emqx_auth_mysql_sup,
<0.2266.0>]
message_queue_len: 0
links: [<0.2271.0>,#Port<0.49>]
trap_exit: false
status: runnable
heap_size: 4185
stack_size: 97
reductions: 25112
current_stacktrace: [{unicode_util,cp,1,[{file,"unicode_util.erl"},{line,289}]},
{unicode_util,cp,1,[{file,"unicode_util.erl"},{line,292}]},
{unicode_util,gc_extend,2,
[{file,"unicode_util.erl"},{line,508}]},
{string,length_1,2,[{file,"string.erl"},{line,545}]},
{io_lib_format,build_limited,5,
[{file,"io_lib_format.erl"},{line,283}]},
{io_lib_format,build_limited,5,
[{file,"io_lib_format.erl"},{line,293}]},
{io_lib_format,build_limited,5,
[{file,"io_lib_format.erl"},{line,297}]},
{io_lib_format,build_limited,5,
[{file,"io_lib_format.erl"},{line,290}]}]
2019-05-15 12:03:03.199 [error] supervisor: {<0.2268.0>,ecpool_pool_sup}
errorContext: start_error
reason: {shutdown,
{failed_to_start_child,
{worker,1},
{{auth_method,<<"caching_sha2_password">>},
[{mysql_protocol,build_handshake_response,5,
[{file,"src/mysql_protocol.erl"},{line,310}]},
{mysql_protocol,handshake,7,
[{file,"src/mysql_protocol.erl"},{line,64}]},
{mysql,init,1,[{file,"src/mysql.erl"},{line,499}]},
{gen_server,init_it,2,
[{file,"gen_server.erl"},{line,374}]},
{gen_server,init_it,6,
[{file,"gen_server.erl"},{line,342}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,249}]}]}}}
offender: [{pid,undefined},
{id,worker_sup},
{mfargs,
{ecpool_worker_sup,start_link,
[emqx_auth_mysql,emqx_auth_mysql_cli,
[{pool_size,8},
{auto_reconnect,1},
{host,"localhost"},
{port,3306},
{user,"mqtttestuser"},
{password,"MqttTestUserPass123"},
{database,"mqtt"},
{encoding,utf8},
{keep_alive,true}]]}},
{restart_type,transient},
{shutdown,infinity},
{child_type,supervisor}]
2019-05-15 12:03:03.203 [error] supervisor: {local,emqx_auth_mysql_sup}
errorContext: start_error
reason: {shutdown,
{failed_to_start_child,worker_sup,
{shutdown,
{failed_to_start_child,
{worker,1},
{{auth_method,<<"caching_sha2_password">>},
[{mysql_protocol,build_handshake_response,5,
[{file,"src/mysql_protocol.erl"},
{line,310}]},
{mysql_protocol,handshake,7,
[{file,"src/mysql_protocol.erl"},{line,64}]},
{mysql,init,1,
[{file,"src/mysql.erl"},{line,499}]},
{gen_server,init_it,2,
[{file,"gen_server.erl"},{line,374}]},
{gen_server,init_it,6,
[{file,"gen_server.erl"},{line,342}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,249}]}]}}}}}
offender: [{pid,undefined},
{id,emqx_auth_mysql},
{mfargs,{ecpool,start_pool,
[emqx_auth_mysql,emqx_auth_mysql_cli,
[{pool_size,8},
{auto_reconnect,1},
{host,"localhost"},
{port,3306},
{user,"mqtttestuser"},
{password,"MqttTestUserPass123"},
{database,"mqtt"},
{encoding,utf8},
{keep_alive,true}]]}},
{restart_type,permanent},
{shutdown,5000},
{child_type,supervisor}]
2019-05-15 12:03:03.207 [error] crasher:
initial call: application_master:init/4
pid: <0.2265.0>
registered_name: []
exception exit: {bad_return,
{{emqx_auth_mysql_app,start,[normal,[]]},
{'EXIT',
{{badmatch,
{error,
{shutdown,
{failed_to_start_child,emqx_auth_mysql,
{shutdown,
{failed_to_start_child,worker_sup,
{shutdown,
{failed_to_start_child,
{worker,1},
{{auth_method,<<"caching_sha2_password">>},
[{mysql_protocol,build_handshake_response,5,
[{file,"src/mysql_protocol.erl"},
{line,310}]},
{mysql_protocol,handshake,7,
[{file,"src/mysql_protocol.erl"},
{line,64}]},
{mysql,init,1,
[{file,"src/mysql.erl"},{line,499}]},
{gen_server,init_it,2,
[{file,"gen_server.erl"},{line,374}]},
{gen_server,init_it,6,
[{file,"gen_server.erl"},{line,342}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},
{line,249}]}]}}}}}}}}},
[{emqx_auth_mysql_app,start,2,
[{file,"src/emqx_auth_mysql_app.erl"},{line,31}]},
{application_master,start_it_old,4,
[{file,"application_master.erl"},{line,277}]}]}}}}
in function application_master:init/4 (application_master.erl, line 138)
ancestors: [<0.2264.0>]
message_queue_len: 1
messages: [{'EXIT',<0.2266.0>,normal}]
links: [<0.2264.0>,<0.1203.0>]
dictionary: []
trap_exit: true
status: running
heap_size: 987
stack_size: 27
reductions: 246
neighbours:
2019-05-15 12:03:03.212 [notice] application: emqx_auth_mysql
exited: {bad_return,
{{emqx_auth_mysql_app,start,[normal,[]]},
{'EXIT',
{{badmatch,
{error,
{shutdown,
{failed_to_start_child,emqx_auth_mysql,
{shutdown,
{failed_to_start_child,worker_sup,
{shutdown,
{failed_to_start_child,
{worker,1},
{{auth_method,<<"caching_sha2_password">>},
[{mysql_protocol,build_handshake_response,5,
[{file,"src/mysql_protocol.erl"},{line,310}]},
{mysql_protocol,handshake,7,
[{file,"src/mysql_protocol.erl"},{line,64}]},
{mysql,init,1,[{file,"src/mysql.erl"},{line,499}]},
{gen_server,init_it,2,
[{file,"gen_server.erl"},{line,374}]},
{gen_server,init_it,6,
[{file,"gen_server.erl"},{line,342}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,249}]}]}}}}}}}}},
[{emqx_auth_mysql_app,start,2,
[{file,"src/emqx_auth_mysql_app.erl"},{line,31}]},
{application_master,start_it_old,4,
[{file,"application_master.erl"},{line,277}]}]}}}}
type: temporary
2019-05-15 12:03:03.213 [error] Load plugin emqx_auth_mysql error, cannot start app emqx_auth_mysql for {bad_return,
{{emqx_auth_mysql_app,
start,
[normal,
[]]},
{'EXIT',
{{badmatch,
{error,
{shutdown,
{failed_to_start_child,
emqx_auth_mysql,
{shutdown,
{failed_to_start_child,
worker_sup,
{shutdown,
{failed_to_start_child,
{worker,
1},
{{auth_method,
<<"caching_sha2_password">>},
[{mysql_protocol,
build_handshake_response,
5,
[{file,
"src/mysql_protocol.erl"},
{line,
310}]},
{mysql_protocol,
handshake,
7,
[{file,
"src/mysql_protocol.erl"},
{line,
64}]},
{mysql,
init,
1,
[{file,
"src/mysql.erl"},
{line,
499}]},
{gen_server,
init_it,
2,
[{file,
"gen_server.erl"},
{line,
374}]},
{gen_server,
init_it,
6,
[{file,
"gen_server.erl"},
{line,
342}]},
{proc_lib,
init_p_do_apply,
3,
[{file,
"proc_lib.erl"},
{line,
249}]}]}}}}}}}}},
[{emqx_auth_mysql_app,
start,
2,
[{file,
"src/emqx_auth_mysql_app.erl"},
{line,
31}]},
{application_master,
start_it_old,
4,
[{file,
"application_master.erl"},
{line,
277}]}]}}}}
2019-05-15 12:03:03.273 [error] PUT /api/v3/nodes/[email protected]/plugins/emqx_auth_mysql/load error: badarg, stacktrace:
[{jsx_parser,value,4,[{file,"src/jsx_parser.erl"},{line,163}]},
{minirest_handler,jsonify,4,[{file,"src/minirest_handler.erl"},{line,130}]},
{minirest,handle_request,2,[{file,"src/minirest.erl"},{line,66}]},
{minirest,init,2,[{file,"src/minirest.erl"},{line,51}]},
{cowboy_handler,execute,2,[{file,"src/cowboy_handler.erl"},{line,37}]},
{cowboy_stream_h,execute,3,[{file,"src/cowboy_stream_h.erl"},{line,274}]},
{cowboy_stream_h,request_process,3,
[{file,"src/cowboy_stream_h.erl"},{line,252}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,249}]}]
In current version of readme there are mentions of two different config fields for password hash types: auth.mysql.passwd_hash and auth.mysql.password_hash (note the "passwd" vs "password").
auth.mysql.passwd_hash = sha256
## bcrypt with salt only prefix
## auth.mysql.password_hash = salt bcrypt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
auth.mysql.password_hash = pbkdf2 sha256 1000 20```
As far as I can see, auth.mysql.passwd_hash is not a valid config parameter at all.
Thanks for this great project!
Does this plugin support filtering of multiple topics? If so, what should the setting be?
Almost there with setting up EMQ to help power an Amazon Alexa skill I'm building.
I have user authentication against a MySQL DB working but ACL is failing for me with the following report in error.log when a user attempts to subscribe (or publish) to a topic;
2017-04-05 09:45:06.071 [error] <0.1221.0> gen_server <0.1221.0> terminated with reason: no case clause matching [] in esockd_cidr:parse/2 line 55
2017-04-05 09:45:06.071 [error] <0.1221.0> CRASH REPORT Process <0.1221.0> with 0 neighbours exited with reason: no case clause matching [] in esockd_cidr:parse/2 line 55 in gen_server2:terminate/3 line 1157
2017-04-05 09:45:06.071 [error] <0.1163.0> Supervisor 'esockd_connection_sup - <0.1163.0>' had child connection started with emqttd_client:start_link([{client_idle_timeout,30000},{client_enable_stats,false},{max_clientid_len,1024},{max_packet_size,...}]) at <0.1221.0> exit with reason no case clause matching [] in esockd_cidr:parse/2 line 55 in context connection_crashed
To me, that looks like the ACL query is returning an empty result. Here's the relevant line from my emq_auth_mysql.conf file;
## ACL Query Command
auth.mysql.acl_query = select allow, ipaddress, proxyuser, amzUID, access, topic from squeezebox where proxyuser = '%u' or proxyuser = '%all'
## ACL nomatch
auth.mysql.acl_nomatch = deny
I have updated the query with my own table and field names and I know this query works as if I take it into MySQL workbench, it works fine, returning the expected record.
If I access the broker with a superuser account, publish and subscribe work fine (as expected as this bypasses ACL).
I've tried this with multiple MQTT clients etc. to rule out possible issues with defective implementations.
Anything else I can look into?
Thanks in advance
(originally reported in google support group: https://groups.google.com/forum/#!topic/emqtt/tCynP8-FNTI)
使用phoapi能够链接服务器,但是订阅或者发布消息时,连接断开,附上日志
Connect from 192.168.84.1:56451 -> 192.168.84.128:1883
19:58:26.111 <0.330.0> [info] RECV from [email protected]:56451: CONNECT(Qos=0, Retain=false, Dup=false, ClientId=u_1_1_2, ProtoName=MQTT, ProtoVsn=4, CleanSess=true, KeepAlive=60, Username=jobell, Password=_)
19:58:26.111 <0.190.0> [info] CM register u_1_1_2 with <0.330.0>
19:58:26.111 <0.330.0> [info] SEND to [email protected]:56451: CONNACK(Qos=0, Retain=false, Dup=false, AckFlags=0, RetainCode=0)
19:58:26.112 <0.331.0> [info] Session u_1_1_2 subscribe [{<<"$Q/client/u_1_1_2">>,0}], Granted QoS: [0]
19:58:38.792 <0.310.0> [info] Dashboard file: GET /clients.html
19:58:38.855 <0.310.0> [info] Dashboard file: POST /api/clients
19:59:19.183 <0.332.0> [info] Connect from 192.168.84.1:56561 -> 192.168.84.128:1883
19:59:19.189 <0.332.0> [info] RECV from [email protected]:56561: CONNECT(Qos=0, Retain=false, Dup=false, ClientId=u_1_1_2, ProtoName=MQTT, ProtoVsn=4, CleanSess=true, KeepAlive=60, Username=jobell, Password=_)
19:59:19.189 <0.331.0> [warning] Session u_1_1_2 destroyed
19:59:19.191 <0.332.0> [info] SEND to [email protected]:56561: CONNACK(Qos=0, Retain=false, Dup=false, AckFlags=0, RetainCode=0)
19:59:19.192 <0.190.0> [info] CM register u_1_1_2 with <0.332.0>
19:59:19.192 <0.190.0> [error] ClientId 'u_1_1_2' is duplicated: pid=<0.332.0>, oldpid=<0.330.0>
19:59:19.193 <0.333.0> [info] Session u_1_1_2 subscribe [{<<"$Q/client/u_1_1_2">>,0}], Granted QoS: [0]
19:59:19.200 <0.332.0> [info] RECV from [email protected]:56561: SUBSCRIBE(Qos=1, Retain=false, Dup=false, PacketId=1, TopicTable=[{<<"u_msg/topic/u_1_1_2">>,1}])
19:59:19.200 <0.332.0> [info] Client 192.168.84.1:56561 terminated, reason: {function_clause,[{emqttd_acl_mysql,check_acl,[{{mqtt_client,<<"u_1_1_2">>,<0.332.0>,<<"jobell">>,{{192,168,84,1},56561},true,4,60,undefined,{1439,866759,189315}},subscribe,<<"u_msg/topic/u_1_1_2">>},{state,auth_user,auth_acl,username,topic,rw,username,is_superuser}],[{file,"src/emqttd_acl_mysql.erl"},{line,51}]},{emqttd_access_control,check_acl,4,[{file,"src/emqttd_access_control.erl"},{line,104}]},{emqttd_protocol,'-handle/2-lc$^0/1-0-',2,[{file,"src/emqttd_protocol.erl"},{line,228}]},{emqttd_protocol,handle,2,[{file,"src/emqttd_protocol.erl"},{line,228}]},{emqttd_client,received,2,[{file,"src/emqttd_client.erl"},{line,179}]},{gen_server,try_dispatch,4,[{file,"gen_server.erl"},{line,615}]},{gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,681}]},{proc_lib,wake_up,3,[{file,"proc_lib.erl"},{line,249}]}]}
19:59:19.201 <0.332.0> [info] Client [email protected]:56561: shutdown {function_clause,[{emqttd_acl_mysql,check_acl,[{{mqtt_client,<<"u_1_1_2">>,<0.332.0>,<<"jobell">>,{{192,168,84,1},56561},true,4,60,undefined,{1439,866759,189315}},subscribe,<<"u_msg/topic/u_1_1_2">>},{state,auth_user,auth_acl,username,topic,rw,username,is_superuser}],[{file,"src/emqttd_acl_mysql.erl"},{line,51}]},{emqttd_access_control,check_acl,4,[{file,"src/emqttd_access_control.erl"},{line,104}]},{emqttd_protocol,'-handle/2-lc$^0/1-0-',2,[{file,"src/emqttd_protocol.erl"},{line,228}]},{emqttd_protocol,handle,2,[{file,"src/emqttd_protocol.erl"},{line,228}]},{emqttd_client,received,2,[{file,"src/emqttd_client.erl"},{line,179}]},{gen_server,try_dispatch,4,[{file,"gen_server.erl"},{line,615}]},{gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,681}]},{proc_lib,wake_up,3,[{file,"proc_lib.erl"},{line,249}]}]}
19:59:19.201 <0.190.0> [info] CM unregister u_1_1_2 with <0.332.0>
In my DB the column name for password is, say, my_column_name_for_password.
Configuring auth query like this:
auth.mysql.auth_query = select my_column_name_for_password from my_table where my_username_column = '%u' limit 1
results in this "wonderful" error in logs:
`2017-05-19 11:55:46.687 [error] <0.413.0>@emqttd_protocol:process:202 Client([email protected]:63668): Username 'user here' login failed for {{case_clause,{ok,[<<"my_column_name_for_password">>],[[<<"password here">>]]}},[{emq_auth_mysql,check,3,[{file,"d:/emqtt/v2.1.2/emq-relx/deps/emq_auth_mysql/src/emq_auth_mysql.erl"},{line,42}]},{emqttd_access_control,auth,3,[{file,"d:/emqtt/v2.1.2/emq-relx/deps/emqttd/src/emqttd_access_control.erl"},{line,60}]},{emqttd_protocol,authenticate,2,[{file,"d:/emqtt/v2.1.2/emq-relx/deps/emqttd/src/emqttd_protocol.erl"},{line,491}]},{emqttd_protocol,process,2,[{file,"d:/emqtt/v2.1.2/emq-relx/deps/emqttd/src/emqttd_protocol.erl"},{line,182}]},{emqttd_client,received,2,[{file,"d:/emqtt/v2.1.2/emq-relx/deps/emqttd/src/emqttd_client.erl"},{line,311}]},{gen_server2,handle_msg,2,[{file,"d:/emqtt/v2.1.2/emq-relx/deps/emqttd/src/gen_server2.erl"},{line,1046}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}
It took me a while to figure out that I must change query to this:
auth.mysql.auth_query = select my_column_name_for_password as password from my_table where my_username_column = '%u' limit 1
Could you at least mention that in documentation? Thanks!
Can I have some tips for subscribing $SYS
using mysql plugin?
Hello
i'm compiling this plugin
but when i run 'make tests' its throw this:
Updating /home/roman/emqttd/etc/emqttd_auth_mysql-master/emqttd-relx/_rel/emqttd/emqttd_auth_mysql/logs/index.html... done
Updating /home/roman/emqttd/etc/emqttd_auth_mysql-master/emqttd-relx/_rel/emqttd/emqttd_auth_mysql/logs/all_runs.html... done
erlang.mk:2168: ошибка выполнения рецепта для цели «ct»
make: *** [ct] Error 1
how can i compile it?
Where is the configuration file located. Because I change the dashboard and when I restart the service it returns the default settings
I have just EMQ on a Ubuntu system that is running MySQL Version 8 and when trying to load the plugin I am getting the following error.
load plugin error: {emqx_auth_mysql, {bad_return, {{emqx_auth_mysql_app,start,[normal,[]]}, {'EXIT', {{badmatch, {error, {shutdown, {failed_to_start_child,emqx_auth_mysql, {shutdown, {failed_to_start_child,worker_sup, {shutdown, {failed_to_start_child, {worker,1}, {1045,<<"28000">>, <<"Access denied for user 'mqtt'@'localhost' (using password: YES)">>}}}}}}}}}, [{emqx_auth_mysql_app,start,2, [{file, "/emqx_temp/emqx_rel/_checkouts/emqx_auth_mysql/src/emqx_auth_mysql_app.erl"}, {line,36}]}, {application_master,start_it_old,4, [{file,"application_master.erl"},{line,277}]}]}}}}}
Any suggestions as to what is causing this?
id | username | access | topic |
---|---|---|---|
1 | userA | 1 | topicA/# |
2 | userB | 3 | topicB/# |
3 | userB | 1 | topicA/# |
I have the next ACL rules table (also there are columns "allow" filled with 1, "ipaddr" filled with NULLs and "clientid" filled with NULLs that are not shown for simplicity).
userA is able to subscribe to the topicA subtopics, userB is able to subscribe and publish to the topicB subtopics.
Expected result:
userB should be able to subscribe to the topicA subtopics
Actual result:
userB should is not able to subscribe to the topicA subtopics
Sorry for my stupid question, but can someone post examples configuration file, ACL table and Auth table?
I can't understand about salt in Auth.
HI
we are trying to mysql login for ACL and user authentication ,
below is error
2018-12-05 15:48:01.737 [error] [email protected]:65182 [MQTT] Username 'test2' login failed for {undef,
[{emqx_passwd,check_pass,
[{<<"test2">>,<<"test2">>},plain],
[]},
{emqx_auth_mysql,check,3,
[{file,"src/emqx_auth_mysql.erl"},
{line,38}]},
{emqx_access_control,authenticate,
3,
[{file,
"src/emqx_access_control.erl"},
{line,71}]},
{emqx_protocol,authenticate,2,
[{file,"src/emqx_protocol.erl"},
{line,690}]},
{emqx_protocol,process_packet,2,
[{file,"src/emqx_protocol.erl"},
{line,314}]},
{emqx_connection,handle_packet,2,
[{file,"src/emqx_connection.erl"},
{line,329}]},
{gen_server,try_dispatch,4,
[{file,"gen_server.erl"},
{line,637}]},
{gen_server,handle_msg,6,
[{file,"gen_server.erl"},
{line,711}]}]}
attached are my acl and user table of mqtt
please confirm whats wrong
hello:
my platform is centos 6.8 ,erlang19.3
when i install it from source files ,it's logs as following ,what's the problem?how can i solve it ?
===> Starting relx build process ...
===> Resolving OTP Applications from directories:
/usr/local/emq-relx/deps
/usr/local/lib/erlang/lib
/usr/local/emq-relx/apps
/usr/local/emq-relx/_rel
===> Resolved emqttd-2.1.0
===> Including Erts from /usr/local/lib/erlang
===> release successfully created!
===> Unable to copy from /usr/local/emq-relx/rel/conf/plugins to /usr/local/emq-relx/_rel/emqttd/etc because of {copy_failed,
enoent}
Unable to read template file (/usr/local/emq-relx/rel/conf/emq.conf) for overlay due to: no such file or directory
Unable to copy from /usr/local/emq-relx/rel/conf/acl.conf to /usr/local/emq-relx/_rel/emqttd/etc/acl.conf because of {copy_failed,
enoent}
Unable to copy from /usr/local/emq-relx/rel/schema to /usr/local/emq-relx/_rel/emqttd/releases/2.1.0 because of {copy_failed,
enoent}
你好,我在emqtt中开启mysql时,显示102错误
log信息如下:
2018-04-08 14:36:08.220 [error] <0.1471.0>@emqttd_plugins:start_app:164 load plugin emq_auth_mysql error, cannot start app emq_auth_mysql for {bad_return,{{emq_auth_mysql_app,start,[normal,[]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,emq_auth_mysql,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{{badmatch,{error,econnrefused}},[{mysql,init,1,[{file,"src/mysql.erl"},{line,496}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,365}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,333}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}}}}}}}}},[{emq_auth_mysql_app,start,2,[{file,"src/emq_auth_mysql_app.erl"},{line,33}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,273}]}]}}}}
2018-04-08 14:36:08.221 [error] <0.1471.0>@emqttd_rest_api:return:389 error:{error,{emq_auth_mysql,{bad_return,{{emq_auth_mysql_app,start,[normal,[]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,emq_auth_mysql,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{{badmatch,{error,econnrefused}},[{mysql,init,1,[{file,"src/mysql.erl"},{line,496}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,365}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,333}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,247}]}]}}}}}}}}},[{emq_auth_mysql_app,start,2,[{file,"src/emq_auth_mysql_app.erl"},{line,33}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,273}]}]}}}}}}
不知道这个问题怎么解决?
Feng. I cannot seem to find any help that works anywhere. Please maybe you know what I am doing wrong? Do you know Jooma? I am trying to authenticate against a Joomla database on the same server I have EMQ Deshboard on. Can I share the emq_auth_mysql config queries with you, maybe you can see immediately what I migh do wrong?
I use the latest Joomla version which uses bcrypt as password hash.
then auth.mysql.auth_query as: select password from c3tnr_users where username = '%u' limit 1 then auth.mysql.acl_query as: select allow, ipaddr, username, clientid, access, topic from c3tnr_mqtt_acl where username = '%u' limit 1 then auth.mysql.super_query as: select if(c3tnr_user_usergroup_map.group_id is null,0,1) as 'is_superuser' from c3tnr_users left join
c3tnr_user_usergroup_mapon c3tnr_users.id = c3tnr_user_usergroup_map.user_id and group_id in(SELECT id FROM
c3tnr_usergroups` where title = 'Super Users')
where c3tnr_users.username = '%u' limit 1
when I try to connect with the EMQ Dashboard websocket client I get error message: "connect failed on iot.getafix.biz:8083
Kind Regards, Chris
Any hint?
load plugin error: {emqttd_plugin_mysql,
{bad_return,
{{emqttd_plugin_mysql,start,[normal,[]]},
{'EXIT',
{{function_clause,
[{emqttd_access_control,if_existed,
[{emqttd_auth_mysql,
{state,
"select password from( select id, username, password from laravel_users union all select id, username, password from laravel_device) as user_device where user_device.username = '%u' limit 1",
sha256},
0},
#Fun<emqttd_access_control.2.19120636>],
[{file,"src/emqttd_access_control.erl"},
{line,203}]},
{emqttd_access_control,handle_call,3,
[{file,"src/emqttd_access_control.erl"},
{line,146}]},
{gen_server,try_handle_call,4,
[{file,"gen_server.erl"},{line,629}]},
{gen_server,handle_msg,5,
[{file,"gen_server.erl"},{line,661}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,240}]}]},
{gen_server,call,
[emqttd_access_control,
{register_mod,auth,emqttd_auth_mysql,
{"select password from( select id, username, password from laravel_users union all select id, username, password from laravel_device) as user_device where user_device.username = '%u' limit 1",
sha256},
0}]}}}}}}
I would like to suggest that should send an acl rejection message to the webhook.
I got this error on my mysql 5.7 docker container when using EMQX 3.0 beta 4:
[Note] Aborted connection 53 to db: 'xxx' user: 'xxx' host: 'xx.xx.xx.xx' (Got an error reading communication packets)
I havent got this issue when using it on EMQ 2.3.11.
[
{emysql, [
{pool, 4},
{host, "localhost"},
{port, 3306},
{username, "root"},
{password, "public"},
{database, "mqtt"},
{encoding, utf8}
]},
{emqttd_plugin_mysql, [
{user_table, mqtt_users}, ------ >>> change to auth_user
%% plain, md5, sha
{password_hash, plain},
{field_mapper, [
{username, username},
{password, password}
]}
]}
].
任意用户名都可以登陆成功
When trying to authenticate, I get an error message saying
([email protected])1> 11:20:14.090 [error] Client([email protected]:36988): Username 'iot_monitoring' login failed for password_error
I have just enabled the MySQL Plugin and added the User to it manually trying to follow the description in the readme file of the plugin.
Interesting Config Parts of the MySQL Plugin:
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
auth.mysql.password_hash = plain
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
Database Content:
+----+----------------+---------------------------------------------------------+------+--------------+---------------------+
| id | username | password | salt | is_superuser | created |
+----+----------------+---------------------------------------------------------+------+--------------+---------------------+
| 1 | iot_monitoring | [PASSWORD] | | 0 | 2018-11-06 10:50:55 |
+----+----------------+---------------------------------------------------------+------+--------------+---------------------+
1 row in set (0.00 sec)
On the Client Side I get
Error: Connection refused: Bad username or password
List of active Plugins:
Plugin(emq_auth_clientid, version=2.3.9, description=Authentication with ClientId/Password, active=false)
Plugin(emq_auth_http, version=2.3.9, description=Authentication/ACL with HTTP API, active=false)
Plugin(emq_auth_jwt, version=2.3.9, description=Authentication with JWT, active=false)
Plugin(emq_auth_ldap, version=2.3.9, description=Authentication/ACL with LDAP, active=false)
Plugin(emq_auth_mongo, version=2.3.9, description=Authentication/ACL with MongoDB, active=false)
Plugin(emq_auth_mysql, version=2.3.9, description=Authentication/ACL with MySQL, active=true)
Plugin(emq_auth_pgsql, version=2.3.9, description=Authentication/ACL with PostgreSQL, active=false)
Plugin(emq_auth_redis, version=2.3.9, description=Authentication/ACL with Redis, active=false)
Plugin(emq_auth_username, version=2.3.9, description=Authentication with Username/Password, active=true)
Plugin(emq_coap, version=2.3.9, description=CoAP Gateway, active=false)
Plugin(emq_dashboard, version=2.3.9, description=EMQ Web Dashboard, active=true)
Plugin(emq_lua_hook, version=2.3.9, description=EMQ Hooks in lua, active=false)
Plugin(emq_modules, version=2.3.9, description=EMQ Modules, active=true)
Plugin(emq_plugin_template, version=2.3.9, description=EMQ Plugin Template, active=false)
Plugin(emq_recon, version=2.3.9, description=Recon Plugin, active=true)
Plugin(emq_reloader, version=2.3.9, description=Reloader Plugin, active=false)
Plugin(emq_retainer, version=2.3.9, description=EMQ Retainer, active=true)
Plugin(emq_sn, version=2.3.9, description=MQTT-SN Gateway, active=false)
Plugin(emq_stomp, version=2.3.9, description=Stomp Protocol Plugin, active=false)
Plugin(emq_web_hook, version=2.3.9, description=EMQ Webhook Plugin, active=false)
The username is not used in the emq_auth_username file so there is no password mismatch there. Is there a way to debug this better? Thanks a lot, Nils
Hi, good night.
Is it possible to specify ca-file in this plugin? I want to connect to mariadb cluster configured as SSL-only that uses a self-signed certificate of my own CA.
Thank you so much.
I use spring security to authenticate/authorization my web application, and I want to integrate the auth of emqtt.
In spring security, I use BCryptPasswordEncoder to encrypt the password with salt. The hashed password is like $2a$10$EblZqNptyYvcLm/VwDCVAuBjzZOI7khzdyGPBr08PpIi0na624b8.
, in which $2a
is the fixed prefix for BCrypt method, $10
is the salt length, EblZqNptyY
is the salt and the last part vcLm/VwDCVAuBjzZOI7khzdyGPBr08PpIi0na624b8.
is the hashed password.
Does emqttd_plugin_mysql support BCrypt hash function? And we must select password and salt in separate columns now. Is it possible to let the plugin to retrieve the salt from hashed password string?
This is a spring security example , for reference.
Thanks in advance.
auth mysql has two tables including mqtt_user and mqtt_acl. My attempts to add new users took effect immediately, but the access and topic changes to the acl didn't seem to take effect immediately. Whether some fields of both tables need to be restarted by the emqx or reload plug-in, or whether the broker needs to be reconnected to make changes to the database take effect?
My mysql version is 5.7.29
Here's the log. I don't know what's wrong.
emqx_client_test | 2020-02-04 18:40:42.070 [error] crasher:
emqx_client_test | initial call: mysql_conn:init/1
emqx_client_test | pid: <0.1840.0>
emqx_client_test | registered_name: []
emqx_client_test | exception error: no match of right hand side value {error,econnrefused}
emqx_client_test | in function mysql_conn:init/1 (src/mysql_conn.erl, line 87)
emqx_client_test | in call from gen_server:init_it/2 (gen_server.erl, line 374)
emqx_client_test | in call from gen_server:init_it/6 (gen_server.erl, line 342)
emqx_client_test | ancestors: [<0.1839.0>,<0.1838.0>,<0.1836.0>,emqx_auth_mysql_sup,
emqx_client_test | <0.1834.0>]
emqx_client_test | message_queue_len: 0
emqx_client_test | messages: []
emqx_client_test | links: [<0.1839.0>]
emqx_client_test | dictionary: []
emqx_client_test | trap_exit: false
emqx_client_test | status: running
emqx_client_test | heap_size: 376
emqx_client_test | stack_size: 27
emqx_client_test | reductions: 1129
emqx_client_test | neighbours:
emqx_client_test | 2020-02-04 18:40:42.070 [error] supervisor: {<0.1838.0>,ecpool_worker_sup}
emqx_client_test | errorContext: start_error
emqx_client_test | reason: {{badmatch,{error,econnrefused}},
emqx_client_test | [{mysql_conn,init,1,[{file,"src/mysql_conn.erl"},{line,87}]},
emqx_client_test | {gen_server,init_it,2,[{file,"gen_server.erl"},{line,374}]},
emqx_client_test | {gen_server,init_it,6,[{file,"gen_server.erl"},{line,342}]},
emqx_client_test | {proc_lib,init_p_do_apply,3,
emqx_client_test | [{file,"proc_lib.erl"},{line,249}]}]}
emqx_client_test | offender: [{pid,undefined},
emqx_client_test | {id,{worker,1}},
emqx_client_test | {mfargs,{ecpool_worker,start_link,
emqx_client_test | [emqx_auth_mysql,1,emqx_auth_mysql_cli,
emqx_client_test | [{pool_size,8},
emqx_client_test | {auto_reconnect,1},
emqx_client_test | {host,"127.0.0.1"},
emqx_client_test | {port,3306},
emqx_client_test | {user,"mqtt_u"},
emqx_client_test | {password,"mqtt_p"},
emqx_client_test | {database,"mqtt"},
emqx_client_test | {encoding,utf8},
emqx_client_test | {keep_alive,true}]]}},
emqx_client_test | {restart_type,transient},
emqx_client_test | {shutdown,5000},
emqx_client_test | {child_type,worker}]
emqx_client_test | 2020-02-04 18:40:42.071 [error] crasher:
emqx_client_test | initial call: ecpool_worker:init/1
emqx_client_test | pid: <0.1839.0>
emqx_client_test | registered_name: []
emqx_client_test | exception exit: {{badmatch,{error,econnrefused}},
emqx_client_test | [{mysql_conn,init,1,
emqx_client_test | [{file,"src/mysql_conn.erl"},{line,87}]},
emqx_client_test | {gen_server,init_it,2,
emqx_client_test | [{file,"gen_server.erl"},{line,374}]},
emqx_client_test | {gen_server,init_it,6,
emqx_client_test | [{file,"gen_server.erl"},{line,342}]},
emqx_client_test | {proc_lib,init_p_do_apply,3,
emqx_client_test | [{file,"proc_lib.erl"},{line,249}]}]}
emqx_client_test | in function gen_server:init_it/6 (gen_server.erl, line 358)
emqx_client_test | ancestors: [<0.1838.0>,<0.1836.0>,emqx_auth_mysql_sup,<0.1834.0>]
emqx_client_test | message_queue_len: 0
emqx_client_test | messages: []
emqx_client_test | links: [<0.1838.0>,<0.1840.0>]
emqx_client_test | dictionary: []
emqx_client_test | trap_exit: true
emqx_client_test | status: running
emqx_client_test | heap_size: 610
emqx_client_test | stack_size: 27
emqx_client_test | reductions: 275
emqx_client_test | neighbours:
emqx_client_test | 2020-02-04 18:40:42.072 [error] supervisor: {<0.1836.0>,ecpool_pool_sup}
emqx_client_test | errorContext: start_error
emqx_client_test | reason: {shutdown,
emqx_client_test | {failed_to_start_child,
emqx_client_test | {worker,1},
emqx_client_test | {{badmatch,{error,econnrefused}},
emqx_client_test | [{mysql_conn,init,1,
emqx_client_test | [{file,"src/mysql_conn.erl"},{line,87}]},
emqx_client_test | {gen_server,init_it,2,
emqx_client_test | [{file,"gen_server.erl"},{line,374}]},
emqx_client_test | {gen_server,init_it,6,
emqx_client_test | [{file,"gen_server.erl"},{line,342}]},
emqx_client_test | {proc_lib,init_p_do_apply,3,
emqx_client_test | [{file,"proc_lib.erl"},{line,249}]}]}}}
emqx_client_test | offender: [{pid,undefined},
emqx_client_test | {id,worker_sup},
emqx_client_test | {mfargs,
emqx_client_test | {ecpool_worker_sup,start_link,
emqx_client_test | [emqx_auth_mysql,emqx_auth_mysql_cli,
emqx_client_test | [{pool_size,8},
emqx_client_test | {auto_reconnect,1},
emqx_client_test | {host,"127.0.0.1"},
emqx_client_test | {port,3306},
emqx_client_test | {user,"mqtt_u"},
emqx_client_test | {password,"mqtt_p"},
emqx_client_test | {database,"mqtt"},
emqx_client_test | {encoding,utf8},
emqx_client_test | {keep_alive,true}]]}},
emqx_client_test | {restart_type,transient},
emqx_client_test | {shutdown,infinity},
emqx_client_test | {child_type,supervisor}]
emqx_client_test | 2020-02-04 18:40:42.074 [error] supervisor: {local,emqx_auth_mysql_sup}
emqx_client_test | errorContext: start_error
emqx_client_test | reason: {shutdown,
emqx_client_test | {failed_to_start_child,worker_sup,
emqx_client_test | {shutdown,
emqx_client_test | {failed_to_start_child,
emqx_client_test | {worker,1},
emqx_client_test | {{badmatch,{error,econnrefused}},
emqx_client_test | [{mysql_conn,init,1,
emqx_client_test | [{file,"src/mysql_conn.erl"},{line,87}]},
emqx_client_test | {gen_server,init_it,2,
emqx_client_test | [{file,"gen_server.erl"},{line,374}]},
emqx_client_test | {gen_server,init_it,6,
emqx_client_test | [{file,"gen_server.erl"},{line,342}]},
emqx_client_test | {proc_lib,init_p_do_apply,3,
emqx_client_test | [{file,"proc_lib.erl"},{line,249}]}]}}}}}
emqx_client_test | offender: [{pid,undefined},
emqx_client_test | {id,emqx_auth_mysql},
emqx_client_test | {mfargs,{ecpool,start_pool,
emqx_client_test | [emqx_auth_mysql,emqx_auth_mysql_cli,
emqx_client_test | [{pool_size,8},
emqx_client_test | {auto_reconnect,1},
emqx_client_test | {host,"127.0.0.1"},
emqx_client_test | {port,3306},
emqx_client_test | {user,"mqtt_u"},
emqx_client_test | {password,"mqtt_p"},
emqx_client_test | {database,"mqtt"},
emqx_client_test | {encoding,utf8},
emqx_client_test | {keep_alive,true}]]}},
emqx_client_test | {restart_type,permanent},
emqx_client_test | {shutdown,5000},
emqx_client_test | {child_type,supervisor}]
emqx_client_test | 2020-02-04 18:40:42.076 [error] crasher:
emqx_client_test | initial call: application_master:init/4
emqx_client_test | pid: <0.1833.0>
emqx_client_test | registered_name: []
emqx_client_test | exception exit: {bad_return,
emqx_client_test | {{emqx_auth_mysql_app,start,[normal,[]]},
emqx_client_test | {'EXIT',
emqx_client_test | {{badmatch,
emqx_client_test | {error,
emqx_client_test | {shutdown,
emqx_client_test | {failed_to_start_child,emqx_auth_mysql,
emqx_client_test | {shutdown,
emqx_client_test | {failed_to_start_child,worker_sup,
emqx_client_test | {shutdown,
emqx_client_test | {failed_to_start_child,
emqx_client_test | {worker,1},
emqx_client_test | {{badmatch,{error,econnrefused}},
emqx_client_test | [{mysql_conn,init,1,
emqx_client_test | [{file,"src/mysql_conn.erl"},{line,87}]},
emqx_client_test | {gen_server,init_it,2,
emqx_client_test | [{file,"gen_server.erl"},{line,374}]},
emqx_client_test | {gen_server,init_it,6,
emqx_client_test | [{file,"gen_server.erl"},{line,342}]},
emqx_client_test | {proc_lib,init_p_do_apply,3,
emqx_client_test | [{file,"proc_lib.erl"},
emqx_client_test | {line,249}]}]}}}}}}}}},
emqx_client_test | [{emqx_auth_mysql_app,start,2,
emqx_client_test | [{file,"src/emqx_auth_mysql_app.erl"},{line,36}]},
emqx_client_test | {application_master,start_it_old,4,
emqx_client_test | [{file,"application_master.erl"},{line,277}]}]}}}}
emqx_client_test | in function application_master:init/4 (application_master.erl, line 138)
emqx_client_test | ancestors: [<0.1832.0>]
emqx_client_test | message_queue_len: 1
emqx_client_test | messages: [{'EXIT',<0.1834.0>,normal}]
emqx_client_test | links: [<0.1832.0>,<0.1249.0>]
emqx_client_test | dictionary: []
emqx_client_test | trap_exit: true
emqx_client_test | status: running
emqx_client_test | heap_size: 987
emqx_client_test | stack_size: 27
emqx_client_test | reductions: 237
emqx_client_test | neighbours:
emqx_client_test | 2020-02-04 18:40:42.077 [error] [Plugins] Load plugin emqx_auth_mysql failed, cannot start plugin emqx_auth_mysql for {bad_return,
emqx_client_test | {{emqx_auth_mysql_app,
emqx_client_test | start,
emqx_client_test | [normal,
emqx_client_test | []]},
emqx_client_test | {'EXIT',
emqx_client_test | {{badmatch,
emqx_client_test | {error,
emqx_client_test | {shutdown,
emqx_client_test | {failed_to_start_child,
emqx_client_test | emqx_auth_mysql,
emqx_client_test | {shutdown,
emqx_client_test | {failed_to_start_child,
emqx_client_test | worker_sup,
emqx_client_test | {shutdown,
emqx_client_test | {failed_to_start_child,
emqx_client_test | {worker,
emqx_client_test | 1},
emqx_client_test | {{badmatch,
emqx_client_test | {error,
emqx_client_test | econnrefused}},
emqx_client_test | [{mysql_conn,
emqx_client_test | init,
emqx_client_test | 1,
emqx_client_test | [{file,
emqx_client_test | "src/mysql_conn.erl"},
emqx_client_test | {line,
emqx_client_test | 87}]},
emqx_client_test | {gen_server,
emqx_client_test | init_it,
emqx_client_test | 2,
emqx_client_test | [{file,
emqx_client_test | "gen_server.erl"},
emqx_client_test | {line,
emqx_client_test | 374}]},
emqx_client_test | {gen_server,
emqx_client_test | init_it,
emqx_client_test | 6,
emqx_client_test | [{file,
emqx_client_test | "gen_server.erl"},
emqx_client_test | {line,
emqx_client_test | 342}]},
emqx_client_test | {proc_lib,
emqx_client_test | init_p_do_apply,
emqx_client_test | 3,
emqx_client_test | [{file,
emqx_client_test | "proc_lib.erl"},
emqx_client_test | {line,
emqx_client_test | 249}]}]}}}}}}}}},
emqx_client_test | [{emqx_auth_mysql_app,
emqx_client_test | start,
emqx_client_test | 2,
emqx_client_test | [{file,
emqx_client_test | "src/emqx_auth_mysql_app.erl"},
emqx_client_test | {line,
emqx_client_test | 36}]},
emqx_client_test | {application_master,
emqx_client_test | start_it_old,
emqx_client_test | 4,
emqx_client_test | [{file,
emqx_client_test | "application_master.erl"},
emqx_client_test | {line,
emqx_client_test | 277}]}]}}}}
emqx_client_test | 2020-02-04 18:40:42.108 [error] PUT /api/v3/nodes/[email protected]/plugins/emqx_auth_mysql/load error: badarg, stacktrace:
emqx_client_test | [{jsx_parser,value,4,[{file,"src/jsx_parser.erl"},{line,163}]},
emqx_client_test | {minirest_handler,jsonify,4,[{file,"src/minirest_handler.erl"},{line,152}]},
emqx_client_test | {minirest,handle_request,2,[{file,"src/minirest.erl"},{line,91}]},
emqx_client_test | {minirest,init,2,[{file,"src/minirest.erl"},{line,83}]},
emqx_client_test | {cowboy_handler,execute,2,[{file,"src/cowboy_handler.erl"},{line,41}]},
emqx_client_test | {cowboy_stream_h,execute,3,[{file,"src/cowboy_stream_h.erl"},{line,296}]},
emqx_client_test | {cowboy_stream_h,request_process,3,
emqx_client_test | [{file,"src/cowboy_stream_h.erl"},{line,274}]},
emqx_client_test | {proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,249}]}]
openwrt etc/plugins/emq_auth_mysql.conf ,write database username and password
but when exec ./bin/emqttd_ctl plugins load emq_auth_mysql
has this error
./bin/emqttd_ctl plugins load emq_auth_mysql
load plugin error: {emq_auth_mysql,
{bad_return,
{{emq_auth_mysql_app,start,[normal,[]]},
{'EXIT',
{{badmatch,
{error,
{shutdown,
{failed_to_start_child,emq_auth_mysql,
{shutdown,
{failed_to_start_child,worker_sup,
{shutdown,
{failed_to_start_child,
{worker,1},
{1045,<<"28000">>,
<<"Access denied for user ''@'localhost' (using password: NO)">>}}}}}}}}},
[{emq_auth_mysql_app,start,2,
[{file,"src/emq_auth_mysql_app.erl"},{line,33}]},
{application_master,start_it_old,4,
[{file,"application_master.erl"},{line,273}]}]}}}}}
emq_auth_mysql.conf:
auth.mysql.password_hash = pbkdf2,sha,1000,128
In database:
password: 6e88be8bad7eae9d9e10aa061224034f
salt:salt
@kimiscircle, Could we merge these two plugins together? And I found this plugin has c_src, could it be compiled successfully on Windows?
Thanks for your awesome plugin:)
Load plugin emqx_auth_mysql error: {emqx_auth_mysql,
{bad_return,
{{emqx_auth_mysql_app,start,[normal,[]]},
{'EXIT',
{{badmatch,
{error,
{shutdown,
{failed_to_start_child,
emqx_auth_mysql,
{shutdown,
{failed_to_start_child,
worker_sup,
{shutdown,
{failed_to_start_child,
{worker,1},
{{auth_method,
<<"caching_sha2_password">>},
[{mysql_protocol,
build_handshake_response,5,
[{file,
"/emqx-rel/_build/emqx/lib/mysql/src/mysql_protocol.erl"},
{line,386}]},
{mysql_protocol,handshake,
7,
[{file,
"/emqx-rel/_build/emqx/lib/mysql/src/mysql_protocol.erl"},
{line,72}]},
{mysql_conn,init,1,
[{file,
"/emqx-rel/_build/emqx/lib/mysql/src/mysql_conn.erl"},
{line,108}]},
{gen_server,init_it,2,
[{file,"gen_server.erl"},
{line,374}]},
{gen_server,init_it,6,
[{file,"gen_server.erl"},
{line,342}]},
{proc_lib,init_p_do_apply,
3,
[{file,"proc_lib.erl"},
{line,249}]}]}}}}}}}}},
[{emqx_auth_mysql_app,start,2,
[{file,
"/emqx-rel/_build/emqx/lib/emqx_auth_mysql/src/emqx_auth_mysql_app.erl"},
{line,38}]},
{application_master,start_it_old,4,
[{file,"application_master.erl"},
{line,277}]}]}}}}}.
emqx版本为3.1.1 和 3.2.7 和4.0.0我都试过了;都无法加载emqx_auth_mysql插件; 都可以加载mysql5.7版本的; mysql8的都不行;
I am getting an intermittent error that I think may be related to the mysql connection timing out. Mysql is set to a 5 minute connection timeout.
Username 'login_test' login failed for {{{badmatch,{error,closed}},[{mysql_protocol,prepare,3,[{file,"src/mysql_protocol.erl"},{line,98}]},{mysql,handle_call,3,[{file,"src/mysql.erl"},{line,585}]},{gen_server,try_handle_call,4,[{file,"gen_server.erl"},{line,629}]},{gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,661}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]},{gen_server,call,[<0.24751.0>,{param_query,"select is_superuser from mqtt_user where username = ? limit 1",[<<"login_test">>]},infinity]}}
I followed README.md to config and load this plugin. And inserted one user with name 'user' and password '123456' into mqtt_user table, but the connection was refused with errror 'bad user name or password' when testing. Can anyone help?
INSERT INTO mqtt_user (id, username, password, salt, is_superuser, created)
VALUES
(1,'user','123456','123456',True,'2016-10-26 10:00:00');
>mosquitto_sub -u user -P 123456 -d -i localmos -t #
Client localmos sending CONNECT
Client localmos received CONNACK
Connection Refused: bad user name or password.
I have a custom table using the follow query:
SELECT '25d55ad283aa400af464c76d713c07ad' AS password FROM UsuarioDispositivo ud INNER JOIN Dispositivo d ON d.Id = ud.IdDispositivo WHERE d.MacAddress = '%u' AND d.MacAddress = '%c' LIMIT 1
When I try to connect, the device is connected to mqtt but could not connect because the query result is 0
here is my config file
##--------------------------------------------------------------------
## MySQL Auth/ACL Plugin
##--------------------------------------------------------------------
## Mysql Server 3306, 127.0.0.1:3306, localhost:3306
auth.mysql.server = 127.0.0.1:3306
## Mysql Pool Size
auth.mysql.pool = 8
## Mysql Username
auth.mysql.username = emqtt
## Mysql Password
auth.mysql.password = REDACTED
## Mysql Database
auth.mysql.database = mqtt
## Variables: %u = username, %c = clientid
## Authentication Query: select password or password,salt
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
## Password hash: plain, md5, sha, sha256 bcrypt
auth.mysql.password_hash = sha256
## sha256 with salt prefix
## auth.mysql.password_hash = salt sha256
## bcrypt with salt only prefix
## auth.mysql.password_hash = salt bcrypt
## sha256 with salt suffix
## auth.mysql.password_hash = sha256 salt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.mysql.password_hash = pbkdf2 sha256 1000 20
## %% Superuser Query
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
## ACL Query Command
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
As you can see it has a user and password in the file and it is uncommented but for some reason it doesn't try to log into the sql database with them. Below is what is in the log file.
2017-05-22 09:35:26.394 [error] <0.1289.0> CRASH REPORT Process <0.1289.0> with 0 neighbours exited with reason: no match of right hand value {error,{shutdown,{failed_to_start_child,emq_auth_mysql,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{1045,<<"28000">>,<<"Access denied for user ''@'localhost' (using password: NO)">>}}}}}}}} in emq_auth_mysql_app:start/2 line 33 in application_master:init/4 line 134
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.