Open churm6044 opened 5 years ago
Hi, @Gilbert-Wong, Can you help me to solve this problem?
Hi, @churm6044 The emqx_auth_mysql plugin does not be check a username prefixed with the $ sign.
So, It will fallback to the default ACL rules acl.conf
or mqtt.acl_nomatch
option.
Hi, @churm6044 The emqx_auth_mysql plugin does not be check a username prefixed with the $ sign. So, It will fallback to the default ACL rules
acl.conf
ormqtt.acl_nomatch
option.
mqtt.acl_nomatch, is this option same as acl_nomatch option in /etc/emqx/emqx.config ?
Environment
Description
Use
plugins/emqx_auth_mysql
to authentication and ACL verify with MySQL Database. Butusername
within dollar sign($) can't pass ACL verify.Please follow testing steps below, use username within dollar sign(qa001@gmail.com) and username without dollar sign($MAIL$qa01@gmail.com).
Insert user into
mqtt_user
table.Insert acl into
mqtt_acl
table. (Use username:$MAIL$qa01@gmail.com
)Use EMQ Dashboard tools(
Websocket
) to connect as$MAIL$qa01@gmail.com
and attempt to subscribe topicout/ugroup/10918/#
. The log/opt/ramdisk/emqttd/log/erlang.log.1
shows the client can not subscribe.Change username without dollar sign($) in
mqtt_acl
table. (Use username:qa001@gmail.com
)Use EMQ Dashboard tools(
Websocket
) to re-connect asqa001@gmail.com
and attempt to subscribe topicout/ugroup/10918/#
. Subscribe success. And publish topicout/ugroup/10918/device/30258/status
success.[2019-07-04 02:49:45][on_message_publish] clientid:mqttjs_96dcbb3099, username:qa001@gmail.com, topic:out/ugroup/10918/device/30258/status, payload:1, qos:0, retain:false [2019-07-04 02:49:45][on_message_delivered] clientid:mqttjs_96dcbb3099, username:qa001@gmail.com, topic:out/ugroup/10918/device/30258/status, payload:1, qos:0, retain:false
--------------------------------------------------------------------
MySQL Auth/ACL Plugin
--------------------------------------------------------------------
auth.mysql.server =:3306
auth.mysql.pool = 8
auth.mysql.username =
auth.mysql.password =
auth.mysql.database = mqtt
Authentication query.
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
Password hash.
auth.mysql.password_hash = sha256
Superuser query.
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
ACL query.
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'