adjust readme for new plugin
This commit is contained in:
parent
ecff235b92
commit
1e87080c9d
111
LICENSE
111
LICENSE
@ -20,114 +20,3 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
SOFTWARE.
|
SOFTWARE.
|
||||||
|
|
||||||
|
|
||||||
mosquitto-auth-plug and its components are licensed as follows:
|
|
||||||
-----------------------------------------------------------------------------
|
|
||||||
Copyright (c) 2013 Jan-Piet Mens <jp()mens.de>
|
|
||||||
All rights reserved.
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions are met:
|
|
||||||
|
|
||||||
1. Redistributions of source code must retain the above copyright notice,
|
|
||||||
this list of conditions and the following disclaimer.
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer in the
|
|
||||||
documentation and/or other materials provided with the distribution.
|
|
||||||
3. Neither the name of mosquitto nor the names of its
|
|
||||||
contributors may be used to endorse or promote products derived from
|
|
||||||
this software without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
||||||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
||||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
||||||
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
|
||||||
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
||||||
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
||||||
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
||||||
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
||||||
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
||||||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
||||||
POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
|
|
||||||
b64.[ch] is:
|
|
||||||
--------------------------------------------------------------
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Hgskolan
|
|
||||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
|
||||||
* All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* 1. Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
*
|
|
||||||
* 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in the
|
|
||||||
* documentation and/or other materials provided with the distribution.
|
|
||||||
*
|
|
||||||
* 3. All advertising materials mentioning features or use of this software
|
|
||||||
* must display the following acknowledgement:
|
|
||||||
* This product includes software developed by the Kungliga Tekniska
|
|
||||||
* Hgskolan and its contributors.
|
|
||||||
*
|
|
||||||
* 4. Neither the name of the Institute nor the names of its contributors
|
|
||||||
* may be used to endorse or promote products derived from this software
|
|
||||||
* without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
||||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
||||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
||||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
||||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
||||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
||||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
||||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
||||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
||||||
* SUCH DAMAGE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
TinyCDB (http://www.corpit.ru/mjt/tinycdb.html) is:
|
|
||||||
--------------------------------------------------------------
|
|
||||||
|
|
||||||
The code is in public domain, that is, you may do anything you want with it.
|
|
||||||
|
|
||||||
|
|
||||||
uthash.h is:
|
|
||||||
-------------------------------
|
|
||||||
|
|
||||||
/*
|
|
||||||
Copyright (c) 2003-2013, Troy D. Hanson http://troydhanson.github.com/uthash/
|
|
||||||
All rights reserved.
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions are met:
|
|
||||||
|
|
||||||
* Redistributions of source code must retain the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
|
||||||
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
||||||
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
|
|
||||||
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
||||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
||||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
||||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
||||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
||||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
||||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
mosquitto
|
|
||||||
----------------------------------------------------------------------------
|
|
||||||
This project is dual licensed under the Eclipse Public License 1.0 and the
|
|
||||||
Eclipse Distribution License 1.0 as described in the epl-v10 and edl-v10 files.
|
|
||||||
For the particular license files see in the submodule itself.
|
|
||||||
|
|
||||||
|
17
create-schema.sql
Normal file
17
create-schema.sql
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
CREATE TABLE users (
|
||||||
|
id INTEGER AUTO_INCREMENT,
|
||||||
|
username VARCHAR(25) NOT NULL,
|
||||||
|
pw VARCHAR(512) NOT NULL,
|
||||||
|
super INT(1) NOT NULL DEFAULT 0,
|
||||||
|
PRIMARY KEY (id)
|
||||||
|
);
|
||||||
|
CREATE UNIQUE INDEX users_username ON users (username);
|
||||||
|
|
||||||
|
CREATE TABLE acls (
|
||||||
|
id INTEGER AUTO_INCREMENT,
|
||||||
|
username VARCHAR(25) NOT NULL,
|
||||||
|
topic VARCHAR(256) NOT NULL,
|
||||||
|
rw INTEGER(1) NOT NULL DEFAULT 1, -- 1 is read, 2 is write, 3 is readwrite, 4 is subscribe
|
||||||
|
PRIMARY KEY (id)
|
||||||
|
);
|
||||||
|
CREATE UNIQUE INDEX acls_user_topic ON acls (username, topic(228));
|
1
hints.txt
Normal file
1
hints.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
{ "topic": "mock/topic", "clientid": "mock_client", "acc": 1 //1 is read, 2 is write, 3 is readwrite, 4 is subscribe }
|
21
mosquitto.conf-sample
Normal file
21
mosquitto.conf-sample
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
log_dest stdout
|
||||||
|
|
||||||
|
persistence false
|
||||||
|
|
||||||
|
listener 1883
|
||||||
|
protocol mqtt
|
||||||
|
#allow_anonymous true
|
||||||
|
allow_anonymous false
|
||||||
|
|
||||||
|
auth_plugin /opt/lib/go-auth.so
|
||||||
|
auth_opt_log_dest stdout
|
||||||
|
auth_opt_log_level debug
|
||||||
|
auth_opt_backends mysql
|
||||||
|
auth_opt_mysql_host mariadb
|
||||||
|
auth_opt_mysql_port 3306
|
||||||
|
auth_opt_mysql_dbname mosquittoauth
|
||||||
|
auth_opt_mysql_user mosquittoauth
|
||||||
|
auth_opt_mysql_password xxx
|
||||||
|
auth_opt_mysql_allow_native_passwords true
|
||||||
|
auth_opt_mysql_userquery SELECT pw FROM users WHERE username = ?
|
||||||
|
auth_opt_mysql_aclquery SELECT topic FROM acls WHERE username = ? AND (rw & ?) != 0
|
36
readme.md
36
readme.md
@ -1,11 +1,9 @@
|
|||||||
# Docker Image containing the Mosquitto MQTT Broker and the mosquitto-auth-plug
|
# Docker Image containing the Mosquitto MQTT Broker and the mosquitto-auth-plug
|
||||||
|
|
||||||
This project includes the mosquitto MQTT broker (https://github.com/eclipse/mosquitto, see also https://mosquitto.org/) and the mosquitto-auth-plug (https://github.com/jpmens/mosquitto-auth-plug, forked into https://github.com/wollud1969/mosquitto-auth-plug) as submodules.
|
This project includes the mosquitto MQTT broker (https://github.com/eclipse/mosquitto, see also https://mosquitto.org/) and the mosquitto-go-auth (https://github.com/iegomez/mosquitto-go-auth forked into https://github.com/wollud1969/mosquitto-go-auth) as submodules.
|
||||||
|
|
||||||
Using Gitlab CI and a Dockerfile included in this project a Docker image based on Debian Linux is created.
|
Using Gitlab CI and a Dockerfile included in this project a Docker image based on Debian Linux is created.
|
||||||
|
|
||||||
Note, please: the author of mosquitto-auth-plug has archived his project because he don't want to be bothered concerning this software he is not longer using anymore. So, please, don't be tempted to send him questions again because you find this image useful but run into problems. Read the available resources first, finally you may contact me.
|
|
||||||
|
|
||||||
|
|
||||||
## Mosquitto MQTT Broker
|
## Mosquitto MQTT Broker
|
||||||
|
|
||||||
@ -49,7 +47,6 @@ The container expects the main configuration file in the root of the volume name
|
|||||||
|
|
||||||
A very simple configuration, only supporting MQTT on port 1883 is:
|
A very simple configuration, only supporting MQTT on port 1883 is:
|
||||||
|
|
||||||
pid_file /var/run/mosquitto.pid
|
|
||||||
log_dest stdout
|
log_dest stdout
|
||||||
|
|
||||||
persistence false
|
persistence false
|
||||||
@ -59,22 +56,29 @@ A very simple configuration, only supporting MQTT on port 1883 is:
|
|||||||
#allow_anonymous true
|
#allow_anonymous true
|
||||||
allow_anonymous false
|
allow_anonymous false
|
||||||
|
|
||||||
auth_plugin /opt/lib/auth-plug.so
|
auth_plugin /opt/lib/go-auth.so
|
||||||
|
auth_opt_log_dest stdout
|
||||||
|
auth_opt_log_level debug
|
||||||
auth_opt_backends mysql
|
auth_opt_backends mysql
|
||||||
auth_opt_host mariadb
|
auth_opt_mysql_host mariadb
|
||||||
auth_opt_port 3306
|
auth_opt_mysql_port 3306
|
||||||
auth_opt_dbname mosquittoauth
|
auth_opt_mysql_dbname mosquittoauth
|
||||||
auth_opt_user mosquittoauth
|
auth_opt_mysql_user mosquittoauth
|
||||||
auth_opt_pass xxx
|
auth_opt_mysql_password ieh4weiF
|
||||||
auth_opt_userquery SELECT pw FROM users WHERE username = '%s'
|
auth_opt_mysql_allow_native_passwords true
|
||||||
auth_opt_aclquery SELECT topic FROM acls WHERE username = '%s' and rw >= %d
|
auth_opt_mysql_userquery SELECT pw FROM users WHERE username = ?
|
||||||
|
auth_opt_mysql_aclquery SELECT topic FROM acls WHERE username = ? AND (rw & ?) != 0
|
||||||
|
|
||||||
|
The original readme of the mosquitto-go-auth plugin proposes a different acl query. However, that one didn't work for me.
|
||||||
|
Maybe the meaning of the access attribute handed over from mosquitto core to the plugin has been changed in between.
|
||||||
|
Actually, it appears to me that the meaning of this attribute has to be interpreted bitwise: Bit0 (1) is read access, Bit1 (2) is write access (publish), Bit0 and Bit1 (3) is readwrite access and Bit2 (4) is subscribe access. Write access is obviously and verified be test publish and subscribe access is also obviously subscribe. Currently I don't know what is meant be read access. For this reason I'm using a bitwise operation in the acl query. I set the rw column for those users who should have read-only access to 5 (1&4), for users who should only publish to 2 and for those ones who should read and write to 7 (1&2&4).
|
||||||
|
|
||||||
The required schema in the database is
|
The required schema in the database is
|
||||||
|
|
||||||
CREATE TABLE users (
|
CREATE TABLE users (
|
||||||
id INTEGER AUTO_INCREMENT,
|
id INTEGER AUTO_INCREMENT,
|
||||||
username VARCHAR(25) NOT NULL,
|
username VARCHAR(25) NOT NULL,
|
||||||
pw VARCHAR(128) NOT NULL,
|
pw VARCHAR(512) NOT NULL,
|
||||||
super INT(1) NOT NULL DEFAULT 0,
|
super INT(1) NOT NULL DEFAULT 0,
|
||||||
PRIMARY KEY (id)
|
PRIMARY KEY (id)
|
||||||
);
|
);
|
||||||
@ -84,14 +88,14 @@ The required schema in the database is
|
|||||||
id INTEGER AUTO_INCREMENT,
|
id INTEGER AUTO_INCREMENT,
|
||||||
username VARCHAR(25) NOT NULL,
|
username VARCHAR(25) NOT NULL,
|
||||||
topic VARCHAR(256) NOT NULL,
|
topic VARCHAR(256) NOT NULL,
|
||||||
rw INTEGER(1) NOT NULL DEFAULT 1, -- 1: read-only, 2: read-write
|
rw INTEGER(1) NOT NULL DEFAULT 1, -- 1 is read, 2 is write, 3 is readwrite, 4 is subscribe
|
||||||
PRIMARY KEY (id)
|
PRIMARY KEY (id)
|
||||||
);
|
);
|
||||||
CREATE UNIQUE INDEX acls_user_topic ON acls (username, topic(228));
|
CREATE UNIQUE INDEX acls_user_topic ON acls (username, topic(228));
|
||||||
|
|
||||||
The password is generated using the `np` tool provided by mosquitto-auth-plug, which is included in the image at `/opt/bin`. It can be used either within the container using `docker exec -it <mosquitto-container> /opt/bin/np`. You may also try to copy it from the container onto your Linux host. It should run, since it is only linked against typical Linux libraries, however, I wouldn't do that.
|
The password is generated using the `pw` tool provided by mosquitto-go-auth, which is included in the image at `/opt/bin`. It can be used either within the container using `docker exec -it <mosquitto-container> /opt/bin/pw`. You may also try to copy it from the container onto your Linux host. It should run, since it is only linked against typical Linux libraries, however, I wouldn't do that.
|
||||||
|
|
||||||
For further information consult the readme and the examples in the mosquitto-auth-plug project (https://github.com/jpmens/mosquitto-auth-plug or https://github.com/wollud1969/mosquitto-auth-plug).
|
For further information consult the readme and the examples in the mosquitto-go-auth project (https://github.com/iegomez/mosquitto-go-auth or https://github.com/wollud1969/mosquitto-go-auth).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user