环境信息
- EMQX 版本:emqx-4.4.5-otp24.1.5-3-el7-amd64
- 操作系统及版本:centos7
- 其他
问题描述
开启 redis 鉴权模块,redis 使用的是阿里云提供的服务,没有注册的用户同样可以登录,鉴权模块没有起效
配置文件及日志
配置文件:
##--------------------------------------------------------------------
## Redis Auth/ACL Plugin
##--------------------------------------------------------------------
## Redis Server cluster type
## single Single redis server
## sentinel Redis cluster through sentinel
## cluster Redis through cluster
auth.redis.type = cluster
## Redis server address.
##
## Value: Port | IP:Port
##
## Single Redis Server: 127.0.0.1:6379, localhost:6379
## Redis Sentinel: 127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379
## Redis Cluster: 127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379
auth.redis.server = r-u##############.redis.rds.aliyuncs.com:6379
## Redis sentinel cluster name.
##
## Value: String
## auth.redis.sentinel = mymaster
## Redis pool size.
##
## Value: Number
auth.redis.pool = 8
## Redis database no.
##
## Value: Number
auth.redis.database = 0
## Redis password.
##
## Value: String
auth.redis.password = 1111111@111111
## Redis query timeout
##
## Value: Duration
## auth.redis.query_timeout = 5s
## Authentication query command.
##
## Value: Redis cmd
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
## Examples:
## - HMGET mqtt_user:%u password
## - HMGET mqtt_user:%u password salt
# #auth.redis.auth_cmd = HMGET mqtt_user:%u password
auth.redis.auth_cmd = HGET zy:mqtt_user:%c password
## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.redis.password_hash = md5
## sha256 with salt prefix
## auth.redis.password_hash = salt,sha256
## sha256 with salt suffix
## auth.redis.password_hash = sha256,salt
## bcrypt with salt prefix
## auth.redis.password_hash = salt,bcrypt
## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.redis.password_hash = pbkdf2,sha256,1000,20
## Superuser query command.
##
## Value: Redis cmd
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
# #auth.redis.super_cmd = HGET mqtt_user:%u is_superuser
auth.redis.super_cmd = HGET zy:mqtt_user:%c is_superuser
## ACL query command.
##
## Value: Redis cmd
##
## Variables:
## - %u: username
## - %c: clientid
# 98 #auth.redis.acl_cmd = HGETALL mqtt_acl:%u
auth.redis.acl_cmd = HGETALL zy:mqtt_acl:%c
## Redis ssl configuration.
##
## Value: on | off
#auth.redis.ssl = off
## CA certificate.
##
## Value: File
#auth.redis.ssl.cacertfile = path/to/your/cafile.pem
## Client ssl certificate.
##
## Value: File
#auth.redis.ssl.certfile = path/to/your/certfile
## Client ssl keyfile.
##
## Value: File
#auth.redis.ssl.keyfile = path/to/your/keyfile
## In mode verify_none the default behavior is to allow all x509-path
## validation errors.
##
## Value: true | false
#auth.redis.ssl.verify = false
## If not specified, the server's names returned in server's certificate is validated against
## what's provided `auth.redis.server` config's host part.
## Setting to 'disable' will make EMQX ignore unmatched server names.
## If set with a host name, the server's names returned in server's certificate is validated
## against this value.
##
## Value: String | disable
## auth.redis.ssl.server_name_indication = disable
日志:
2022-07-25T15:06:00.010513+08:00 [error] crasher: initial call: ecpool_worker:init/1, pid: <0.2349.0>, registered_name: [], exit: {{function_clause,[{eredis,start_link,[undefined,6379,0,"QwerZy@2022",3000,5000,[]],[{file,"eredis.erl"},{line,52}]},{emqx_auth_redis_cli,connect,1,[{file,"emqx_auth_redis_cli.erl"},{line,44}]},{ecpool_worker,connect_internal,1,[{file,"ecpool_worker.erl"},{line,261}]},{ecpool_worker,init,1,[{file,"ecpool_worker.erl"},{line,125}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,423}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,407}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}, ancestors: [<0.2348.0>,<0.2346.0>,emqx_auth_redis_sup,<0.2344.0>], message_queue_len: 0, messages: [], links: [<0.2348.0>], dictionary: [], trap_exit: true, status: running, heap_size: 610, stack_size: 28, reductions: 361; neighbours:
2022-07-25T15:06:00.010813+08:00 [error] Supervisor: {<0.2346.0>,ecpool_pool_sup}. Context: start_error. Reason: {shutdown,{failed_to_start_child,{worker,1},{function_clause,[{eredis,start_link,[undefined,6379,0,"QwerZy@2022",3000,5000,[]],[{file,"eredis.erl"},{line,52}]},{emqx_auth_redis_cli,connect,1,[{file,"emqx_auth_redis_cli.erl"},{line,44}]},{ecpool_worker,connect_internal,1,[{file,"ecpool_worker.erl"},{line,261}]},{ecpool_worker,init,1,[{file,"ecpool_worker.erl"},{line,125}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,423}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}}}. Offender: id=worker_sup,pid=undefined.
2022-07-25T15:08:47.633178+08:00 [error] emx04@192.168.0.157:51572 [Hooks] Failed to execute {fun emqx_auth_redis:check/3,[#{auth_cmd => "HGET zy:mqtt_user:%c password",hash_type => md5,pool => emqx_auth_redis,super_cmd => "HGET zy:mqtt_user:%c is_superuser",timeout => infinity,type => cluster}]}: {error,{case_clause,{ok,undefined}},[{emqx_auth_redis,check,3,[{file,"emqx_auth_redis.erl"},{line,35}]},{emqx_hooks,safe_execute,2,[{file,"emqx_hooks.erl"},{line,207}]},{emqx_hooks,do_run_fold,3,[{file,"emqx_hooks.erl"},{line,186}]},{emqx_access_control,authenticate,1,[{file,"emqx_access_control.erl"},{line,45}]},{emqx_channel,auth_connect,2,[{file,"emqx_channel.erl"},{line,1328}]},{emqx_misc,pipeline,3,[{file,"emqx_misc.erl"},{line,155}]},{emqx_channel,handle_in,2,[{file,"emqx_channel.erl"},{line,303}]},{emqx_connection,with_channel,3,[{file,"emqx_connection.erl"},{line,694}]},{emqx_connection,process_msg,2,[{file,"emqx_connection.erl"},{line,394}]},{emqx_connection,process_msg,2,[{file,"emqx_connection.erl"},{line,400}]},{emqx_connection,handle_recv,3,[{file,"emqx_connection.erl"},{line,358}]},{proc_lib,wake_up,3,[{file,"proc_lib.erl"},{line,236}]}]}
2022-07-25T16:05:02.595639+08:00 [error] emx04@192.168.0.157:52776 [Hooks] Failed to execute {fun emqx_auth_redis:check/3,[#{auth_cmd => "HGET zy:mqtt_user:%c password",hash_type => md5,pool => emqx_auth_redis,super_cmd => "HGET zy:mqtt_user:%c is_superuser",timeout => infinity,type => single}]}: {error,{case_clause,{ok,undefined}},[{emqx_auth_redis,check,3,[{file,"emqx_auth_redis.erl"},{line,35}]},{emqx_hooks,safe_execute,2,[{file,"emqx_hooks.erl"},{line,207}]},{emqx_hooks,do_run_fold,3,[{file,"emqx_hooks.erl"},{line,186}]},{emqx_access_control,authenticate,1,[{file,"emqx_access_control.erl"},{line,45}]},{emqx_channel,auth_connect,2,[{file,"emqx_channel.erl"},{line,1328}]},{emqx_misc,pipeline,3,[{file,"emqx_misc.erl"},{line,155}]},{emqx_channel,handle_in,2,[{file,"emqx_channel.erl"},{line,303}]},{emqx_connection,with_channel,3,[{file,"emqx_connection.erl"},{line,694}]},{emqx_connection,process_msg,2,[{file,"emqx_connection.erl"},{line,394}]},{emqx_connection,process_msg,2,[{file,"emqx_connection.erl"},{line,400}]},{emqx_connection,handle_recv,3,[{file,"emqx_connection.erl"},{line,358}]},{proc_lib,wake_up,3,[{file,"proc_lib.erl"},{line,236}]}]}