环境:
EMQX 版本:4.4.18
操作系统版本:WIN10-64
各位大佬好,使用Mongodb认证时,我在emqx_auth_mongo配置文件中的auth.mongo.auth_query.selector配置了多个查询条件:auth.mongo.auth_query.selector = broker_username=%u,clientID=%c,status=1。
我的设想,我们的业务系统对Mongodb数据库中的status字段进行控制,当status=1时,允许持有broker_username和clientID的设备连接上EMQX Broker;当status=0时,暂停该设备连接上EMQX Broker。从而避免删除或修改broker_username和clientID的内容。
目前我遇到的问题是无论status字段的值是1还是0,客户端都连接不上Broker并提示 Connection refused: Not authorized。请问selector中是不是不支持使用字符串,只支持占位符的呢?请大佬们指点迷津,谢谢!
支持字符串的。你是不是没有设置对auth.mongo.auth_query.password_field和auth.mongo.auth_query.password_hash
他是通过selector查出来mogodb后再去password_field, 和password_hash的数据来检查。
你可以用selector只有一个条件调通,后再加入更多的条件。
auth.mongo.auth_query.password_field=secret (对应数据库中的secret字段);auth.mongo.auth_query.password_hash=plain。
按您的建议,我做了以下测试:
在selector中只使用broker_username和clientID两个查询条件时(即auth.mongo.auth_query.selector = broker_username=%u,clientID=%c),客户端是能正常连接到Broker。
在selector添加status=1后(即auth.mongo.auth_query.selector = broker_username=%u,clientID=%c,stauts=1),此时客户端就不能连接上Broker并提示Connection refused: Not authorized了。
在selector中只使用broker_username和clientID,但这次我用数据库中clientID的值‘1’代替selector中clientID的占位符%c(即auth.mongo.auth_query.selector = broker_username=%u,clientID=1)。此时客户端不能连接上Broker并提示Connection refused: Not authorized。
从测试1和测试3的结果看,我感觉selector中用了字符串认证就通过不了,请问selector中使用字符串时,其语法上是不是有什么特别的要求的呢?
没有什么特殊的语法。
你在第二点中的stauts是不是写错了。应该是status…
好的。麻烦按以下步骤帮贴一下数据。
./bin/emqx remote_console
application:get_all_env(emqx_auth_mongo).
recon_trace:calls({emqx_auth_mongo,‘_’,return_trace}, 1000).
下图是按您的提示操作后的输出结果,其中application:get_all_env(emqx_auth_mongo).输出的是[],recon_trace:calls({emqx_auth_mongo,‘_’,return_trace},1000).输出的是0。另外,我把emqx.log.1的输出日志也附上,其中的数据是对应从emqx启动,到输入您的要求输入的指令,最后启动客户端请求整个操作过程。请查看,谢谢!
/------------------------------------------------------------------------------------------------------/
emqx.log.1
2023-06-05T09:41:56.782000+08:00 [notice] alarm_handler: {set,{{disk_almost_full,“E:\”},[]}}
2023-06-05T09:41:56.908000+08:00 [info] event=server_setup_successfully driver=tcp socket=“#Port<0.7>”
2023-06-05T09:41:56.916000+08:00 [info] ‘$kind’: gen_rpc_dispatcher_start, file: gen_rpc_dispatcher.erl, line: 52, mfa: {gen_rpc_dispatcher,init,0}, pid: <0.166.0>
2023-06-05T09:41:56.979000+08:00 [notice] alarm_handler: {clear,lc_mem_alarm}
2023-06-05T09:41:57.004000+08:00 [notice] alarm_handler: {clear,lc_runq_alarm}
2023-06-05T09:42:03.880000+08:00 [debug] Adding Defaults
2023-06-05T09:42:03.880000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:03.880000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:03.881000+08:00 [debug] Validation
2023-06-05T09:42:03.881000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:03.882000+08:00 [debug] “emqx_management.application” in Translations to drop…
2023-06-05T09:42:03.882000+08:00 [debug] Running translation for emqx_management.listeners
2023-06-05T09:42:03.883000+08:00 [debug] Applied Translations
2023-06-05T09:42:03.892000+08:00 [info] [Plugins] Started plugins: [emqx_plugin_libs,jiffy,minirest,emqx_management]
2023-06-05T09:42:03.892000+08:00 [info] [Plugins] Load plugin emqx_management successfully
2023-06-05T09:42:03.895000+08:00 [debug] Adding Defaults
2023-06-05T09:42:03.895000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:03.895000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:03.895000+08:00 [debug] Validation
2023-06-05T09:42:03.895000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:03.895000+08:00 [debug] Applied Translations
2023-06-05T09:42:03.896000+08:00 [info] [Plugins] Started plugins: [recon,emqx_recon]
2023-06-05T09:42:03.896000+08:00 [info] [Plugins] Load plugin emqx_recon successfully
2023-06-05T09:42:03.908000+08:00 [debug] Adding Defaults
2023-06-05T09:42:03.908000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:03.908000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:03.909000+08:00 [debug] Validation
2023-06-05T09:42:03.909000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:03.909000+08:00 [debug] Applied Translations
2023-06-05T09:42:03.911000+08:00 [info] [Plugins] Started plugins: [emqx_retainer]
2023-06-05T09:42:03.911000+08:00 [info] [Plugins] Load plugin emqx_retainer successfully
2023-06-05T09:42:03.916000+08:00 [debug] Adding Defaults
2023-06-05T09:42:03.916000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:03.916000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:03.917000+08:00 [debug] Validation
2023-06-05T09:42:03.917000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:03.917000+08:00 [debug] Applied Translations
2023-06-05T09:42:03.917000+08:00 [info] [Plugins] Started plugins: [emqx_telemetry]
2023-06-05T09:42:03.918000+08:00 [info] [Plugins] Load plugin emqx_telemetry successfully
2023-06-05T09:42:03.933000+08:00 [debug] Adding Defaults
2023-06-05T09:42:03.933000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:03.933000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:03.934000+08:00 [debug] Validation
2023-06-05T09:42:03.934000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:03.934000+08:00 [debug] Running translation for emqx_rule_engine.events
2023-06-05T09:42:03.935000+08:00 [debug] Applied Translations
2023-06-05T09:42:04.207000+08:00 [info] [Plugins] Started plugins: [jose,rulesql,getopt,emqx_rule_engine]
2023-06-05T09:42:04.207000+08:00 [info] [Plugins] Load plugin emqx_rule_engine successfully
2023-06-05T09:42:04.246000+08:00 [debug] Adding Defaults
2023-06-05T09:42:04.247000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:04.247000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:04.248000+08:00 [debug] Validation
2023-06-05T09:42:04.248000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:04.248000+08:00 [debug] Running translation for emqx_dashboard.listeners
2023-06-05T09:42:04.249000+08:00 [debug] Applied Translations
2023-06-05T09:42:04.259000+08:00 [info] [Plugins] Started plugins: [emqx_dashboard]
2023-06-05T09:42:04.259000+08:00 [info] [Plugins] Load plugin emqx_dashboard successfully
2023-06-05T09:42:04.280000+08:00 [debug] Adding Defaults
2023-06-05T09:42:04.280000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:04.280000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:04.281000+08:00 [debug] Validation
2023-06-05T09:42:04.281000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:04.281000+08:00 [debug] Running translation for emqx_auth_redis.options
2023-06-05T09:42:04.281000+08:00 [debug] Running translation for emqx_auth_redis.server
2023-06-05T09:42:04.282000+08:00 [debug] Running translation for emqx_auth_redis.query_timeout
2023-06-05T09:42:04.282000+08:00 [debug] Running translation for emqx_auth_redis.password_hash
2023-06-05T09:42:04.282000+08:00 [debug] Applied Translations
2023-06-05T09:42:04.291000+08:00 [info] [Plugins] Started plugins: [ecpool,eredis,eredis_cluster,emqx_auth_redis]
2023-06-05T09:42:04.291000+08:00 [info] [Plugins] Load plugin emqx_auth_redis successfully
2023-06-05T09:42:04.339000+08:00 [debug] Adding Defaults
2023-06-05T09:42:04.339000+08:00 [debug] Right Hand Side Substitutions
2023-06-05T09:42:04.340000+08:00 [debug] Applying Datatypes
2023-06-05T09:42:04.341000+08:00 [debug] Validation
2023-06-05T09:42:04.341000+08:00 [debug] Applied 1:1 Mappings
2023-06-05T09:42:04.341000+08:00 [debug] Running translation for emqx_auth_mongo.server
2023-06-05T09:42:04.342000+08:00 [debug] “mongodb.cursor_timeout” in Translations to drop…
2023-06-05T09:42:04.342000+08:00 [debug] Running translation for emqx_auth_mongo.auth_query
2023-06-05T09:42:04.343000+08:00 [debug] Running translation for emqx_auth_mongo.super_query
2023-06-05T09:42:04.343000+08:00 [debug] Running translation for emqx_auth_mongo.acl_query
2023-06-05T09:42:04.343000+08:00 [debug] Applied Translations
2023-06-05T09:42:04.402000+08:00 [info] [Plugins] Started plugins: [pbkdf2,bson,poolboy,mongodb,emqx_auth_mongo]
2023-06-05T09:42:04.403000+08:00 [info] [Plugins] Load plugin emqx_auth_mongo successfully
2023-06-05T09:42:04.405000+08:00 [info] [Modules] Load emqx_mod_acl_internal module successfully.
2023-06-05T09:42:04.405000+08:00 [info] [Modules] Load emqx_mod_presence module successfully.
2023-06-05T09:42:06.382000+08:00 [debug] file: emqx_telemetry.erl, line: 359, mfa: {emqx_telemetry,report_telemetry,1}, msg: telemetry_data_reported, pid: <0.456.0>
2023-06-05T09:47:04.760000+08:00 [debug] 127.0.0.1:52182 [MQTT] RECV <<16,50,0,4,77,81,84,84,5,194,0,60,5,17,0,0,0,0,0,1,49,0,17,73,111,116,65,112,112,49,47,101,73,70,107,117,84,72,66,56,0,10,72,97,106,120,72,122,117,56,109,115>>
2023-06-05T09:47:04.760000+08:00 [debug] 127.0.0.1:52182 [MQTT] RECV CONNECT(Q0, R0, D0, ClientId=1, ProtoName=MQTT, ProtoVsn=5, CleanStart=true, KeepAlive=60, Username=IotApp1/eIFkuTHB8, Password=)
2023-06-05T09:47:04.762000+08:00 [debug] 1@127.0.0.1:52182 [Redis] Auth ignored, Client: #{clientid => <<“1”>>,is_bridge => false,is_superuser => false,mountpoint => undefined,password => <<"“>>,peerhost => {127,0,0,1},protocol => mqtt,sockport => 1883,username => <<“IotApp1/eIFkuTHB8”>>,zone => external}
2023-06-05T09:47:04.766000+08:00 [debug] 1@127.0.0.1:52182 [MongoDB] Auth ignored, Client: #{clientid => <<“1”>>,is_bridge => false,is_superuser => false,mountpoint => undefined,password => <<”******">>,peerhost => {127,0,0,1},protocol => mqtt,sockport => 1883,username => <<“IotApp1/eIFkuTHB8”>>,zone => external}
2023-06-05T09:47:04.766000+08:00 [warning] 1@127.0.0.1:52182 [Channel] Client 1 (Username: ‘IotApp1/eIFkuTHB8’) login failed for not_authorized
2023-06-05T09:47:04.766000+08:00 [debug] 1@127.0.0.1:52182 [MQTT] SEND CONNACK(Q0, R0, D0, AckFlags=0, ReasonCode=135)
2023-06-05T09:47:04.767000+08:00 [info] 1@127.0.0.1:52182 file: emqx_connection.erl, line: 544, mfa: {emqx_connection,terminate,2}, msg: terminate, pid: <0.1529.0>, reason: {shutdown,not_authorized}
这日志看不出来问题,
要不你的mongo数据怎么插入的给个命令给我,我也插入一条,
然后再把emqx_auth_mongo.conf也发一份上来,我本地重现一下?
安装好Mongodb后,用其自带的mongosh输入以下命令行:
use IotHub
db.createCollection(“devices”)
db.devices.insert({broker_username:“与客户端对应”,clientID:“与客户端对应”,secret:“与客户端对应”,status:“1”})
emqx_auth.mongo.conf的配置文件如下:
emqx_auth_mongo.zip (1.7 KB)
