kopia lustrzana https://github.com/Yakifo/amqtt
Add plugin for checking if anonymous connection are authorized
Nicolas Jouanin
rodzic
d70e6437cf
commit
3f2a7fc8c8
|
|
@ -31,6 +31,9 @@ from .plugins.manager import PluginManager, BaseContext
|
||||||
_defaults = {
|
_defaults = {
|
||||||
'timeout-disconnect-delay': 2,
|
'timeout-disconnect-delay': 2,
|
||||||
'publish-retry-delay': 5,
|
'publish-retry-delay': 5,
|
||||||
|
'auth': {
|
||||||
|
'allow-anonymous': True,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
DOLLAR_SYS_ROOT = '$SYS/broker/'
|
DOLLAR_SYS_ROOT = '$SYS/broker/'
|
||||||
|
|
@ -129,15 +132,15 @@ class Broker:
|
||||||
|
|
||||||
:param config: Example Yaml config
|
:param config: Example Yaml config
|
||||||
listeners:
|
listeners:
|
||||||
- default: #Mandatory
|
default: #Mandatory
|
||||||
max-connections: 50000
|
max-connections: 50000
|
||||||
type: tcp
|
type: tcp
|
||||||
- my-tcp-1:
|
my-tcp-1:
|
||||||
bind: 127.0.0.1:1883
|
bind: 127.0.0.1:1883
|
||||||
- my-tcp-2:
|
my-tcp-2:
|
||||||
bind: 1.2.3.4:1883
|
bind: 1.2.3.4:1883
|
||||||
max-connections: 1000
|
max-connections: 1000
|
||||||
- my-tcp-ssl-1:
|
my-tcp-ssl-1:
|
||||||
bind: 127.0.0.1:8883
|
bind: 127.0.0.1:8883
|
||||||
ssl: on
|
ssl: on
|
||||||
cafile: /some/cafile
|
cafile: /some/cafile
|
||||||
|
|
@ -145,14 +148,14 @@ class Broker:
|
||||||
capath: certificate data
|
capath: certificate data
|
||||||
certfile: /some/certfile
|
certfile: /some/certfile
|
||||||
keyfile: /some/key
|
keyfile: /some/key
|
||||||
- my-ws-1:
|
my-ws-1:
|
||||||
bind: 0.0.0.0:8080
|
bind: 0.0.0.0:8080
|
||||||
type: ws
|
type: ws
|
||||||
timeout-disconnect-delay: 2
|
timeout-disconnect-delay: 2
|
||||||
publish-retry-delay: 5
|
publish-retry-delay: 5
|
||||||
|
plugins-enabled: ['auth.anonymous'] #List of plugins to activate among all registered plugins
|
||||||
auth:
|
auth:
|
||||||
allow-anonymous: true / false
|
allow-anonymous: true / false
|
||||||
plugins: ['auth.anonymous'] #List of plugins to activate among all registered plugins
|
|
||||||
|
|
||||||
:param loop:
|
:param loop:
|
||||||
:return:
|
:return:
|
||||||
|
|
@ -636,7 +639,7 @@ class Broker:
|
||||||
:param listener:
|
:param listener:
|
||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
returns = yield from self.plugins_manager.map_plugin_coro("authenticate", session)
|
returns = yield from self.plugins_manager.map_plugin_coro("authenticate", session=session)
|
||||||
if not returns:
|
if not returns:
|
||||||
self.logger.debug("Authentication plugin results: %r" % returns)
|
self.logger.debug("Authentication plugin results: %r" % returns)
|
||||||
return True
|
return True
|
||||||
|
|
|
||||||
|
|
@ -1 +1,38 @@
|
||||||
__author__ = 'nico'
|
# Copyright (c) 2015 Nicolas JOUANIN
|
||||||
|
#
|
||||||
|
# See the file license.txt for copying permission.
|
||||||
|
import logging
|
||||||
|
|
||||||
|
|
||||||
|
class AnonymousAuthPlugin:
|
||||||
|
def __init__(self, context):
|
||||||
|
self.context = context
|
||||||
|
try:
|
||||||
|
self.auth_config = self.context.config['auth']
|
||||||
|
except KeyError:
|
||||||
|
self.context.logger.warn("'auth' section not found in context configuration")
|
||||||
|
|
||||||
|
def authenticate(self, *args, **kwargs):
|
||||||
|
authenticated = False
|
||||||
|
if not self.auth_config:
|
||||||
|
# auth config section not found
|
||||||
|
self.context.logger.warn("'auth' section not found in context configuration")
|
||||||
|
authenticated = False
|
||||||
|
else:
|
||||||
|
allow_anonymous = self.auth_config.get('allow-anonymous', True) # allow anonymous by default
|
||||||
|
if allow_anonymous:
|
||||||
|
authenticated = True
|
||||||
|
self.context.logger.debug("Authentication success: config allows anonymous")
|
||||||
|
else:
|
||||||
|
try:
|
||||||
|
session = kwargs.get('session', None)
|
||||||
|
authenticated = True if session.username else False
|
||||||
|
if self.context.logger.isEnabledFor(logging.DEBUG):
|
||||||
|
if authenticated:
|
||||||
|
self.context.logger.debug("Authentication success: session has a non empty username")
|
||||||
|
else:
|
||||||
|
self.context.logger.debug("Authentication failure: session has an empty username")
|
||||||
|
except KeyError:
|
||||||
|
self.context.logger.warn("Session informations not available")
|
||||||
|
authenticated = False
|
||||||
|
return authenticated
|
||||||
|
|
|
||||||
1
setup.py
1
setup.py
|
|
@ -39,6 +39,7 @@ setup(
|
||||||
'hbmqtt.broker.plugins': [
|
'hbmqtt.broker.plugins': [
|
||||||
# 'event_logger_plugin = hbmqtt.plugins.logging:EventLoggerPlugin',
|
# 'event_logger_plugin = hbmqtt.plugins.logging:EventLoggerPlugin',
|
||||||
'packet_logger_plugin = hbmqtt.plugins.logging:PacketLoggerPlugin',
|
'packet_logger_plugin = hbmqtt.plugins.logging:PacketLoggerPlugin',
|
||||||
|
'auth_anonymous = hbmqtt.plugins.authentication:AnonymousAuthPlugin',
|
||||||
],
|
],
|
||||||
'hbmqtt.client.plugins': [
|
'hbmqtt.client.plugins': [
|
||||||
'packet_logger_plugin = hbmqtt.plugins.logging:PacketLoggerPlugin',
|
'packet_logger_plugin = hbmqtt.plugins.logging:PacketLoggerPlugin',
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue