def psk_key_get(identity, hint): import mosquitto_auth mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'psk_key_get %s %s' % ( identity, hint, )) return '0123456789'
def unpwd_check(username, password): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'unpwd_check (username: %s password: %s)' % (username, password) ) return True
def plugin_init(opts): # Import this inside every module that logs because we cannot import it if __name__ == '__main__' import mosquitto_auth global mysql_conn mysql = conn_opts(opts) mysql_conn = pymysql.connect(**mysql) mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'mysql initialized %s %s' % (mysql['host'], mysql['port']))
def plugin_init(opts): # Import this inside every module that logs because we cannot import it if __name__ == '__main__' import mosquitto_auth global redis_conn conf = dict(opts) redis_host = conf.get('redis_host', '127.0.0.1') redis_port = conf.get('redis_port', 6379) redis_conn = redis.StrictRedis(redis_host, redis_port) mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'redis initialized %s %s' % ( redis_host, redis_port, ))
def acl_check(client_id, username, topic, access, payload): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check %r' % (mosquitto_auth.topic_matches_sub('/#', topic)) ) if access == mosquitto_auth.MOSQ_ACL_READ: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check READ (client_id: {} username: {} topic: {} access: {}, payload: {!r})' .format(client_id, username, topic, access, payload) ) elif access == mosquitto_auth.MOSQ_ACL_SUBSCRIBE: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check SUBSCRIBE (client_id: {} username: {} topic: {} access: {}, payload: {!r})' .format(client_id, username, topic, access, payload) ) elif access == mosquitto_auth.MOSQ_ACL_WRITE: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check WRITE (client_id: {} username: {} topic: {} access: {}, payload: {!r})' .format(client_id, username, topic, access, payload) ) return True
def unpwd_check(username, password): import mosquitto_auth val = redis_conn.hget('mosq.' + username, 'auth') if not val: mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH: no such user: %s' % username) return False salt, hashed = val.split(b':') check = hashlib.sha1(salt + password.encode()).hexdigest().encode() ok = (check == hashed) mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH: user=%s, password matches=%s' % ( username, ok, )) return ok
def unpwd_check(username, password): import mosquitto_auth with mysql_conn.cursor() as cursor: sql = "SELECT `auth` FROM `users` WHERE `username`=%s" cursor.execute(sql, (username, )) val = cursor.fetchone() if not val: mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH: no such user: %s' % username) return False salt, hashed = val[0].split(':') check = hashlib.sha1(salt.encode() + password.encode()).hexdigest().encode() ok = (check == hashed.encode()) mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH: user=%s, password matches=%s' % ( username, ok, )) return ok
def acl_check(client_id, username, topic, access, payload): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check %r' % (mosquitto_auth.topic_matches_sub('/#', topic))) if access == mosquitto_auth.MOSQ_ACL_READ: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check READ (client_id: {} username: {} topic: {} access: {}, payload: {!r})' .format(client_id, username, topic, access, payload)) elif access == mosquitto_auth.MOSQ_ACL_SUBSCRIBE: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check SUBSCRIBE (client_id: {} username: {} topic: {} access: {}, payload: {!r})' .format(client_id, username, topic, access, payload)) elif access == mosquitto_auth.MOSQ_ACL_WRITE: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check WRITE (client_id: {} username: {} topic: {} access: {}, payload: {!r})' .format(client_id, username, topic, access, payload)) return True
def acl_check(clientid, username, topic, access): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check %r' % (mosquitto_auth.topic_matches_sub('/#', topic))) if access == mosquitto_auth.MOSQ_ACL_READ: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check READ (clientid: %s username: %s topic: %s access: %s)' % (clientid, username, topic, access)) elif access == mosquitto_auth.MOSQ_ACL_WRITE: mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'acl_check WRITE (clientid: %s username: %s topic: %s access: %s)' % (clientid, username, topic, access)) return True
def acl_check(clientid, username, topic, access): import mosquitto_auth if username is None: mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH required') return False pat = redis_conn.hget('mosq.' + username, 'acl') if not pat: mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'ACL: no such user: %s' % username) return True matches = mosquitto_auth.topic_matches_sub(pat.decode(), topic) mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'ACL: user=%s topic=%s, pat=%s, matches=%s' % ( username, topic, pat, matches, )) return matches
def acl_check(clientid, username, topic, access): import mosquitto_auth if username is None: mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH required') return False with mysql_conn.cursor() as cursor: sql = "SELECT `acl` FROM `users` WHERE `username`=%s" cursor.execute(sql, (username, )) pat = cursor.fetchone()[0] if not pat: mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'ACL: no such user: %s' % username) return False matches = mosquitto_auth.topic_matches_sub(pat, topic) mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'ACL: user=%s topic=%s, pat=%s, matches=%s' % ( username, topic, pat, matches, )) return matches
def plugin_init(opts): mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'plugin_init (opts: %r)' % (opts, ))
def plugin_init(opts): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'plugin_init (opts: %r)' % (opts,) )
def psk_key_get(identity, hint): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'psk_key_get (identity: %s hint: %s)' % (identity, hint) ) return '0123456789'
def security_init(opts, reload): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'security_init (reload: %s, opts: %s)' % (reload, opts) )
def plugin_cleanup(): mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'plugin_cleanup')
def security_cleanup(reload): mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'security_cleanup (reload: %s)' % (reload))
def security_init(opts, reload): mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'security_init (reload: %s, opts: %s)' % (reload, opts))
def security_cleanup(reload): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'security_cleanup (reload: %s)' % (reload) )
def unpwd_check(username, password): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'unpwd_check (username: %s password: %s)' % (username, password)) return True
def psk_key_get(identity, hint): mosquitto_auth.log( mosquitto_auth.LOG_DEBUG, 'psk_key_get (identity: %s hint: %s)' % (identity, hint)) return '0123456789'