def psk_key_get(identity, hint):
import mosquitto_auth
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'psk_key_get %s %s' % (
identity,
hint,
))
return '0123456789'
def unpwd_check(username, password):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'unpwd_check (username: %s password: %s)' % (username, password)
)
return True
def plugin_init(opts):
# Import this inside every module that logs because we cannot import it if __name__ == '__main__'
import mosquitto_auth
global mysql_conn
mysql = conn_opts(opts)
mysql_conn = pymysql.connect(**mysql)
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'mysql initialized %s %s' % (mysql['host'], mysql['port']))
def plugin_init(opts):
# Import this inside every module that logs because we cannot import it if __name__ == '__main__'
import mosquitto_auth
global redis_conn
conf = dict(opts)
redis_host = conf.get('redis_host', '127.0.0.1')
redis_port = conf.get('redis_port', 6379)
redis_conn = redis.StrictRedis(redis_host, redis_port)
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'redis initialized %s %s' % (
redis_host,
redis_port,
))
def acl_check(client_id, username, topic, access, payload):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check %r' % (mosquitto_auth.topic_matches_sub('/#', topic))
)
if access == mosquitto_auth.MOSQ_ACL_READ:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check READ (client_id: {} username: {} topic: {} access: {}, payload: {!r})'
.format(client_id, username, topic, access, payload)
)
elif access == mosquitto_auth.MOSQ_ACL_SUBSCRIBE:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check SUBSCRIBE (client_id: {} username: {} topic: {} access: {}, payload: {!r})'
.format(client_id, username, topic, access, payload)
)
elif access == mosquitto_auth.MOSQ_ACL_WRITE:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check WRITE (client_id: {} username: {} topic: {} access: {}, payload: {!r})'
.format(client_id, username, topic, access, payload)
)
return True
def unpwd_check(username, password):
import mosquitto_auth
val = redis_conn.hget('mosq.' + username, 'auth')
if not val:
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'AUTH: no such user: %s' % username)
return False
salt, hashed = val.split(b':')
check = hashlib.sha1(salt + password.encode()).hexdigest().encode()
ok = (check == hashed)
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'AUTH: user=%s, password matches=%s' % (
username,
ok,
))
return ok
def unpwd_check(username, password):
import mosquitto_auth
with mysql_conn.cursor() as cursor:
sql = "SELECT `auth` FROM `users` WHERE `username`=%s"
cursor.execute(sql, (username, ))
val = cursor.fetchone()
if not val:
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'AUTH: no such user: %s' % username)
return False
salt, hashed = val[0].split(':')
check = hashlib.sha1(salt.encode() +
password.encode()).hexdigest().encode()
ok = (check == hashed.encode())
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'AUTH: user=%s, password matches=%s' % (
username,
ok,
))
return ok
def acl_check(client_id, username, topic, access, payload):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check %r' % (mosquitto_auth.topic_matches_sub('/#', topic)))
if access == mosquitto_auth.MOSQ_ACL_READ:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check READ (client_id: {} username: {} topic: {} access: {}, payload: {!r})'
.format(client_id, username, topic, access, payload))
elif access == mosquitto_auth.MOSQ_ACL_SUBSCRIBE:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check SUBSCRIBE (client_id: {} username: {} topic: {} access: {}, payload: {!r})'
.format(client_id, username, topic, access, payload))
elif access == mosquitto_auth.MOSQ_ACL_WRITE:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check WRITE (client_id: {} username: {} topic: {} access: {}, payload: {!r})'
.format(client_id, username, topic, access, payload))
return True
def acl_check(clientid, username, topic, access):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check %r' % (mosquitto_auth.topic_matches_sub('/#', topic)))
if access == mosquitto_auth.MOSQ_ACL_READ:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check READ (clientid: %s username: %s topic: %s access: %s)' %
(clientid, username, topic, access))
elif access == mosquitto_auth.MOSQ_ACL_WRITE:
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'acl_check WRITE (clientid: %s username: %s topic: %s access: %s)'
% (clientid, username, topic, access))
return True
def acl_check(clientid, username, topic, access):
import mosquitto_auth
if username is None:
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH required')
return False
pat = redis_conn.hget('mosq.' + username, 'acl')
if not pat:
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'ACL: no such user: %s' % username)
return True
matches = mosquitto_auth.topic_matches_sub(pat.decode(), topic)
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'ACL: user=%s topic=%s, pat=%s, matches=%s' % (
username,
topic,
pat,
matches,
))
return matches
def acl_check(clientid, username, topic, access):
import mosquitto_auth
if username is None:
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'AUTH required')
return False
with mysql_conn.cursor() as cursor:
sql = "SELECT `acl` FROM `users` WHERE `username`=%s"
cursor.execute(sql, (username, ))
pat = cursor.fetchone()[0]
if not pat:
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'ACL: no such user: %s' % username)
return False
matches = mosquitto_auth.topic_matches_sub(pat, topic)
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'ACL: user=%s topic=%s, pat=%s, matches=%s' % (
username,
topic,
pat,
matches,
))
return matches
def plugin_init(opts):
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'plugin_init (opts: %r)' % (opts, ))
def plugin_init(opts):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'plugin_init (opts: %r)' % (opts,)
)
def psk_key_get(identity, hint):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'psk_key_get (identity: %s hint: %s)' % (identity, hint)
)
return '0123456789'
def security_init(opts, reload):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'security_init (reload: %s, opts: %s)' % (reload, opts)
)
def plugin_cleanup():
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'plugin_cleanup')
def security_cleanup(reload):
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'security_cleanup (reload: %s)' % (reload))
def security_init(opts, reload):
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG,
'security_init (reload: %s, opts: %s)' % (reload, opts))
def security_cleanup(reload):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'security_cleanup (reload: %s)' % (reload)
)
def unpwd_check(username, password):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'unpwd_check (username: %s password: %s)' % (username, password))
return True
def psk_key_get(identity, hint):
mosquitto_auth.log(
mosquitto_auth.LOG_DEBUG,
'psk_key_get (identity: %s hint: %s)' % (identity, hint))
return '0123456789'
def plugin_cleanup():
mosquitto_auth.log(mosquitto_auth.LOG_DEBUG, 'plugin_cleanup')