mbachry / mosquitto_pyauth Goto Github PK
View Code? Open in Web Editor NEWMosquitto auth plugin that lets you write your auth plugins in Python!
License: MIT License
Mosquitto auth plugin that lets you write your auth plugins in Python!
License: MIT License
I have written a module in python3. I can see the plugin can import from only from python 2 folder. I have trouble setting the python path. Any help will be appreciated.
$ cc -std=gnu99 -fPIC -I../lib -I../src -I/usr/include/python3.8 -Wall -Wextra -O2 -I/home/ubuntu/mosquitto_pyauth/mosquitto-2.0.7/src/ -I/home/ubuntu/mosquitto_pyauth/mosquitto-2.0.7/lib/ -shared -o auth_plugin_pyauth.so auth_plugin_pyauth.o -lcrypt -lpthread -ldl -lutil -lm -lm -lmosquitto -L/home/ubuntu/mosquitto_pyauth/mosquitto-2.0.7/lib
$ ldd auth_plugin_pyauth.so
linux-vdso.so.1 (0x00007ffe6d6f0000)
libmosquitto.so.1 => /lib/x86_64-linux-gnu/libmosquitto.so.1 (0x00007fb1162a4000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb1160b2000)
libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007fb11601f000)
libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007fb115d49000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fb115d26000)
/lib64/ld-linux-x86-64.so.2 (0x00007fb1162d0000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fb115d20000)
$ mosquitto -c /etc/mosquitto/mosquitto.conf
1614668880: Loading config file /etc/mosquitto/conf.d/default.conf
1614668880: Error: Unable to open log file /var/log/mosquitto/mosquitto.log for writing.
1614668880: Error: Unable to load auth plugin "/var/tmp/auth_plugin_pyauth.so".
1614668880: Load error: /var/tmp/auth_plugin_pyauth.so: undefined symbol: _Py_NoneStruct
$ LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libpython3.8.so mosquitto -c /etc/mosquitto/mosquitto.conf
1614668910: Loading config file /etc/mosquitto/conf.d/default.conf
1614668910: Error: Unable to open log file /var/log/mosquitto/mosquitto.log for writing.
ModuleNotFoundError: No module named 'redis_auth'
failed to import module: redis_auth
I need to include libpython3.8.so as shared object depenencies for auth_plugin_pyauth.so.
So that, I can directly call $ mosquito -c /etc/mosquitto/mosquitto.conf (without LD_PRELOAD variable)
Hi,
I tried installing this plugin but the program doesn't compile. It throws this error:
make MOSQUITTO_SRC=/home/maxwell/Desktop/project/mosquitto
cc -std=gnu99 -fPIC -I../lib -I../src `python2.7-config --includes` -Wall -Wextra -O2 -I/home/maxwell/Desktop/project/mosquitto/src/ -I/home/maxwell/Desktop/project/mosquitto/lib/ -c -o auth_plugin_pyauth.o auth_plugin_pyauth.c
auth_plugin_pyauth.c: In function ‘pyauth_mosquitto_log_printf’:
auth_plugin_pyauth.c:80:5: warning: implicit declaration of function ‘mosquitto_log_printf’ [-Wimplicit-function-declaration]
mosquitto_log_printf(loglevel, "%s", fmt);
^
auth_plugin_pyauth.c: At top level:
auth_plugin_pyauth.c:161:5: error: conflicting types for ‘mosquitto_auth_plugin_init’
int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_auth_opt *aut
^
In file included from auth_plugin_pyauth.c:8:0:
/home/maxwell/Desktop/project/mosquitto/src/mosquitto_plugin.h:118:5: note: previous declaration of ‘mosquitto_auth_plugin_init’ was here
int mosquitto_auth_plugin_init(void **user_data, struct mosquitto_opt *opts, in
^
auth_plugin_pyauth.c:217:5: error: conflicting types for ‘mosquitto_auth_plugin_cleanup’
int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_auth_opt *a
^
In file included from auth_plugin_pyauth.c:8:0:
/home/maxwell/Desktop/project/mosquitto/src/mosquitto_plugin.h:140:5: note: previous declaration of ‘mosquitto_auth_plugin_cleanup’ was here
int mosquitto_auth_plugin_cleanup(void *user_data, struct mosquitto_opt *opts,
^
auth_plugin_pyauth.c:242:5: error: conflicting types for ‘mosquitto_auth_security_init’
int mosquitto_auth_security_init(void *user_data, struct mosquitto_auth_opt *au
^
In file included from auth_plugin_pyauth.c:8:0:
/home/maxwell/Desktop/project/mosquitto/src/mosquitto_plugin.h:168:5: note: previous declaration of ‘mosquitto_auth_security_init’ was here
int mosquitto_auth_security_init(void *user_data, struct mosquitto_opt *opts, i
^
auth_plugin_pyauth.c:274:5: error: conflicting types for ‘mosquitto_auth_security_cleanup’
int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_auth_opt
^
In file included from auth_plugin_pyauth.c:8:0:
/home/maxwell/Desktop/project/mosquitto/src/mosquitto_plugin.h:196:5: note: previous declaration of ‘mosquitto_auth_security_cleanup’ was here
int mosquitto_auth_security_cleanup(void *user_data, struct mosquitto_opt *opts
^
auth_plugin_pyauth.c:295:5: error: conflicting types for ‘mosquitto_auth_acl_check’
int mosquitto_auth_acl_check(void *user_data, const char *clientid, const char
^
In file included from auth_plugin_pyauth.c:8:0:
/home/maxwell/Desktop/project/mosquitto/src/mosquitto_plugin.h:223:5: note: previous declaration of ‘mosquitto_auth_acl_check’ was here
int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitt
^
auth_plugin_pyauth.c:313:5: error: conflicting types for ‘mosquitto_auth_unpwd_check’
int mosquitto_auth_unpwd_check(void *user_data, const char *username, const cha
^
In file included from auth_plugin_pyauth.c:8:0:
/home/maxwell/Desktop/project/mosquitto/src/mosquitto_plugin.h:237:5: note: previous declaration of ‘mosquitto_auth_unpwd_check’ was here
int mosquitto_auth_unpwd_check(void *user_data, const struct mosquitto *client,
^
I am guessing that the abstract functions in mosquitto_plugin.h have different paramters compared to the ones you used.
Thanks for the making the plugin!
How to reproduce:
The auth python file should implement minimal unpwd_check
and acl_check
functions:
def unpwd_check(username, password):
return True
def acl_check(client_id, username, topic, access, payload):
return True
Then try to pub/sub. Shell1:
mosquitto_sub -h host-with-pyauth-plugin.com -p 8883 -t "foo" -u "foo" -P "" --capath "/etc/ssl/certs" -i "alice"
Shell2:
mosquitto_pub -h host-with-pyauth-plugin.com -p 8883 -t "foo" -u "foo" -P "" --capath "/etc/ssl/certs" -m "foobar" -i "bob"
Works fine if topic and username are different. If they're the same, the published message is acknowledged from perspective of publisher, but not received by subscriber.
Note when controlling for mosquitto_pyauth behaviour versus a plain installation of mosquitto 1.5.1 substitute host-with-pyauth-plugin.com
with iot.eclipse.org
. Use iot.eclipse.org server because test.mosquitto.org or other public mosquitto servers' ACLs reject connection attempts if a username is provided.
I'm trying to find a way to authenticate connections that come from the same machine in a different way than from remote connections. any idea if this is feasible?
thanks
I'm trying to use this plugin in an Alpine Docker image but I'm having a problem where I'm getting the message mosquitto_log_printf: symbol not found
/usr/lib # mosquitto -c /mosquitto/config/mosquitto.conf
1547298826: mosquitto version 1.5.5 starting
1547298826: Config loaded from /mosquitto/config/mosquitto.conf.
1547298826: Error: Unable to load auth plugin "/usr/lib/auth_plugin_pyauth.so".
1547298826: Load error: Error relocating /usr/lib/auth_plugin_pyauth.so: mosquitto_log_printf: symbol not found
Here is some further info about the compiled plugin.
/usr/lib # ldd auth_plugin_pyauth.so
ldd (0x7f7476986000)
libpython2.7.so.1.0 => /usr/lib/libpython2.7.so.1.0 (0x7f74763de000)
libmosquitto.so.1 => /usr/lib/libmosquitto.so.1 (0x7f74761cf000)
libc.musl-x86_64.so.1 => ldd (0x7f7476986000)
libssl.so.45 => /lib/libssl.so.45 (0x7f7475f83000)
libcrypto.so.43 => /lib/libcrypto.so.43 (0x7f7475bd8000)
Error relocating auth_plugin_pyauth.so: mosquitto_log_printf: symbol not found
Error relocating auth_plugin_pyauth.so: mosquitto_client_username: symbol not found
Error relocating auth_plugin_pyauth.so: mosquitto_client_id: symbol not found
/usr/lib #
What could be causing this, and how can I resolve this issue?
I'm compiling it during Docker build, right after compiling Mosquitto. It's only those three symbols which are not found, I would have expected all of the mosquitto_* symbols not getting found, but not just a couple of them.
make:
cc -std=gnu99 -fPIC -I../lib -I../src python3.6-config --includes
-Wall -Wextra -O2 -I.//src/ -I.//lib/ -c -o auth_plugin_pyauth.o auth_plugin_pyauth.c
auth_plugin_pyauth.c:303:5: error: conflicting types for ‘mosquitto_auth_acl_check’
int mosquitto_auth_acl_check(void *user_data, int access, const struct mosquitto *client, const struct mosquitto_acl_msg *msg)
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from auth_plugin_pyauth.c:8:0:
/usr/local/include/mosquitto_plugin.h:237:5: note: previous declaration of ‘mosquitto_auth_acl_check’ was here
int mosquitto_auth_acl_check(void *user_data, int access, struct mosquitto *client, const struct mosquitto_acl_msg *msg);
^~~~~~~~~~~~~~~~~~~~~~~~
auth_plugin_pyauth.c:330:5: error: conflicting types for ‘mosquitto_auth_unpwd_check’
int mosquitto_auth_unpwd_check(void *user_data, const struct mosquitto *client unused, const char *username, const char *password)
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from auth_plugin_pyauth.c:8:0:
/usr/local/include/mosquitto_plugin.h:254:5: note: previous declaration of ‘mosquitto_auth_unpwd_check’ was here
int mosquitto_auth_unpwd_check(void *user_data, struct mosquitto *client, const char *username, const char *password);
^~~~~~~~~~~~~~~~~~~~~~~~~~
auth_plugin_pyauth.c:354:5: error: conflicting types for ‘mosquitto_auth_psk_key_get’
int mosquitto_auth_psk_key_get(void *user_data,
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from auth_plugin_pyauth.c:8:0:
/usr/local/include/mosquitto_plugin.h:282:5: note: previous declaration of ‘mosquitto_auth_psk_key_get’ was here
int mosquitto_auth_psk_key_get(void *user_data, struct mosquitto *client, const char *hint, const char *identity, char *key, int max_key_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~
Makefile:26: recipe for target 'auth_plugin_pyauth.o' failed
make: *** [auth_plugin_pyauth.o] Error 1
This works:
(mypy) root@ubuntu:/mypy# export PYTHONPATH=/mypy; /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
redis initialized 127.0.0.1 6379
AUTH: user=admin, password matches = True
ACL: user=admin topic=mypy/d256cc9e/ping, matches = True
(mypy) root@ubuntu:/mypy# mosquitto_pub -t 'admin/d256cc9e/ping' -m 'ack' -u 'admin' -P 'password' -I 'd256cc9e' -h mqtt01 -p 8883 --cafile /mypy/certs/ca.crt
(mypy) root@ubuntu:/mypy#
(mypy) root@ubuntu:/mypy# mosquitto_sub -t 'admin/d256cc9e/ping' -u 'admin' -P 'password' -I 'd256cc9e' -h mqtt01 -p 8883 --cafile /mypy/certs/ca.crt
ack
However, running from /etc/init.d fails, and yes I did add the PYTHONPATH variable. NO log error messages, despite every log_type enabled in mosquitto.conf. And mosquitto works without the plugin.
I am on Ubuntu 17.10 and I downloaded the latest mosquitto_pyauth code from github last night. The make options were USE_CARES=1 PYTHON_VERSION=3.6. I am using the example redis_auth.py. Mosquitto version 1.4.12.
(mypy) root@ubuntu:/mypy# grep -C5 PYTHONPATH /etc/init.d/mosquitto
run_by_init() {
([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
}
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
export PYTHONPATH="${PYTHONPATH}:/mypy"
case "$1" in
start)
if init_is_upstart; then
exit 1
(mypy) root@ubuntu:/mypy# /etc/init.d/mosquitto restart
Restarting mosquitto (via systemctl): mosquitto.service.
(mypy) root@ubuntu:/mypy# ps -ef | grep -i mosq
root 12679 12669 0 02:26 pts/3 00:00:06 tail -f /var/log/mosquitto/mosquitto.log
root 28560 24666 1 10:13 pts/8 00:00:00 vi /etc/init.d/mosquitto
mosquit+ 28641 1 2 10:13 ? 00:00:00 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
root 28646 24653 0 10:13 pts/7 00:00:00 grep --color=auto -i mosq
(mypy) root@ubuntu:/mypy# mv /etc/mosquitto/conf.d/pyauth.conf.disabled /etc/mosquitto/conf.d/pyauth.conf
(mypy) root@ubuntu:/mypy# /etc/init.d/mosquitto restart Restarting mosquitto (via systemctl): mosquitto.service.
(mypy) root@ubuntu:/mypy# ps -ef | grep -i mosq root 12679 12669 0 02:27 pts/3 00:00:06 tail -f /var/log/mosquitto/mosquitto.log
root 28560 24666 0 10:13 pts/8 00:00:00 vi /etc/init.d/mosquitto
root 28687 24653 2 10:14 pts/7 00:00:00 grep --color=auto -i mosq
(mypy) root@ubuntu:/mypy# /etc/init.d/mosquitto restart
Restarting mosquitto (via systemctl): mosquitto.service.
(mypy) root@ubuntu:/mypy# ps -ef | grep -i mosq
root 28560 24666 0 10:13 pts/8 00:00:00 vi /etc/init.d/mosquitto
root 28693 12669 0 10:14 pts/3 00:00:00 tail -f /var/log/mosquitto/mosquitto.log
root 28735 24653 0 10:14 pts/7 00:00:00 grep --color=auto -i mosq
(mypy) root@ubuntu:/mypy# cat /etc/mosquitto/conf.d/pyauth.conf
auth_plugin /usr/lib/mosquitto_pyauth/auth_plugin_pyauth.so
auth_opt_pyauth_module redis_auth
(mypy) root@ubuntu:/mypy# tail /var/log/mosquitto/mosquitto.log
1524752004: New client connected from 10.0.2.2 as d256cc9e (c1, k60, u'admin').
1524752004: Sending CONNACK to d256cc9e (0, 0)
1524752004: Received PUBLISH from d256cc9e (d0, q1, r1, m601, 'admin/d256cc9e/user_op', ... (34 bytes))
1524752004: Sending PUBACK to d256cc9e (Mid: 601)
1524752046: Error in poll: Interrupted system call.
1524752046: mosquitto version 1.4.12 terminating
1524752047: mosquitto version 1.4.12 (build date Thu, 01 Mar 2018 09:24:46 -0500) starting
1524752047: Config loaded from /etc/mosquitto/mosquitto.conf.
1524752075: mosquitto version 1.4.12 (build date Thu, 01 Mar 2018 09:24:46 -0500) starting
1524752075: Config loaded from /etc/mosquitto/mosquitto.conf.
(mypy) root@ubuntu:/mypy# grep log /etc/mosquitto/mosquitto.conf
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
log_type debug
log_type error
log_type warning
log_type notice
log_type information
log_type subscribe
log_type unsubscribe
log_type websockets
(mypy) root@ubuntu:/mypy#
Oddly, if I copy the init script into my current working directory, it works. So I don't see what's different about using the init script in /etc/init.d. Maybe some environment variable? Something about the interaction between systemd and this plugin?
(mypy) root@ubuntu:/mypy# ./mosquitto.init.d.sh start
* Starting network daemon: mosquitto
...done.
(mypy) root@ubuntu:/mypy# ps -ef | grep -i mosq
root 28693 12669 0 10:32 pts/3 00:00:00 tail -f /var/log/mosquitto/mosquitto.log
root 28802 28771 0 10:46 pts/4 00:00:01 mosquitto_sub -t admin/d256cc9e/ping -u admin -P password -I d256cc9e -h mqtt01 -p 8883 --cafile /mypy/certs/ca.crt
root 29142 28785 1 11:00 pts/5 00:00:00 vim mosquitto.init.d.sh
mosquit+ 29180 1 32 11:01 ? 00:00:00 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
root 29183 24666 2 11:01 pts/8 00:00:00 grep --color=auto -i mosq
(mypy) root@ubuntu:/mypy#
OS: RHEL 7
I've installed mosquitto 1.5.1 from source, and built mosquitto_pyauth successfully. Can't load the python auth module though - here are the relevant lines of the mosquitto.conf
file:
auth_plugin /opt/mosquitto/src/mosquitto_pyauth/auth_plugin_pyauth.so
auth_opt_pyauth_module /opt/mosquitto/src/mosquitto_pyauth/my_auth.py
The file's definitely there:
$ ls -l /opt/mosquitto/src/mosquitto_pyauth/my_auth.py
-rw------- 1 mosquitto mosquitto 1276 Sep 7 14:08 /opt/mosquitto/src/mosquitto_pyauth/my_auth.py
I'm running it using mosquitto -c mosquitto.conf
, which gives:
1536330652: mosquitto version 1.5.1 starting
1536330652: Config loaded from mosquitto.conf.
ModuleNotFoundError: No module named '/opt/mosquitto/src/mosquitto_pyauth/my_auth'
failed to import module: /opt/mosquitto/src/mosquitto_pyauth/my_auth.py
I've done export PYTHONPATH=/opt/mosquitto/src/mosquitto_pyauth
just to see if it makes a difference (shouldn't be needed with absolute paths, and it doesn't make a difference).
How is the python module supposed to be indicated to the auth plugin? Are the README instructions up to date?
I am trying to start mosquitto 1.6.2 using the mosquitto.conf where I put
auth_plugin /usr/local/lib/mosquitto/auth_plugin_pyauth.so
auth_opt_pyauth_module testauth.py
I keep getting the ModuleNotFoundError no matter where I put the testauth.py file.
1557196428: mosquitto version 1.6.2 starting
1557196428: Config loaded from mqtt/mosquitto/mosquitto.conf.
1557196428: Loading plugin: /usr/local/lib/mosquitto/auth_plugin_pyauth.so
1557196428: ├── Username/password checking enabled.
1557196428: ├── TLS-PSK checking not enabled.
1557196428: └── Extended authentication not enabled. ModuleNotFoundError: No module named 'testauth'
failed to import module: testauth.py
I am running out of ideas on what to try next. Any ideas?
how to install this module
Error: Unable to load auth plugin "/usr/lib/auth_plugin_pyauth.so".
1459278711: Load error: libmosquitto.so.1: cannot open shared object file: No such file or directory
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.