Ubuntu 18 使用apt安装 mosquitto auth plugin 与 MySQL

1.安装mosquitto auth plugin

root@ubuntu:~# apt install mosquitto-auth-plugin

2.修改mosquitto.conf文件，增加以下内容

##############################################################

# password_file option) to control authenticated client access. 

# Defaults to true.

allow_anonymous false

# In addition to the clientid_prefixes, allow_anonymous and TLS 

# authentication options, username based authentication is also 

# possible. The default support is described in "Default 

# authentication and topic access control" below. The auth_plugin 

# allows another authentication method to be used.

# Specify the path to the loadable plugin and see the 

# "Authentication and topic access plugin options" section below.

#auth_plugin

auth_plugin /usr/lib/mosquitto-auth-plugin/auth-plugin.so

auth_opt_backends mysql

auth_opt_cdbname pwdb.cdb

auth_opt_host localhost

auth_opt_port 3306

auth_opt_dbname mqttest

#数据库用户

auth_opt_user root

#数据库密码

auth_opt_pass root 

auth_opt_userquery SELECT pw FROM users WHERE username = '%s'

auth_opt_superquery SELECT IFNULL(COUNT(*), 0) FROM users WHERE username = '%s' AND super = 1

auth_opt_aclquery SELECT topic FROM acls WHERE username = '%s'

# Usernames with this fnmatch(3) (a.k.a glob(3))  pattern are exempt from the

# module's ACL checking

auth_opt_superusers S*

##############################################################

3.安装mysql

root@ubuntu:~# apt install mysql-server libmysqlclient-dev

4.创建数据库mqttest

root@ubuntu:~# mysql

mysql> create database mqttest;

mysql> use mqttest;

5.创建用户表

mysql> DROP TABLE IF EXISTS users;

mysql> CREATE TABLE users (

    id INTEGER AUTO_INCREMENT,

    username VARCHAR(25) NOT NULL,

    pw VARCHAR(128) NOT NULL,

    super INT(1) NOT NULL DEFAULT 0,

    PRIMARY KEY (id)

  );

mysql> CREATE UNIQUE INDEX users_username ON users (username);

6.创建规则表

mysql> DROP TABLE IF EXISTS acls;

mysql> CREATE TABLE acls (

    id INTEGER AUTO_INCREMENT,

    username VARCHAR(25) NOT NULL,

    topic VARCHAR(256) NOT NULL,

    rw INTEGER(1) NOT NULL DEFAULT 1,  -- 1: read-only, 2: read-write

    PRIMARY KEY (id)

    );

mysql> CREATE UNIQUE INDEX acls_user_topic ON acls (username, topic(228));

mysql> quit;

5,6步也可以使用mosquito auth plugin源码examples目录下的mysql.sql文件直接创建：

root@ubuntu:~# mysql -u root -p -Dmqttest < /path/to/mosquitto-auth-plugin/examples/mysql.sql

7.使用auth plugin 提供的 np 工具生成密码

np 工具使用加密算法，明文把组合随机生成的salt，用 sha256作为hash函数， 迭代次数901 次的 PBKDF2 生成了 hashed password, 返回拼接格式的字符串

mysql数据库pw存储拼接后的密码， auth-plugin 从根据 username从表里查询得到拼接后的密码（包括了 salt，interations, hashfunction），并提取出salt，用用户 password 计算 hashed password 进行比对鉴权。

root@ubuntu:~# np

Enter password: admin

Re-enter same password: admin 

PBKDF2$sha256$901$/vMpwWb0MpSITxYF$+xh7OgZtGHfqEfrFtScThMVa5/hgbx5/

8.添加admin用户以供测试

root@ubuntu:~# mysql

mysql> use database mqttest;

mysql> INSERT INTO users (username, pw, super)

    VALUES (‘admin’,

    'PBKDF2$sha256$901$/vMpwWb0MpSITxYF$+xh7OgZtGHfqEfrFtScThMVa5/hgbx5/',

    1);

mysql> quit;

9.测试

启动一个订阅端：

root@ubuntu:~# mosquitto_sub -h localhost -p 1883 -u admin -P admin -t /#

另外开一个终端启动发布客户端：

root@ubuntu:~# mosquitto_pub -h localhost -p 1883 -u admin -P admin -t /mqtopic -m “broker with mysql auth test”

10.如果订阅端看到有回应

恭喜您！！！