[MQTT] 2. mosquitto-auth-plug 셋업

Step 1. mosquitto-auth-plug 빌드

1. 빌드 관련 패키지 설치

sudo apt install git build-essential libssl-dev libmysqlclient-dev libmosquitto-dev
sudo apt install libmariadb-dev
sudo apt install mosquitto-dev

2. 패키지 다운로드

git clone https://github.com/jpmens/mosquitto-auth-plug.git
git clone https://github.com/eclipse/mosquitto.git
cd mosquitto-auth-plug
cp config.mk.in config.mk

3. 설정파일 수정

vi config.mk

MOSQUITTO_SRC = [mosquitto 소스 경로] 예) /root/project/mosquitto
OPENSSLDIR = /usr/lib/openssh

경로 추가

vi Makefile

ifneq ($(BACKEND_MYSQL),no)
    BACKENDS += -DBE_MYSQL
    BACKENDSTR += MySQL
    BE_CFLAGS += `mariadb_config --cflags`
    BE_LDADD += `mariadb_config --libs`
    OBJS += be-mysql.o

mysql_config 를 mariadb_config 로 수정

 

4. 소스파일 컴파일 에러시 아래 수정

vi auth-plug.c

502
line int mosquitto_auth_unpwd_check(void *userdata, struct mosquitto *client, const char *username, const char *password)

601 line int mosquitto_auth_acl_check(void *userdata, int access, struct mosquitto *client, const struct mosquitto_acl_msg *msg)

752
line int mosquitto_auth_psk_key_get(void *userdata, struct mosquitto *client, const char *hint, const char *identity, char *key, int max_key_len)

첫번째 const 제거

 

vi log.c

#include <mosquitto.h>
#include <mosquitto_broker.h>
#include <mosquitto_plugin.h>

mosquitto_broker.h 추가

 

5. 빌드 & 생성 파일 복사

make
sudo cp auth-plug.so np /etc/mosquitto/

 

Step 2. mysql 세팅

1. mysql 설치

sudo apt-get install mysql-server
sudo mysql -u root -p

default password: root

 

2. db & db 유저 생성

create database mosquitto;
CREATE USER 'mosquitto'@'%' IDENTIFIED BY 'mosquitto';
GRANT ALL ON *.* TO 'mosquitto'@'%';
FLUSH PRIVILEGES;

 

3. 테이블 생성

use mosquitto
DROP TABLE IF EXISTS users;
CREATE TABLE users (
        id INTEGER AUTO_INCREMENT,
        username VARCHAR(25) NOT NULL,
        pw VARCHAR(128) NOT NULL,
        super INT(1) NOT NULL DEFAULT 0,
        PRIMARY KEY (id)
  );
CREATE UNIQUE INDEX users_username ON users (username);
DROP TABLE IF EXISTS acls;
CREATE TABLE acls (
        id INTEGER AUTO_INCREMENT,
        username VARCHAR(25) NOT NULL,
        topic VARCHAR(256) NOT NULL,
        rw INTEGER(1) NOT NULL DEFAULT 1,       -- 1: read-only, 2: read-write
        PRIMARY KEY (id)
        );
CREATE UNIQUE INDEX acls_user_topic ON acls (username, topic(228));

 

4. 비밀번호 생성

/etc/mosquitto/np -p [pw]

예) pw : korea_company
generated pw : PBKDF2$sha256901qbLGPB2fIZ5RbSWk$AzHmP01PoHTFdYhgd91oRvqeqFd/oc/S

 

5. mosquitto 유저 & topic 설정

INSERT INTO users (username, pw) VALUES ('[user name]', '[generated pw]');
INSERT INTO acls (username, topic, rw) VALUES ('[user name]', '[topic]', 5);

예) username : korea_company, pw : korea_company, topic : test/topic
insert into users (username, pw) values ('korea_company', 'PBKDF2$sha256901qbLGPB2fIZ5RbSWk$AzHmP01PoHTFdYhgd91oRvqeqFd/oc/S');
insert into acls (username, topic, rw) values ('korea_company', 'test/topic', 5);

rw : (2 for write, 5 for read+subscribe, 7 for read/write)

 

6. db 테이블 조회

url : 192.168.1.101
port : 3306
id : mosquitto
pw : mosquitto

 

users 테이블

 

acls 테이블

 

Step 3. mosquitto에 적용

1. 설정에 auth-plug.so 추가와 옵션 기재

sudo vi /etc/mosquitto/mosquitto.conf

auth_plugin /etc/mosquitto/auth-plug.so
auth_opt_backends mysql
auth_opt_host localhost
auth_opt_port 3306
auth_opt_dbname mosquitto
auth_opt_user mosquitto
auth_opt_pass mosquitto
auth_opt_userquery SELECT pw FROM users WHERE username = '%s'
auth_opt_superquery SELECT COUNT(*) FROM users WHERE username = '%s' AND super = 1
auth_opt_aclquery SELECT topic FROM acls WHERE (username = '%s') AND (rw >= %d)
auth_opt_acl_cacheseconds 60 auth_opt_auth_cacheseconds 60

anonymous 허락은 제거
allow_anonymous true

 

2. 서비스 재시작

sudo service mosquitto restart

 

3. 테스트

3.1 구독

mosquitto_sub -h [ip/domain] -p 8883 --cafile /etc/mosquitto/ca_certificates/ca.crt --cert /etc/mosquitto/certs/server.crt --key /etc/mosquitto/certs/server.key -t [topic] -u [username] -P [pw]

 

3.2 발행

mosquitto_pub -h [ip/domain] -p 8883 --cafile /etc/mosquitto/ca_certificates/ca.crt --cert /etc/mosquitto/certs/server.crt --key /etc/mosquitto/certs/server.key -t [topic] -u [username] -P [pw] -m 'hello auth_plug'

예) username : korea_company, pw : korea_company, topic : test/topic