Centos8搭建Mosquitto（二）mosquitto-auth-plug+mysql认证

mosquitto-auth-plug需要编译安装所以需要下载Mosquitto源码
由于之前Mosquitto是yum安装的，需要重新下载Mosqquitto源码
查看Mosquitto版本

systemctl status mosquitto

systemctl status mosquitto
● mosquitto.service - Mosquitto MQTT v3.1/v3.1.1 Broker
   Loaded: loaded (/usr/lib/systemd/system/mosquitto.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-11-23 21:31:07 EST; 4s ago
     Docs: man:mosquitto.conf(5)
           man:mosquitto(8)
 Main PID: 2442 (mosquitto)
    Tasks: 1 (limit: 11302)
   Memory: 1.3M
   CGroup: /system.slice/mosquitto.service
           └─2442 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

11月 23 21:31:07 bogon systemd[1]: Starting Mosquitto MQTT v3.1/v3.1.1 Broker...
11月 23 21:31:07 bogon mosquitto[2442]: 1606185067: mosquitto version 1.6.10 starting
11月 23 21:31:07 bogon mosquitto[2442]: 1606185067: Config loaded from /etc/mosquitto/mosquitto.conf.
11月 23 21:31:07 bogon mosquitto[2442]: 1606185067: Opening ipv4 listen socket on port 1883.
11月 23 21:31:07 bogon mosquitto[2442]: 1606185067: Opening ipv6 listen socket on port 1883.
11月 23 21:31:07 bogon systemd[1]: Started Mosquitto MQTT v3.1/v3.1.1 Broker.

mosquitto version 1.6.10 starting
我的版本号是1.6.10，git的版本号是1.6.12
下载 1.6.10版本的Mosquitto源码
并解压
我的目录是/root/mosquitto

mkdir mosquitto
cd mosquittto
wget https://mosquitto.org/files/source/mosquitto-1.6.10.tar.gz
tar -xf mosquitto-1.6.10.tar.gz

解压后目录 /root/mosquitto/mosquitto-1.6.10

cd  /root/mosquitto/mosquitto-1.6.10
make

编译后 查看 目录 找到libmosquitto.so.1（这个是我生成的文件名称）

cd lib
dir
 
actions.c       cpp                  handle_ping.o        handle_suback.c    linker.version  memory_mosq.o    mosquitto_internal.h  options.o           read_handle.c      send_mosq.o         socks_mosq.o   tls_mosq.h    will_mosq.c
actions.o       dummypthread.h       handle_pubackcomp.c  handle_suback.o    logging_mosq.c  messages_mosq.c  mosquitto.o           packet_datatypes.c  read_handle.h      send_publish.c      srv_mosq.c     tls_mosq.o    will_mosq.h
alias_mosq.c    handle_auth.c        handle_pubackcomp.o  handle_unsuback.c  logging_mosq.h  messages_mosq.h  mqtt_protocol.h       packet_datatypes.o  read_handle.o      send_publish.o      srv_mosq.o     utf8_mosq.c   will_mosq.o
alias_mosq.h    handle_auth.o        handle_publish.c     handle_unsuback.o  logging_mosq.o  messages_mosq.o  net_mosq.c            packet_mosq.c       send_connect.c     send_subscribe.c    thread_mosq.c  utf8_mosq.o
callbacks.c     handle_connack.c     handle_publish.o     helpers.c          loop.c          misc_mosq.c      net_mosq.h            packet_mosq.h       send_connect.o     send_subscribe.o    thread_mosq.o  util_mosq.c
callbacks.o     handle_connack.o     handle_pubrec.c      helpers.o          loop.o          misc_mosq.h      net_mosq.o            packet_mosq.o       send_disconnect.c  send_unsubscribe.c  time_mosq.c    util_mosq.h
CMakeLists.txt  handle_disconnect.c  handle_pubrec.o      libmosquit.so      Makefile        misc_mosq.o      net_mosq_ocsp.c       property_mosq.c     send_disconnect.o  send_unsubscribe.o  time_mosq.h    util_mosq.o
connect.c       handle_disconnect.o  handle_pubrel.c         memory_mosq.c   mosquitto.c      net_mosq_ocsp.o       property_mosq.h     send_mosq.c        socks_mosq.c        time_mosq.o    util_topic.c
connect.o       handle_ping.c        handle_pubrel.o      libmosquitto.so.1  memory_mosq.h   mosquitto.h      options.c             property_mosq.o     send_mosq.h        socks_mosq.h        tls_mosq.c     util_topic.o

更改文件名，编译认证插件会用到

mv libmosquitto.so.1 libmosquitto.so

安装 git
下载mosquitto-auth-plug源码
解压

yum - y install git

cd  /root/mosquitto/mosquitto-1.6.10
git clone https://github.com/jpmens/mosquitto-auth-plug.git
cd mosquitto-auth-plug

修改配置文件

cp config.mk.in config.mk
vi config.mk
# Select your backends from this list
BACKEND_CDB ?= no
BACKEND_MYSQL = yes
BACKEND_SQLITE ?= no
BACKEND_REDIS ?= no
BACKEND_POSTGRES ?= no
BACKEND_LDAP ?= no
BACKEND_HTTP ?= no
BACKEND_JWT ?= no
BACKEND_MONGO ?= no
BACKEND_FILES ?= no
BACKEND_MEMCACHED ?= no

# Specify the path to the Mosquitto sources here
# MOSQUITTO_SRC = /usr/local/Cellar/mosquitto/1.4.12
MOSQUITTO_SRC =/root/mosquitto/mosquitto-1.6.10

# Specify the path the OpenSSL here
OPENSSLDIR = /etc/pki/tls

# Add support for django hashers algorithm name
SUPPORT_DJANGO_HASHERS ?= no

# Specify optional/additional linker/compiler flags here
# On macOS, add
#       CFG_LDFLAGS = -undefined dynamic_lookup
# as described in https://github.com/eclipse/mosquitto/issues/244
#
# CFG_LDFLAGS = -undefined dynamic_lookup  -L/usr/local/Cellar/openssl/1.0.2l/lib
# CFG_CFLAGS = -I/usr/local/Cellar/openssl/1.0.2l/include -I/usr/local/Cellar/mosquitto/1.4.12/include
CFG_LDFLAGS =
CFG_CFLAGS =

Mosquitto源码目录

MOSQUITTO_SRC =/root/mosquitto/mosquitto-1.6.10

OPENSSL 通过openssl version -a查询

OPENSSLDIR = /etc/pki/tls

编译`

make

生成文件auth-plug.so

dir
auth-plug.c   backends.h  base64.o    be-files.h  be-jwt.h        be-memcached.h  be-mysql.h     be-psk.c    be-redis.h   cache.h       contrib  examples  LICENSE.txt  Makefile        pbkdf2-check.o
auth-plug.o   backends.o  be-cdb.c    be-http.c   be-ldap.c       be-mongo.c      be-mysql.o     be-psk.h    be-sqlite.c  cache.o       envs.c   hash.c    log.c        np              README.md
auth-plug.so  base64.c    be-cdb.h    be-http.h   be-ldap.h       be-mongo.h      be-postgres.c  be-psk.o    be-sqlite.h  config.mk     envs.h   hash.h    log.h        np.c            userdata.h
backends.c    base64.h    be-files.c  be-jwt.c    be-memcached.c  be-mysql.c      be-postgres.h  be-redis.c  cache.c      config.mk.in  envs.o   hash.o    log.o        pbkdf2-check.c  uthash.h

如果编译出现错误 内容 类似 类型冲突类的错误 需要修改文件auth-plug.c 去掉冲突的几个文件中相应const
如下

 const struct mosquitto *client

修改为

 struct mosquitto *client

复制auth-plug.so至/etc/mosquitto/

mv  auth-plug.so /etc/mosquitto/auth-plug.so

复制插件
mosquitto-mysql.conf至/etc/mosquitto/
更改 原mosquitto.conf备份
修改 mosquitto-mysql.conf为 mosquitto.conf

mv mosquitto-mysql.conf  mosquitto.conf

编辑mosquitto.conf

autosave_interval 1800
persistence true
persistence_file mosquitto.db
persistence_location /tmp/
connection_messages true
log_timestamp true
log_dest stderr

#log_type error
#log_type warning
#log_type notice
#log_type information
#log_type all
log_type debug

listener 1883


#
#   __  __       ____   ___  _     
#  |  \/  |_   _/ ___| / _ \| |    
#  | |\/| | | | \___ \| | | | |    
#  | |  | | |_| |___) | |_| | |___ 
#  |_|  |_|\__, |____/ \__\_\_____|
#          |___/                   
#  
#                     

#auth_plugin /home/jpm/mosquitto-auth-plug/auth-plug.so
auth_plugin /Users/jpm/Auto/projects/on-github/MQTT/mosquitto-auth-plug/auth-plug.so
auth_opt_backends cdb,mysql  //修改为 auth_opt_backends mysql
auth_opt_cdbname pwdb.cdb //删除
auth_opt_host localhost //按实际修改
auth_opt_port 3306 //按实际修改
auth_opt_dbname test //按实际修改
auth_opt_user jpm //按实际修改
auth_opt_pass secret //按实际修改
auth_opt_userquery SELECT pw FROM users WHERE username = '%s'
auth_opt_superquery SELECT IFNULL(COUNT(*), 0) FROM users WHERE username = '%s' AND super = 1
auth_opt_aclquery SELECT topic FROM acls WHERE username = '%s'


# Usernames with this fnmatch(3) (a.k.a glob(3))  pattern are exempt from the
# module's ACL checking
auth_opt_superusers S*

修改完成后重新运行Mosquitto

mosquitto -c /etc/mosquitto/mosquitto.conf -v

数据库导入插件examples下
mysql.sql

认证部分大功告成！
测试部分省略