* DRAFT *



Installation des logins en DB pour Mosquitto


Cette page est un draft pour l'installation des logins dans une DB pour Mosquitto.



Basé sur https://github.com/iegomez/mosquitto-go-auth


ATTENTION : Mosquitto était installé avant selon la procédure décrite dans l'install du serveur !

Chez moi :


mosquitto version 2.0.11

mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker.


----- Install de la version pllus récente avec la compilation et les options....


sudo apt-get install  libwebsockets-dev libc-ares2 libc-ares-dev openssl uuid uuid-dev

sudo apt install libcjson1 libcjson-dev

sudo apt install docbook-xsl docbook


libwebsockets8 n'a pas pu être installé - ne semble pas poser de problème !



cd /home/mirtos/MirTOS/dvpt/


---- version 2.0.15 ------------

wget http://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz

tar xzvf mosquitto-2.0.15.tar.gz

cd mosquitto-2.0.15


Modify config.mk, setting websockets tls and srv


make


---- version 2.0.18 --------------


wget http://mosquitto.org/files/source/mosquitto-2.0.18.tar.gz

tar xzvf mosquitto-2.0.18.tar.gz

cd mosquitto-2.0.18


Modify config.mk, setting websockets tls and srv :


nano config.mk


WITH_TLS:=yes

WITH_SRV:=yes

WITH_WEBSOCKETS:=yes




make


-----------------------


service mosquitto stop


show mosquitto group / user :


compgen -g

compgen -u


Si group et user mosquitto non présent (ou les passer dans tous les cas !):


sudo groupadd mosquitto

sudo useradd -s /sbin/nologin mosquitto -g mosquitto -d /var/lib/mosquitto

sudo mkdir -p /var/log/mosquitto/ /var/lib/mosquitto/

sudo chown -R mosquitto:mosquitto /var/log/mosquitto/

sudo chown -R mosquitto:mosquitto /var/lib/mosquitto/



--------------


Finally, you may create a service for mosquitto. Create the file /etc/systemd/system/mosquitto.service with these annotations:


<-> Pas effectué car le service existait de par l'installaation précédente de mosquitto ET comme mosquitto.service n'existait pas, j'en ai déduit que l'install avait été initiée autrement

Pour ref :https://doc.ubuntu-fr.org/creer_un_service_avec_systemd


service mosquitto start


puis 


mosquitto --version

Error: Unknown option '--version'.

mosquitto version 2.0.18


mosquitto is an MQTT v5.0/v3.1.1/v3.1 broker.


Usage: mosquitto [-c config_file] [-d] [-h] [-p port]


 -c : specify the broker config file.

 -d : put the broker into the background after starting.

 -h : display this help.

 -p : start the broker listening on the specified port.

      Not recommended in conjunction with the -c option.

 -v : verbose mode - enable all logging types. This overrides

      any logging options given in the config file.


See https://mosquitto.org/ for more information.


On a bien la 18 :-)


--------------------------

Building the plugin

--------------------------


Install go (https://www.ovhcloud.com/fr/community/tutorials/how-to-install-go-ubuntu/ et https://go.dev/dl/) :


sudo apt  install golang-go

go version


cd /home/mirtos/MirTOS/dvpt

sudo apt install git

git clone https://github.com/iegomez/mosquitto-go-auth

cd mosquitto-go-auth/


A priori 

apt install mosquitto-dev libmosquitto-dev

a déjà été fait... mais dans le doute, je le refais


make



-------------------------

Configuration

-------------------------


service mosquitto stop


sudo cp go-auth.so /etc/mosquitto/conf.d/


Pour ne pas interférer.....

sudo mv /etc/mosquitto/conf.d/mirtos.conf /etc/mosquitto/conf.d/mirtos.oldconf


Mais pour garder un accès en local :

sudo nano /etc/mosquitto/conf.d/mirtos.conf

-------------------------


# Configuration Mosquitto pour Mirtos - version initiale

#


# per_listener deja present dans mosquitto.conf de base

#per_listener_settings true


# Premier listener : localhost -> Autorise les acces anonymes

#listener 1883 127.0.0.1

listener 10883

allow_anonymous true


-------------------------

et dans la config de base :

sudo nano /etc/mosquitto/mosquitto.conf

---------------------------

# Place your local configuration in /etc/mosquitto/conf.d/

#

# A full description of the configuration file is at

# /usr/share/doc/mosquitto/examples/mosquitto.conf.example


pid_file /run/mosquitto/mosquitto.pid


persistence true

persistence_location /var/lib/mosquitto/


log_dest file /var/log/mosquitto/mosquitto.log


per_listener_settings true



include_dir /etc/mosquitto/conf.d


----------------------------



sudo nano /etc/mosquitto/conf.d/go-auth.conf


-------------------------


listener 1883

# il semble que le websockets pose problème

# protocol websockets  


auth_plugin /etc/mosquitto/conf.d/go-auth.so


auth_opt_log_level debug

auth_opt_log_dest file

auth_opt_log_file /var/log/mosquitto/mosquitto-auth.log


auth_opt_backends files,sqlite

#auth_opt_backends files


auth_opt_check_prefix false


auth_opt_files_password_path /etc/mosquitto/go-auth/passwords

auth_opt_files_acl_path /etc/mosquitto/go-auth/acls


# il faut que le user mosquitto ait accès à la DB....

#auth_opt_sqlite_source /home/mirtos/MirTOS/db/mosquitto_auth.db

auth_opt_sqlite_source /etc/mosquitto/go-auth/mosquitto_auth.db


auth_opt_sqlite_userquery SELECT pass FROM account WHERE username = ? limit 1

auth_opt_sqlite_superquery SELECT COUNT(*) FROM account WHERE username = ? AND super = 1

auth_opt_sqlite_aclquery SELECT topic FROM acl WHERE (username = ?) AND rw >= ?


auth_opt_cache_host redis

auth_opt_cache true

auth_opt_cache_reset true


#Use redis DB 4 to avoid messing with other services.

auth_opt_cache_db 4


-------------------------




sudo mkdir /etc/mosquitto/go-auth


sudo nano /etc/mosquitto/go-auth/acls

-------------------------

user test

topic read test/#

topic write test/#

-------------------------


sudo nano /etc/mosquitto/go-auth/passwords

-------------------------

test:PBKDF2$sha512$100000$znG9i0H+a2o0SgoSyec56A==$4+GzKfvFd3cYszjwTesuDYbIiPh5GUCVpl/2Nbq8y+97eSocqWj5t6IF4xbyiZgC60Fe1GdctZ/QBfLd0starA==

-------------------------


création des mots de passe :



cd ~/MirTOS/dvpt/mosquitto-go-auth

./pw -l 64 -p motdepasse

#mirtos@MirTOS-server:~/MirTOS/dvpt/mosquitto-go-auth$ ./pw -l 64 -p motdepasse

PBKDF2$sha512$100000$sgnD84z9ouFqMTQ4DQvRag==$KEKbvVG6rvEreBSHe92Pa+6MiVN1AELBSmvSH56y6gc8vZbe9aKXmuHhc/V4d1i+ArPfMubf8WDVx6l8bsU1Rg==


--> https://github.com/iegomez/pw-test

./pw-test -h 'PBKDF2$sha512$100000$znG9i0H+a2o0SgoSyec56A==$4+GzKfvFd3cYszjwTesuDYbIiPh5GUCVpl/2Nbq8y+97eSocqWj5t

6IF4xbyiZgC60Fe1GdctZ/QBfLd0starA==' -p test


https://cryptobook.nakov.com/mac-and-key-derivation/pbkdf2 ??




La DB

#

#cd /home/mirtos/MirTOS/db

#sudo sqlite3 mosquitto_auth.db

# nll emplacement, pour que mosquitto puisse accéder à la DB !


sudo sqlite3 /etc/mosquitto/go-auth/mosquitto_auth.db


----------------------------

DROP TABLE IF EXISTS account ;

CREATE TABLE account (id INTEGER PRIMARY KEY,username varchar(100) not null,pass varchar(200) not null, super integer not null);`


`

DROP TABLE IF EXISTS acl;

create table acl(

id    INTEGER PRIMARY KEY,

user_id  INTEGER not null,

topic varchar(200) not null,

rw integer not null,

foreign key(user_id) references account(id)

);


INSERT INTO account(username,pass,super) VALUES ("mirtos","motdepasse",1);

UPDATE account set pass="PBKDF2$sha512$100000$sgnD84z9ouFqMTQ4DQvRag==$KEKbvVG6rvEreBSHe92Pa+6MiVN1AELBSmvSH56y6gc8vZbe9aKXmuHhc/V4d1i+ArPfMubf8WDVx6l8bsU1Rg==" where username="mirtos"


INSERT INTO acl(user_id,topic,rw) VALUES (1,"MirTOS",1);

-------------------------

.quit

`


sudo chmod a+rw mosquitto_auth.db

sudo chmod /home/mirtos/MirTOS/db/mosquitto_auth.db

sudo chown mosquitto:mosquitto /home/mirtos/MirTOS/db/mosquitto_auth.db


à tout hasard....

sudo chmod a+x /etc/mosquitto/conf.d/go-auth.so



sudo service mosquitto start

ou pour tester...

sudo /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf



CORRECTTION :

1) La DB doit se trouver dans un répertoire que mosquitto peut utiliser donc pas sous le user mirots 

-->

mv /home/mirtos/MirTOS/db/mosquitto_auth.db /etc/mosquitto/go-auth/mosquitto_auth.db

sudo nano /etc/mosquitto/conf.d/go-auth.conf

auth_opt_sqlite_source /home/mirtos/MirTOS/db/mosquitto_auth.db


??? FAIRE UN LIEN dans home/mirtos/MirTOS/db ???


2) le protovol websocket pose probleme (???)

sudo nano /etc/mosquitto/conf.d/go-auth.conf

listener 1883

#protocol websockets


3) 

mosquitto_sub -h localhost -p 10883 -t test

=> OK


mosquitto_sub -h localhost -u test -P test -t test

=> OK

mosquitto_sub -h localhost -u test -P test -t aaaa

=> Fonctionne (????)

mosquitto_sub -h localhost -u test -P testx -t test

Connection error: Connection Refused: not authorised.  => OK


mosquitto_sub -h 192.168.90.174 -u mirtos -P motdepasse -t MirTOS => OK

ATTENTION Mot de passe en DB : 



cd ~/MirTOS/dvpt/mosquitto-go-auth

./pw -l 64 -p motdepasse

#mirtos@MirTOS-server:~/MirTOS/dvpt/mosquitto-go-auth$ ./pw -l 64 -p motdepasse

PBKDF2$sha512$100000$sgnD84z9ouFqMTQ4DQvRag==$KEKbvVG6rvEreBSHe92Pa+6MiVN1AELBSmvSH56y6gc8vZbe9aKXmuHhc/V4d1i+ArPfMubf8WDVx6l8bsU1Rg==






========================================================

tools....


sudo sqlite3 /etc/mosquitto/go-auth/mosquitto_auth.db


UPDATE account set pass="3r6AaaTLCgqnsc7jUbfGiQ==" where username="mirtos"

UPDATE account set pass="PBKDF2$sha512$100000$znG9i0H+a2o0SgoSyec56A==$4+GzKfvFd3cYszjwTesuDYbIiPh5GUCVpl/2Nbq8y+97eSocqWj5t6IF4xbyiZgC60Fe1GdctZ/QBfLd0starA==" where username="mirtos"


UPDATE account set pass="PBKDF2$sha512$100000$sgnD84z9ouFqMTQ4DQvRag==$KEKbvVG6rvEreBSHe92Pa+6MiVN1AELBSmvSH56y6gc8vZbe9aKXmuHhc/V4d1i+ArPfMubf8WDVx6l8bsU1Rg==" where username="mirtos"


UPDATE account set pass="PBKDF2$sha512$100000$znG9i0H+a2o0SgoSyec56A==$KHsF865P6d5WjF8/8dE3GXWKK1KaBuhBd85hp53Tr5vbmVdsgSdzrr8JNmhMa9AHQYYJvFLMf/6oOaheHlqMTA==" where username="mirtos"

UPDATE account set pass="PBKDF2$sha512$100000$znG9i0H+a2o0SgoSyec56A==$85g3wutDuRtKX3wzwR2r4LK88p8O/iV/RwtVdtrHftjPaJRgUGRnffw7BaVAOx.5EMM7j39ATzucCOVS5ZeAH.==" where username="mirtos"

UPDATE account set pass="PBKDF2$sha512$$10000$znG9i0H+a2o0SgoSyec56A==$KHsF865P6d5WjF8/8dE3GXWKK1KaBuhBd85hp53Tr5vbmVdsgSdzrr8JNmhMa9AHQYYJvFLMf/6oOaheHlqMTA==" where username="mirtos"


UPDATE account set pass="PBKDF2$sha512$100000$$u+8CXwHOY6yaKLhgGhqRFKCIWyHofA+3Ckk92viBW6UvG5FsPtu0BQaOyYJy7414hHrwDZ1Cz2HcFd+oNQFoqw==" where username="mirtos"

UPDATE account set pass="PBKDF2$sha512$100000$LQIBzyYGdd8mLCyW1YzZ6aloF1mqBzdWIt1THvL+5+lVG/p2MwRVgaIEAcGjKn2UWLnaAuYxSNC+pPTllwxjnA==" where username="mirtos"

UPDATE account set pass="PBKDF2$sha512$100000$c0f54c930fda3e10d14008aaa3abf1c48aa4c8c59cc513e78e13d557bd94a551d4b4ecfbb2d8c6f1336af415344f6c73cbe3f1d1021ec1aefbd7f3e594337db8" where username="mirtos"



mosquitto_sub -h 192.168.90.174 -u mirtos -P motdepasse -t MirTOS

mosquitto_sub -h 192.168.90.174 -u test -P test -t test

mosquitto_sub -h localhost -p 10883 -t test



/etc/mosquitto/go-auth/


sudo mv /etc/mosquitto/conf.d/go-auth.conf /etc/mosquitto/conf.d/go-auth.xonf

sudo mv /etc/mosquitto/conf.d/go-auth.xonf /etc/mosquitto/conf.d/go-auth.conf


Créé avec HelpNDoc Personal Edition: Créer des livres électroniques facilement