emqx icon indicating copy to clipboard operation
emqx copied to clipboard

Published 20 hours ago verified publisher icon emqx

authn plugin always show me cannot get cannot_get_variable username

Open shanjunmei opened this issue 3 years ago • 6 comments

What happened?

as title, using 5.03 version

2022-07-29T14:16:02.827000+08:00 [warning] authenticator: <<"password_based:postgresql">>, clientid: client1, exception: error, line: 660, mfa: emqx_authentication:do_authenticate/3, msg: unexpected_error_in_authentication, peername: 127.0.0.1:65125, reason: {cannot_get_variable,<<"username">>}, stacktrace: [{emqx_authn_utils,handle_sql_var,2,[{file,"emqx_authn_utils.erl"},{line,214}]},{lists,map,2,[{file,"lists.erl"},{line,1243}]},{emqx_authn_pgsql,authenticate,2,[{file,"emqx_authn_pgsql.erl"},{line,118}]},{emqx_authentication,do_authenticate,3,[{file,"emqx_authentication.erl"},{line,633}]},{emqx_authentication,authenticate,2,[{file,"emqx_authentication.erl"},{line,228}]},{emqx_hooks,safe_execute,2,[{file,"emqx_hooks.erl"},{line,200}]},{emqx_hooks,do_run_fold,3,[{file,"emqx_hooks.erl"},{line,180}]},{emqx_access_control,authenticate,1,[{file,"emqx_access_control.erl"},{line,81}]},{emqx_channel,do_authenticate,2,[{file,"emqx_channel.erl"},{line,1697}]},{emqx_channel,handle_in,2,[{file,"emqx_channel.erl"},{line,355}]},{emqx_ws_connection,with_channel,3,[{file,"emqx_ws_connection.erl"},{line,738}]},{cowboy_websocket,handler_call,6,[{file,"cowboy_websocket.erl"},{line,487}]},{proc_lib,wake_up,3,[{file,"proc_lib.erl"},{line,236}]}] this is the error log .use mqttbox and mqtt.js test

What did you expect to happen?

How can we reproduce it (as minimally and precisely as possible)?

No response

Anything else we need to know?

No response

EMQX version

$ ./bin/emqx_ctl broker
# paste output here

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Log files

shanjunmei avatar Jul 29 '22 06:07 shanjunmei

authentication { auto_reconnect = true backend = "postgresql" database = "xxx" enable = true mechanism = "password_based" password = "xxx" password_hash_algorithm { dk_length = 16 iterations = 10000 mac_fun = "sha512" name = "pbkdf2" } pool_size = 8 query = "SELECT password_hash FROM rfm.mqtt_users where user_name = ${username} LIMIT 1" server = "127.0.0.1:5432" ssl { ciphers = ["TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_128_CCM_SHA256", "TLS_AES_128_CCM_8_SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-RSA-AES256-SHA384", "ECDH-ECDSA-AES256-GCM-SHA384", "ECDH-RSA-AES256-GCM-SHA384", "ECDH-ECDSA-AES256-SHA384", "ECDH-RSA-AES256-SHA384", "DHE-DSS-AES256-GCM-SHA384", "DHE-DSS-AES256-SHA256", "AES256-GCM-SHA384", "AES256-SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDH-ECDSA-AES128-GCM-SHA256", "ECDH-RSA-AES128-GCM-SHA256", "ECDH-ECDSA-AES128-SHA256", "ECDH-RSA-AES128-SHA256", "DHE-DSS-AES128-GCM-SHA256", "DHE-DSS-AES128-SHA256", "AES128-GCM-SHA256", "AES128-SHA256", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "DHE-DSS-AES256-SHA", "ECDH-ECDSA-AES256-SHA", "ECDH-RSA-AES256-SHA", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES128-SHA", "DHE-DSS-AES128-SHA", "ECDH-ECDSA-AES128-SHA", "ECDH-RSA-AES128-SHA", "RSA-PSK-AES256-GCM-SHA384", "RSA-PSK-AES256-CBC-SHA384", "RSA-PSK-AES128-GCM-SHA256", "RSA-PSK-AES128-CBC-SHA256", "RSA-PSK-AES256-CBC-SHA", "RSA-PSK-AES128-CBC-SHA"] depth = 10 enable = false reuse_sessions = true secure_renegotiate = true user_lookup_fun = "emqx_tls_psk:lookup" verify = "verify_none" versions = ["tlsv1.3", "tlsv1.2", "tlsv1.1", "tlsv1"] } username = "xxx" } config file

shanjunmei avatar Jul 29 '22 06:07 shanjunmei

Hello,

Maybe the client is anonymous and it doesn't have the username? I am not sure how the template engine handles this case, maybe @savonarola can help?

ieQu1 avatar Aug 01 '22 11:08 ieQu1

Hello! I will investgate this.

savonarola avatar Aug 02 '22 09:08 savonarola

I tried to improve error messages in #8635.

@shanjunmei do the clients send username field on connect? Looks like clientid and password are only set.

savonarola avatar Aug 02 '22 13:08 savonarola

I tried to improve error messages in #8635.

@shanjunmei do the clients send username field on connect? Looks like clientid and password are only set.

i can confirm send username & password

shanjunmei avatar Aug 02 '22 13:08 shanjunmei

@shanjunmei could you please anyhow provide the used MQTT client configuration? For example, client code using mqtt.js or mqttbox screenshots? So that I could reproduce the issue.

savonarola avatar Aug 08 '22 12:08 savonarola

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Aug 18 '22 14:08 github-actions[bot]