Skip to content
This repository has been archived by the owner on Aug 9, 2021. It is now read-only.

Commit

Permalink
feat(install): more configuration options for MQTT
Browse files Browse the repository at this point in the history
  • Loading branch information
@btry @ajsb85
btry authored and ajsb85 committed Nov 20, 2017
1 parent fd7c52e commit 2896483
Show file tree
Hide file tree
Showing 7 changed files with 116 additions and 69 deletions.
11 changes: 10 additions & 1 deletion ajax/mqtt_test.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,21 @@
$port = 0;
}

if (isset($_POST['mqtt_broker_tls']) && $_POST['mqtt_broker_tls'] != '0') {
if (isset($_POST['mqtt_broker_tls_port']) && is_numeric($_POST['mqtt_broker_tls_port'])) {
$portTls = $_POST['mqtt_broker_tls_port'];
} else {
$portTls = 0;
}

if (isset($_POST['mqtt_tls_for_backend']) && $_POST['mqtt_tls_for_backend'] != '0') {
$isTls = true;
} else {
$isTls = false;
}

if ($isTls) {
$port = $portTls;
}

if ($port < 1 || $port > 65535) {
$port = false;
Expand Down
79 changes: 41 additions & 38 deletions inc/agent.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1000,7 +1000,7 @@ protected function enrollByInvitationToken($input) {
$input = [];

$config = Config::getConfigurationValues("flyvemdm", [
'mqtt_broker_tls',
'mqtt_tls_for_clients',
'mqtt_use_client_cert',
'debug_noexpire',
'computertypes_id',
Expand Down Expand Up @@ -1143,7 +1143,7 @@ protected function enrollByInvitationToken($input) {
}

//sign the agent's certificate (if TLS enabled)
if ($config['mqtt_broker_tls'] != '0' && $config['mqtt_use_client_cert'] != '0') {
if ($config['mqtt_tls_for_clients'] != '0' && $config['mqtt_use_client_cert'] != '0') {
$answer = self::signCertificate($csr);
$crt = isset($answer['crt']) ? $answer['crt'] : false;
if ($crt === false) {
Expand Down Expand Up @@ -1623,13 +1623,14 @@ protected function setupMqttAccess() {

if ($user = $this->getOwner()) {
$config = Config::getConfigurationValues('flyvemdm', [
'guest_profiles_id',
'android_bugcollecctor_url',
'android_bugcollector_login',
'android_bugcollector_passwd',
'mqtt_broker_address',
'mqtt_broker_port',
'mqtt_broker_tls',
'guest_profiles_id',
'android_bugcollecctor_url',
'android_bugcollector_login',
'android_bugcollector_passwd',
'mqtt_broker_address',
'mqtt_broker_port',
'mqtt_broker_tls_port',
'mqtt_tls_for_clients',
]);
$guestProfileId = $config['guest_profiles_id'];
if ($user->getID() == $_SESSION['glpiID'] && $_SESSION['glpiactiveprofile']['id'] == $guestProfileId) {
Expand All @@ -1644,44 +1645,44 @@ protected function setupMqttAccess() {
$serial = $computer->getField('serial');
if (!empty($serial)) {
$acls = [
[
'topic' => $this->getTopic() . '/Status/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_WRITE
],
[
'topic' => $this->getTopic() . '/Command/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_READ
],
[
'topic' => $this->getTopic() . '/FlyvemdmManifest/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_WRITE
],
[
'topic' => '/FlyvemdmManifest/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_READ
],
[
'topic' => $this->getTopic() . '/Status/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_WRITE
],
[
'topic' => $this->getTopic() . '/Command/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_READ
],
[
'topic' => $this->getTopic() . '/FlyvemdmManifest/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_WRITE
],
[
'topic' => '/FlyvemdmManifest/#',
'access_level' => PluginFlyvemdmMqttacl::MQTTACL_READ
],
];

$mqttUser = new PluginFlyvemdmMqttuser();
$mqttClearPassword = PluginFlyvemdmMqttuser::getRandomPassword();
if (!$mqttUser->getByUser($serial)) {
// The user does not exists
$mqttUser->add([
'user' => $serial,
'enabled' => '1',
'password' => $mqttClearPassword,
'_acl' => $acls,
'_reset_acl' => true,
'user' => $serial,
'enabled' => '1',
'password' => $mqttClearPassword,
'_acl' => $acls,
'_reset_acl' => true,
]);
} else {
// The user exists
$mqttUser->update([
'id' => $mqttUser->getID(),
'enabled' => '1',
'password' => $mqttClearPassword,
'_acl' => $acls,
'_reset_acl' => true,
]);
'id' => $mqttUser->getID(),
'enabled' => '1',
'password' => $mqttClearPassword,
'_acl' => $acls,
'_reset_acl' => true,
]);
}
}
}
Expand All @@ -1690,8 +1691,10 @@ protected function setupMqttAccess() {
$this->fields['topic'] = $this->getTopic();
$this->fields['mqttpasswd'] = $mqttClearPassword;
$this->fields['broker'] = $config['mqtt_broker_address'];
$this->fields['port'] = $config['mqtt_broker_port'];
$this->fields['tls'] = $config['mqtt_broker_tls'];
$this->fields['port'] = $config['mqtt_tls_for_clients'] !== '0'
? $config['mqtt_broker_tls_port']
: $config['mqtt_broker_port'];
$this->fields['tls'] = $config['mqtt_tls_for_clients'];
$this->fields['android_bugcollecctor_url'] = $config['android_bugcollecctor_url'];
$this->fields['android_bugcollector_login'] = $config['android_bugcollector_login'];
$this->fields['android_bugcollector_passwd'] = $config['android_bugcollector_passwd'];
Expand Down
20 changes: 11 additions & 9 deletions inc/config.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ public function getTabNameForItem(CommonGLPI $item, $withtemplate = 0) {
case __CLASS__:
$tabs = [];
$tabs[1] = __('General configuration', 'flyvemdm');
$tabs[2] = __('Messge queue', 'flyvemdm');
$tabs[2] = __('Message queue', 'flyvemdm');
$tabs[3] = __('Debug', 'flyvemdm');
return $tabs;
break;
Expand Down Expand Up @@ -190,11 +190,6 @@ public function showFormGeneral() {
}
unset($fields['android_bugcollector_passwd']);

$fields['mqtt_broker_tls'] = Dropdown::showYesNo(
'mqtt_broker_tls', $fields['mqtt_broker_tls'],
-1,
['display' => false]
);
$fields['computertypes_id'] = ComputerType::dropdown([
'display' => false,
'name' => 'computertypes_id',
Expand Down Expand Up @@ -227,8 +222,14 @@ public function showFormMessageQueue() {
$fields = Config::getConfigurationValues('flyvemdm');
unset($fields['android_bugcollector_passwd']);

$fields['mqtt_broker_tls'] = Dropdown::showYesNo(
'mqtt_broker_tls', $fields['mqtt_broker_tls'],
$fields['mqtt_tls_for_clients'] = Dropdown::showYesNo(
'mqtt_tls_for_clients', $fields['mqtt_tls_for_clients'],
-1,
['display' => false]
);

$fields['mqtt_tls_for_backend'] = Dropdown::showYesNo(
'mqtt_tls_for_backend', $fields['mqtt_tls_for_backend'],
-1,
['display' => false]
);
Expand Down Expand Up @@ -291,12 +292,13 @@ public function showFormDebug() {
}

/**
* Initializes the instance if the item with default values
* Initializes the instance of the item with default values
*/
public function post_getEmpty() {
$this->fields['id'] = 1;
$this->fields['mqtt_broker_address'] = '127.0.0.1';
$this->fields['mqtt_broker_port'] = '1883';
$this->fields['mqtt_broker_tls_port'] = '8883';
}

/**
Expand Down
20 changes: 12 additions & 8 deletions inc/mqttclient.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,21 +230,25 @@ public function sendTestMessage($address, $port, $isTls, $sslCipher) {
*/
protected function getMQTTConnection() {
$config = Config::getConfigurationValues('flyvemdm', [
'mqtt_broker_internal_address',
'mqtt_broker_port',
'mqtt_broker_tls',
'mqtt_broker_tls_ciphers',
'mqtt_user',
'mqtt_passwd'
'mqtt_broker_internal_address',
'mqtt_broker_port',
'mqtt_broker_tls_port',
'mqtt_broker_tls',
'mqtt_broker_tls_ciphers',
'mqtt_user',
'mqtt_passwd'
]);
if (empty($config['mqtt_broker_internal_address'])
||empty($config['mqtt_broker_port'])
||(!isset($config['mqtt_broker_tls']))) {
|| empty($config['mqtt_broker_port']) || empty($config['mqtt_broker_tls_port'])
|| (!isset($config['mqtt_broker_tls']))) {
return false;
} else {
$mqttBrokerAddress = $config['mqtt_broker_internal_address'];
$mqttBrokerPort = $config['mqtt_broker_port'];
$isTls = $config['mqtt_broker_tls'] != '0';
if ($isTls) {
$mqttBrokerPort = $config['mqtt_broker_tls_port'];
}
$sslCiphers = $config['mqtt_broker_tls_ciphers'];
$mqtt = $this->buildMqtt($mqttBrokerAddress, $mqttBrokerPort, $isTls, $sslCiphers);
$mqtt->setAuth($config['mqtt_user'], $config['mqtt_passwd']);
Expand Down
4 changes: 3 additions & 1 deletion install/installer.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -604,7 +604,9 @@ protected function createInitialConfig() {
'mqtt_broker_address' => '',
'mqtt_broker_internal_address' => '127.0.0.1',
'mqtt_broker_port' => '1883',
'mqtt_broker_tls' => '0',
'mqtt_broker_tls_port' => '8883',
'mqtt_tls_for_clients' => '0',
'mqtt_tls_for_backend' => '0',
'mqtt_use_client_cert' => '0',
'mqtt_broker_tls_ciphers' => self::DEFAULT_CIPHERS_LIST,
'mqtt_user' => self::BACKEND_MQTT_USER,
Expand Down
23 changes: 19 additions & 4 deletions install/upgrade/update_to_dev.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,11 @@ function plugin_flyvemdm_update_to_dev(Migration $migration) {
]);
$profileRight->updateProfileRights($profiles_id, $newRights);

// remove download base URL setting
Config::deleteConfigurationValues('flyvemdm', ['deploy_base_url']);

Config::setConfigurationValues('flyvemdm', [
'default_agent_url' => PLUGIN_FLYVEMDM_AGENT_DOWNLOAD_URL,
]);

// Update configuration
$config = Config::getConfigurationValues('flyvemdm', ['android_bugcollecctor']);
if (!isset($config['android_bugcollecctor_url'])) {
$config = [
Expand All @@ -66,6 +64,23 @@ function plugin_flyvemdm_update_to_dev(Migration $migration) {
];
Config::setConfigurationValues('flyvemdm', $config);
}
$config = Config::getConfigurationValues('flyvemdm', ['mqtt_broker_tls']);
if (isset($config['mqtt_broker_tls'])) {
if ($config['mqtt_broker_tls'] !== '0') {
$config['mqtt_broker_tls_port'] = $config['mqtt_broker_port'];
$config['mqtt_broker_port'] = '1883';
} else {
$config['mqtt_broker_tls_port'] = '8883';
}
// Split TLS setting for client in one hand and backend in the other hand
$config['mqtt_tls_for_clients'] = $config['mqtt_broker_tls'];
$config['mqtt_tls_for_backend'] = $config['mqtt_broker_tls'];
Config::setConfigurationValues('flyvemdm', $config);
Config::deleteConfigurationValues('flyvemdm', ['mqtt_broker_tls']);
}

// remove download base URL setting
Config::deleteConfigurationValues('flyvemdm', ['deploy_base_url']);

// update Entity config table
$table = 'glpi_plugin_flyvemdm_entityconfigs';
Expand All @@ -85,6 +100,7 @@ function plugin_flyvemdm_update_to_dev(Migration $migration) {
}
$migration->addField($table, 'version', 'string', ['after' => 'name']);
$migration->addField($table, 'users_id', 'integer', ['after' => 'computers_id']);
$migration->addField($table, 'is_online', 'integer', ['after' => 'last_contact']);
$migration->addField($table, 'has_system_permission', 'bool', ['after' => 'mdm_type']);
$migration->addKey($table, 'computers_id', 'computers_id');
$migration->addKey($table, 'users_id', 'users_id');
Expand Down Expand Up @@ -133,7 +149,6 @@ function plugin_flyvemdm_update_to_dev(Migration $migration) {
if (!$DB->query($query)) {
plugin_flyvemdm_upgrade_error($migration);
}
$migration->addField($table, 'is_online', 'integer', ['after' => 'last_contact']);
$migration->addKey($table, 'plugin_flyvemdm_agents_id', 'plugin_flyvemdm_agents_id');
$migration->addKey($table, 'plugin_flyvemdm_tasks_id', 'plugin_flyvemdm_tasks_id');

Expand Down
28 changes: 20 additions & 8 deletions tpl/config-messagequeue.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,39 @@
<th colspan="3" class="">{{ __('MQTT broker', 'flyvemdm') }}</th>
</tr>
<tr class="tab_bg_1">
<td>{{ __('MQTT broker address', 'flyvemdm') }}</td>
<td>{{ __('MQTT broker address for clients', 'flyvemdm') }}</td>
<td><input type="text" name="mqtt_broker_address" value="{{ config.mqtt_broker_address }}"></td>
<td>{{ __('An IP address or a hostname', 'flyvemdm') }}</td>
<td>{{ __('An IP address or a hostname used by the client devices to communicate with the broker', 'flyvemdm') }}</td>
</tr>
<tr class="tab_bg_1">
<td>{{ __('MQTT broker internal address', 'flyvemdm') }}</td>
<td>{{ __('MQTT broker address for backend', 'flyvemdm') }}</td>
<td><input type="text" name="mqtt_broker_internal_address"
value="{{ config.mqtt_broker_internal_address }}"></td>
<td>{{ __('An IP address or a hostname', 'flyvemdm') }}</td>
<td>{{ __('An IP address or a hostname used by the backend to communicate with the broker', 'flyvemdm') }}</td>
</tr>
<tr class="tab_bg_1">
<td>{{ __('MQTT broker port', 'flyvemdm') }}</td>
<td><input type="number" name="mqtt_broker_port" value="{{ config.mqtt_broker_port }}"
min="1" max="65535"></td>
<td>{{ __('A port number between 1025 and 65535, usually 1883 or 8883', 'flyvemdm') }}</td>
<td>{{ __('A port number between 1025 and 65535, standard port is 1883', 'flyvemdm') }}</td>
</tr>
<tr class="tab_bg_1">
<td>{{ __('Use TLS', 'flyvemdm') }}</td>
<td>{{ config.mqtt_broker_tls|raw }}
<td>{{ __('MQTT broker port for TLS', 'flyvemdm') }}</td>
<td><input type="number" name="mqtt_broker_tls_port" value="{{ config.mqtt_broker_tls_port }}"
min="1" max="65535"></td>
<td>{{ __('A port number between 1025 and 65535, standard port is 8883', 'flyvemdm') }}</td>
</tr>
<tr class="tab_bg_1">
<td>{{ __('Use TLS for clients', 'flyvemdm') }}</td>
<td>{{ config.mqtt_tls_for_clients|raw }}
</td>
<td></td>
<td>{{ __('Use TLS for MQTT communication between the broker and the client devices', 'flyvemdm') }}</td>
</tr>
<tr class="tab_bg_1">
<td>{{ __('Use TLS for backend', 'flyvemdm') }}</td>
<td>{{ config.mqtt_tls_for_backend|raw }}
</td>
<td>{{ __('Use TLS for MQTT communication between the broker and the backend', 'flyvemdm') }}</td>
</tr>
<tr class="tab_bg_1">
<td>{{ __('CA certificate', 'flyvemdm') }}</td>
Expand Down

0 comments on commit 2896483

Please sign in to comment.