diff options
| author | Michael Klishin <mklishin@pivotal.io> | 2015-04-15 21:00:18 +0300 |
|---|---|---|
| committer | Michael Klishin <mklishin@pivotal.io> | 2015-04-15 21:00:18 +0300 |
| commit | 341d1a2b3b2abf79bae27853a994073b04cbf42f (patch) | |
| tree | bd54c5a6ef21af12651d303082ec211da84138fc | |
| parent | e0ae7d1867092267a99c1e1a2fac16d7dce98dde (diff) | |
| parent | 733ff77a6707cd06241fd2470c83674254f7abed (diff) | |
| download | rabbitmq-server-git-341d1a2b3b2abf79bae27853a994073b04cbf42f.tar.gz | |
Merge branch 'authz_socket_info'
| -rw-r--r-- | include/rabbit.hrl | 2 | ||||
| -rw-r--r-- | src/rabbit_access_control.erl | 2 | ||||
| -rw-r--r-- | src/rabbit_direct.erl | 8 |
3 files changed, 10 insertions, 2 deletions
diff --git a/include/rabbit.hrl b/include/rabbit.hrl index 7627ed431e..b4afddeef1 100644 --- a/include/rabbit.hrl +++ b/include/rabbit.hrl @@ -23,6 +23,8 @@ -record(auth_user, {username, tags, impl}). +%% Passed to authz backends. +-record(authz_socket_info, {sockname, peername}). %% Implementation for the internal auth backend -record(internal_user, {username, password_hash, tags}). diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index 41c54b07a2..3ed6152020 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -41,7 +41,7 @@ rabbit_net:socket() | inet:ip_address()) -> 'ok' | 'not_allowed'). -spec(check_vhost_access/3 :: - (rabbit_types:user(), rabbit_types:vhost(), rabbit_net:socket()) + (rabbit_types:user(), rabbit_types:vhost(), rabbit_net:socket() | #authz_socket_info{}) -> 'ok' | rabbit_types:channel_exit()). -spec(check_resource_access/3 :: (rabbit_types:user(), rabbit_types:r(atom()), permission_atom()) diff --git a/src/rabbit_direct.erl b/src/rabbit_direct.erl index 11233e7eb8..9c9f31d4b5 100644 --- a/src/rabbit_direct.erl +++ b/src/rabbit_direct.erl @@ -102,8 +102,14 @@ notify_auth_result(Username, AuthResult, ExtraProps) -> ExtraProps, rabbit_event:notify(AuthResult, [P || {_, V} = P <- EventProps, V =/= '']). +authz_socket_info_direct(Infos) -> + #authz_socket_info{sockname={proplists:get_value(host, Infos), + proplists:get_value(port, Infos)}, + peername={proplists:get_value(peer_host, Infos), + proplists:get_value(peer_port, Infos)}}. + connect1(User, VHost, Protocol, Pid, Infos) -> - try rabbit_access_control:check_vhost_access(User, VHost, undefined) of + try rabbit_access_control:check_vhost_access(User, VHost, authz_socket_info_direct(Infos)) of ok -> ok = pg_local:join(rabbit_direct, Pid), rabbit_event:notify(connection_created, Infos), {ok, {User, rabbit_reader:server_properties(Protocol)}} |