diff options
| author | Luke Bakken <lbakken@pivotal.io> | 2019-03-22 07:23:00 -0700 |
|---|---|---|
| committer | Luke Bakken <lbakken@pivotal.io> | 2019-03-22 07:23:00 -0700 |
| commit | 700a3585f2d442a2963f14fe5ea00ec5502efd52 (patch) | |
| tree | c84e1d53df5b59983548af8d6eb6df3880769bb6 | |
| parent | 58ca7b99a1092c5b6d73a9263712391eef1b5955 (diff) | |
| download | rabbitmq-server-git-700a3585f2d442a2963f14fe5ea00ec5502efd52.tar.gz | |
Modify check_vhost_access/3 to use map of data
Part of rabbitmq/rabbitmq-auth-backend-cache#20
| -rw-r--r-- | src/rabbit_access_control.erl | 12 | ||||
| -rw-r--r-- | src/rabbit_direct.erl | 9 |
2 files changed, 8 insertions, 13 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index 984ee5371d..1c8c50c0d3 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -125,20 +125,20 @@ check_user_loopback(Username, SockOrAddr) -> false -> not_allowed end. --spec check_vhost_access - (rabbit_types:user(), rabbit_types:vhost(), - rabbit_net:socket() | #authz_socket_info{}) -> - 'ok' | rabbit_types:channel_exit(). - +-spec check_vhost_access(User :: rabbit_types:user(), + VHostPath :: rabbit_types:vhost(), + Sock :: rabbit_net:socket() | #authz_socket_info{} | undefined) -> + 'ok' | rabbit_types:channel_exit(). check_vhost_access(User = #user{username = Username, authz_backends = Modules}, VHostPath, Sock) -> + AuthData = lists:foldl( fun({Mod, Impl}, ok) -> check_access( fun() -> rabbit_vhost:exists(VHostPath) andalso Mod:check_vhost_access( - auth_user(User, Impl), VHostPath, Sock) + auth_user(User, Impl), VHostPath, AuthData) end, Mod, "access to vhost '~s' refused for user '~s'", [VHostPath, Username], not_allowed); diff --git a/src/rabbit_direct.erl b/src/rabbit_direct.erl index 696b25f5e4..4a57c08a9d 100644 --- a/src/rabbit_direct.erl +++ b/src/rabbit_direct.erl @@ -181,14 +181,9 @@ notify_auth_result(Username, AuthResult, ExtraProps) -> ExtraProps, rabbit_event:notify(AuthResult, [P || {_, V} = P <- EventProps, V =/= '']). -authz_socket_info_direct(Infos) -> - #authz_socket_info{sockname={proplists:get_value(host, Infos), - proplists:get_value(port, Infos)}, - peername={proplists:get_value(peer_host, Infos), - proplists:get_value(peer_port, Infos)}}. - connect1(User, VHost, Protocol, Pid, Infos) -> - try rabbit_access_control:check_vhost_access(User, VHost, authz_socket_info_direct(Infos)) of + AuthzData = #{peeraddr := proplists:get_value(peer_host, Infos)}, + try rabbit_access_control:check_vhost_access(User, VHost, AuthzData) of ok -> ok = pg_local:join(rabbit_direct, Pid), rabbit_core_metrics:connection_created(Pid, Infos), rabbit_event:notify(connection_created, Infos), |