diff options
| author | Petr Gotthard <petr.gotthard@honeywell.com> | 2015-04-15 21:07:22 -0700 |
|---|---|---|
| committer | Petr Gotthard <petr.gotthard@honeywell.com> | 2015-04-15 21:07:22 -0700 |
| commit | 76dacb2051e637526dccc4c0407cf42a8a40c5b4 (patch) | |
| tree | c6ea8ed6c6d1f23f3d4fe378ec9a8bdd0f466079 | |
| parent | e0ae7d1867092267a99c1e1a2fac16d7dce98dde (diff) | |
| download | rabbitmq-server-git-76dacb2051e637526dccc4c0407cf42a8a40c5b4.tar.gz | |
Implement authz_socket_info structure passed to authorization plugins.
| -rw-r--r-- | include/rabbit.hrl | 2 | ||||
| -rw-r--r-- | src/rabbit_access_control.erl | 2 | ||||
| -rw-r--r-- | src/rabbit_direct.erl | 8 |
3 files changed, 10 insertions, 2 deletions
diff --git a/include/rabbit.hrl b/include/rabbit.hrl index 7627ed431e..b4afddeef1 100644 --- a/include/rabbit.hrl +++ b/include/rabbit.hrl @@ -23,6 +23,8 @@ -record(auth_user, {username, tags, impl}). +%% Passed to authz backends. +-record(authz_socket_info, {sockname, peername}). %% Implementation for the internal auth backend -record(internal_user, {username, password_hash, tags}). diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index 41c54b07a2..d954de0e09 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -41,7 +41,7 @@ rabbit_net:socket() | inet:ip_address()) -> 'ok' | 'not_allowed'). -spec(check_vhost_access/3 :: - (rabbit_types:user(), rabbit_types:vhost(), rabbit_net:socket()) + (rabbit_types:user(), rabbit_types:vhost(), rabbit_net:socket() | authz_socket_info()) -> 'ok' | rabbit_types:channel_exit()). -spec(check_resource_access/3 :: (rabbit_types:user(), rabbit_types:r(atom()), permission_atom()) diff --git a/src/rabbit_direct.erl b/src/rabbit_direct.erl index 11233e7eb8..9c9f31d4b5 100644 --- a/src/rabbit_direct.erl +++ b/src/rabbit_direct.erl @@ -102,8 +102,14 @@ notify_auth_result(Username, AuthResult, ExtraProps) -> ExtraProps, rabbit_event:notify(AuthResult, [P || {_, V} = P <- EventProps, V =/= '']). +authz_socket_info_direct(Infos) -> + #authz_socket_info{sockname={proplists:get_value(host, Infos), + proplists:get_value(port, Infos)}, + peername={proplists:get_value(peer_host, Infos), + proplists:get_value(peer_port, Infos)}}. + connect1(User, VHost, Protocol, Pid, Infos) -> - try rabbit_access_control:check_vhost_access(User, VHost, undefined) of + try rabbit_access_control:check_vhost_access(User, VHost, authz_socket_info_direct(Infos)) of ok -> ok = pg_local:join(rabbit_direct, Pid), rabbit_event:notify(connection_created, Infos), {ok, {User, rabbit_reader:server_properties(Protocol)}} |