diff options
| author | Arnaud Cogoluègnes <acogoluegnes@gmail.com> | 2017-06-22 15:53:48 +0200 |
|---|---|---|
| committer | Arnaud Cogoluègnes <acogoluegnes@gmail.com> | 2017-06-22 15:53:48 +0200 |
| commit | 9b25c146c39910787a0c0862f7c73b0b7c35f607 (patch) | |
| tree | 544793521700357faa396e92fafe04eb40bf4da4 /src | |
| parent | ce98122454f6897be0753e2938e8f59a533dbc93 (diff) | |
| download | rabbitmq-server-git-9b25c146c39910787a0c0862f7c73b0b7c35f607.tar.gz | |
Pass in extra arguments to authentication backend
Those extra arguments are extracted from an external module,
the convention being "rabbit_%protocol%_connection_info" for the module name.
This allows to pass in plugin-specific authentication arguments,
e.g. client ID in the case of MQTT.
Part of rabbitmq/rabbitmq-mqtt#139
Diffstat (limited to 'src')
| -rw-r--r-- | src/rabbit_direct.erl | 53 |
1 files changed, 48 insertions, 5 deletions
diff --git a/src/rabbit_direct.erl b/src/rabbit_direct.erl index 19fc828a52..5873d88b5f 100644 --- a/src/rabbit_direct.erl +++ b/src/rabbit_direct.erl @@ -21,6 +21,9 @@ %% Internal -export([list_local/0]). +%% For testing only +-export([extract_extra_auth_props/4]). + -include("rabbit.hrl"). %%---------------------------------------------------------------------------- @@ -65,21 +68,22 @@ list() -> %%---------------------------------------------------------------------------- -auth_fun({none, _}, _VHost) -> +auth_fun({none, _}, _VHost, _ExtraAuthProps) -> fun () -> {ok, rabbit_auth_backend_dummy:user()} end; -auth_fun({Username, none}, _VHost) -> +auth_fun({Username, none}, _VHost, _ExtraAuthProps) -> fun () -> rabbit_access_control:check_user_login(Username, []) end; -auth_fun({Username, Password}, VHost) -> +auth_fun({Username, Password}, VHost, ExtraAuthProps) -> fun () -> rabbit_access_control:check_user_login( Username, - [{password, Password}, {vhost, VHost}]) + [{password, Password}, {vhost, VHost}] ++ ExtraAuthProps) end. connect(Creds, VHost, Protocol, Pid, Infos) -> - AuthFun = auth_fun(Creds, VHost), + ExtraAuthProps = extract_extra_auth_props(Creds, VHost, Pid, Infos), + AuthFun = auth_fun(Creds, VHost, ExtraAuthProps), case rabbit:is_running() of true -> case is_over_connection_limit(VHost, Creds, Pid) of @@ -101,6 +105,45 @@ connect(Creds, VHost, Protocol, Pid, Infos) -> false -> {error, broker_not_found_on_node} end. +extract_extra_auth_props(Creds, VHost, Pid, Infos) -> + case extract_protocol(Infos) of + undefined -> + []; + Protocol -> + maybe_call_connection_info_module(Protocol, Creds, VHost, Pid, Infos) + end. + +extract_protocol(Infos) -> + case proplists:get_value(protocol, Infos, undefined) of + {Protocol, _Version} -> + Protocol; + _ -> + undefined + end. + +maybe_call_connection_info_module(Protocol, Creds, VHost, Pid, Infos) -> + Module = rabbit_data_coercion:to_atom(string:to_lower( + "rabbit_" ++ rabbit_data_coercion:to_list(Protocol) ++ "_connection_info") + ), + case code:get_object_code(Module) of + {_Module, _Binary, _Filename} -> + try + Module:additional_authn_params(Creds, VHost, Pid, Infos) + catch + throw:Reason -> + rabbit_log:warning("Calling ~p failed:~p~n", [Module, Reason]), + []; + error:Reason -> + rabbit_log:warning("Calling ~p failed:~p~n", [Module, Reason]), + [] + end; + error -> + []; + _ -> + [] + end. + + is_over_connection_limit(VHost, {Username, _Password}, Pid) -> PrintedUsername = case Username of none -> ""; |