diff options
| author | Michael Klishin <mklishin@pivotal.io> | 2015-10-05 21:55:56 +0300 |
|---|---|---|
| committer | Michael Klishin <mklishin@pivotal.io> | 2015-10-05 21:55:56 +0300 |
| commit | b0d5818c584383fb1a90e14d6975c52b8b771435 (patch) | |
| tree | a8223617872e6eef516da5bb77bd2da6ad6f0ae9 /src | |
| parent | cba94b12742f436ddf423c432a2fb429961909bf (diff) | |
| parent | 6a65e1343bb1412f2c99366712b8eb593b73659f (diff) | |
| download | rabbitmq-server-git-b0d5818c584383fb1a90e14d6975c52b8b771435.tar.gz | |
Merge branch 'stable'
Diffstat (limited to 'src')
| -rw-r--r-- | src/rabbit_access_control.erl | 13 | ||||
| -rw-r--r-- | src/rabbit_auth_backend_internal.erl | 4 | ||||
| -rw-r--r-- | src/rabbit_authz_backend.erl | 4 |
3 files changed, 12 insertions, 9 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index 1f9f928538..3fe7212276 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -76,7 +76,7 @@ check_user_login(Username, AuthProps) -> %% it gives us case try_authenticate(Mod, Username, AuthProps) of {ok, ModNUser = #auth_user{impl = Impl}} -> - user(ModNUser, {ok, [{Mod, Impl}]}); + user(ModNUser, {ok, [{Mod, Impl}], []}); Else -> Else end; @@ -98,9 +98,10 @@ try_authenticate(Module, Username, AuthProps) -> try_authorize(Modules, Username) -> lists:foldr( - fun (Module, {ok, ModsImpls}) -> + fun (Module, {ok, ModsImpls, ModsTags}) -> case Module:user_login_authorization(Username) of - {ok, Impl} -> {ok, [{Module, Impl} | ModsImpls]}; + {ok, Impl, Tags}-> {ok, [{Module, Impl} | ModsImpls], ModsTags ++ Tags}; + {ok, Impl} -> {ok, [{Module, Impl} | ModsImpls], ModsTags}; {error, E} -> {refused, Username, "~s failed authorizing ~s: ~p~n", [Module, Username, E]}; @@ -108,11 +109,11 @@ try_authorize(Modules, Username) -> end; (_, {refused, F, A}) -> {refused, Username, F, A} - end, {ok, []}, Modules). + end, {ok, [], []}, Modules). -user(#auth_user{username = Username, tags = Tags}, {ok, ModZImpls}) -> +user(#auth_user{username = Username, tags = Tags}, {ok, ModZImpls, ModZTags}) -> {ok, #user{username = Username, - tags = Tags, + tags = Tags ++ ModZTags, authz_backends = ModZImpls}}; user(_AuthUser, Error) -> Error. diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl index eaef7cfda5..6babe135fa 100644 --- a/src/rabbit_auth_backend_internal.erl +++ b/src/rabbit_auth_backend_internal.erl @@ -104,8 +104,8 @@ user_login_authentication(Username, AuthProps) -> user_login_authorization(Username) -> case user_login_authentication(Username, []) of - {ok, #auth_user{impl = Impl}} -> {ok, Impl}; - Else -> Else + {ok, #auth_user{impl = Impl, tags = Tags}} -> {ok, Impl, Tags}; + Else -> Else end. internal_check_user_login(Username, Fun) -> diff --git a/src/rabbit_authz_backend.erl b/src/rabbit_authz_backend.erl index 12364b654b..495a79695d 100644 --- a/src/rabbit_authz_backend.erl +++ b/src/rabbit_authz_backend.erl @@ -29,13 +29,15 @@ %% %% Possible responses: %% {ok, Impl} -%% User authorisation succeeded, and here's the impl field. +%% {ok, Impl, Tags} +%% User authorisation succeeded, and here's the impl and potential extra tags fields. %% {error, Error} %% Something went wrong. Log and die. %% {refused, Msg, Args} %% User authorisation failed. Log and die. -callback user_login_authorization(rabbit_types:username()) -> {'ok', any()} | + {'ok', any(), any()} | {'refused', string(), [any()]} | {'error', any()}. |