diff options
| -rw-r--r-- | src/rabbit_reader.erl | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index 79895d95fa..4335671e43 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -1218,7 +1218,8 @@ handle_method0(#'connection.open'{virtual_host = VHost}, sock = Sock, throttle = Throttle}) -> - ok = is_over_connection_limit(VHost, User), + ok = is_over_vhost_connection_limit(VHost, User), + ok = is_over_user_connection_limit(User), ok = rabbit_access_control:check_vhost_access(User, VHost, {socket, Sock}, #{}), ok = is_vhost_alive(VHost, User), NewConnection = Connection#connection{vhost = VHost}, @@ -1317,7 +1318,7 @@ is_vhost_alive(VHostPath, User) -> [VHostPath, User#user.username, VHostPath]) end. -is_over_connection_limit(VHostPath, User) -> +is_over_vhost_connection_limit(VHostPath, User) -> try rabbit_vhost_limit:is_over_connection_limit(VHostPath) of false -> ok; {true, Limit} -> rabbit_misc:protocol_error(not_allowed, @@ -1329,6 +1330,14 @@ is_over_connection_limit(VHostPath, User) -> rabbit_misc:protocol_error(not_allowed, "vhost ~s not found", [VHostPath]) end. +is_over_user_connection_limit(User) -> + case rabbit_auth_backend_internal:is_over_connection_limit(User#user.username) of + false -> ok; + {true, Limit} -> rabbit_misc:protocol_error(not_allowed, + "Connection refused for user '~s': " + "User connection limit (~p) is reached", + [User#user.username, Limit]) + end. validate_negotiated_integer_value(Field, Min, ClientValue) -> ServerValue = get_env(Field), |