Don't allow a client to select a mechanism we decided not to offer.

author: Simon MacMullen <simon@rabbitmq.com> 2010-11-10 13:09:40 +0000
committer: Simon MacMullen <simon@rabbitmq.com> 2010-11-10 13:09:40 +0000
commit: f217c2f98226b6ed7f0ef6368ddbeca663283686 (patch)
tree: 94841076c75f114b07041bb601b76c2b276648dc
parent: 82497a3497b9e1b1a9ff8c7723f31bcdd890cc99 (diff)
download: rabbitmq-server-f217c2f98226b6ed7f0ef6368ddbeca663283686.tar.gz
2 files changed, 23 insertions, 19 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl
index 8d4e49e5..8b677068 100644
--- a/src/rabbit_access_control.erl
+++ b/src/rabbit_access_control.erl
@@ -33,7 +33,7 @@
 -include_lib("stdlib/include/qlc.hrl").
 -include("rabbit.hrl").
 
--export([auth_mechanisms/1, check_user_pass_login/2, make_salt/0,
+-export([check_user_pass_login/2, make_salt/0,
          check_vhost_access/2, check_resource_access/3]).
 -export([add_user/2, delete_user/1, change_password/2, set_admin/1,
          clear_admin/1, list_users/0, lookup_user/1]).
@@ -54,7 +54,6 @@
 -type(password() :: binary()).
 -type(password_hash() :: binary()).
 -type(regexp() :: binary()).
--spec(auth_mechanisms/1 :: (rabbit_networking:socket()) -> binary()).
 -spec(check_user_pass_login/2 ::
         (username(), password())
         -> {'ok', rabbit_types:user()} | 'refused').
@@ -95,13 +94,6 @@
 
 %%----------------------------------------------------------------------------
 
-auth_mechanisms(Sock) ->
-    Mechanisms =
-        [atom_to_list(Name)
-         || {Name, Mechanism} <- rabbit_registry:lookup_all(auth_mechanism),
-        Mechanism:should_offer(Sock)],
-    list_to_binary(string:join(Mechanisms, " ")).
-
 check_user_pass_login(Username, Pass) ->
     case lookup_user(Username) of
         {ok, User} ->
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl
index ceaf9fd2..cc25c833 100644
--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@@ -698,7 +698,7 @@ start_connection({ProtocolMajor, ProtocolMinor, _ProtocolRevision},
       version_major = ProtocolMajor,
       version_minor = ProtocolMinor,
       server_properties = server_properties(),
-      mechanisms = rabbit_access_control:auth_mechanisms(Sock),
+      mechanisms = auth_mechanisms_binary(Sock),
       locales = <<"en_US">> },
     ok = send_on_channel0(Sock, Start, Protocol),
     {State#v1{connection = Connection#connection{
@@ -748,8 +748,9 @@ handle_method0(#'connection.start_ok'{mechanism = Mechanism,
                                       response = Response,
                                       client_properties = ClientProperties},
                State0 = #v1{connection_state = starting,
-                            connection = Connection}) ->
-    AuthMechanism = auth_mechanism_to_module(Mechanism),
+                            connection       = Connection,
+                            sock             = Sock}) ->
+    AuthMechanism = auth_mechanism_to_module(Mechanism, Sock),
     State = State0#v1{auth_mechanism   = AuthMechanism,
                       auth_state       = AuthMechanism:init(),
                       connection_state = securing,
@@ -831,22 +832,33 @@ handle_method0(_Method, #v1{connection_state = S}) ->
 send_on_channel0(Sock, Method, Protocol) ->
     ok = rabbit_writer:internal_send_command(Sock, 0, Method, Protocol).
 
-auth_mechanism_to_module(TypeBin) ->
+auth_mechanism_to_module(TypeBin, Sock) ->
     case rabbit_registry:binary_to_type(TypeBin) of
         {error, not_found} ->
             rabbit_misc:protocol_error(
               command_invalid, "unknown authentication mechanism '~s'",
               [TypeBin]);
         T ->
-            case rabbit_registry:lookup_module(auth_mechanism, T) of
-                {error, not_found} -> rabbit_misc:protocol_error(
-                                        command_invalid,
-                                        "invalid authentication mechanism '~s'",
-                                        [T]);
-                {ok, Module}       -> Module
+            case {lists:member(T, auth_mechanisms(Sock)),
+                  rabbit_registry:lookup_module(auth_mechanism, T)} of
+                {true, {ok, Module}} ->
+                    Module;
+                _ ->
+                    rabbit_misc:protocol_error(
+                      command_invalid,
+                      "invalid authentication mechanism '~s'", [T])
             end
     end.
 
+auth_mechanisms(Sock) ->
+    [Name || {Name, Mechanism} <- rabbit_registry:lookup_all(auth_mechanism),
+             Mechanism:should_offer(Sock)].
+
+auth_mechanisms_binary(Sock) ->
+    list_to_binary(
+            string:join(
+              [atom_to_list(A) || A <- auth_mechanisms(Sock)], " ")).
+
 auth_phase(Response,
            State = #v1{auth_mechanism = AuthMechanism,
                        auth_state = AuthState,
author	Simon MacMullen <simon@rabbitmq.com>	2010-11-10 13:09:40 +0000
committer	Simon MacMullen <simon@rabbitmq.com>	2010-11-10 13:09:40 +0000
commit	f217c2f98226b6ed7f0ef6368ddbeca663283686 (patch)
tree	94841076c75f114b07041bb601b76c2b276648dc
parent	82497a3497b9e1b1a9ff8c7723f31bcdd890cc99 (diff)
download	rabbitmq-server-f217c2f98226b6ed7f0ef6368ddbeca663283686.tar.gz