diff options
author | Simon MacMullen <simon@rabbitmq.com> | 2014-02-24 14:46:43 +0000 |
---|---|---|
committer | Simon MacMullen <simon@rabbitmq.com> | 2014-02-24 14:46:43 +0000 |
commit | c1ccbf1e0ac7d3014b04a75a5d7954ef2d3554e2 (patch) | |
tree | c20b458920440ac8f270f03ba847ea4ecf2865b2 /src/rabbit_reader.erl | |
parent | d053e071af734877847e81445e1b34b36b95cd51 (diff) | |
parent | 7ac4a1820b7564459e182ae90b2b74229dad4296 (diff) | |
download | rabbitmq-server-c1ccbf1e0ac7d3014b04a75a5d7954ef2d3554e2.tar.gz |
Merge in defaultbug25603
Diffstat (limited to 'src/rabbit_reader.erl')
-rw-r--r-- | src/rabbit_reader.erl | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index 3304a50b..4a194829 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -1023,29 +1023,12 @@ auth_mechanisms_binary(Sock) -> auth_phase(Response, State = #v1{connection = Connection = #connection{protocol = Protocol, - capabilities = Capabilities, auth_mechanism = {Name, AuthMechanism}, auth_state = AuthState}, sock = Sock}) -> case AuthMechanism:handle_response(Response, AuthState) of {refused, Msg, Args} -> - AmqpError = rabbit_misc:amqp_error( - access_refused, "~s login refused: ~s", - [Name, io_lib:format(Msg, Args)], none), - case rabbit_misc:table_lookup(Capabilities, - <<"authentication_failure_close">>) of - {bool, true} -> - SafeMsg = io_lib:format( - "Login was refused using authentication " - "mechanism ~s. For details see the broker " - "logfile.", [Name]), - AmqpError1 = AmqpError#amqp_error{explanation = SafeMsg}, - {0, CloseMethod} = rabbit_binary_generator:map_exception( - 0, AmqpError1, Protocol), - ok = send_on_channel0(State#v1.sock, CloseMethod, Protocol); - _ -> ok - end, - rabbit_misc:protocol_error(AmqpError); + auth_fail(Msg, Args, Name, State); {protocol_error, Msg, Args} -> rabbit_misc:protocol_error(syntax_error, Msg, Args); {challenge, Challenge, AuthState1} -> @@ -1053,7 +1036,12 @@ auth_phase(Response, ok = send_on_channel0(Sock, Secure, Protocol), State#v1{connection = Connection#connection{ auth_state = AuthState1}}; - {ok, User} -> + {ok, User = #user{username = Username}} -> + case rabbit_access_control:check_user_loopback(Username, Sock) of + ok -> ok; + not_allowed -> auth_fail("user '~s' can only connect via " + "localhost", [Username], Name, State) + end, Tune = #'connection.tune'{frame_max = get_env(frame_max), channel_max = get_env(channel_max), heartbeat = get_env(heartbeat)}, @@ -1063,6 +1051,27 @@ auth_phase(Response, auth_state = none}} end. +auth_fail(Msg, Args, AuthName, + State = #v1{connection = #connection{protocol = Protocol, + capabilities = Capabilities}}) -> + AmqpError = rabbit_misc:amqp_error( + access_refused, "~s login refused: ~s", + [AuthName, io_lib:format(Msg, Args)], none), + case rabbit_misc:table_lookup(Capabilities, + <<"authentication_failure_close">>) of + {bool, true} -> + SafeMsg = io_lib:format( + "Login was refused using authentication " + "mechanism ~s. For details see the broker " + "logfile.", [AuthName]), + AmqpError1 = AmqpError#amqp_error{explanation = SafeMsg}, + {0, CloseMethod} = rabbit_binary_generator:map_exception( + 0, AmqpError1, Protocol), + ok = send_on_channel0(State#v1.sock, CloseMethod, Protocol); + _ -> ok + end, + rabbit_misc:protocol_error(AmqpError). + %%-------------------------------------------------------------------------- infos(Items, State) -> [{Item, i(Item, State)} || Item <- Items]. |