diff options
Diffstat (limited to 'src/rabbit_reader.erl')
-rw-r--r-- | src/rabbit_reader.erl | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index ceaf9fd2..cc25c833 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -698,7 +698,7 @@ start_connection({ProtocolMajor, ProtocolMinor, _ProtocolRevision}, version_major = ProtocolMajor, version_minor = ProtocolMinor, server_properties = server_properties(), - mechanisms = rabbit_access_control:auth_mechanisms(Sock), + mechanisms = auth_mechanisms_binary(Sock), locales = <<"en_US">> }, ok = send_on_channel0(Sock, Start, Protocol), {State#v1{connection = Connection#connection{ @@ -748,8 +748,9 @@ handle_method0(#'connection.start_ok'{mechanism = Mechanism, response = Response, client_properties = ClientProperties}, State0 = #v1{connection_state = starting, - connection = Connection}) -> - AuthMechanism = auth_mechanism_to_module(Mechanism), + connection = Connection, + sock = Sock}) -> + AuthMechanism = auth_mechanism_to_module(Mechanism, Sock), State = State0#v1{auth_mechanism = AuthMechanism, auth_state = AuthMechanism:init(), connection_state = securing, @@ -831,22 +832,33 @@ handle_method0(_Method, #v1{connection_state = S}) -> send_on_channel0(Sock, Method, Protocol) -> ok = rabbit_writer:internal_send_command(Sock, 0, Method, Protocol). -auth_mechanism_to_module(TypeBin) -> +auth_mechanism_to_module(TypeBin, Sock) -> case rabbit_registry:binary_to_type(TypeBin) of {error, not_found} -> rabbit_misc:protocol_error( command_invalid, "unknown authentication mechanism '~s'", [TypeBin]); T -> - case rabbit_registry:lookup_module(auth_mechanism, T) of - {error, not_found} -> rabbit_misc:protocol_error( - command_invalid, - "invalid authentication mechanism '~s'", - [T]); - {ok, Module} -> Module + case {lists:member(T, auth_mechanisms(Sock)), + rabbit_registry:lookup_module(auth_mechanism, T)} of + {true, {ok, Module}} -> + Module; + _ -> + rabbit_misc:protocol_error( + command_invalid, + "invalid authentication mechanism '~s'", [T]) end end. +auth_mechanisms(Sock) -> + [Name || {Name, Mechanism} <- rabbit_registry:lookup_all(auth_mechanism), + Mechanism:should_offer(Sock)]. + +auth_mechanisms_binary(Sock) -> + list_to_binary( + string:join( + [atom_to_list(A) || A <- auth_mechanisms(Sock)], " ")). + auth_phase(Response, State = #v1{auth_mechanism = AuthMechanism, auth_state = AuthState, |