diff options
| author | Simon MacMullen <simon@rabbitmq.com> | 2010-12-16 11:47:23 +0000 |
|---|---|---|
| committer | Simon MacMullen <simon@rabbitmq.com> | 2010-12-16 11:47:23 +0000 |
| commit | 1c102373c15f5540a8fab369829914196738b4f4 (patch) | |
| tree | 81f95afd451cbeff3f4b14fbed8c1fed64e96237 | |
| parent | a3ffc09c00caee590a1249c4bb809d2af8cc818d (diff) | |
| download | rabbitmq-server-1c102373c15f5540a8fab369829914196738b4f4.tar.gz | |
Unforgeable user-id.
| -rw-r--r-- | src/rabbit_channel.erl | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/rabbit_channel.erl b/src/rabbit_channel.erl index 4e9bd4b1..4f8a7f78 100644 --- a/src/rabbit_channel.erl +++ b/src/rabbit_channel.erl @@ -400,6 +400,15 @@ check_write_permitted(Resource, #ch{username = Username}) -> check_read_permitted(Resource, #ch{username = Username}) -> check_resource_access(Username, Resource, read). +check_user_id_header(#'P_basic'{user_id = undefined}, _) -> + ok; +check_user_id_header(#'P_basic'{user_id = User}, #ch{username = User}) -> + ok; +check_user_id_header(#'P_basic'{user_id = Claimed}, #ch{username = Actual}) -> + rabbit_misc:protocol_error( + precondition_failed, "claimed to be '~s' but was '~s'", + [Claimed, Actual]). + expand_queue_name_shortcut(<<>>, #ch{most_recently_declared_queue = <<>>}) -> rabbit_misc:protocol_error( not_found, "no previously declared queue", []); @@ -543,6 +552,7 @@ handle_method(#'basic.publish'{exchange = ExchangeNameBin, %% We decode the content's properties here because we're almost %% certain to want to look at delivery-mode and priority. DecodedContent = rabbit_binary_parser:ensure_content_decoded(Content), + check_user_id_header(DecodedContent#content.properties, State), IsPersistent = is_message_persistent(DecodedContent), {MsgSeqNo, State1} = case ConfirmEnabled of |