diff options
author | Simon MacMullen <simon@rabbitmq.com> | 2010-11-19 19:54:04 +0000 |
---|---|---|
committer | Simon MacMullen <simon@rabbitmq.com> | 2010-11-19 19:54:04 +0000 |
commit | cfdc1c4915babc77e9a6e702363d83970d67a559 (patch) | |
tree | e9059ab7181818a812fd87594c2301b7b5aedee0 | |
parent | 6d8b9ac51ff4f6923d7b17fc75fbb7b54414bb70 (diff) | |
download | rabbitmq-server-cfdc1c4915babc77e9a6e702363d83970d67a559.tar.gz |
Not sure that's the right approach but at least a) EXTERNAL works via pluggable backends now and b) I've got it out of my head.
-rw-r--r-- | src/rabbit_access_control.erl | 10 | ||||
-rw-r--r-- | src/rabbit_auth_backend.erl | 3 | ||||
-rw-r--r-- | src/rabbit_auth_backend_internal.erl | 19 | ||||
-rw-r--r-- | src/rabbit_auth_mechanism_external.erl | 2 |
4 files changed, 24 insertions, 10 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index f419ec11..e4836370 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -33,8 +33,9 @@ -include_lib("stdlib/include/qlc.hrl"). -include("rabbit.hrl"). --export([user_pass_login/2, check_user_pass_login/2, make_salt/0, - check_password/2, check_vhost_access/2, check_resource_access/3]). +-export([user_pass_login/2, check_user_pass_login/2, check_user_login/2, + make_salt/0, check_password/2, check_vhost_access/2, + check_resource_access/3]). -export([add_user/2, delete_user/1, change_password/2, set_admin/1, clear_admin/1, list_users/0, lookup_user/1]). -export([change_password_hash/2]). @@ -109,10 +110,13 @@ user_pass_login(User, Pass) -> end. check_user_pass_login(Username, Password) -> + check_user_login(Username, [{password, Password}]). + +check_user_login(Username, AuthProps) -> {ok, Modules} = application:get_env(rabbit, auth_backends), lists:foldl( fun(Module, {refused, _}) -> - Module:check_user_pass_login(Username, Password); + Module:check_user_login(Username, AuthProps); (_, {ok, User}) -> {ok, User} end, {refused, Username}, Modules). diff --git a/src/rabbit_auth_backend.erl b/src/rabbit_auth_backend.erl index bafa0695..3fb5f1b6 100644 --- a/src/rabbit_auth_backend.erl +++ b/src/rabbit_auth_backend.erl @@ -38,8 +38,7 @@ behaviour_info(callbacks) -> %% A description (TODO should this be here if we're not using registry?). {description, 0}, - %% TODO should we abstract out username / password? - {check_user_pass_login, 2}, + {check_user_login, 2}, {check_vhost_access, 2}, diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl index 4be7d11e..605ebc84 100644 --- a/src/rabbit_auth_backend_internal.erl +++ b/src/rabbit_auth_backend_internal.erl @@ -35,7 +35,7 @@ -behaviour(rabbit_auth_backend). -export([description/0]). --export([check_user_pass_login/2, check_vhost_access/2, +-export([check_user_login/2, check_vhost_access/2, check_resource_access/3]). %%-include("rabbit_auth_backend_spec.hrl"). @@ -46,10 +46,21 @@ description() -> [{name, <<"Internal">>}, {description, <<"Internal user / password database">>}]. -check_user_pass_login(Username, Password) -> +check_user_login(Username, []) -> + internal_check_user_login(Username, fun() -> true end); +check_user_login(Username, [{password, Password}]) -> + internal_check_user_login( + Username, + fun(#internal_user{password_hash = Hash}) -> + rabbit_access_control:check_password(Password, Hash) + end); +check_user_login(Username, AuthProps) -> + exit({unknown_auth_props, Username, AuthProps}). + +internal_check_user_login(Username, Fun) -> case rabbit_access_control:lookup_user(Username) of - {ok, User = #internal_user{password_hash = Hash, is_admin = IsAdmin}} -> - case rabbit_access_control:check_password(Password, Hash) of + {ok, User = #internal_user{is_admin = IsAdmin}} -> + case Fun(User) of true -> {ok, #user{username = Username, is_admin = IsAdmin, auth_backend = ?MODULE, diff --git a/src/rabbit_auth_mechanism_external.erl b/src/rabbit_auth_mechanism_external.erl index a5977264..3367e812 100644 --- a/src/rabbit_auth_mechanism_external.erl +++ b/src/rabbit_auth_mechanism_external.erl @@ -86,7 +86,7 @@ init(Sock) -> handle_response(_Response, #state{username = Username}) -> case Username of not_found -> {refused, Username}; - _ -> case rabbit_access_control:lookup_user(Username) of + _ -> case rabbit_access_control:check_user_login(Username, []) of {ok, User} -> {ok, User}; {error, not_found} -> {refused, Username} end |