summaryrefslogtreecommitdiff
path: root/src/rabbit_access_control.erl
diff options
context:
space:
mode:
Diffstat (limited to 'src/rabbit_access_control.erl')
-rw-r--r--src/rabbit_access_control.erl13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl
index 19171659..4bb1aed1 100644
--- a/src/rabbit_access_control.erl
+++ b/src/rabbit_access_control.erl
@@ -18,7 +18,7 @@
-include("rabbit.hrl").
--export([check_user_pass_login/2, check_user_login/2,
+-export([check_user_pass_login/2, check_user_login/2, check_user_loopback/2,
check_vhost_access/2, check_resource_access/3]).
%%----------------------------------------------------------------------------
@@ -35,6 +35,9 @@
-spec(check_user_login/2 ::
(rabbit_types:username(), [{atom(), any()}])
-> {'ok', rabbit_types:user()} | {'refused', string(), [any()]}).
+-spec(check_user_loopback/2 :: (rabbit_types:username(),
+ rabbit_net:socket() | inet:ip_address())
+ -> 'ok' | 'not_allowed').
-spec(check_vhost_access/2 ::
(rabbit_types:user(), rabbit_types:vhost())
-> 'ok' | rabbit_types:channel_exit()).
@@ -77,6 +80,14 @@ try_login(Module, Username, AuthProps) ->
Else -> Else
end.
+check_user_loopback(Username, SockOrAddr) ->
+ {ok, Users} = application:get_env(rabbit, loopback_users),
+ case rabbit_net:is_loopback(SockOrAddr)
+ orelse not lists:member(Username, Users) of
+ true -> ok;
+ false -> not_allowed
+ end.
+
check_vhost_access(User = #user{ username = Username,
auth_backend = Module }, VHostPath) ->
check_access(
View Lorry Controller Status