Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Socket-based authorization does not work for protocol adapters like MQTT #109

Closed
gotthardp opened this issue Apr 15, 2015 · 4 comments
Closed

Socket-based authorization does not work for protocol adapters like MQTT #109

gotthardp opened this issue Apr 15, 2015 · 4 comments
Assignees
@michaelklishin
Labels
effort-low enhancement
Milestone
3.6.0

Comments

@gotthardp
Copy link
Contributor

When the rabbit_direct.erl is calling the rabbit_access_control:check_vhost_access() it sets the Sock parameter to 'undefined', what prevents proper socket-based access control (like e.g. done by rabbitmq-auth-backend-ip-range).
@michaelklishin
Copy link
Member

I think this should be fixed on the case-by-case basis, as there is no socket in the direct client's case. So this is the wrong repo to report this.

We can either try using a "fake socket" record, or try passing the actual client socket, or pass more info in extra client parameters. So belongs to the Erlang client and MQTT/STOMP.

@gotthardp
Copy link
Contributor Author

There is no need to change the Erlang client nor MQTT/STOMP. The information is available to the server already. It just doesn't pass them to the authentication function. See my e-mail on the mailing list. Hence I think this is a correct repository.

@michaelklishin
Copy link
Member

Commented what I'd do on the list. Thank you for looking into this!

@gotthardp gotthardp mentioned this issue Apr 15, 2015
Merged
@michaelklishin
Copy link
Member

Should be fixed by #110, given that the relevant plugins are updated or already support the new record.

@michaelklishin michaelklishin self-assigned this Apr 15, 2015
@michaelklishin michaelklishin added this to the 3.6.0 milestone Apr 15, 2015
gotthardp added a commit to gotthardp/rabbitmq-auth-backend-ip-range that referenced this issue Apr 16, 2015
@gotthardp
Implemented changes required by rabbitmq/rabbitmq-server#109. This en…
8a356bf 
…ables authorization of MQTT/STOMP.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelklishin michaelklishin

Labels
effort-low enhancement
Projects
None yet
Milestone
3.6.0
Development

No branches or pull requests
2 participants
@michaelklishin @gotthardp