[rabbitmq-discuss] Creating an auth plugin (Kerberos)
tim at rabbitmq.com
Tue Dec 11 17:07:02 GMT 2012
On 11 Dec 2012, at 16:20, Simon Lundström wrote:
> That was easy. The only hard thing was to get it to compile correctly on
> OS X = ).
Glad it was, and *not at all surprised* it's a pain on OSX - I frequently have issues there as well with .dylib vs .so and whatnot when making linked-in drivers.
> (Note to future readers see
Thanks for sharing that with the list!
> The NIF needs to be loaded at some point and from the examples and
> documentation I've found that it's done via -on_load, like this:
That *is* the correct way to load a NIF.
> However, I've tried using -on_load before in my plugin and it didn't
> work. I suspected that the -behaviour had some magic which involved
> -on_load and using -on_load in your model bricks that. I worked around
> needing -on_load and forgot about it. However, now I need it again. This
> is from the error log:
-behaviour doesn't affect NIFs at all AFAIK - that behaviour attribute just tells the compiler to puke unless certain functions are defined and exported, and generates a behaviour_info/2 function. Hmn, perhaps that latter part *does* interfere with NIFs, but I've never heard of that before.
> When logging in via AMQP:
> =ERROR REPORT==== 11-Dec-2012::09:57:02 ===
> closing AMQP connection <0.287.0> (184.108.40.206:48736 -> 220.127.116.11:5671):
That's not saying check_user_login is undefined. In fact, check_user_login is not even part of the NIF infrastructure. It looks like it's saying 'connection.start_ok' is undefined. Hmn - doesn't make much sense to me I'm afraid. What happens if you move the NIF part out into another module, using the -on_load attribute there and then just call that utility module from your plugin?
Kinit = code:priv_dir(?APPLICATION) ++ "/kinit.so",
kinit(User, Password) -> exit(nif_library_not_loaded).
And then in rabbit_auth_backend_kerberos just call:
case kinit:kinit(User, PassWd) of .....
Anyway, if you put the NIF part into another module, you *should* be able to test it outside of rabbit my doing something like:
$ erl -sname foo
% ok = application:start(rabbit_auth_backend_kerberos).
% X = kinit:kinit("auser", "password").
<< a term >>
% io:format("~p~n", [X]).
Then if it *still* doesn't work when you're running it inside rabbit we might need to consider other things that could be going wrong (such as the NIF init magic).
> when using the API (this is in the sasl log):
> =CRASH REPORT==== 11-Dec-2012::11:51:04 ===
> initial call: mochiweb_acceptor:init/3
> pid: <0.256.0>
> registered_name: 
> exception error: undefined function rabbit_auth_backend_kerberos:check_user_login/2
> in function rabbit_access_control:'-check_user_login/2-fun-0-'/4
> in call from lists:foldl/3
> in call from rabbit_mgmt_app:'-make_loop/0-fun-0-'/4
> in call from mochiweb_http:headers/5
> ancestors: [rabbit_mochiweb_web_mgmt,rabbit_mochiweb_sup,<0.132.0>]
> messages: 
> links: [<0.252.0>]
> dictionary: 
> trap_exit: false
> status: running
> heap_size: 4181
> stack_size: 24
> reductions: 1467
> - Simon
> rabbitmq-discuss mailing list
> rabbitmq-discuss at lists.rabbitmq.com
More information about the rabbitmq-discuss