Fix SAN type and bug

The bug is that when using ssl, it does not propagate credentials
like vhost or client_id

Author: MarcialRosales

deps/rabbitmq_ct_helpers/tools/tls-certs/openssl.cnf.in

@@ -62,4 +62,4 @@ DNS.1 = @HOSTNAME@
 DNS.2 = localhost
 
 [ client_alt_names ]
-CLIENT_ID.1 = rabbit_client_id
+DNS.1 = rabbit_client_id

deps/rabbitmq_mqtt/src/rabbit_mqtt_processor.erl

@@ -179,17 +179,14 @@ process_connect(
         ClientId1 ?= extract_preferred_client_id(ClientId0, Socket),
         {ok, ClientId} ?= ensure_client_id(ClientId1, CleanStart, ProtoVer),
         {ok, {Username1, Password}} ?= check_credentials(Username0, Password0, SslLoginName, PeerIp),
-        ?LOG_DEBUG("ClientId ~p ", [ClientId]),
-        ?LOG_DEBUG("Username1: ~p Password : ~p", [Username1, Password]),
-
+        
         {VHostPickedUsing, {VHost, Username2}} = get_vhost(Username1, SslLoginName, Port),
         ?LOG_DEBUG("MQTT connection ~s picked vhost using ~s", [ConnName0, VHostPickedUsing]),
         ok ?= check_vhost_exists(VHost, Username2, PeerIp),
         ok ?= check_vhost_alive(VHost),
         ok ?= check_vhost_connection_limit(VHost),
         {ok, User = #user{username = Username}} ?= check_user_login(VHost, Username2, Password,
                                                                     ClientId, PeerIp, ConnName0),
-        ?LOG_DEBUG("User: ~p ", [User]),
 
         ok ?= check_user_connection_limit(Username),
         {ok, AuthzCtx} ?= check_vhost_access(VHost, User, ClientId, PeerIp),
@@ -1038,15 +1035,11 @@ check_vhost_alive(VHost) ->
     end.
 
 check_user_login(VHost, Username, Password, ClientId, PeerIp, ConnName) ->
+    AuthProps0 = [{vhost, VHost},
+                  {client_id, ClientId}],
     AuthProps = case Password of
-                    none ->
-                        %% SSL user name provided.
-                        %% Authenticating using username only.
-                        [];
-                    _ ->
-                        [{password, Password},
-                         {vhost, VHost},
-                         {client_id, ClientId}]
+                    none -> AuthProps0;
+                    _ -> AuthProps0 ++ [{password, Password}]
                 end,
     case rabbit_access_control:check_user_login(Username, AuthProps) of
         {ok, User = #user{username = Username1}} ->

deps/rabbitmq_mqtt/test/auth_SUITE.erl

@@ -28,23 +28,13 @@
 
 all() ->
     [
-      {group, v4}
-     %{group, v4},
-     %{group, v5}
+     {group, v4},
+     {group, v5}
     ].
 
-test() -> 
-    [
-        {ssl_user, [shuffle],
-            [ user_credentials_auth ]
-        },
-        {ssl_user_with_client_id_in_cert, [], 
-            [ client_id_from_cert ]
-        }
-    ].
 groups() ->
     [
-     {v4, [], test()},
+     {v4, [], sub_groups()},
      {v5, [], sub_groups()}     
     ].
 
@@ -207,7 +197,7 @@ mqtt_config(ssl_user_with_client_id_in_cert) ->
     {rabbitmq_mqtt, [{ssl_cert_login,  true},
                      {allow_anonymous, false}, 
                      {ssl_cert_client_id_from, subject_alternative_name},
-                     {ssl_cert_client_id_san_type, <<"CLIENT_ID">>}]};
+                     {ssl_cert_client_id_san_type, dns}]};
 
 mqtt_config(_) ->
     undefined.