diff options
author | Simon MacMullen <simon@rabbitmq.com> | 2010-12-14 14:23:40 +0000 |
---|---|---|
committer | Simon MacMullen <simon@rabbitmq.com> | 2010-12-14 14:23:40 +0000 |
commit | d0d38f8bed2f8f5d5a3949040fcb14dd1837f4e2 (patch) | |
tree | b69147e2f17bf475ec3d27518157716826d6146b | |
parent | 6fc0feb3e036f45a226e2e323cb018758a5e8db7 (diff) | |
download | rabbitmq-server-d0d38f8bed2f8f5d5a3949040fcb14dd1837f4e2.tar.gz |
Make refused and protocol_error cases more symmetrical.
-rw-r--r-- | include/rabbit_auth_mechanism_spec.hrl | 2 | ||||
-rw-r--r-- | src/rabbit_access_control.erl | 7 | ||||
-rw-r--r-- | src/rabbit_auth_mechanism.erl | 2 | ||||
-rw-r--r-- | src/rabbit_auth_mechanism_external.erl | 12 | ||||
-rw-r--r-- | src/rabbit_reader.erl | 5 |
5 files changed, 14 insertions, 14 deletions
diff --git a/include/rabbit_auth_mechanism_spec.hrl b/include/rabbit_auth_mechanism_spec.hrl index 93aa40bd..f8dc93fe 100644 --- a/include/rabbit_auth_mechanism_spec.hrl +++ b/include/rabbit_auth_mechanism_spec.hrl @@ -36,6 +36,6 @@ {'ok', rabbit_types:user()} | {'challenge', binary(), any()} | {'protocol_error', string(), [any()]} | - {'refused', rabbit_access_control:username()}). + {'refused', string(), [any()]}). -endif. diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index f2d2b016..d41dc148 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -102,16 +102,15 @@ user_pass_login(User, Pass) -> ?LOGDEBUG("Login with user ~p pass ~p~n", [User, Pass]), case check_user_pass_login(User, Pass) of - {refused, _} -> + {refused, Msg, Args} -> rabbit_misc:protocol_error( - access_refused, "login refused for user '~s'", [User]); + access_refused, "login refused: ~s", [io_lib:format(Msg, Args)]); {ok, U} -> U end. check_user_pass_login(Username, Pass) -> - Refused = {refused, io_lib:format("user '~s' - invalid credentials", - [Username])}, + Refused = {refused, "user '~s' - invalid credentials", [Username]}, case lookup_user(Username) of {ok, User} -> case check_password(Pass, User#user.password_hash) of diff --git a/src/rabbit_auth_mechanism.erl b/src/rabbit_auth_mechanism.erl index 1258cb8d..ce1b16ac 100644 --- a/src/rabbit_auth_mechanism.erl +++ b/src/rabbit_auth_mechanism.erl @@ -49,7 +49,7 @@ behaviour_info(callbacks) -> %% Another round is needed. Here's the state I want next time. %% {protocol_error, Msg, Args} %% Client got the protocol wrong. Log and die. - %% {refused, Username} + %% {refused, Msg, Args} %% Client failed authentication. Log and die. {handle_response, 2} ]; diff --git a/src/rabbit_auth_mechanism_external.erl b/src/rabbit_auth_mechanism_external.erl index b21dd313..6572f786 100644 --- a/src/rabbit_auth_mechanism_external.erl +++ b/src/rabbit_auth_mechanism_external.erl @@ -62,23 +62,23 @@ init(Sock) -> {ok, C} -> CN = case rabbit_ssl:peer_cert_subject_item( C, ?'id-at-commonName') of - not_found -> {refused, "no CN found"}; + not_found -> {refused, "no CN found", []}; CN0 -> list_to_binary(CN0) end, case config_sane() of true -> CN; - false -> {refused, "configuration unsafe"} + false -> {refused, "configuration unsafe", []} end; {error, no_peercert} -> - {refused, "no peer certificate"}; + {refused, "no peer certificate", []}; nossl -> - {refused, "not SSL connection"} + {refused, "not SSL connection", []} end, #state{username = Username}. handle_response(_Response, #state{username = Username}) -> case Username of - {refused, _} = E -> + {refused, _, _} = E -> E; _ -> case rabbit_access_control:lookup_user(Username) of @@ -87,7 +87,7 @@ handle_response(_Response, #state{username = Username}) -> {error, not_found} -> %% This is not an information leak as we have to %% have validated a client cert to get this far. - {refused, io_lib:format("user '~s' not found", [Username])} + {refused, "user '~s' not found", [Username]} end end. diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index 15b20bc4..41b14771 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -869,10 +869,11 @@ auth_phase(Response, #connection{protocol = Protocol}, sock = Sock}) -> case AuthMechanism:handle_response(Response, AuthState) of - {refused, Reason} -> + {refused, Msg, Args} -> rabbit_misc:protocol_error( access_refused, "~s login refused: ~s", - [proplists:get_value(name, AuthMechanism:description()), Reason]); + [proplists:get_value(name, AuthMechanism:description()), + io_lib:format(Msg, Args)]); {protocol_error, Msg, Args} -> rabbit_misc:protocol_error(syntax_error, Msg, Args); {challenge, Challenge, AuthState1} -> |