Make refused and protocol_error cases more symmetrical.

author: Simon MacMullen <simon@rabbitmq.com> 2010-12-14 14:23:40 +0000
committer: Simon MacMullen <simon@rabbitmq.com> 2010-12-14 14:23:40 +0000
commit: d0d38f8bed2f8f5d5a3949040fcb14dd1837f4e2 (patch)
tree: b69147e2f17bf475ec3d27518157716826d6146b
parent: 6fc0feb3e036f45a226e2e323cb018758a5e8db7 (diff)
download: rabbitmq-server-d0d38f8bed2f8f5d5a3949040fcb14dd1837f4e2.tar.gz
5 files changed, 14 insertions, 14 deletions
diff --git a/include/rabbit_auth_mechanism_spec.hrl b/include/rabbit_auth_mechanism_spec.hrl
index 93aa40bd..f8dc93fe 100644
--- a/include/rabbit_auth_mechanism_spec.hrl
+++ b/include/rabbit_auth_mechanism_spec.hrl
@@ -36,6 +36,6 @@
                                 {'ok', rabbit_types:user()} |
                                 {'challenge', binary(), any()} |
                                 {'protocol_error', string(), [any()]} |
-                                {'refused', rabbit_access_control:username()}).
+                                {'refused', string(), [any()]}).
 
 -endif.
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl
index f2d2b016..d41dc148 100644
--- a/src/rabbit_access_control.erl
+++ b/src/rabbit_access_control.erl
@@ -102,16 +102,15 @@
 user_pass_login(User, Pass) ->
     ?LOGDEBUG("Login with user ~p pass ~p~n", [User, Pass]),
     case check_user_pass_login(User, Pass) of
-        {refused, _} ->
+        {refused, Msg, Args} ->
             rabbit_misc:protocol_error(
-              access_refused, "login refused for user '~s'", [User]);
+              access_refused, "login refused: ~s", [io_lib:format(Msg, Args)]);
         {ok, U} ->
             U
     end.
 
 check_user_pass_login(Username, Pass) ->
-    Refused = {refused, io_lib:format("user '~s' - invalid credentials",
-                                      [Username])},
+    Refused = {refused, "user '~s' - invalid credentials", [Username]},
     case lookup_user(Username) of
         {ok, User} ->
             case check_password(Pass, User#user.password_hash) of
diff --git a/src/rabbit_auth_mechanism.erl b/src/rabbit_auth_mechanism.erl
index 1258cb8d..ce1b16ac 100644
--- a/src/rabbit_auth_mechanism.erl
+++ b/src/rabbit_auth_mechanism.erl
@@ -49,7 +49,7 @@ behaviour_info(callbacks) ->
      %%     Another round is needed. Here's the state I want next time.
      %% {protocol_error, Msg, Args}
      %%     Client got the protocol wrong. Log and die.
-     %% {refused, Username}
+     %% {refused, Msg, Args}
      %%     Client failed authentication. Log and die.
      {handle_response, 2}
     ];
diff --git a/src/rabbit_auth_mechanism_external.erl b/src/rabbit_auth_mechanism_external.erl
index b21dd313..6572f786 100644
--- a/src/rabbit_auth_mechanism_external.erl
+++ b/src/rabbit_auth_mechanism_external.erl
@@ -62,23 +62,23 @@ init(Sock) ->
                    {ok, C} ->
                        CN = case rabbit_ssl:peer_cert_subject_item(
                                    C, ?'id-at-commonName') of
-                                not_found -> {refused, "no CN found"};
+                                not_found -> {refused, "no CN found", []};
                                 CN0       -> list_to_binary(CN0)
                             end,
                        case config_sane() of
                            true  -> CN;
-                           false -> {refused, "configuration unsafe"}
+                           false -> {refused, "configuration unsafe", []}
                        end;
                    {error, no_peercert} ->
-                       {refused, "no peer certificate"};
+                       {refused, "no peer certificate", []};
                    nossl ->
-                       {refused, "not SSL connection"}
+                       {refused, "not SSL connection", []}
                end,
     #state{username = Username}.
 
 handle_response(_Response, #state{username = Username}) ->
     case Username of
-        {refused, _} = E ->
+        {refused, _, _} = E ->
             E;
         _ ->
             case rabbit_access_control:lookup_user(Username) of
@@ -87,7 +87,7 @@ handle_response(_Response, #state{username = Username}) ->
                 {error, not_found} ->
                     %% This is not an information leak as we have to
                     %% have validated a client cert to get this far.
-                    {refused, io_lib:format("user '~s' not found", [Username])}
+                    {refused, "user '~s' not found", [Username]}
             end
     end.
 
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl
index 15b20bc4..41b14771 100644
--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@@ -869,10 +869,11 @@ auth_phase(Response,
                            #connection{protocol = Protocol},
                        sock = Sock}) ->
     case AuthMechanism:handle_response(Response, AuthState) of
-        {refused, Reason} ->
+        {refused, Msg, Args} ->
             rabbit_misc:protocol_error(
               access_refused, "~s login refused: ~s",
-              [proplists:get_value(name, AuthMechanism:description()), Reason]);
+              [proplists:get_value(name, AuthMechanism:description()),
+               io_lib:format(Msg, Args)]);
         {protocol_error, Msg, Args} ->
             rabbit_misc:protocol_error(syntax_error, Msg, Args);
         {challenge, Challenge, AuthState1} ->
author	Simon MacMullen <simon@rabbitmq.com>	2010-12-14 14:23:40 +0000
committer	Simon MacMullen <simon@rabbitmq.com>	2010-12-14 14:23:40 +0000
commit	d0d38f8bed2f8f5d5a3949040fcb14dd1837f4e2 (patch)
tree	b69147e2f17bf475ec3d27518157716826d6146b
parent	6fc0feb3e036f45a226e2e323cb018758a5e8db7 (diff)
download	rabbitmq-server-d0d38f8bed2f8f5d5a3949040fcb14dd1837f4e2.tar.gz