diff options
| author | Emile Joubert <emile@rabbitmq.com> | 2013-09-24 12:05:37 +0100 |
|---|---|---|
| committer | Emile Joubert <emile@rabbitmq.com> | 2013-09-24 12:05:37 +0100 |
| commit | bdc0e6ec4e13abb2781eebd2273fdc26eaf9242f (patch) | |
| tree | 2e95323074e1921e86f1bc060ffebfdf6d941182 | |
| parent | 10cdb2aff04b13b33f307bce683446f3a41543f2 (diff) | |
| download | rabbitmq-server-bdc0e6ec4e13abb2781eebd2273fdc26eaf9242f.tar.gz | |
Report authentication failures by sending connection.close
| -rw-r--r-- | src/rabbit_direct.erl | 12 | ||||
| -rw-r--r-- | src/rabbit_reader.erl | 29 |
2 files changed, 27 insertions, 14 deletions
diff --git a/src/rabbit_direct.erl b/src/rabbit_direct.erl index a7ee3276..1577b0d5 100644 --- a/src/rabbit_direct.erl +++ b/src/rabbit_direct.erl @@ -37,8 +37,8 @@ rabbit_event:event_props()) -> rabbit_types:ok_or_error2( {rabbit_types:user(), rabbit_framing:amqp_table()}, - 'broker_not_found_on_node' | 'auth_failure' | - 'access_refused')). + 'broker_not_found_on_node' | + {'auth_failure', string()} | 'access_refused')). -spec(start_channel/9 :: (rabbit_channel:channel_number(), pid(), pid(), string(), rabbit_types:protocol(), rabbit_types:user(), rabbit_types:vhost(), @@ -90,9 +90,11 @@ connect(Username, VHost, Protocol, Pid, Infos) -> connect0(AuthFun, VHost, Protocol, Pid, Infos) -> case rabbit:is_running() of true -> case AuthFun() of - {ok, User} -> connect(User, VHost, Protocol, Pid, - Infos); - {refused, _M, _A} -> {error, auth_failure} + {ok, User} -> + connect(User, VHost, Protocol, Pid, Infos); + {refused, Msg, Args} -> + Reason = io_lib:format(Msg, Args), + {error, {auth_failure, Reason}} end; false -> {error, broker_not_found_on_node} end. diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index 1a94de8e..bc82318a 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -176,12 +176,13 @@ server_properties(Protocol) -> NormalizedConfigServerProps). server_capabilities(rabbit_framing_amqp_0_9_1) -> - [{<<"publisher_confirms">>, bool, true}, - {<<"exchange_exchange_bindings">>, bool, true}, - {<<"basic.nack">>, bool, true}, - {<<"consumer_cancel_notify">>, bool, true}, - {<<"connection.blocked">>, bool, true}, - {<<"consumer_priorities">>, bool, true}]; + [{<<"publisher_confirms">>, bool, true}, + {<<"exchange_exchange_bindings">>, bool, true}, + {<<"basic.nack">>, bool, true}, + {<<"consumer_cancel_notify">>, bool, true}, + {<<"connection.blocked">>, bool, true}, + {<<"consumer_priorities">>, bool, true}, + {<<"authentication_failure_close">>, bool, true}]; server_capabilities(_) -> []. @@ -965,14 +966,24 @@ auth_mechanisms_binary(Sock) -> auth_phase(Response, State = #v1{connection = Connection = #connection{protocol = Protocol, + capabilities = Capabilities, auth_mechanism = {Name, AuthMechanism}, auth_state = AuthState}, sock = Sock}) -> case AuthMechanism:handle_response(Response, AuthState) of {refused, Msg, Args} -> - rabbit_misc:protocol_error( - access_refused, "~s login refused: ~s", - [Name, io_lib:format(Msg, Args)]); + AmqpError = rabbit_misc:amqp_error( + access_refused, "~s login refused: ~s", + [Name, io_lib:format(Msg, Args)], none), + case rabbit_misc:table_lookup(Capabilities, + <<"authentication_failure_close">>) of + {bool, true} -> + {0, CloseMethod} = rabbit_binary_generator:map_exception( + 0, AmqpError, Protocol), + ok = send_on_channel0(State#v1.sock, CloseMethod, Protocol); + _ -> ok + end, + rabbit_misc:protocol_error(AmqpError); {protocol_error, Msg, Args} -> rabbit_misc:protocol_error(syntax_error, Msg, Args); {challenge, Challenge, AuthState1} -> |