diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/rabbit_access_control.erl | 7 | ||||
| -rw-r--r-- | src/rabbit_auth_mechanism.erl | 2 | ||||
| -rw-r--r-- | src/rabbit_auth_mechanism_external.erl | 12 | ||||
| -rw-r--r-- | src/rabbit_reader.erl | 5 |
4 files changed, 13 insertions, 13 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index f2d2b016f3..d41dc14841 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -102,16 +102,15 @@ user_pass_login(User, Pass) -> ?LOGDEBUG("Login with user ~p pass ~p~n", [User, Pass]), case check_user_pass_login(User, Pass) of - {refused, _} -> + {refused, Msg, Args} -> rabbit_misc:protocol_error( - access_refused, "login refused for user '~s'", [User]); + access_refused, "login refused: ~s", [io_lib:format(Msg, Args)]); {ok, U} -> U end. check_user_pass_login(Username, Pass) -> - Refused = {refused, io_lib:format("user '~s' - invalid credentials", - [Username])}, + Refused = {refused, "user '~s' - invalid credentials", [Username]}, case lookup_user(Username) of {ok, User} -> case check_password(Pass, User#user.password_hash) of diff --git a/src/rabbit_auth_mechanism.erl b/src/rabbit_auth_mechanism.erl index 1258cb8d13..ce1b16acd6 100644 --- a/src/rabbit_auth_mechanism.erl +++ b/src/rabbit_auth_mechanism.erl @@ -49,7 +49,7 @@ behaviour_info(callbacks) -> %% Another round is needed. Here's the state I want next time. %% {protocol_error, Msg, Args} %% Client got the protocol wrong. Log and die. - %% {refused, Username} + %% {refused, Msg, Args} %% Client failed authentication. Log and die. {handle_response, 2} ]; diff --git a/src/rabbit_auth_mechanism_external.erl b/src/rabbit_auth_mechanism_external.erl index b21dd31366..6572f78612 100644 --- a/src/rabbit_auth_mechanism_external.erl +++ b/src/rabbit_auth_mechanism_external.erl @@ -62,23 +62,23 @@ init(Sock) -> {ok, C} -> CN = case rabbit_ssl:peer_cert_subject_item( C, ?'id-at-commonName') of - not_found -> {refused, "no CN found"}; + not_found -> {refused, "no CN found", []}; CN0 -> list_to_binary(CN0) end, case config_sane() of true -> CN; - false -> {refused, "configuration unsafe"} + false -> {refused, "configuration unsafe", []} end; {error, no_peercert} -> - {refused, "no peer certificate"}; + {refused, "no peer certificate", []}; nossl -> - {refused, "not SSL connection"} + {refused, "not SSL connection", []} end, #state{username = Username}. handle_response(_Response, #state{username = Username}) -> case Username of - {refused, _} = E -> + {refused, _, _} = E -> E; _ -> case rabbit_access_control:lookup_user(Username) of @@ -87,7 +87,7 @@ handle_response(_Response, #state{username = Username}) -> {error, not_found} -> %% This is not an information leak as we have to %% have validated a client cert to get this far. - {refused, io_lib:format("user '~s' not found", [Username])} + {refused, "user '~s' not found", [Username]} end end. diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index 15b20bc40c..41b14771eb 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -869,10 +869,11 @@ auth_phase(Response, #connection{protocol = Protocol}, sock = Sock}) -> case AuthMechanism:handle_response(Response, AuthState) of - {refused, Reason} -> + {refused, Msg, Args} -> rabbit_misc:protocol_error( access_refused, "~s login refused: ~s", - [proplists:get_value(name, AuthMechanism:description()), Reason]); + [proplists:get_value(name, AuthMechanism:description()), + io_lib:format(Msg, Args)]); {protocol_error, Msg, Args} -> rabbit_misc:protocol_error(syntax_error, Msg, Args); {challenge, Challenge, AuthState1} -> |