qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From g...@apache.org
Subject svn commit: r918576 - /qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
Date Wed, 03 Mar 2010 17:06:56 GMT
Author: gsim
Date: Wed Mar  3 17:06:55 2010
New Revision: 918576

URL: http://svn.apache.org/viewvc?rev=918576&view=rev
Log:
QPID-2386: added username (if available) to log entry for failed authentication.

Modified:
    qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp

Modified: qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp?rev=918576&r1=918575&r2=918576&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/broker/SaslAuthenticator.cpp Wed Mar  3 17:06:55 2010
@@ -68,6 +68,7 @@
     const bool encrypt;
 
     void processAuthenticationStep(int code, const char *challenge, unsigned int challenge_len);
+    bool getUsername(std::string& uid);
 
 public:
     CyrusAuthenticator(Connection& connection, bool encrypt);
@@ -76,8 +77,8 @@
     void getMechanisms(framing::Array& mechanisms);
     void start(const std::string& mechanism, const std::string& response);
     void step(const std::string& response);
-    void getUid(std::string& uid);
     void getError(std::string& error);
+    void getUid(std::string& uid) { getUsername(uid); }
     std::auto_ptr<SecurityLayer> getSecurityLayer(uint16_t maxFrameSize);
 };
 
@@ -282,16 +283,18 @@
     error = string(sasl_errdetail(sasl_conn));
 }
 
-void CyrusAuthenticator::getUid(string& uid)
+bool CyrusAuthenticator::getUsername(string& uid)
 {
-    int code;
     const void* ptr;
 
-    code = sasl_getprop(sasl_conn, SASL_USERNAME, &ptr);
-    if (SASL_OK != code)
-        return;
-
-    uid = string(const_cast<char*>(static_cast<const char*>(ptr)));
+    int code = sasl_getprop(sasl_conn, SASL_USERNAME, &ptr);
+    if (SASL_OK == code) {
+        uid = string(const_cast<char*>(static_cast<const char*>(ptr)));
+        return true;
+    } else {
+        QPID_LOG(warning, "Failed to retrieve sasl username");
+        return false;
+    }
 }
 
 void CyrusAuthenticator::getMechanisms(Array& mechanisms)
@@ -339,7 +342,7 @@
     const char *challenge;
     unsigned int challenge_len;
     
-    QPID_LOG(info, "SASL: Starting authentication with mechanism: " << mechanism);
+    QPID_LOG(debug, "SASL: Starting authentication with mechanism: " << mechanism);
     int code = sasl_server_start(sasl_conn,
                                  mechanism.c_str(),
                                  response.c_str(), response.length(),
@@ -363,20 +366,15 @@
 void CyrusAuthenticator::processAuthenticationStep(int code, const char *challenge, unsigned
int challenge_len)
 {
     if (SASL_OK == code) {
-        const void *uid;
-
-        code = sasl_getprop(sasl_conn, SASL_USERNAME, &uid);
-        if (SASL_OK != code) {
-            QPID_LOG(info, "SASL: Authentication succeeded, username unavailable");
+        std::string uid;
+        if (!getUsername(uid)) {
             // TODO: Change this to an exception signaling
             // authentication failure, when one is available
             throw ConnectionForcedException("Authenticated username unavailable");
         }
+        QPID_LOG(info, "SASL: Authentication succeeded for: " << uid);
 
-        QPID_LOG(info, "SASL: Authentication succeeded for: "
-                 << const_cast<char*>(static_cast<const char*>(uid)));
-
-        connection.setUserId(const_cast<char*>(static_cast<const char*>(uid)));
+        connection.setUserId(uid);
 
         client.tune(framing::CHANNEL_MAX, connection.getFrameMax(), 0, connection.getHeartbeatMax());
     } else if (SASL_CONTINUE == code) {
@@ -386,7 +384,12 @@
 
         client.secure(challenge_str);
     } else {
-        QPID_LOG(info, "SASL: Authentication failed: " << sasl_errdetail(sasl_conn));
+        std::string uid;
+        if (!getUsername(uid)) {
+            QPID_LOG(info, "SASL: Authentication failed (no username available):" <<
sasl_errdetail(sasl_conn));
+        } else {
+            QPID_LOG(info, "SASL: Authentication failed for " << uid << ":" <<
sasl_errdetail(sasl_conn));
+        }
 
         // TODO: Change to more specific exceptions, when they are
         // available



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message