From a993eb9cf35e75e853b453adab5848188471c339 Mon Sep 17 00:00:00 2001 From: James Hodgkinson Date: Sun, 17 Oct 2021 21:28:04 +1000 Subject: [PATCH] changing errors to errors (#599) --- kanidmd/src/lib/idm/authsession.rs | 32 +++++++++++------------ kanidmd/src/lib/lib.rs | 2 +- kanidmd/src/lib/tracing_tree/event_tag.rs | 8 +++--- kanidmd/src/lib/tracing_tree/macros.rs | 5 ++++ 4 files changed, 27 insertions(+), 20 deletions(-) diff --git a/kanidmd/src/lib/idm/authsession.rs b/kanidmd/src/lib/idm/authsession.rs index 4b4f240d2..87f74b16b 100644 --- a/kanidmd/src/lib/idm/authsession.rs +++ b/kanidmd/src/lib/idm/authsession.rs @@ -176,7 +176,7 @@ impl CredHandler { CredState::Success(AuthType::Anonymous) } _ => { - security_info!( + security_error!( "Handler::Anonymous -> Result::Denied - invalid cred type for handler" ); CredState::Denied(BAD_AUTH_TYPE_MSG) @@ -198,7 +198,7 @@ impl CredHandler { if pw.verify(cleartext.as_str()).unwrap_or(false) { match pw_badlist_set { Some(p) if p.contains(&cleartext.to_lowercase()) => { - security_info!("Handler::Password -> Result::Denied - Password found in badlist during login"); + security_error!("Handler::Password -> Result::Denied - Password found in badlist during login"); CredState::Denied(PW_BADLIST_MSG) } _ => { @@ -212,13 +212,13 @@ impl CredHandler { } } } else { - security_info!("Handler::Password -> Result::Denied - incorrect password"); + security_error!("Handler::Password -> Result::Denied - incorrect password"); CredState::Denied(BAD_PASSWORD_MSG) } } // All other cases fail. _ => { - security_info!( + security_error!( "Handler::Password -> Result::Denied - invalid cred type for handler" ); CredState::Denied(BAD_AUTH_TYPE_MSG) @@ -272,7 +272,7 @@ impl CredHandler { Err(e) => { pw_mfa.mfa_state = CredVerifyState::Fail; // Denied. - security_info!( + security_error!( ?e, "Handler::Webauthn -> Result::Denied - webauthn error" ); @@ -289,7 +289,7 @@ impl CredHandler { CredState::Continue(vec![AuthAllowed::Password]) } else { pw_mfa.mfa_state = CredVerifyState::Fail; - security_info!( + security_error!( "Handler::PasswordMfa -> Result::Denied - TOTP Fail, password -" ); CredState::Denied(BAD_TOTP_MSG) @@ -312,12 +312,12 @@ impl CredHandler { CredState::Continue(vec![AuthAllowed::Password]) } else { pw_mfa.mfa_state = CredVerifyState::Fail; - security_info!("Handler::PasswordMfa -> Result::Denied - BackupCode Fail, password -"); + security_error!("Handler::PasswordMfa -> Result::Denied - BackupCode Fail, password -"); CredState::Denied(BAD_BACKUPCODE_MSG) } } _ => { - security_info!("Handler::PasswordMfa -> Result::Denied - invalid cred type for handler"); + security_error!("Handler::PasswordMfa -> Result::Denied - invalid cred type for handler"); CredState::Denied(BAD_AUTH_TYPE_MSG) } } @@ -330,7 +330,7 @@ impl CredHandler { match pw_badlist_set { Some(p) if p.contains(&cleartext.to_lowercase()) => { pw_mfa.pw_state = CredVerifyState::Fail; - security_info!("Handler::PasswordMfa -> Result::Denied - Password found in badlist during login"); + security_error!("Handler::PasswordMfa -> Result::Denied - Password found in badlist during login"); CredState::Denied(PW_BADLIST_MSG) } _ => { @@ -347,19 +347,19 @@ impl CredHandler { } } else { pw_mfa.pw_state = CredVerifyState::Fail; - security_info!("Handler::PasswordMfa -> Result::Denied - TOTP/WebAuthn/BackupCode OK, password Fail"); + security_error!("Handler::PasswordMfa -> Result::Denied - TOTP/WebAuthn/BackupCode OK, password Fail"); CredState::Denied(BAD_PASSWORD_MSG) } } _ => { - security_info!("Handler::PasswordMfa -> Result::Denied - invalid cred type for handler"); + security_error!("Handler::PasswordMfa -> Result::Denied - invalid cred type for handler"); CredState::Denied(BAD_AUTH_TYPE_MSG) } } } _ => { - security_info!( - "Handler::PasswordMfa -> Result::Denied - invalid credential mfa and pw state" + security_error!( + "Handler::PasswordMfa -> Result::lenied - invalid credential mfa and pw state" ); CredState::Denied(BAD_AUTH_TYPE_MSG) } @@ -375,7 +375,7 @@ impl CredHandler { async_tx: &Sender, ) -> CredState { if wan_cred.state != CredVerifyState::Init { - security_info!("Handler::Webauthn -> Result::Denied - Internal State Already Fail"); + security_error!("Handler::Webauthn -> Result::Denied - Internal State Already Fail"); return CredState::Denied(BAD_WEBAUTHN_MSG); } @@ -404,13 +404,13 @@ impl CredHandler { Err(e) => { wan_cred.state = CredVerifyState::Fail; // Denied. - security_info!(?e, "Handler::Webauthn -> Result::Denied - webauthn error"); + security_error!(?e, "Handler::Webauthn -> Result::Denied - webauthn error"); CredState::Denied(BAD_WEBAUTHN_MSG) } } } _ => { - security_info!( + security_error!( "Handler::Webauthn -> Result::Denied - invalid cred type for handler" ); CredState::Denied(BAD_AUTH_TYPE_MSG) diff --git a/kanidmd/src/lib/lib.rs b/kanidmd/src/lib/lib.rs index 1a62829c3..c65c5a772 100644 --- a/kanidmd/src/lib/lib.rs +++ b/kanidmd/src/lib/lib.rs @@ -86,7 +86,7 @@ pub mod prelude { pub use crate::{ admin_error, admin_info, admin_warn, filter_error, filter_info, filter_trace, filter_warn, perf_trace, request_error, request_info, request_trace, request_warn, security_access, - security_critical, security_info, spanned, + security_critical, security_error, security_info, spanned, }; } diff --git a/kanidmd/src/lib/tracing_tree/event_tag.rs b/kanidmd/src/lib/tracing_tree/event_tag.rs index 22bbaeb79..3f6876358 100644 --- a/kanidmd/src/lib/tracing_tree/event_tag.rs +++ b/kanidmd/src/lib/tracing_tree/event_tag.rs @@ -13,6 +13,7 @@ pub enum EventTag { SecurityCritical, SecurityInfo, SecurityAccess, + SecurityError, FilterError, FilterWarn, FilterInfo, @@ -33,6 +34,7 @@ impl EventTag { EventTag::SecurityCritical => "security.critical", EventTag::SecurityInfo => "security.info", EventTag::SecurityAccess => "security.access", + EventTag::SecurityError => "security.error", EventTag::FilterError => "filter.error", EventTag::FilterWarn => "filter.warn", EventTag::FilterInfo => "filter.info", @@ -44,9 +46,9 @@ impl EventTag { pub fn emoji(self) -> &'static str { use EventTag::*; match self { - AdminError | RequestError | FilterError => "🚨", - AdminWarn | RequestWarn | FilterWarn => "🚧", - AdminInfo | RequestInfo | SecurityInfo | FilterInfo => "💬", + AdminError | FilterError | RequestError | SecurityError => "🚨", + AdminWarn | FilterWarn | RequestWarn => "🚧", + AdminInfo | FilterInfo | RequestInfo | SecurityInfo => "💬", RequestTrace | FilterTrace | PerfTrace => "📍", SecurityCritical => "🔐", SecurityAccess => "🔓", diff --git a/kanidmd/src/lib/tracing_tree/macros.rs b/kanidmd/src/lib/tracing_tree/macros.rs index ce6e647ad..fade182d4 100644 --- a/kanidmd/src/lib/tracing_tree/macros.rs +++ b/kanidmd/src/lib/tracing_tree/macros.rs @@ -65,6 +65,11 @@ macro_rules! security_critical { ($($arg:tt)*) => { crate::tagged_event!(INFO, crate::tracing_tree::EventTag::SecurityCritical, $($arg)*) } } +#[macro_export] +macro_rules! security_error { + ($($arg:tt)*) => { crate::tagged_event!(ERROR, crate::tracing_tree::EventTag::SecurityError, $($arg)*) } +} + #[macro_export] macro_rules! security_info { ($($arg:tt)*) => { crate::tagged_event!(INFO, crate::tracing_tree::EventTag::SecurityInfo, $($arg)*) }