root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Add auth attemp metrics

This commit is contained in:
dcorbacho 2020-08-26 15:42:40 +01:00 committed by Michael Klishin
parent 8093653362
commit 6f98f84ae2
No known key found for this signature in database
GPG Key ID: E80EDCFA0CDB21EE
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -118,7 +118,8 @@ define PROJECT_ENV
{writer_gc_threshold, 1000000000}, {writer_gc_threshold, 1000000000},
%% interval at which connection/channel tracking executes post operations %% interval at which connection/channel tracking executes post operations
{tracking_execution_timeout, 15000}, {tracking_execution_timeout, 15000},
{stream_messages_soft_limit, 256} {stream_messages_soft_limit, 256},
{return_per_user_auth_attempt_metrics, false}
] ]
endef endef

6
src/rabbit_reader.erl
View File

@ -1413,15 +1413,19 @@ auth_phase(Response,
auth_mechanism = {Name, AuthMechanism}, auth_mechanism = {Name, AuthMechanism},
auth_state = AuthState}, auth_state = AuthState},
sock = Sock}) -> sock = Sock}) ->
Ip = list_to_binary(inet:ntoa(Connection#connection.host)),
case AuthMechanism:handle_response(Response, AuthState) of case AuthMechanism:handle_response(Response, AuthState) of
{refused, Username, Msg, Args} -> {refused, Username, Msg, Args} ->
rabbit_core_metrics:auth_attempt_failed(Ip, Username),
auth_fail(Username, Msg, Args, Name, State); auth_fail(Username, Msg, Args, Name, State);
{protocol_error, Msg, Args} -> {protocol_error, Msg, Args} ->
rabbit_core_metrics:auth_attempt_failed(Ip, ""),
notify_auth_result(none, user_authentication_failure, notify_auth_result(none, user_authentication_failure,
[{error, rabbit_misc:format(Msg, Args)}], [{error, rabbit_misc:format(Msg, Args)}],
State), State),
rabbit_misc:protocol_error(syntax_error, Msg, Args); rabbit_misc:protocol_error(syntax_error, Msg, Args);
{challenge, Challenge, AuthState1} -> {challenge, Challenge, AuthState1} ->
rabbit_core_metrics:auth_attempt_succeeded(Ip, ""),
Secure = #'connection.secure'{challenge = Challenge}, Secure = #'connection.secure'{challenge = Challenge},
ok = send_on_channel0(Sock, Secure, Protocol), ok = send_on_channel0(Sock, Secure, Protocol),
State#v1{connection = Connection#connection{ State#v1{connection = Connection#connection{
@ -1429,9 +1433,11 @@ auth_phase(Response,
{ok, User = #user{username = Username}} -> {ok, User = #user{username = Username}} ->
case rabbit_access_control:check_user_loopback(Username, Sock) of case rabbit_access_control:check_user_loopback(Username, Sock) of
ok -> ok ->
rabbit_core_metrics:auth_attempt_succeeded(Ip, Username),
notify_auth_result(Username, user_authentication_success, notify_auth_result(Username, user_authentication_success,
[], State); [], State);
not_allowed -> not_allowed ->
rabbit_core_metrics:auth_attempt_failed(Ip, Username),
auth_fail(Username, "user '~s' can only connect via " auth_fail(Username, "user '~s' can only connect via "
"localhost", [Username], Name, State) "localhost", [Username], Name, State)
end, end,