diff options
author | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-10-01 15:34:00 -0400 |
---|---|---|
committer | Andreas Nilsson <andreas.nilsson@10gen.com> | 2015-10-01 15:35:20 -0400 |
commit | 16f788f2e7a34690939ab4adfea146d81d935b9a (patch) | |
tree | 167c73179e1c19331cef9c57dd896231b12bab1b | |
parent | 27693c2c5261fbb7d848d2f1abfb33a390760773 (diff) | |
download | mongo-16f788f2e7a34690939ab4adfea146d81d935b9a.tar.gz |
SERVER-20110 Add configurable delay for failed authentication
-rw-r--r-- | src/mongo/db/auth/sasl_commands.cpp | 2 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_options.cpp | 4 | ||||
-rw-r--r-- | src/mongo/db/auth/sasl_options.h | 1 | ||||
-rw-r--r-- | src/mongo/db/commands/authentication_commands.cpp | 2 |
4 files changed, 9 insertions, 0 deletions
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 02b971b3d74..be5a23126d6 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -191,6 +191,8 @@ Status doSaslStep(const ClientBasic* client, log() << session->getMechanism() << " authentication failed for " << session->getPrincipalId() << " on " << session->getAuthenticationDatabase() << " from client " << clientAddr.getAddr() << " ; " << status.toString() << std::endl; + + sleepmillis(saslGlobalParams.authFailedDelay); // All the client needs to know is that authentication has failed. return Status(ErrorCodes::AuthenticationFailed, "Authentication failed."); } diff --git a/src/mongo/db/auth/sasl_options.cpp b/src/mongo/db/auth/sasl_options.cpp index e0429652d32..69bfb504e83 100644 --- a/src/mongo/db/auth/sasl_options.cpp +++ b/src/mongo/db/auth/sasl_options.cpp @@ -49,8 +49,12 @@ SASLGlobalParams::SASLGlobalParams() { authenticationMechanisms.push_back("MONGODB-CR"); authenticationMechanisms.push_back("MONGODB-X509"); authenticationMechanisms.push_back("SCRAM-SHA-1"); + // Default iteration count for SCRAM authentication. scramIterationCount = defaultScramIterationCount; + + // Default value for auth failed delay + authFailedDelay = 0; } Status addSASLOptions(moe::OptionSection* options) { diff --git a/src/mongo/db/auth/sasl_options.h b/src/mongo/db/auth/sasl_options.h index 299ff2d6597..55b1f8fa7ab 100644 --- a/src/mongo/db/auth/sasl_options.h +++ b/src/mongo/db/auth/sasl_options.h @@ -49,6 +49,7 @@ struct SASLGlobalParams { std::string serviceName; std::string authdPath; std::atomic<int> scramIterationCount; + std::atomic<int> authFailedDelay; SASLGlobalParams(); }; diff --git a/src/mongo/db/commands/authentication_commands.cpp b/src/mongo/db/commands/authentication_commands.cpp index 80e2d27ae29..03759d1302e 100644 --- a/src/mongo/db/commands/authentication_commands.cpp +++ b/src/mongo/db/commands/authentication_commands.cpp @@ -48,6 +48,7 @@ #include "mongo/db/auth/authorization_session.h" #include "mongo/db/auth/mongo_authentication_session.h" #include "mongo/db/auth/privilege.h" +#include "mongo/db/auth/sasl_options.h" #include "mongo/db/auth/security_key.h" #include "mongo/db/client_basic.h" #include "mongo/db/commands.h" @@ -187,6 +188,7 @@ bool CmdAuthenticate::run(OperationContext* txn, } else { appendCommandStatus(result, status); } + sleepmillis(saslGlobalParams.authFailedDelay); return false; } result.append("dbname", user.getDB()); |