SERVER-42984 Add serverStatus counters for authentication attempts/successes

author: Sara Golemon <sara.golemon@mongodb.com> 2020-02-24 22:08:11 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-02-27 18:26:46 +0000
commit: 7250f407321e70bcb76bb1e21a7679670d29919d (patch)
tree: 3661864bcdfb186ed3ee832bad224831e086b5b0 /src/mongo/db/auth
parent: 686b0034d2a6b99f4cf7f27cf0bde75421e72cc9 (diff)
download: mongo-7250f407321e70bcb76bb1e21a7679670d29919d.tar.gz
1 files changed, 18 insertions, 3 deletions
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp
index 63c0f6fbb78..93f1feb1311 100644
--- a/src/mongo/db/auth/sasl_commands.cpp
+++ b/src/mongo/db/auth/sasl_commands.cpp
@@ -225,10 +225,11 @@ Status doSaslStep(OperationContext* opCtx,
                   "client"_attr = opCtx->getClient()->session()->remote());
         }
         if (session->isSpeculative()) {
-            authCounter.incSpeculativeAuthenticateSuccessful(mechanism.mechanismName().toString());
+            status = authCounter.incSpeculativeAuthenticateSuccessful(
+                mechanism.mechanismName().toString());
         }
     }
-    return Status::OK();
+    return status;
 }
 
 StatusWith<std::unique_ptr<AuthenticationSession>> doSaslStart(OperationContext* opCtx,
@@ -319,6 +320,12 @@ bool runSaslStart(OperationContext* opCtx,
         return false;
     }
 
+    auto status = authCounter.incAuthenticateReceived(mechanismName);
+    if (!status.isOK()) {
+        audit::logAuthentication(client, mechanismName, UserName("", db), status.code());
+        return false;
+    }
+
     std::string principalName;
     auto swSession = doSaslStart(opCtx, db, cmdObj, &result, &principalName, speculative);
 
@@ -326,6 +333,9 @@ bool runSaslStart(OperationContext* opCtx,
         audit::logAuthentication(
             client, mechanismName, UserName(principalName, db), swSession.getStatus().code());
         uassertStatusOK(swSession.getStatus());
+        if (swSession.getValue()->getMechanism().isSuccess()) {
+            uassertStatusOK(authCounter.incAuthenticateSuccessful(mechanismName));
+        }
     } else {
         auto session = std::move(swSession.getValue());
         AuthenticationSession::swap(client, session);
@@ -387,6 +397,10 @@ bool CmdSaslContinue::run(OperationContext* opCtx,
             mechanism.mechanismName(),
             UserName(mechanism.getPrincipalName(), mechanism.getAuthenticationDatabase()),
             status.code());
+        if (mechanism.isSuccess()) {
+            uassertStatusOK(
+                authCounter.incAuthenticateSuccessful(mechanism.mechanismName().toString()));
+        }
     } else {
         AuthenticationSession::swap(client, sessionGuard);
     }
@@ -411,7 +425,8 @@ void doSpeculativeSaslStart(OperationContext* opCtx, BSONObj cmdObj, BSONObjBuil
         return;
     }
 
-    authCounter.incSpeculativeAuthenticateReceived(mechElem.String());
+    // Run will make sure an audit entry happens. Let it reach that point.
+    authCounter.incSpeculativeAuthenticateReceived(mechElem.String()).ignore();
 
     auto dbElement = cmdObj["db"];
     if (dbElement.type() != String) {
author	Sara Golemon <sara.golemon@mongodb.com>	2020-02-24 22:08:11 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-02-27 18:26:46 +0000
commit	7250f407321e70bcb76bb1e21a7679670d29919d (patch)
tree	3661864bcdfb186ed3ee832bad224831e086b5b0 /src/mongo/db/auth
parent	686b0034d2a6b99f4cf7f27cf0bde75421e72cc9 (diff)
download	mongo-7250f407321e70bcb76bb1e21a7679670d29919d.tar.gz