diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2020-02-24 22:08:11 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-02-27 18:26:46 +0000 |
commit | 7250f407321e70bcb76bb1e21a7679670d29919d (patch) | |
tree | 3661864bcdfb186ed3ee832bad224831e086b5b0 /src/mongo/db/auth | |
parent | 686b0034d2a6b99f4cf7f27cf0bde75421e72cc9 (diff) | |
download | mongo-7250f407321e70bcb76bb1e21a7679670d29919d.tar.gz |
SERVER-42984 Add serverStatus counters for authentication attempts/successes
Diffstat (limited to 'src/mongo/db/auth')
-rw-r--r-- | src/mongo/db/auth/sasl_commands.cpp | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/src/mongo/db/auth/sasl_commands.cpp b/src/mongo/db/auth/sasl_commands.cpp index 63c0f6fbb78..93f1feb1311 100644 --- a/src/mongo/db/auth/sasl_commands.cpp +++ b/src/mongo/db/auth/sasl_commands.cpp @@ -225,10 +225,11 @@ Status doSaslStep(OperationContext* opCtx, "client"_attr = opCtx->getClient()->session()->remote()); } if (session->isSpeculative()) { - authCounter.incSpeculativeAuthenticateSuccessful(mechanism.mechanismName().toString()); + status = authCounter.incSpeculativeAuthenticateSuccessful( + mechanism.mechanismName().toString()); } } - return Status::OK(); + return status; } StatusWith<std::unique_ptr<AuthenticationSession>> doSaslStart(OperationContext* opCtx, @@ -319,6 +320,12 @@ bool runSaslStart(OperationContext* opCtx, return false; } + auto status = authCounter.incAuthenticateReceived(mechanismName); + if (!status.isOK()) { + audit::logAuthentication(client, mechanismName, UserName("", db), status.code()); + return false; + } + std::string principalName; auto swSession = doSaslStart(opCtx, db, cmdObj, &result, &principalName, speculative); @@ -326,6 +333,9 @@ bool runSaslStart(OperationContext* opCtx, audit::logAuthentication( client, mechanismName, UserName(principalName, db), swSession.getStatus().code()); uassertStatusOK(swSession.getStatus()); + if (swSession.getValue()->getMechanism().isSuccess()) { + uassertStatusOK(authCounter.incAuthenticateSuccessful(mechanismName)); + } } else { auto session = std::move(swSession.getValue()); AuthenticationSession::swap(client, session); @@ -387,6 +397,10 @@ bool CmdSaslContinue::run(OperationContext* opCtx, mechanism.mechanismName(), UserName(mechanism.getPrincipalName(), mechanism.getAuthenticationDatabase()), status.code()); + if (mechanism.isSuccess()) { + uassertStatusOK( + authCounter.incAuthenticateSuccessful(mechanism.mechanismName().toString())); + } } else { AuthenticationSession::swap(client, sessionGuard); } @@ -411,7 +425,8 @@ void doSpeculativeSaslStart(OperationContext* opCtx, BSONObj cmdObj, BSONObjBuil return; } - authCounter.incSpeculativeAuthenticateReceived(mechElem.String()); + // Run will make sure an audit entry happens. Let it reach that point. + authCounter.incSpeculativeAuthenticateReceived(mechElem.String()).ignore(); auto dbElement = cmdObj["db"]; if (dbElement.type() != String) { |