diff options
author | dcorbacho <dparracorbacho@piotal.io> | 2020-08-26 15:42:40 +0100 |
---|---|---|
committer | Michael Klishin <michael@clojurewerkz.org> | 2020-10-14 05:17:49 +0300 |
commit | 6f98f84ae2ab67a0d799e7a1e6d22bebdfa703e5 (patch) | |
tree | 8eebf34330b3027cacac9dfe98d737ca1882a760 | |
parent | 8093653362dc2282b8b7db060b11d987b1f2b282 (diff) | |
download | rabbitmq-server-git-6f98f84ae2ab67a0d799e7a1e6d22bebdfa703e5.tar.gz |
Add auth attemp metrics
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | src/rabbit_reader.erl | 6 |
2 files changed, 8 insertions, 1 deletions
@@ -118,7 +118,8 @@ define PROJECT_ENV {writer_gc_threshold, 1000000000}, %% interval at which connection/channel tracking executes post operations {tracking_execution_timeout, 15000}, - {stream_messages_soft_limit, 256} + {stream_messages_soft_limit, 256}, + {return_per_user_auth_attempt_metrics, false} ] endef diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl index f9697c96e5..c4b4b1fd36 100644 --- a/src/rabbit_reader.erl +++ b/src/rabbit_reader.erl @@ -1413,15 +1413,19 @@ auth_phase(Response, auth_mechanism = {Name, AuthMechanism}, auth_state = AuthState}, sock = Sock}) -> + Ip = list_to_binary(inet:ntoa(Connection#connection.host)), case AuthMechanism:handle_response(Response, AuthState) of {refused, Username, Msg, Args} -> + rabbit_core_metrics:auth_attempt_failed(Ip, Username), auth_fail(Username, Msg, Args, Name, State); {protocol_error, Msg, Args} -> + rabbit_core_metrics:auth_attempt_failed(Ip, ""), notify_auth_result(none, user_authentication_failure, [{error, rabbit_misc:format(Msg, Args)}], State), rabbit_misc:protocol_error(syntax_error, Msg, Args); {challenge, Challenge, AuthState1} -> + rabbit_core_metrics:auth_attempt_succeeded(Ip, ""), Secure = #'connection.secure'{challenge = Challenge}, ok = send_on_channel0(Sock, Secure, Protocol), State#v1{connection = Connection#connection{ @@ -1429,9 +1433,11 @@ auth_phase(Response, {ok, User = #user{username = Username}} -> case rabbit_access_control:check_user_loopback(Username, Sock) of ok -> + rabbit_core_metrics:auth_attempt_succeeded(Ip, Username), notify_auth_result(Username, user_authentication_success, [], State); not_allowed -> + rabbit_core_metrics:auth_attempt_failed(Ip, Username), auth_fail(Username, "user '~s' can only connect via " "localhost", [Username], Name, State) end, |