hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-421 Log event in case of authentication failure

Browse Source 
- CDC authenticator
- MySQL authenticator
- PAM authenticator
This commit is contained in:
Johan Wikman
2018-06-14 14:24:55 +03:00
parent 6dd479104f
commit d0c74b5c8f
3 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/modules/authenticator/CDCPlainAuth/cdc_plain_auth.cc
View File

@ -32,6 +32,7 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <cdc.h> #include <cdc.h>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/event.hh>
#include <maxscale/modulecmd.h> #include <maxscale/modulecmd.h>
#include <maxscale/modutil.h> #include <maxscale/modutil.h>
#include <maxscale/paths.h> #include <maxscale/paths.h>
@ -267,7 +268,8 @@ cdc_auth_authenticate(DCB *dcb)
} }
else if (dcb->service->log_auth_warnings) else if (dcb->service->log_auth_warnings)
{ {
MXS_NOTICE("%s: login attempt for user '%s', authentication failed.", MXS_LOG_EVENT(maxscale::event::AUTHENTICATION_FAILURE,
"%s: login attempt for user '%s', authentication failed.",
dcb->service->name, client_data->user); dcb->service->name, client_data->user);
} }
} }

7
server/modules/authenticator/MySQLAuth/mysql_auth.cc
View File

@ -30,6 +30,7 @@
#include <maxscale/protocol/mysql.h> #include <maxscale/protocol/mysql.h>
#include <maxscale/authenticator.h> #include <maxscale/authenticator.h>
#include <maxscale/alloc.h> #include <maxscale/alloc.h>
#include <maxscale/event.hh>
#include <maxscale/poll.h> #include <maxscale/poll.h>
#include <maxscale/paths.h> #include <maxscale/paths.h>
#include <maxscale/secrets.h> #include <maxscale/secrets.h>
@ -312,12 +313,14 @@ mysql_auth_authenticate(DCB *dcb)
{ {
if (dcb->path) if (dcb->path)
{ {
MXS_WARNING("%s: login attempt for user '%s'@[%s]:%s, authentication failed.", MXS_LOG_EVENT(maxscale::event::AUTHENTICATION_FAILURE,
"%s: login attempt for user '%s'@[%s]:%s, authentication failed.",
dcb->service->name, client_data->user, dcb->remote, dcb->path); dcb->service->name, client_data->user, dcb->remote, dcb->path);
} }
else else
{ {
MXS_WARNING("%s: login attempt for user '%s'@[%s]:%d, authentication failed.", MXS_LOG_EVENT(maxscale::event::AUTHENTICATION_FAILURE,
"%s: login attempt for user '%s'@[%s]:%d, authentication failed.",
dcb->service->name, client_data->user, dcb->remote, dcb_get_port(dcb)); dcb->service->name, client_data->user, dcb->remote, dcb_get_port(dcb));
} }

9
server/modules/authenticator/PAM/PAMAuth/pam_client_session.cc
View File

@ -15,6 +15,7 @@
#include <sstream> #include <sstream>
#include <security/pam_appl.h> #include <security/pam_appl.h>
#include <maxscale/event.hh>
using maxscale::Buffer; using maxscale::Buffer;
using std::string; using std::string;
@ -169,11 +170,13 @@ bool validate_pam_password(const string& user, const string& password, const str
case PAM_USER_UNKNOWN: case PAM_USER_UNKNOWN:
case PAM_AUTH_ERR: case PAM_AUTH_ERR:
// Normal failure, username or password was wrong. // Normal failure, username or password was wrong.
MXS_WARNING(PAM_AUTH_ERR_MSG, user.c_str(), pam_strerror(pam_handle, pam_status)); MXS_LOG_EVENT(maxscale::event::AUTHENTICATION_FAILURE,
PAM_AUTH_ERR_MSG, user.c_str(), pam_strerror(pam_handle, pam_status));
break; break;
default: default:
// More exotic error, log as error. // More exotic error
MXS_ERROR(PAM_AUTH_ERR_MSG, user.c_str(), pam_strerror(pam_handle, pam_status)); MXS_LOG_EVENT(maxscale::event::AUTHENTICATION_FAILURE,
PAM_AUTH_ERR_MSG, user.c_str(), pam_strerror(pam_handle, pam_status));
break; break;
} }
} }