rafiasabih / pg_auth_mon Goto Github PK
View Code? Open in Web Editor NEWPostgres extension for monitoring client authentication attempts
License: MIT License
Postgres extension for monitoring client authentication attempts
License: MIT License
Hi
Why there are no releases. I would like to have a tar file.
Hi
I failed to install the pg_auth_mon extension. Is there detailed documentation that explains how to do this?
is it possible to have support on the installation of the product?
Thanks in advance
Best Regards
Hi,
Latest release fails to build against PostgreSQL 17. v17beta2 is already out. Logs are below. Can you please take a look?
Thanks, Devrim
/usr/bin/clang -Wno-ignored-attributes -fno-strict-aliasing -fwrapv -fexcess-precision=standard -Wno-unused-command-line-argument -Wno-compound-token-split-by-macro -Wno-format-truncation -O2 -I. -I./ -I/usr/pgsql-17/include/server -I/usr/pgsql-17/include/internal -D_GNU_SOURCE -I/usr/include/libxml2 -DWITH_GZFILEOP -I/usr/include -flto=thin -emit-llvm -c -o pg_auth_mon.bc pg_auth_mon.c
pg_auth_mon.c:523:2: error: call to undeclared function 'tuplestore_donestoring'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
523 | tuplestore_donestoring(tupstore);
| ^
1 error generated.
make[1]: *** [/usr/pgsql-17/lib/pgxs/src/makefiles/../../src/Makefile.global:1085: pg_auth_mon.bc] Error 1
make[1]: *** Waiting for unfinished jobs....
pg_auth_mon.c: In function ‘pg_auth_mon_internal’:
pg_auth_mon.c:523:9: error: implicit declaration of function ‘tuplestore_donestoring’; did you mean ‘tuplestore_rescan’? [-Wimplicit-function-declaration]
523 | tuplestore_donestoring(tupstore);
| ^~~~~~~~~~~~~~~~~~~~~~
| tuplestore_rescan
make[1]: *** [: pg_auth_mon.o] Error 1
Hi @RafiaSabih ,
Regression tests are failing against at least v15 and v16. Diff is attached. Can you please take a look?
Regards, Devrim
Hi
I have configured pg_auth_mon in a 13 PostgreSQL cluster. I perform configuration tests of the pg_hba.conf file. I have error messages on the screen but in the pg_auth_mon view, " total_hba_conflicts " is always empty.
Is there a problem, a bug with this functionality ?
Thanks in advance
Didier
Hi Rafia,
Thanks for making pg_auth_mon.
It looks like there is a problem with the tests probably due to changes in PostgreSQL's error messages:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
$ psql --version
psql (PostgreSQL) 13.2 (Ubuntu 13.2-1.pgdg20.04+1)
$ make installcheck
/usr/lib/postgresql/13/lib/pgxs/src/makefiles/../../src/test/regress/pg_regress --inputdir=./ --bindir='/usr/lib/postgresql/13/bin' --dbname=contrib_regression pg_auth_mon
(using postmaster on Unix socket, default port)
============== dropping database "contrib_regression" ==============
DROP DATABASE
============== creating database "contrib_regression" ==============
CREATE DATABASE
ALTER DATABASE
============== running regression test queries ==============
test pg_auth_mon ... FAILED 364 ms
======================
1 of 1 tests failed.
======================
The differences that caused some tests to fail can be viewed in the
file "/home/joel/postgresql-extensions/pg_auth_mon/regression.diffs". A copy of the test summary that you see
above is saved in the file "/home/joel/postgresql-extensions/pg_auth_mon/regression.out".
make: *** [/usr/lib/postgresql/13/lib/pgxs/src/makefiles/pgxs.mk:420: installcheck] Error 1
$ cat regression.diffs
diff -U3 /home/joel/postgresql-extensions/pg_auth_mon/expected/pg_auth_mon.out /home/joel/postgresql-extensions/pg_auth_mon/results/pg_auth_mon.out
--- /home/joel/postgresql-extensions/pg_auth_mon/expected/pg_auth_mon.out 2021-04-26 07:11:33.097400173 +0000
+++ /home/joel/postgresql-extensions/pg_auth_mon/results/pg_auth_mon.out 2021-04-26 07:13:21.827350943 +0000
@@ -5,47 +5,24 @@
create extension pg_auth_mon;
--1.Successful Login attempt
\! PGPASSWORD=postgres psql -X -U auth_super -d testdb -c "select 1"
- ?column?
-----------
- 1
-(1 row)
-
+psql: error: FATAL: Peer authentication failed for user "auth_super"
select rolname, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where rolname like 'auth_%';
- rolname | successful_attempts | total_hba_conflicts | other_auth_failures
-------------+---------------------+---------------------+---------------------
- auth_super | 1 | 0 | 0
-(1 row)
-
+ERROR: pg_auth_mon must be loaded via shared_preload_libraries
--2.Login attempt by invalid username
\! PGPASSWORD=postgres psql -X -U auth_blah -d testdb -c "select 1" 2>&1 | sed 's/^.* FATAL: */FATAL: /'
-FATAL: password authentication failed for user "auth_blah"
+FATAL: Peer authentication failed for user "auth_blah"
select rolname, uid, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where uid = 0;
- rolname | uid | successful_attempts | total_hba_conflicts | other_auth_failures
----------+-----+---------------------+---------------------+---------------------
- | 0 | 0 | 0 | 1
-(1 row)
-
+ERROR: pg_auth_mon must be loaded via shared_preload_libraries
--3.Login attempt by username who is not allowed to login is not authentication failure
\! PGPASSWORD=postgres psql -X -U auth_nologin -d testdb -c "select 1" 2>&1 | sed 's/^.* FATAL: */FATAL: /'
-FATAL: role "auth_nologin" is not permitted to log in
+FATAL: Peer authentication failed for user "auth_nologin"
select rolname, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where rolname like 'auth_%';
- rolname | successful_attempts | total_hba_conflicts | other_auth_failures
---------------+---------------------+---------------------+---------------------
- auth_nologin | 1 | 0 | 0
- auth_super | 1 | 0 | 0
-(2 rows)
-
+ERROR: pg_auth_mon must be loaded via shared_preload_libraries
--4.Login attempt by a valid user with a wrong password
\! PGPASSWORD=postgres psql -X -U auth_test -d testdb -c "select 1" 2>&1 | sed 's/^.* FATAL: */FATAL: /'
-FATAL: password authentication failed for user "auth_test"
+FATAL: Peer authentication failed for user "auth_test"
select rolname, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where rolname like 'auth_%' order by rolname;
- rolname | successful_attempts | total_hba_conflicts | other_auth_failures
---------------+---------------------+---------------------+---------------------
- auth_nologin | 1 | 0 | 0
- auth_super | 1 | 0 | 0
- auth_test | 0 | 0 | 1
-(3 rows)
-
+ERROR: pg_auth_mon must be loaded via shared_preload_libraries
--Cleanup
drop role auth_nologin;
drop role auth_test;
Hi,
I saw some attempts to fix integration tests but then got reverted. Any follow-ups on fixing integration tests for PG15?
test pg_auth_mon ... 2024-05-07 01:20:54.638 UTC [55526] FATAL: role "auth_blah" does not exist
hi:
I find there is no way to ban the user from login,because in authentication_hook , i can't use spi_exec to run command like(alter user xx nologin), is there anyway to ban a user from login in authentication_hook when it exceeds the max fail login times?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.