rafiasabih / pg_auth_mon Goto Github PK

View Code? Open in Web Editor NEW

26.0 26.0 9.0 24 KB

Postgres extension for monitoring client authentication attempts

License: MIT License

Makefile 3.01% C 91.07% Shell 5.92%

pg_auth_mon's People

Contributors

Stargazers

Watchers

Forkers

cyberdem0n cybernetics ganielinn sdudoladov bolajiwahab graveland

pg_auth_mon's Issues

Release

Hi
Why there are no releases. I would like to have a tar file.

How to install ph_auth_mon

Hi
I failed to install the pg_auth_mon extension. Is there detailed documentation that explains how to do this?
is it possible to have support on the installation of the product?

Thanks in advance

Best Regards

Build error against PostgreSQL 17

Hi,

Latest release fails to build against PostgreSQL 17. v17beta2 is already out. Logs are below. Can you please take a look?

Thanks, Devrim

/usr/bin/clang -Wno-ignored-attributes -fno-strict-aliasing -fwrapv -fexcess-precision=standard -Wno-unused-command-line-argument -Wno-compound-token-split-by-macro -Wno-format-truncation -O2 -I. -I./ -I/usr/pgsql-17/include/server -I/usr/pgsql-17/include/internal -D_GNU_SOURCE -I/usr/include/libxml2 -DWITH_GZFILEOP -I/usr/include -flto=thin -emit-llvm -c -o pg_auth_mon.bc pg_auth_mon.c
pg_auth_mon.c:523:2: error: call to undeclared function 'tuplestore_donestoring'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
523 | tuplestore_donestoring(tupstore);
| ^
1 error generated.
make[1]: *** [/usr/pgsql-17/lib/pgxs/src/makefiles/../../src/Makefile.global:1085: pg_auth_mon.bc] Error 1
make[1]: *** Waiting for unfinished jobs....
pg_auth_mon.c: In function ‘pg_auth_mon_internal’:
pg_auth_mon.c:523:9: error: implicit declaration of function ‘tuplestore_donestoring’; did you mean ‘tuplestore_rescan’? [-Wimplicit-function-declaration]
523 | tuplestore_donestoring(tupstore);
| ^~~~~~~~~~~~~~~~~~~~~~
| tuplestore_rescan
make[1]: *** [: pg_auth_mon.o] Error 1

Regression tests are failing

Hi @RafiaSabih ,

Regression tests are failing against at least v15 and v16. Diff is attached. Can you please take a look?

Regards, Devrim

regression.diffs.txt

total_hba_conflicts always empty

Hi
I have configured pg_auth_mon in a 13 PostgreSQL cluster. I perform configuration tests of the pg_hba.conf file. I have error messages on the screen but in the pg_auth_mon view, " total_hba_conflicts " is always empty.
Is there a problem, a bug with this functionality ?

Thanks in advance
Didier

test pg_auth_mon fails on PostgreSQL 13.2

Hi Rafia,

Thanks for making pg_auth_mon.

It looks like there is a problem with the tests probably due to changes in PostgreSQL's error messages:

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.2 LTS
Release:	20.04
Codename:	focal

$ psql --version
psql (PostgreSQL) 13.2 (Ubuntu 13.2-1.pgdg20.04+1)

$ make installcheck
/usr/lib/postgresql/13/lib/pgxs/src/makefiles/../../src/test/regress/pg_regress --inputdir=./ --bindir='/usr/lib/postgresql/13/bin'    --dbname=contrib_regression pg_auth_mon
(using postmaster on Unix socket, default port)
============== dropping database "contrib_regression" ==============
DROP DATABASE
============== creating database "contrib_regression" ==============
CREATE DATABASE
ALTER DATABASE
============== running regression test queries        ==============
test pg_auth_mon                  ... FAILED      364 ms

======================
1 of 1 tests failed.
======================

The differences that caused some tests to fail can be viewed in the
file "/home/joel/postgresql-extensions/pg_auth_mon/regression.diffs".  A copy of the test summary that you see
above is saved in the file "/home/joel/postgresql-extensions/pg_auth_mon/regression.out".

make: *** [/usr/lib/postgresql/13/lib/pgxs/src/makefiles/pgxs.mk:420: installcheck] Error 1

$ cat regression.diffs
diff -U3 /home/joel/postgresql-extensions/pg_auth_mon/expected/pg_auth_mon.out /home/joel/postgresql-extensions/pg_auth_mon/results/pg_auth_mon.out
--- /home/joel/postgresql-extensions/pg_auth_mon/expected/pg_auth_mon.out	2021-04-26 07:11:33.097400173 +0000
+++ /home/joel/postgresql-extensions/pg_auth_mon/results/pg_auth_mon.out	2021-04-26 07:13:21.827350943 +0000
@@ -5,47 +5,24 @@
create extension pg_auth_mon;
--1.Successful Login attempt
\! PGPASSWORD=postgres psql -X -U auth_super -d testdb -c "select 1"
- ?column?
-----------
-        1
-(1 row)
-
+psql: error: FATAL:  Peer authentication failed for user "auth_super"
select rolname, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where rolname like 'auth_%';
-  rolname   | successful_attempts | total_hba_conflicts | other_auth_failures
-------------+---------------------+---------------------+---------------------
- auth_super |                   1 |                   0 |                   0
-(1 row)
-
+ERROR:  pg_auth_mon must be loaded via shared_preload_libraries
--2.Login attempt by invalid username
\! PGPASSWORD=postgres psql -X -U auth_blah -d testdb  -c "select 1" 2>&1 | sed 's/^.* FATAL: */FATAL: /'
-FATAL: password authentication failed for user "auth_blah"
+FATAL: Peer authentication failed for user "auth_blah"
select rolname, uid, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where uid = 0;
- rolname | uid | successful_attempts | total_hba_conflicts | other_auth_failures
----------+-----+---------------------+---------------------+---------------------
-         |   0 |                   0 |                   0 |                   1
-(1 row)
-
+ERROR:  pg_auth_mon must be loaded via shared_preload_libraries
--3.Login attempt by username who is not allowed to login is not authentication failure
\! PGPASSWORD=postgres psql -X -U auth_nologin -d testdb -c "select 1" 2>&1 | sed 's/^.* FATAL: */FATAL: /'
-FATAL: role "auth_nologin" is not permitted to log in
+FATAL: Peer authentication failed for user "auth_nologin"
select rolname, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where rolname like 'auth_%';
-   rolname    | successful_attempts | total_hba_conflicts | other_auth_failures
---------------+---------------------+---------------------+---------------------
- auth_nologin |                   1 |                   0 |                   0
- auth_super   |                   1 |                   0 |                   0
-(2 rows)
-
+ERROR:  pg_auth_mon must be loaded via shared_preload_libraries
--4.Login attempt by a valid user with a wrong password
\! PGPASSWORD=postgres psql -X -U auth_test -d testdb -c "select 1" 2>&1 | sed 's/^.* FATAL: */FATAL: /'
-FATAL: password authentication failed for user "auth_test"
+FATAL: Peer authentication failed for user "auth_test"
select rolname, successful_attempts, total_hba_conflicts, other_auth_failures from pg_auth_mon where rolname like 'auth_%' order by rolname;
-   rolname    | successful_attempts | total_hba_conflicts | other_auth_failures
---------------+---------------------+---------------------+---------------------
- auth_nologin |                   1 |                   0 |                   0
- auth_super   |                   1 |                   0 |                   0
- auth_test    |                   0 |                   0 |                   1
-(3 rows)
-
+ERROR:  pg_auth_mon must be loaded via shared_preload_libraries
--Cleanup
drop role auth_nologin;
drop role auth_test;

Integration tests fail on PG15

Hi,
I saw some attempts to fix integration tests but then got reverted. Any follow-ups on fixing integration tests for PG15?

test pg_auth_mon                  ... 2024-05-07 01:20:54.638 UTC [55526] FATAL:  role "auth_blah" does not exist

can this extension ban user login when they exceed max fail login attempts?

hi:
I find there is no way to ban the user from login,because in authentication_hook , i can't use spi_exec to run command like(alter user xx nologin), is there anyway to ban a user from login in authentication_hook when it exceeds the max fail login times?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble