Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1511944 - Failed logins log messages do not have IP
Summary: Failed logins log messages do not have IP
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: AAA
Version: 4.1.7.6
Hardware: Unspecified
OS: Unspecified
unspecified
low vote
Target Milestone: ovirt-4.2.0
: ---
Assignee: Ravi Nori
QA Contact: Gonza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-10 13:29 UTC by Jiri Belka
Modified: 2017-12-20 11:44 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-20 11:44:31 UTC
oVirt Team: Infra
rule-engine: ovirt-4.2+


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 84028 master MERGED aaa: Failed logins log messages do not have IP 2017-11-15 08:44:38 UTC

Description Jiri Belka 2017-11-10 13:29:32 UTC
Description of problem:

A customer had locked admin@internal accounts and support team was asking what was doing incorrect login to the account. My investigation shows there's no info about src IP for failed logins.

2017-11-10 14:21:10,538+01 TRACE [org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace."ovirt-engin
e-extension-aaa-jdbc".authn.internal-authn] (default task-29) [] Invoke Output BEGIN
2017-11-10 14:21:10,538+01 TRACE [org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace."ovirt-engin
e-extension-aaa-jdbc".authn.internal-authn] (default task-29) [] {Extkey[name=EXTENSION_INVOKE_MESSAGE;type
=class java.lang.String;uuid=EXTENSION_INVOKE_MESSAGE[b7b053de-dc73-4bf7-9d26-b8bdb72f5893];]=credentials i
ncorrect, Extkey[name=EXTENSION_INVOKE_RESULT;type=class java.lang.Integer;uuid=EXTENSION_INVOKE_RESULT[090
9d91d-8bde-40fb-b6c0-099c772ddd4e];]=0, Extkey[name=AAA_AUTHN_RESULT;type=class java.lang.Integer;uuid=AAA_
AUTHN_RESULT[af9771dc-a0bb-417d-a700-277616aedd85];]=11, Extkey[name=AAA_AUTHN_PRINCIPAL;type=class java.la
ng.String;uuid=AAA_AUTHN_PRINCIPAL[bc637d1d-f93f-45e1-bd04-646c6dc38279];]=admin}
2017-11-10 14:21:10,538+01 TRACE [org.ovirt.engine.core.extensions.mgr.ExtensionsManager.trace."ovirt-engine-extension-aaa-jdbc".authn.internal-authn] (default task-29) [] Invoke Output END
2017-11-10 14:21:10,538+01 DEBUG [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-29) [] AuthenticationUtils.handleCredentials AUTHENTICATE_CREDENTIALS on authn failed
2017-11-10 14:21:10,538+01 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-29) [] Cannot authenticate user 'admin@internal': The username or password is incorrect.
2017-11-10 14:21:10,538+01 DEBUG [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-29) [] Exception: org.ovirt.engine.core.sso.utils.AuthenticationException: The username or password is incorrect.
2017-11-10 14:21:10,540+01 DEBUG [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-29) [] Redirecting to LoginPage

please add logging to print IP so it is possible to track a human/tool doing incorrect logging.

Version-Release number of selected component (if applicable):
ovirt-engine-4.1.7.6-0.1.el7.noarch

How reproducible:
100%

Steps to Reproduce:
1. login as admin@internal with bad password
2. check logs if there is any log message with src IP for this failed login
3.

Actual results:
no IP in logs

Expected results:
failed loging log message should have IP to better investigation

Additional info:

Comment 1 Martin Perina 2017-11-13 08:30:23 UTC
We have added source IP and session ID to log when user is succesfully logged in or logged out. So let's add source IP also to unsuccessful logins

Comment 2 Gonza 2017-11-22 07:39:08 UTC
Veified with:
ovirt-engine-4.2.0-0.0.master.20171119135709.git6d448d3.el7.centos.noarch

2017-11-22 09:37:44,542+02 ERROR [org.ovirt.engine.core.sso.servlets.InteractiveAuthServlet] (default task-23) [] Cannot authenticate user 'admin@internal' connecting from 'xx.xx.xx.xx': The username or password is incorrect.

Comment 3 Sandro Bonazzola 2017-12-20 11:44:31 UTC
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017.

Since the problem described in this bug report should be
resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.