Added new stats to track sasl authentication.

Two new stats, auth_cmds and auth_unknowns have been added to allow
end users to track how often authentications commands are submitted
and when they "fail".  Successes can be calculated by clients.

Rename to auth_errors and add to protocol.txt.

Author: ingenthr

doc/protocol.txt

@@ -396,6 +396,9 @@ integers separated by a colon (treat this as a floating point number).
 | cas_hits              | 64u     | Number of successful CAS reqs.            |
 | cas_badval            | 64u     | Number of CAS reqs for which a key was    |
 |                       |         | found, but the CAS value did not match.   |
+| auth_cmds             | 64u     | Number of authentication commands         |
+|                       |         | handled, success or failure.              |
+| auth_errors           | 64u     | Number of failed authentications.         |
 | evictions             | 64u     | Number of valid items removed from cache  |
 |                       |         | to free memory for new items              |
 | bytes_read            | 64u     | Total number of bytes read by this server |

memcached.c

@@ -1603,6 +1603,9 @@ static void process_bin_complete_sasl_auth(conn *c) {
     switch(result) {
     case SASL_OK:
         write_bin_response(c, "Authenticated", 0, 0, strlen("Authenticated"));
+        pthread_mutex_lock(&c->thread->stats.mutex);
+        c->thread->stats.auth_cmds++;
+        pthread_mutex_unlock(&c->thread->stats.mutex);
         break;
     case SASL_CONTINUE:
         add_bin_header(c, PROTOCOL_BINARY_RESPONSE_AUTH_CONTINUE, 0, 0, outlen);
@@ -1616,6 +1619,10 @@ static void process_bin_complete_sasl_auth(conn *c) {
         if (settings.verbose)
             fprintf(stderr, "Unknown sasl response:  %d\n", result);
         write_bin_error(c, PROTOCOL_BINARY_RESPONSE_AUTH_ERROR, 0);
+        pthread_mutex_lock(&c->thread->stats.mutex);
+        c->thread->stats.auth_cmds++;
+        c->thread->stats.auth_errors++;
+        pthread_mutex_unlock(&c->thread->stats.mutex);
     }
 }
 
@@ -2394,6 +2401,8 @@ static void server_stats(ADD_STAT add_stats, conn *c) {
     APPEND_STAT("cas_misses", "%llu", (unsigned long long)thread_stats.cas_misses);
     APPEND_STAT("cas_hits", "%llu", (unsigned long long)slab_stats.cas_hits);
     APPEND_STAT("cas_badval", "%llu", (unsigned long long)slab_stats.cas_badval);
+    APPEND_STAT("auth_cmds", "%llu", (unsigned long long)thread_stats.auth_cmds);
+    APPEND_STAT("auth_errors", "%llu", (unsigned long long)thread_stats.auth_errors);
     APPEND_STAT("bytes_read", "%llu", (unsigned long long)thread_stats.bytes_read);
     APPEND_STAT("bytes_written", "%llu", (unsigned long long)thread_stats.bytes_written);
     APPEND_STAT("limit_maxbytes", "%llu", (unsigned long long)settings.maxbytes);
@@ -4465,7 +4474,7 @@ int main (int argc, char **argv) {
             settings.binding_protocol = binary_prot;
         } else {
             if (settings.binding_protocol != binary_prot) {
-                fprintf(stderr, "WARNING: You shouldn't allow the ASCII protocol while using SASL\n");
+                fprintf(stderr, "ERROR: You cannot allow the ASCII protocol while using SASL.\n");
                 exit(EX_USAGE);
             }
         }

memcached.h

@@ -219,6 +219,8 @@ struct thread_stats {
     uint64_t          bytes_written;
     uint64_t          flush_cmds;
     uint64_t          conn_yields; /* # of yields for connections (-R option)*/
+    uint64_t          auth_cmds;
+    uint64_t          auth_errors;
     struct slab_stats slab_stats[MAX_NUMBER_OF_SLAB_CLASSES];
 };
 

t/binary-sasl.t

@@ -209,11 +209,24 @@ $check->('x','somevalue');
 }
 $empty->('x');
 
+# check the SASL stats, make sure they track things correctly
+
+# while authenticated, get current counter
+{
+    my %stats = $mc->stats();
+    ok(! $status);
+}
+
+# then reauth, failing
+
+# then reauth, suceeding
+
+# get new stats and check that we have the expected counters
 
 # Along with the assertion added to the code to verify we're staying
 # within bounds when we do a stats detail dump (detail turned on at
 # the top).
-#my %stats = $mc->stats('detail dump');
+# my %stats = $mc->stats('detail dump');
 
 # ######################################################################
 # Test ends around here.

thread.c

@@ -484,6 +484,8 @@ void threadlocal_stats_reset(void) {
         threads[ii].stats.bytes_written = 0;
         threads[ii].stats.flush_cmds = 0;
         threads[ii].stats.conn_yields = 0;
+        threads[ii].stats.auth_cmds = 0;
+        threads[ii].stats.auth_errors = 0;
 
         for(sid = 0; sid < MAX_NUMBER_OF_SLAB_CLASSES; sid++) {
             threads[ii].stats.slab_stats[sid].set_cmds = 0;
@@ -512,6 +514,8 @@ void threadlocal_stats_aggregate(struct thread_stats *stats) {
     stats->bytes_read = 0;
     stats->flush_cmds = 0;
     stats->conn_yields = 0;
+    stats->auth_cmds = 0;
+    stats->auth_errors = 0;
 
     memset(stats->slab_stats, 0,
            sizeof(struct slab_stats) * MAX_NUMBER_OF_SLAB_CLASSES);
@@ -529,6 +533,8 @@ void threadlocal_stats_aggregate(struct thread_stats *stats) {
         stats->bytes_written += threads[ii].stats.bytes_written;
         stats->flush_cmds += threads[ii].stats.flush_cmds;
         stats->conn_yields += threads[ii].stats.conn_yields;
+        stats->auth_cmds += threads[ii].stats.auth_cmds;
+        stats->auth_errors += threads[ii].stats.auth_errors;
 
         for (sid = 0; sid < MAX_NUMBER_OF_SLAB_CLASSES; sid++) {
             stats->slab_stats[sid].set_cmds +=