History log of /6.0.3/kv_engine/auditd/src/auditconfig.cc (Results 1 - 25 of 30)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: v6.0.3, v5.5.4, v5.5.5, v5.5.3, v6.0.0, v5.5.2, v5.5.1, v5.1.2, v5.1.1
# 306824e3 19-Mar-2018 Daniel Owen <owend@couchbase.com>

MB-23775: Change notation from source to domain

In version 2 of the configuration when defining a user_id it should
contain the tuple {"domain" : "", "user" : ""}.

For backward

MB-23775: Change notation from source to domain

In version 2 of the configuration when defining a user_id it should
contain the tuple {"domain" : "", "user" : ""}.

For backward compatibility the original notation of
{"source" : "", "user" : ""} used in verison 1 will also be supported.

Change-Id: Ib55d77640ae9e44cbc2b1c2ed7c5a83e2569b3d3
Reviewed-on: http://review.couchbase.org/91184
Reviewed-by: Jim Walker <jim@couchbase.com>
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# 3db38032 23-Feb-2018 Tim Bradgate <tim.bradgate@couchbase.com>

MB-27661 [8/n]: Fix MSVC warnings - C4244

This patch addresses the following generated warnings:

C4244 - conversion' conversion from 'type1' to 'type2', possible
loss of

MB-27661 [8/n]: Fix MSVC warnings - C4244

This patch addresses the following generated warnings:

C4244 - conversion' conversion from 'type1' to 'type2', possible
loss of data. An integer type is converted to a smaller integer
type.

Change-Id: Ia27e05bde901ba4caa06cecf854a2164997d19b3
Reviewed-on: http://review.couchbase.org/89980
Reviewed-by: Dave Rigby <daver@couchbase.com>
Tested-by: Build Bot <build@couchbase.com>

show more ...


# 1519694c 26-Feb-2018 Trond Norbye <trond.norbye@gmail.com>

cJSON_AddNumber handles 64 bit integers

We don't have to call special methods to add the numbers
anymore.

Change-Id: I32784911beae209def1fc647b845ed895600fb2c
Reviewed-on: h

cJSON_AddNumber handles 64 bit integers

We don't have to call special methods to add the numbers
anymore.

Change-Id: I32784911beae209def1fc647b845ed895600fb2c
Reviewed-on: http://review.couchbase.org/90065
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Tim Bradgate <tim.bradgate@couchbase.com>

show more ...


# b3803a99 21-Feb-2018 Tim Bradgate <tim.bradgate@couchbase.com>

MB-27661 [5/n]: Fix MSVC warnings - cJSON API Usage

This patch makes use of the new API methods for cJSON when adding
stats to the McbpConnection JSON representation. Also used in
me

MB-27661 [5/n]: Fix MSVC warnings - cJSON API Usage

This patch makes use of the new API methods for cJSON when adding
stats to the McbpConnection JSON representation. Also used in
memcached.cc when dealing with bucket details.

Change-Id: Ic39b7ce82ca0fbcd550aab8d076fce5e8a213094
Reviewed-on: http://review.couchbase.org/89816
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>
Tested-by: Build Bot <build@couchbase.com>

show more ...


# 8e5a37d4 09-Feb-2018 Daniel Owen <owend@couchbase.com>

MB-27844: Audit Daemon - Add event_states object

Add an optional event_states object to version 2 of the configuration to
allow events to be dynamically enabled or disabled.

The

MB-27844: Audit Daemon - Add event_states object

Add an optional event_states object to version 2 of the configuration to
allow events to be dynamically enabled or disabled.

The format of the object is a map of {event_id, state} e.g.

"event_states" : {"1234" : "enabled",
"5678" : "disabled"}

If the event_states is not defined the configuration will still be
accepted.

Given the introduction of the event_states object, the patch also
depreciates the "disabled" list in version 2 (as it does not allow
events to be disabled).

If the "disabled" list is defined in version 2 it will be ignored.

Change-Id: I7ecf7b0cbf3807677bda31623409bb710940bfd0
Reviewed-on: http://review.couchbase.org/89168
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>
Tested-by: Build Bot <build@couchbase.com>

show more ...


# 319eccf9 07-Feb-2018 Daniel Owen <owend@couchbase.com>

MB-27839: Audit filtering using the full userid

Currently audit filtering is performed using only the user component
of a userid. However ns_server allows ldap users to have the same id

MB-27839: Audit filtering using the full userid

Currently audit filtering is performed using only the user component
of a userid. However ns_server allows ldap users to have the same id as
internal users. So {"source" : "external", "user" : "vova"} is not the
same as {"source":"local","user":"vova"}.

Therefore we need to change the filtering to compare the full userid
and not just the "user" component.

The configure parameter "disabled_users" is also updated to
"updated_userids" to reflect that it now contains full userids.

Change-Id: Ibd7d42684573e7e8d811ecd95b007a0b7a570c47
Reviewed-on: http://review.couchbase.org/88867
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# 44c7b290 16-Jan-2018 Daniel Owen <owend@couchbase.com>

MB-27063: Read audit version from the configuration file

Now that we are introducing version 2 of the audit configuration file,
we should read the version number from the configuration f

MB-27063: Read audit version from the configuration file

Now that we are introducing version 2 of the audit configuration file,
we should read the version number from the configuration file and
set the appropriate value in the config. Then we need to read
the config value as opposed to just returning a hard-coded value.

Change-Id: Ibddf0096d3f0b744d1d63981cd64e921e343884e
Reviewed-on: http://review.couchbase.org/87906
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# 81727a2a 12-Jan-2018 Daniel Owen <owend@couchbase.com>

MB-27063: Add uuid attribute

To support the client optimsation of filtering events at source (and
hence not sending them to the audit daemon) we need to record in the
audit log what

MB-27063: Add uuid attribute

To support the client optimsation of filtering events at source (and
hence not sending them to the audit daemon) we need to record in the
audit log what version of the configuration file is being used, so we
can determine what filters are being used. Therefore a configuration
uuid attribute is being added, that is recorded in the audit log every
time the configuration changes.

The attribute is of type string and its value is set by ns_server.

Change-Id: Iec85641bb30f305a633b59988d8a10f06e29005e
Reviewed-on: http://review.couchbase.org/87807
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Tim Bradgate <tim.bradgate@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# 23ded47f 15-Dec-2017 Daniel Owen <owend@couchbase.com>

MB-27063: Add config flag to enable / disable filtering

Add a global configuration option "filtering_enabled" which if set to
true allows audit events to be filtered by user (from real_u

MB-27063: Add config flag to enable / disable filtering

Add a global configuration option "filtering_enabled" which if set to
true allows audit events to be filtered by user (from real_userid or
effective_userid).

The option is is required to be defined in version 2 of the audit
configuration (similar to the diabled_users list).

Also adds an associated test.

Change-Id: Ibee723a41100e999c3fafdcea416722e395f20e5
Reviewed-on: http://review.couchbase.org/86972
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# e9f4db13 11-Jan-2018 Daniel Owen <owend@couchbase.com>

MB-27063: Fix bug with AuditConfig::to_json

With commit f362456606a357b08dcedcbfdb4ce76fdd2735a6 a bug was
introduced in the AuditConfig::to_json method where we incorrectly add
the

MB-27063: Fix bug with AuditConfig::to_json

With commit f362456606a357b08dcedcbfdb4ce76fdd2735a6 a bug was
introduced in the AuditConfig::to_json method where we incorrectly add
the disabled (event) entries to the disabled_users json output.

Commit 298bc4063950f3f26c8398b4b0de251a2e8ddad3 partially addressed the
issue by adding the the disabled user entries to the disabled_users json
output. However it unfortunately left the old code, so disabled (event)
entries were also still added.

This patch fixes the issue by removing the original code that added the
disabled (event) entries to the disabled_users json output.

Two regression tests have also been added.

Change-Id: If5c23c874a0d9e4a418110322b214a964221244c
Reviewed-on: http://review.couchbase.org/87741
Reviewed-by: Paolo Cocchi <paolo.cocchi@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>
Tested-by: Build Bot <build@couchbase.com>

show more ...


# 298bc406 08-Jan-2018 Daniel Owen <owend@couchbase.com>

MB-22010: Fix disabled_users filtering bugs

Fix bug with the new configuation option: disabled_users. The bug is
that when converting the configuration to JSON the
disabled_users lis

MB-22010: Fix disabled_users filtering bugs

Fix bug with the new configuation option: disabled_users. The bug is
that when converting the configuration to JSON the
disabled_users list was being populated from the disabled list.

In addition there was a memory leak when an audit event is filtered
by a user.

This patch fixes the bugs, and introduces a test to defend against
regression.

Change-Id: Ia2671ec05450716074a87565e9b4129154656e62
Reviewed-on: http://review.couchbase.org/87531
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


Revision tags: v5.0.1
# b9c7e537 06-Dec-2017 Daniel Owen <owend@couchbase.com>

MB-27063: is_event_filtered takes a user not users

The is_event_filtered function take a single parameter, which is a
string containing the user to check if it is in the disabled_users l

MB-27063: is_event_filtered takes a user not users

The is_event_filtered function take a single parameter, which is a
string containing the user to check if it is in the disabled_users list.

Therefore this patches changes the name from users to user.

Change-Id: Ia7c527f6380a8fbcf63a5e3826fb036e4a3f7465
Reviewed-on: http://review.couchbase.org/86452
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# f3624566 05-Dec-2017 Daniel Owen <owend@couchbase.com>

MB-27063: Add user filter to Audit Daemon

Increase to version 2 of the audit configuration, which has the addition
of a new attribute - disabled_users. This is an array of strings,

MB-27063: Add user filter to Audit Daemon

Increase to version 2 of the audit configuration, which has the addition
of a new attribute - disabled_users. This is an array of strings,
where each string is a user.

If an event with a real_userid:user or effective_userid:user
matches with a user in the disabled_users, the event will not
be outputted to the logs.

Change-Id: Ia62c0e7c73f51f11c86416374b08d3286f11952b
Reviewed-on: http://review.couchbase.org/86197
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Jim Walker <jim@couchbase.com>

show more ...


Revision tags: v5.1.0, v5.0.0, v4.6.2_ep, v4.6.2_mc, v4.6.1_ep, v4.6.0_ep, v4.5.1-MP1_mc, v4.6.0-DP_mc, v4.6.0-DP_ep
# a8539713 24-Oct-2016 Trond Norbye <trond.norbye@gmail.com>

Refactor: Handle exceptions thrown by cb::io::mkdirp during failures

Change-Id: If56d97181eca96143313e5877472d3c4f7d8b63c
Reviewed-on: http://review.couchbase.org/69134
Reviewed-by:

Refactor: Handle exceptions thrown by cb::io::mkdirp during failures

Change-Id: If56d97181eca96143313e5877472d3c4f7d8b63c
Reviewed-on: http://review.couchbase.org/69134
Reviewed-by: Dave Rigby <daver@couchbase.com>
Tested-by: buildbot <build@couchbase.com>

show more ...


Revision tags: v4.5.1-MP1_ep
# f4f03215 15-Sep-2016 Trond Norbye <trond.norbye@gmail.com>

MB-20761: Use atomics and mutex for audit config

Thread Sanitizer reported data race for the variable audit_enabled.

Change-Id: I4ae47b515f761d9d82f9777b59f78336248463e3
Reviewe

MB-20761: Use atomics and mutex for audit config

Thread Sanitizer reported data race for the variable audit_enabled.

Change-Id: I4ae47b515f761d9d82f9777b59f78336248463e3
Reviewed-on: http://review.couchbase.org/67711
Reviewed-by: Dave Rigby <daver@couchbase.com>
Well-Formed: buildbot <build@couchbase.com>
Tested-by: buildbot <build@couchbase.com>

show more ...


Revision tags: v4.1.2-MP2_mc, v4.5.1_mc, v4.6.0_mc, v4.1.2-MP1_ep, v3.1.6_ep, v4.5.0_mc, v4.5.0_ep, v4.1.1_ep, v3.1.5_ep
# 785a6042 22-Mar-2016 Trond Norbye <trond.norbye@gmail.com>

Refactor: Use gtest for unittesting of auditd

This makes it easier to run a single test case (and debug it
from within an IDE)

Change-Id: I4dc5bcacf733c3cdb48b361a58dac09320abff

Refactor: Use gtest for unittesting of auditd

This makes it easier to run a single test case (and debug it
from within an IDE)

Change-Id: I4dc5bcacf733c3cdb48b361a58dac09320abff9b
Reviewed-on: http://review.couchbase.org/61817
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Will Gardner <will.gardner@couchbase.com>

show more ...


# ecaa0502 21-Mar-2016 Trond Norbye <trond.norbye@gmail.com>

Refactor: Don't use global variables for class members

Change-Id: I39cde43ccb3ce0b432492d9debb3403418c1ecf2
Reviewed-on: http://review.couchbase.org/61764
Tested-by: buildbot <build@

Refactor: Don't use global variables for class members

Change-Id: I39cde43ccb3ce0b432492d9debb3403418c1ecf2
Reviewed-on: http://review.couchbase.org/61764
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Will Gardner <will.gardner@couchbase.com>

show more ...


Revision tags: v4.1.1_mc, v3.1.4_ep, v3.1.4_mc, v3.1.5_mc, v3.1.3_ep, v4.1.0_ep, v3.1.2_ep, v4.1.0_mc, v3.1.2_mc, v3.1.1_mc, v3.1.1_ep, v4.0.0_ep, v4.0.0_mc, v3.1.0_ep, v3.1.0_mc, v3.1.6_mc
# 9b2fdcac 16-Mar-2015 Trond Norbye <trond.norbye@gmail.com>

MB-13962: Refactor AuditConfig

1) Add unit test
2) Protect private parts

Change-Id: I02e0fd8c666fd52231db1f60e40695b1bd7f25a7
Reviewed-on: http://review.couchbase.org/48

MB-13962: Refactor AuditConfig

1) Add unit test
2) Protect private parts

Change-Id: I02e0fd8c666fd52231db1f60e40695b1bd7f25a7
Reviewed-on: http://review.couchbase.org/48324
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Daniel Owen <owend@couchbase.com>

show more ...


# 0e20dffd 12-Mar-2015 Trond Norbye <trond.norbye@gmail.com>

MB-13905: Make the PATHs look sane on windows

Change-Id: I10794136d6c7f28f8eb19266f2d370abf5ec705e
Reviewed-on: http://review.couchbase.org/48169
Tested-by: buildbot <build@couchbase

MB-13905: Make the PATHs look sane on windows

Change-Id: I10794136d6c7f28f8eb19266f2d370abf5ec705e
Reviewed-on: http://review.couchbase.org/48169
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Daniel Owen <owend@couchbase.com>

show more ...


# d22794a2 19-Feb-2015 Trond Norbye <trond.norbye@gmail.com>

MB-13538: Let the audit log be buffered by default

Audit events is typically relatively small and in the case
of a high burst of events doing a flush of the io buffers
for each event

MB-13538: Let the audit log be buffered by default

Audit events is typically relatively small and in the case
of a high burst of events doing a flush of the io buffers
for each event would just slow things down. In our model
where we could drop events anyway I think it is an acceptable
risk to use buffered IO for this and only flush after
finishing writing a chunk of events.

Change-Id: Ic4549ba4e0e7a84bd555d6d5dd76cf63407a507a
Reviewed-on: http://review.couchbase.org/47082
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Daniel Owen <owend@couchbase.com>

show more ...


# 45194169 19-Feb-2015 Daniel Owen <owend@couchbase.com>

MB-13471: Move audit configuration to consumer thread

Change-Id: Idee6b087af728e8d56f4888c2db6a6c79d5845d6
Reviewed-on: http://review.couchbase.org/47040
Tested-by: buildbot <build@c

MB-13471: Move audit configuration to consumer thread

Change-Id: Idee6b087af728e8d56f4888c2db6a6c79d5845d6
Reviewed-on: http://review.couchbase.org/47040
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# 7fe2a843 18-Feb-2015 Trond Norbye <trond.norbye@gmail.com>

MB-13506: Add support for rotate size config tunable

Change-Id: I5a7322d78c7779a97d88d31b05136cbed0f685a8
Reviewed-on: http://review.couchbase.org/47032
Tested-by: buildbot <build@co

MB-13506: Add support for rotate size config tunable

Change-Id: I5a7322d78c7779a97d88d31b05136cbed0f685a8
Reviewed-on: http://review.couchbase.org/47032
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>

show more ...


# 9866e2a9 16-Feb-2015 Daniel Owen <owend@couchbase.com>

MB-13467: Only use log_path

Change-Id: I657fe83e9746ed026519a5b73e48d584dd8f1708
Reviewed-on: http://review.couchbase.org/46882
Tested-by: buildbot <build@couchbase.com>
Reviewed

MB-13467: Only use log_path

Change-Id: I657fe83e9746ed026519a5b73e48d584dd8f1708
Reviewed-on: http://review.couchbase.org/46882
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


Revision tags: v3.0.2-MP2_mc
# 147494af 12-Feb-2015 Daniel Owen <owend@couchbase.com>

MB-13419: Remove audit.json from /etc/security

Change-Id: I2bdeb0e00e6824bb6f9dc46387a456dda6b31ef2
Reviewed-on: http://review.couchbase.org/46733
Tested-by: Daniel Owen <owend@couch

MB-13419: Remove audit.json from /etc/security

Change-Id: I2bdeb0e00e6824bb6f9dc46387a456dda6b31ef2
Reviewed-on: http://review.couchbase.org/46733
Tested-by: Daniel Owen <owend@couchbase.com>
Reviewed-by: Dave Rigby <daver@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


# 5529bdb3 11-Feb-2015 Daniel Owen <owend@couchbase.com>

MB-13395: Catch all thrown exceptions

Change-Id: I957cb68b29fdc67abb19807b0eaa0be1539af833
Reviewed-on: http://review.couchbase.org/46684
Tested-by: Daniel Owen <owend@couchbase.com>

MB-13395: Catch all thrown exceptions

Change-Id: I957cb68b29fdc67abb19807b0eaa0be1539af833
Reviewed-on: http://review.couchbase.org/46684
Tested-by: Daniel Owen <owend@couchbase.com>
Tested-by: buildbot <build@couchbase.com>
Reviewed-by: Trond Norbye <trond.norbye@gmail.com>

show more ...


12