#-------------------------------------------------------------------------------
# Broker Config for Data Leakage Protection.
#-------------------------------------------------------------------------------
target = __P4PORT__;
listen = __P4BROKERPORT__;
directory = __P4BINDIR__;
logfile = "__LOGS__/p4broker.log";
debug-level = server=1,net.autotune=1;
admin-name = "Perforce Admins";
admin-phone = 999/911;
admin-email = "P4AdminList@p4demo.com";
compress = false;
redirection = selective;
#------------------------------------------------------------------------------
# Show Broker Input - Utility for developing broker filter scripts.
#------------------------------------------------------------------------------
command: ^sbi$
{
action = filter;
execute = /p4/common/hms/scripts/sbi.pl;
}
#==============================================================================
# Data Leakage prevention.
#==============================================================================
### This is a HACK to prevent Swarm from choking on DLP features.
command: .*
{
user = __SWARM_USER__;
action = pass;
}
#------------------------------------------------------------------------------
# Bypass for the automation super user.
command: .*
{
user = perforce;
action = pass;
}
#------------------------------------------------------------------------------
# This filter script requires the indicated command to have 'super' access
# in the Protections table. This will break some functionality in P4V, etc.
command: ^users$
{
action = filter;
checkauth = true;
execute = /p4/common/hms/dlp/broker_must_be_super.pl;
}
#------------------------------------------------------------------------------
# This filter script requires the indicated command to have '-u <user>'.
# If the '-u <user>' arg is not provided, the command is rewritten to
# implicitly add it. If '-u <user>' is provided (potentially specifying
# any other user), it is implicitly removed from the command line before
# appending '-u' to reference the current user.
# Note: Nothing special is needed for streams, as p4d Streams features
# honor the Protections table (requiring list access to see a stream).
command: ^branches|clients|groups|labels|remotes|workspaces$
{
action = filter;
checkauth = true;
execute = /p4/common/hms/dlp/broker_imply-u.pl;
}
#------------------------------------------------------------------------------
# This filter script allows the indicated spec handling commands to
# allow only owners of specs to modify them. We don't use this
# for stream specs as they have Protections table controls.
command: ^branch|client|label|remote|user|workspace$
{
action = filter;
checkauth = true;
execute = /p4/common/hms/dlp/broker_must_be_owner.pl;
}
#------------------------------------------------------------------------------
# Version check for DLP.
command: ^dlp$
{
action = reject;
message = "\nThe Data Leakage Protection (DSP) Package v0.7.0 is enabled on this server.\n";
}
| # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #4 | 29182 | C. Thomas Tyler |
Moved HMS files from /p4/common/bin -> /p4/common/site/bin. Moved HMS files from /p4/common/lib -> /p4/common/site/lib. Removed dependency on SDP libs so that HMS can be deployed with a wider variety of SDP versions. |
||
| #3 | 25977 | C. Thomas Tyler |
Enhanced so 'p4 dlp' version check works for even exempt users like 'perforce'. Added preflight check for missing DLP Version file. |
||
| #2 | 25976 | C. Thomas Tyler |
Added Version file for DLP. Added script to generate broker config file for using DLP from a template. Updated template accordingly. |
||
| #1 | 25975 | C. Thomas Tyler | Added first cut of DLP as optional component of HMS. |