#------------------------------------------------------------------------------- # Broker Config for Data Leakage Protection. #------------------------------------------------------------------------------- target = __P4PORT__; listen = __P4BROKERPORT__; directory = __P4BINDIR__; logfile = "__LOGS__/p4broker.log"; debug-level = server=__BROKER_LOG_LEVEL__,net.autotune=1; admin-name = "Perforce Admins"; admin-phone = 999/911; admin-email = "__MAILTO__"; compress = false; redirection = selective; #------------------------------------------------------------------------------ # Show Broker Input - Utility for developing broker filter scripts. #------------------------------------------------------------------------------ command: ^sbi$ { action = filter; execute = /p4/common/hms/scripts/sbi.pl; } #============================================================================== # Data Leakage prevention. #============================================================================== #------------------------------------------------------------------------------ # Version check for DLP. command: ^dlp$ { action = reject; message = "\nThe Data Leakage Protection (DSP) is enabled on this server.\nVersion: __DLP_VERSION__\n"; } ### This is a HACK to prevent Swarm from choking on DLP features. command: .* { user = __SWARM_USER__; action = pass; } #------------------------------------------------------------------------------ # Bypass for the automation super user. command: .* { user = perforce; action = pass; } #------------------------------------------------------------------------------ # This filter script requires the indicated command to have 'super' access # in the Protections table. This will break some functionality in P4V, etc. command: ^users$ { action = filter; checkauth = true; execute = /p4/common/hms/dlp/broker_must_be_super.pl; } #------------------------------------------------------------------------------ # This filter script requires the indicated command to have '-u <user>'. # If the '-u <user>' arg is not provided, the command is rewritten to # implicitly add it. If '-u <user>' is provided (potentially specifying # any other user), it is implicitly removed from the command line before # appending '-u' to reference the current user. # Note: Nothing special is needed for streams, as p4d Streams features # honor the Protections table (requiring list access to see a stream). command: ^branches|clients|groups|labels|remotes|workspaces$ { action = filter; checkauth = true; execute = /p4/common/hms/dlp/broker_imply-u.pl; } #------------------------------------------------------------------------------ # This filter script allows the indicated spec handling commands to # allow only owners of specs to modify them. We don't use this # for stream specs as they have Protections table controls. command: ^branch|client|label|remote|user|workspace$ { action = filter; checkauth = true; execute = /p4/common/hms/dlp/broker_must_be_owner.pl; }
# | Change | User | Description | Committed | |
---|---|---|---|---|---|
#1 | 26284 | C. Thomas Tyler | Released HMS 2020.1.26282. | ||
//guest/perforce_software/hms/dev/p4/common/hms/dlp/p4_N.broker.cfg.t | |||||
#3 | 25977 | C. Thomas Tyler |
Enhanced so 'p4 dlp' version check works for even exempt users like 'perforce'. Added preflight check for missing DLP Version file. |
||
#2 | 25976 | C. Thomas Tyler |
Added Version file for DLP. Added script to generate broker config file for using DLP from a template. Updated template accordingly. |
||
#1 | 25975 | C. Thomas Tyler | Added first cut of DLP as optional component of HMS. |