#------------------------------------------------------------------------------- # Broker Config for Data Leakage Protection. #------------------------------------------------------------------------------- target = __P4PORT__; listen = __P4BROKERPORT__; directory = __P4BINDIR__; logfile = "__LOGS__/p4broker.log"; debug-level = server=__BROKER_LOG_LEVEL__,net.autotune=1; admin-name = "Perforce Admins"; admin-phone = 999/911; admin-email = "__MAILTO__"; compress = false; redirection = selective; #------------------------------------------------------------------------------ # Show Broker Input - Utility for developing broker filter scripts. #------------------------------------------------------------------------------ command: ^sbi$ { action = filter; execute = /p4/common/hms/scripts/sbi.pl; } #============================================================================== # Data Leakage prevention. #============================================================================== ### This is a HACK to prevent Swarm from choking on DLP features. command: .* { user = __SWARM_USER__; action = pass; } #------------------------------------------------------------------------------ # Bypass for the automation super user. command: .* { user = perforce; action = pass; } #------------------------------------------------------------------------------ # This filter script requires the indicated command to have 'super' access # in the Protections table. This will break some functionality in P4V, etc. command: ^users$ { action = filter; checkauth = true; execute = /p4/common/hms/dlp/broker_must_be_super.pl; } #------------------------------------------------------------------------------ # This filter script requires the indicated command to have '-u '. # If the '-u ' arg is not provided, the command is rewritten to # implicitly add it. If '-u ' is provided (potentially specifying # any other user), it is implicitly removed from the command line before # appending '-u' to reference the current user. # Note: Nothing special is needed for streams, as p4d Streams features # honor the Protections table (requiring list access to see a stream). command: ^branches|clients|groups|labels|remotes|workspaces$ { action = filter; checkauth = true; execute = /p4/common/hms/dlp/broker_imply-u.pl; } #------------------------------------------------------------------------------ # This filter script allows the indicated spec handling commands to # allow only owners of specs to modify them. We don't use this # for stream specs as they have Protections table controls. command: ^branch|client|label|remote|user|workspace$ { action = filter; checkauth = true; execute = /p4/common/hms/dlp/broker_must_be_owner.pl; } #------------------------------------------------------------------------------ # Version check for DLP. command: ^dlp$ { action = reject; message = "\nThe Data Leakage Protection (DSP) is enabled on this server.\nVersion: __DLP_VERSION__\n"; }