diff options
| author | Ben Caimano <ben.caimano@10gen.com> | 2021-03-01 19:32:45 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-03-05 18:39:29 +0000 |
| commit | 36597e8ce4fcf00e777bca348929c1530a79c699 (patch) | |
| tree | c0303dbaedba91fd3e564f561e205f2558f412b2 /src/mongo/db/audit.cpp | |
| parent | a64f3aa45c6441268f8b28f9fc5eb13f7dc02448 (diff) | |
| download | mongo-36597e8ce4fcf00e777bca348929c1530a79c699.tar.gz | |
SERVER-53604 Convey both id and full arn to authenticate audit events
Diffstat (limited to 'src/mongo/db/audit.cpp')
| -rw-r--r-- | src/mongo/db/audit.cpp | 300 |
1 files changed, 142 insertions, 158 deletions
diff --git a/src/mongo/db/audit.cpp b/src/mongo/db/audit.cpp index ab5aed971ab..60e826e91fb 100644 --- a/src/mongo/db/audit.cpp +++ b/src/mongo/db/audit.cpp @@ -29,190 +29,174 @@ #include "mongo/db/audit.h" -#if !MONGO_ENTERPRISE_AUDIT +namespace mongo { +namespace audit { -mongo::audit::ImpersonatedClientAttrs::ImpersonatedClientAttrs(Client* client) {} - -void mongo::audit::logAuthentication(Client* client, - StringData mechanism, - const UserName& user, - ErrorCodes::Error result) {} - -void mongo::audit::logCommandAuthzCheck(Client* client, - const OpMsgRequest& cmdObj, - const CommandInterface& command, - ErrorCodes::Error result) {} - -void mongo::audit::logDeleteAuthzCheck(Client* client, - const NamespaceString& ns, - const BSONObj& pattern, - ErrorCodes::Error result) {} - -void mongo::audit::logGetMoreAuthzCheck(Client* client, - const NamespaceString& ns, - long long cursorId, - ErrorCodes::Error result) {} - -void mongo::audit::logInsertAuthzCheck(Client* client, - const NamespaceString& ns, - const BSONObj& insertedObj, - ErrorCodes::Error result) {} - -void mongo::audit::logKillCursorsAuthzCheck(Client* client, - const NamespaceString& ns, - long long cursorId, - ErrorCodes::Error result) {} - -void mongo::audit::logQueryAuthzCheck(Client* client, - const NamespaceString& ns, - const BSONObj& query, - ErrorCodes::Error result) {} - -void mongo::audit::logUpdateAuthzCheck(Client* client, - const NamespaceString& ns, - const BSONObj& query, - const write_ops::UpdateModification& update, - bool isUpsert, - bool isMulti, - ErrorCodes::Error result) {} - -void mongo::audit::logCreateUser(Client* client, - const UserName& username, - bool password, - const BSONObj* customData, - const std::vector<RoleName>& roles, - const boost::optional<BSONArray>& restrictions) {} - -void mongo::audit::logDropUser(Client* client, const UserName& username) {} - -void mongo::audit::logDropAllUsersFromDatabase(Client* client, StringData dbname) {} - -void mongo::audit::logUpdateUser(Client* client, - const UserName& username, - bool password, - const BSONObj* customData, - const std::vector<RoleName>* roles, - const boost::optional<BSONArray>& restrictions) {} - -void mongo::audit::logGrantRolesToUser(Client* client, - const UserName& username, - const std::vector<RoleName>& roles) {} - -void mongo::audit::logRevokeRolesFromUser(Client* client, - const UserName& username, - const std::vector<RoleName>& roles) {} - -void mongo::audit::logCreateRole(Client* client, - const RoleName& role, - const std::vector<RoleName>& roles, - const PrivilegeVector& privileges, - const boost::optional<BSONArray>& restrictions) {} +#if !MONGO_ENTERPRISE_AUDIT -void mongo::audit::logUpdateRole(Client* client, +ImpersonatedClientAttrs::ImpersonatedClientAttrs(Client* client) {} + +void logAuthentication(Client*, const AuthenticateEvent&) {} + +void logCommandAuthzCheck(Client* client, + const OpMsgRequest& cmdObj, + const CommandInterface& command, + ErrorCodes::Error result) {} + +void logDeleteAuthzCheck(Client* client, + const NamespaceString& ns, + const BSONObj& pattern, + ErrorCodes::Error result) {} + +void logGetMoreAuthzCheck(Client* client, + const NamespaceString& ns, + long long cursorId, + ErrorCodes::Error result) {} + +void logInsertAuthzCheck(Client* client, + const NamespaceString& ns, + const BSONObj& insertedObj, + ErrorCodes::Error result) {} + +void logKillCursorsAuthzCheck(Client* client, + const NamespaceString& ns, + long long cursorId, + ErrorCodes::Error result) {} + +void logQueryAuthzCheck(Client* client, + const NamespaceString& ns, + const BSONObj& query, + ErrorCodes::Error result) {} + +void logUpdateAuthzCheck(Client* client, + const NamespaceString& ns, + const BSONObj& query, + const write_ops::UpdateModification& update, + bool isUpsert, + bool isMulti, + ErrorCodes::Error result) {} + +void logCreateUser(Client* client, + const UserName& username, + bool password, + const BSONObj* customData, + const std::vector<RoleName>& roles, + const boost::optional<BSONArray>& restrictions) {} + +void logDropUser(Client* client, const UserName& username) {} + +void logDropAllUsersFromDatabase(Client* client, StringData dbname) {} + +void logUpdateUser(Client* client, + const UserName& username, + bool password, + const BSONObj* customData, + const std::vector<RoleName>* roles, + const boost::optional<BSONArray>& restrictions) {} + +void logGrantRolesToUser(Client* client, + const UserName& username, + const std::vector<RoleName>& roles) {} + +void logRevokeRolesFromUser(Client* client, + const UserName& username, + const std::vector<RoleName>& roles) {} + +void logCreateRole(Client* client, + const RoleName& role, + const std::vector<RoleName>& roles, + const PrivilegeVector& privileges, + const boost::optional<BSONArray>& restrictions) {} + +void logUpdateRole(Client* client, + const RoleName& role, + const std::vector<RoleName>* roles, + const PrivilegeVector* privileges, + const boost::optional<BSONArray>& restrictions) {} + +void logDropRole(Client* client, const RoleName& role) {} + +void logDropAllRolesFromDatabase(Client* client, StringData dbname) {} + +void logGrantRolesToRole(Client* client, const RoleName& role, const std::vector<RoleName>& roles) { +} + +void logRevokeRolesFromRole(Client* client, + const RoleName& role, + const std::vector<RoleName>& roles) {} + +void logGrantPrivilegesToRole(Client* client, + const RoleName& role, + const PrivilegeVector& privileges) {} + +void logRevokePrivilegesFromRole(Client* client, const RoleName& role, - const std::vector<RoleName>* roles, - const PrivilegeVector* privileges, - const boost::optional<BSONArray>& restrictions) {} - -void mongo::audit::logDropRole(Client* client, const RoleName& role) {} - -void mongo::audit::logDropAllRolesFromDatabase(Client* client, StringData dbname) {} + const PrivilegeVector& privileges) {} -void mongo::audit::logGrantRolesToRole(Client* client, - const RoleName& role, - const std::vector<RoleName>& roles) {} +void logReplSetReconfig(Client* client, const BSONObj* oldConfig, const BSONObj* newConfig) {} -void mongo::audit::logRevokeRolesFromRole(Client* client, - const RoleName& role, - const std::vector<RoleName>& roles) {} +void logApplicationMessage(Client* client, StringData msg) {} -void mongo::audit::logGrantPrivilegesToRole(Client* client, - const RoleName& role, - const PrivilegeVector& privileges) {} +void logStartupOptions(Client* client, const BSONObj& startupOptions) {} -void mongo::audit::logRevokePrivilegesFromRole(Client* client, - const RoleName& role, - const PrivilegeVector& privileges) {} +void logShutdown(Client* client) {} -void mongo::audit::logReplSetReconfig(Client* client, - const BSONObj* oldConfig, - const BSONObj* newConfig) {} +void logLogout(Client* client, + StringData reason, + const BSONArray& initialUsers, + const BSONArray& updatedUsers) {} -void mongo::audit::logApplicationMessage(Client* client, StringData msg) {} +void logCreateIndex(Client* client, + const BSONObj* indexSpec, + StringData indexname, + const NamespaceString& nsname) {} -void mongo::audit::logStartupOptions(Client* client, const BSONObj& startupOptions) {} +void logCreateCollection(Client* client, const NamespaceString& nsname) {} -void mongo::audit::logShutdown(Client* client) {} +void logCreateView(Client* client, + const NamespaceString& nsname, + StringData viewOn, + BSONArray pipeline, + ErrorCodes::Error code) {} -void mongo::audit::logLogout(Client* client, - StringData reason, - const BSONArray& initialUsers, - const BSONArray& updatedUsers) {} +void logImportCollection(Client* client, const NamespaceString& nsname) {} -void mongo::audit::logCreateIndex(Client* client, - const BSONObj* indexSpec, - StringData indexname, - const NamespaceString& nsname) {} +void logCreateDatabase(Client* client, StringData dbname) {} -void mongo::audit::logCreateCollection(Client* client, const NamespaceString& nsname) {} -void mongo::audit::logCreateView(Client* client, - const NamespaceString& nsname, - StringData viewOn, - BSONArray pipeline, - ErrorCodes::Error code) {} +void logDropIndex(Client* client, StringData indexname, const NamespaceString& nsname) {} -void mongo::audit::logImportCollection(Client* client, const NamespaceString& nsname) {} +void logDropCollection(Client* client, const NamespaceString& nsname) {} -void mongo::audit::logCreateDatabase(Client* client, StringData dbname) {} +void logDropView(Client* client, + const NamespaceString& nsname, + StringData viewOn, + const std::vector<BSONObj>& pipeline, + ErrorCodes::Error code) {} +void logDropDatabase(Client* client, StringData dbname) {} -void mongo::audit::logDropIndex(Client* client, - StringData indexname, - const NamespaceString& nsname) {} +void logRenameCollection(Client* client, + const NamespaceString& source, + const NamespaceString& target) {} -void mongo::audit::logDropCollection(Client* client, const NamespaceString& nsname) {} +void logEnableSharding(Client* client, StringData dbname) {} -void mongo::audit::logDropView(Client* client, - const NamespaceString& nsname, - StringData viewOn, - const std::vector<BSONObj>& pipeline, - ErrorCodes::Error code) {} +void logAddShard(Client* client, StringData name, const std::string& servers, long long maxSize) {} -void mongo::audit::logDropDatabase(Client* client, StringData dbname) {} +void logRemoveShard(Client* client, StringData shardname) {} -void mongo::audit::logRenameCollection(Client* client, - const NamespaceString& source, - const NamespaceString& target) {} +void logShardCollection(Client* client, StringData ns, const BSONObj& keyPattern, bool unique) {} -void mongo::audit::logEnableSharding(Client* client, StringData dbname) {} +void logRefineCollectionShardKey(Client* client, StringData ns, const BSONObj& keyPattern) {} -void mongo::audit::logAddShard(Client* client, - StringData name, - const std::string& servers, - long long maxSize) {} +void logInsertOperation(Client* client, const NamespaceString& nss, const BSONObj& doc) {} -void mongo::audit::logRemoveShard(Client* client, StringData shardname) {} +void logUpdateOperation(Client* client, const NamespaceString& nss, const BSONObj& doc) {} -void mongo::audit::logShardCollection(Client* client, - StringData ns, - const BSONObj& keyPattern, - bool unique) {} - -void mongo::audit::logRefineCollectionShardKey(Client* client, - StringData ns, - const BSONObj& keyPattern) {} - -void mongo::audit::logInsertOperation(Client* client, - const NamespaceString& nss, - const BSONObj& doc) {} - -void mongo::audit::logUpdateOperation(Client* client, - const NamespaceString& nss, - const BSONObj& doc) {} - -void mongo::audit::logRemoveOperation(Client* client, - const NamespaceString& nss, - const BSONObj& doc) {} +void logRemoveOperation(Client* client, const NamespaceString& nss, const BSONObj& doc) {} #endif + +} // namespace audit +} // namespace mongo |