1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
/**
* Copyright (C) 2013 10gen Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* This module describes free functions for logging various operations of interest to a
* party interested in generating logs of user activity in a MongoDB server instance.
*/
#pragma once
#include "mongo/base/error_codes.h"
namespace mongo {
class BSONObj;
class ClientBasic;
class NamespaceString;
class StringData;
class UserName;
namespace mutablebson {
class Document;
} // namespace mutablebson
namespace audit {
/**
* Logs the result of an authentication attempt.
*/
void logAuthentication(ClientBasic* client,
const StringData& mechanism,
const UserName& user,
ErrorCodes::Error result);
//
// Authorization (authz) logging functions.
//
// These functions generate log messages describing the disposition of access control
// checks.
//
/**
* Logs the result of a command authorization check.
*/
void logCommandAuthzCheck(
ClientBasic* client,
const NamespaceString& ns,
const mutablebson::Document& cmdObj,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for an OP_DELETE wire protocol message.
*/
void logDeleteAuthzCheck(
ClientBasic* client,
const NamespaceString& ns,
const BSONObj& pattern,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for the "unlock" pseudo-command.
*/
void logFsyncUnlockAuthzCheck(
ClientBasic* client,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for an OP_GET_MORE wire protocol message.
*/
void logGetMoreAuthzCheck(
ClientBasic* client,
const NamespaceString& ns,
long long cursorId,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for an "inprog" pseudo-command.
*/
void logInProgAuthzCheck(
ClientBasic* client,
const BSONObj& filter,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for an OP_INSERT wire protocol message.
*/
void logInsertAuthzCheck(
ClientBasic* client,
const NamespaceString& ns,
const BSONObj& insertedObj,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for an OP_KILL_CURSORS wire protocol message.
*/
void logKillCursorsAuthzCheck(
ClientBasic* client,
const NamespaceString& ns,
long long cursorId,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for a "killop" pseudo-command.
*/
void logKillOpAuthzCheck(
ClientBasic* client,
const BSONObj& filter,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for an OP_QUERY wire protocol message.
*/
void logQueryAuthzCheck(
ClientBasic* client,
const NamespaceString& ns,
const BSONObj& query,
ErrorCodes::Error result);
/**
* Logs the result of an authorization check for an OP_UPDATE wire protocol message.
*/
void logUpdateAuthzCheck(
ClientBasic* client,
const NamespaceString& ns,
const BSONObj& query,
const BSONObj& updateObj,
bool isUpsert,
bool isMulti,
ErrorCodes::Error result);
} // namespace audit
} // namespace mongo
|
