MB-41183: Change representation of connection in audit

The connection details in the audit record should not be a string
named sockname or peername, but use objects named remote and local

      "remote": {
        "ip": "::1",
        "port": 1234
      },
      "local": {
        "ip": "::1",
        "port": 321
      }

As that ease the filtering when you don't have to deal with trying
to determine if it is an IPv4 or IPv6 address and how the ports
are specified (IPv4: 127.0.0.1:1234, IPv6: ::1[1234])

Change-Id: I56dab58b797a12d2aac6bc03959b33d29d19527f
Reviewed-on: http://review.couchbase.org/c/kv_engine/+/135419
Tested-by: Build Bot <[email protected]>
Well-Formed: Build Bot <[email protected]>
Reviewed-by: Daniel Owen <[email protected]>

Author: trondn

auditd/README.md

@@ -184,10 +184,9 @@ providing the following default values:
 * array: []
 * object: {}
 
-The example JSON structure below shows the definition for the 2
-pre-defined mandatory fields; *timestamp* and *real_userid*, and the 3
-pre-defined optional fields; *sessionID*, *remote* and
-*effective_userid*.
+The example JSON structure below shows the definition for the 4
+pre-defined mandatory fields; *timestamp*, *real_userid*, *remote*, *local*,
+and the 2 pre-defined optional fields; *sessionID* and *effective_userid*.
 
     {"version" : 1,
     "module" : "example",
@@ -199,11 +198,12 @@ pre-defined optional fields; *sessionID*, *remote* and
                    "enabled" : true,
                    "mandatory_fields" : {
                                          "timestamp" : "",
-                                         "real_userid" : {"domain" : "", "user" : ""}
+                                         "real_userid" : {"domain" : "", "user" : ""},
+                                         "remote" : {"ip" : "", "port" : 1},
+                                         "local": {"ip" : "", "port" : 1}
                                         },
                    "optional_fields" : {
-                                        "sessionid" : ""
-                                        "remote" : {"ip" : "", "port" : 1}
+                                        "sessionid" : "",
                                         "effective_userid" : {"domain" : "", "user" : ""}
                                        }
                 }

daemon/connection.cc

@@ -1362,8 +1362,8 @@ Connection::Connection(FrontEndThread& thr)
       connectedToSystemPort(false),
       base(nullptr),
       thread(thr),
-      peername("unknown"),
-      sockname("unknown"),
+      peername(R"({"ip":"unknown","port":0})"),
+      sockname(R"({"ip":"unknown","port":0})"),
       stateMachine(*this),
       max_reqs_per_event(Settings::instance().getRequestsPerEventNotification(
               EventPriority::Default)) {
@@ -1383,8 +1383,8 @@ Connection::Connection(SOCKET sfd,
       base(b),
       thread(thr),
       parent_port(ifc.port),
-      peername(cb::net::getpeername(socketDescriptor)),
-      sockname(cb::net::getsockname(socketDescriptor)),
+      peername(cb::net::getPeerNameAsJson(socketDescriptor).dump()),
+      sockname(cb::net::getSockNameAsJson(socketDescriptor).dump()),
       stateMachine(*this),
       max_reqs_per_event(Settings::instance().getRequestsPerEventNotification(
               EventPriority::Default)) {

daemon/mcaudit.cc

@@ -95,8 +95,8 @@ static nlohmann::json create_memcached_audit_object(const Connection& c) {
     nlohmann::json root;
 
     root["timestamp"] = ISOTime::generatetimestamp();
-    root["peername"] = c.getPeername();
-    root["sockname"] = c.getSockname();
+    root["remote"] = nlohmann::json::parse(c.getPeername());
+    root["local"] = nlohmann::json::parse(c.getSockname());
     root["real_userid"]["domain"] = to_string(c.getDomain());
     root["real_userid"]["user"] = c.getUsername();
 

etc/memcached_descriptor.json

@@ -15,11 +15,11 @@
           "domain": "",
           "user": ""
         },
-        "bucket": ""
+        "bucket": "",
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     },
     {
@@ -35,11 +35,11 @@
           "domain": "",
           "user": ""
         },
-        "reason": ""
+        "reason": "",
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     },
     {
@@ -55,11 +55,11 @@
           "domain": "",
           "user": ""
         },
-        "bucket": ""
+        "bucket": "",
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     },
     {
@@ -75,11 +75,11 @@
           "domain": "",
           "user": ""
         },
-        "bucket": ""
+        "bucket": "",
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     },
     {
@@ -95,11 +95,11 @@
           "domain": "",
           "user": ""
         },
-        "bucket": ""
+        "bucket": "",
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     },
     {
@@ -114,11 +114,11 @@
         "real_userid": {
           "domain": "",
           "user": ""
-        }
+        },
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     },
     {
@@ -135,8 +135,8 @@
           "domain": "",
           "user": ""
         },
-        "peername": "",
-        "sockname": ""
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
       }
@@ -158,8 +158,8 @@
           "domain": "",
           "user": ""
         },
-        "peername": "",
-        "sockname": ""
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
       }
@@ -179,8 +179,8 @@
           "domain": "",
           "user": ""
         },
-        "peername": "",
-        "sockname": ""
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
       }
@@ -200,8 +200,8 @@
           "domain": "",
           "user": ""
         },
-        "peername": "",
-        "sockname": ""
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
       }
@@ -221,8 +221,8 @@
           "domain": "",
           "user": ""
         },
-        "peername": "",
-        "sockname": ""
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
       }
@@ -242,8 +242,8 @@
           "domain": "",
           "user": ""
         },
-        "peername": "",
-        "sockname": ""
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
       }
@@ -261,11 +261,11 @@
           "domain": "",
           "user": ""
         },
-        "bucket": ""
+        "bucket": "",
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     },
     {
@@ -281,11 +281,11 @@
         "real_userid": {
           "domain": "",
           "user": ""
-        }
+        },
+        "remote": { "ip": "", "port": 1 },
+        "local": { "ip": "", "port": 1 }
       },
       "optional_fields": {
-        "peername": "",
-        "sockname": ""
       }
     }
   ]

tests/testapp/testapp_audit.cc

@@ -468,3 +468,34 @@ TEST_P(AuditTest, MB33603_Filtering) {
     EXPECT_FALSE(found)
             << "Filtering out memcached generated events don't work";
 }
+
+TEST_P(AuditTest, MB41183_UnifiedConnectionDescription) {
+    BinprotSaslAuthCommand cmd;
+    cmd.setChallenge({"\0MB41183\0nopassword", 18});
+    cmd.setMechanism("PLAIN");
+
+    auto rsp = getConnection().execute(cmd);
+    EXPECT_EQ(cb::mcbp::ClientOpcode::SaslAuth, rsp.getOp());
+    EXPECT_EQ(cb::mcbp::Status::AuthError, rsp.getStatus());
+
+    iterate([](const nlohmann::json& entry) {
+        if (entry.find("peername") != entry.cend() ||
+            entry.find("sockname") != entry.cend()) {
+            throw std::runtime_error(
+                    "FAIL: peername or sockname should not be present: " +
+                    entry.dump());
+        }
+
+        if (entry["id"].get<int>() != MEMCACHED_AUDIT_AUTHENTICATION_FAILED) {
+            return false;
+        }
+
+        // THe following piece of code will throw exceptions if they don't
+        // exists or is of wrong type
+        entry["remote"]["ip"].get<std::string>();
+        entry["remote"]["port"].get<int>();
+        entry["local"]["ip"].get<std::string>();
+        entry["local"]["port"].get<int>();
+        return true;
+    });
+}