From 1fc0d70f658da30091bcd49f9bf29aecd6b99ba7 Mon Sep 17 00:00:00 2001 From: "Jason M. Bills" Date: Thu, 6 Jan 2022 13:50:19 -0800 Subject: Update to internal 0.86 Signed-off-by: Jason M. Bills --- .../0004-Add-Privileges-to-Websockets.patch | 140 +++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/http_routing/0004-Add-Privileges-to-Websockets.patch (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/http_routing/0004-Add-Privileges-to-Websockets.patch') diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/http_routing/0004-Add-Privileges-to-Websockets.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/http_routing/0004-Add-Privileges-to-Websockets.patch new file mode 100644 index 000000000..64e235ce3 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/http_routing/0004-Add-Privileges-to-Websockets.patch @@ -0,0 +1,140 @@ +From 9b27d3e7c1670d53cfb1c0a88cc75155ebfba71a Mon Sep 17 00:00:00 2001 +From: P Dheeraj Srujan Kumar +Date: Mon, 18 Oct 2021 22:58:29 +0530 +Subject: [PATCH] Add Privileges to Websockets + +This commit adds Privileges to Websockets. +In the current implementation, once a rule is upgraded (i.e. from +BaseRule to WebSocket), there is no provosion to add priviliges. +In this commit, WebSocket inherits PrivilegeParameterTraits to enable +privileges. + +Also, in the earlier implementation, .privilege() was called after +BMCWEB_ROUTE(). This results in adding those privileges to the Base rule +that is created. By moving the privileges() below websocket(), the +privileges are applied to the websocket. + +Tested: + - websocket_test.py Passed + - Admin and Operator users were able to access KVM on WebUI + - Readonly User was unable to access KVM on WebUI + +Change-Id: Iff2051dbb7d363c902fd463fa446f280adc6d648 +Signed-off-by: P Dheeraj Srujan Kumar +--- + http/routing.hpp | 4 +++- + include/dbus_monitor.hpp | 3 ++- + include/kvm_websocket.hpp | 4 +++- + include/obmc_console.hpp | 4 +++- + include/vm_websocket.hpp | 4 +++- + 5 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/http/routing.hpp b/http/routing.hpp +index e2a8fbb..6ea3185 100644 +--- a/http/routing.hpp ++++ b/http/routing.hpp +@@ -345,7 +345,9 @@ struct PrivilegeParameterTraits + } + }; + +-class WebSocketRule : public BaseRule ++class WebSocketRule : ++ public BaseRule, ++ public PrivilegeParameterTraits + { + using self_t = WebSocketRule; + +diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp +index a6c86c6..163f884 100644 +--- a/include/dbus_monitor.hpp ++++ b/include/dbus_monitor.hpp +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -105,8 +106,8 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata, + inline void requestRoutes(App& app) + { + BMCWEB_ROUTE(app, "/subscribe") +- .privileges({{"Login"}}) + .websocket() ++ .privileges(redfish::privileges::privilegeSetLogin) + .onopen([&](crow::websocket::Connection& conn, + const std::shared_ptr&) { + BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; +diff --git a/include/kvm_websocket.hpp b/include/kvm_websocket.hpp +index a9dc8ea..3f124a2 100644 +--- a/include/kvm_websocket.hpp ++++ b/include/kvm_websocket.hpp +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + #include + + namespace crow +@@ -159,8 +160,9 @@ inline void requestRoutes(App& app) + sessions.reserve(maxSessions); + + BMCWEB_ROUTE(app, "/kvm/0") +- .privileges({{"ConfigureComponents", "ConfigureManager"}}) + .websocket() ++ .privileges(redfish::privileges:: ++ privilegeSetConfigureManagerOrConfigureComponents) + .onopen([](crow::websocket::Connection& conn, + const std::shared_ptr&) { + BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; +diff --git a/include/obmc_console.hpp b/include/obmc_console.hpp +index ff0a51f..22a49a8 100644 +--- a/include/obmc_console.hpp ++++ b/include/obmc_console.hpp +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + #include + + namespace crow +@@ -136,8 +137,9 @@ inline void connectHandler(const boost::system::error_code& ec) + inline void requestRoutes(App& app) + { + BMCWEB_ROUTE(app, "/console0") +- .privileges({{"ConfigureComponents", "ConfigureManager"}}) + .websocket() ++ .privileges(redfish::privileges:: ++ privilegeSetConfigureManagerOrConfigureComponents) + .onopen([](crow::websocket::Connection& conn, + const std::shared_ptr&) { + BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; +diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp +index 02f958a..ebbe68f 100644 +--- a/include/vm_websocket.hpp ++++ b/include/vm_websocket.hpp +@@ -3,6 +3,7 @@ + #include + #include + #include ++#include + #include + + #include +@@ -156,8 +157,9 @@ static std::shared_ptr handler; + inline void requestRoutes(App& app) + { + BMCWEB_ROUTE(app, "/vm/0/0") +- .privileges({{"ConfigureComponents", "ConfigureManager"}}) + .websocket() ++ .privileges(redfish::privileges:: ++ privilegeSetConfigureManagerOrConfigureComponents) + .onopen([](crow::websocket::Connection& conn, + const std::shared_ptr&) { + BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; +-- +2.17.1 + -- cgit v1.2.3