From 9b27d3e7c1670d53cfb1c0a88cc75155ebfba71a Mon Sep 17 00:00:00 2001
From: P Dheeraj Srujan Kumar
Date: Mon, 18 Oct 2021 22:58:29 +0530
Subject: [PATCH] Add Privileges to Websockets
This commit adds Privileges to Websockets.
In the current implementation, once a rule is upgraded (i.e. from
BaseRule to WebSocket), there is no provosion to add priviliges.
In this commit, WebSocket inherits PrivilegeParameterTraits to enable
privileges.
Also, in the earlier implementation, .privilege() was called after
BMCWEB_ROUTE(). This results in adding those privileges to the Base rule
that is created. By moving the privileges() below websocket(), the
privileges are applied to the websocket.
Tested:
- websocket_test.py Passed
- Admin and Operator users were able to access KVM on WebUI
- Readonly User was unable to access KVM on WebUI
Change-Id: Iff2051dbb7d363c902fd463fa446f280adc6d648
Signed-off-by: P Dheeraj Srujan Kumar
---
http/routing.hpp | 4 +++-
include/dbus_monitor.hpp | 3 ++-
include/kvm_websocket.hpp | 4 +++-
include/obmc_console.hpp | 4 +++-
include/vm_websocket.hpp | 4 +++-
5 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/http/routing.hpp b/http/routing.hpp
index e2a8fbb..6ea3185 100644
--- a/http/routing.hpp
+++ b/http/routing.hpp
@@ -345,7 +345,9 @@ struct PrivilegeParameterTraits
}
};
-class WebSocketRule : public BaseRule
+class WebSocketRule :
+ public BaseRule,
+ public PrivilegeParameterTraits
{
using self_t = WebSocketRule;
diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp
index a6c86c6..163f884 100644
--- a/include/dbus_monitor.hpp
+++ b/include/dbus_monitor.hpp
@@ -5,6 +5,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -105,8 +106,8 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata,
inline void requestRoutes(App& app)
{
BMCWEB_ROUTE(app, "/subscribe")
- .privileges({{"Login"}})
.websocket()
+ .privileges(redfish::privileges::privilegeSetLogin)
.onopen([&](crow::websocket::Connection& conn,
const std::shared_ptr&) {
BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened";
diff --git a/include/kvm_websocket.hpp b/include/kvm_websocket.hpp
index a9dc8ea..3f124a2 100644
--- a/include/kvm_websocket.hpp
+++ b/include/kvm_websocket.hpp
@@ -4,6 +4,7 @@
#include
#include
#include
+#include
#include
namespace crow
@@ -159,8 +160,9 @@ inline void requestRoutes(App& app)
sessions.reserve(maxSessions);
BMCWEB_ROUTE(app, "/kvm/0")
- .privileges({{"ConfigureComponents", "ConfigureManager"}})
.websocket()
+ .privileges(redfish::privileges::
+ privilegeSetConfigureManagerOrConfigureComponents)
.onopen([](crow::websocket::Connection& conn,
const std::shared_ptr&) {
BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened";
diff --git a/include/obmc_console.hpp b/include/obmc_console.hpp
index ff0a51f..22a49a8 100644
--- a/include/obmc_console.hpp
+++ b/include/obmc_console.hpp
@@ -6,6 +6,7 @@
#include
#include
#include
+#include
#include
namespace crow
@@ -136,8 +137,9 @@ inline void connectHandler(const boost::system::error_code& ec)
inline void requestRoutes(App& app)
{
BMCWEB_ROUTE(app, "/console0")
- .privileges({{"ConfigureComponents", "ConfigureManager"}})
.websocket()
+ .privileges(redfish::privileges::
+ privilegeSetConfigureManagerOrConfigureComponents)
.onopen([](crow::websocket::Connection& conn,
const std::shared_ptr&) {
BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened";
diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp
index 02f958a..ebbe68f 100644
--- a/include/vm_websocket.hpp
+++ b/include/vm_websocket.hpp
@@ -3,6 +3,7 @@
#include
#include
#include
+#include
#include
#include
@@ -156,8 +157,9 @@ static std::shared_ptr handler;
inline void requestRoutes(App& app)
{
BMCWEB_ROUTE(app, "/vm/0/0")
- .privileges({{"ConfigureComponents", "ConfigureManager"}})
.websocket()
+ .privileges(redfish::privileges::
+ privilegeSetConfigureManagerOrConfigureComponents)
.onopen([](crow::websocket::Connection& conn,
const std::shared_ptr&) {
BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened";
--
2.17.1