From 9b27d3e7c1670d53cfb1c0a88cc75155ebfba71a Mon Sep 17 00:00:00 2001 From: P Dheeraj Srujan Kumar Date: Mon, 18 Oct 2021 22:58:29 +0530 Subject: [PATCH] Add Privileges to Websockets This commit adds Privileges to Websockets. In the current implementation, once a rule is upgraded (i.e. from BaseRule to WebSocket), there is no provosion to add priviliges. In this commit, WebSocket inherits PrivilegeParameterTraits to enable privileges. Also, in the earlier implementation, .privilege() was called after BMCWEB_ROUTE(). This results in adding those privileges to the Base rule that is created. By moving the privileges() below websocket(), the privileges are applied to the websocket. Tested: - websocket_test.py Passed - Admin and Operator users were able to access KVM on WebUI - Readonly User was unable to access KVM on WebUI Change-Id: Iff2051dbb7d363c902fd463fa446f280adc6d648 Signed-off-by: P Dheeraj Srujan Kumar --- http/routing.hpp | 4 +++- include/dbus_monitor.hpp | 3 ++- include/kvm_websocket.hpp | 4 +++- include/obmc_console.hpp | 4 +++- include/vm_websocket.hpp | 4 +++- 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/http/routing.hpp b/http/routing.hpp index e2a8fbb..6ea3185 100644 --- a/http/routing.hpp +++ b/http/routing.hpp @@ -345,7 +345,9 @@ struct PrivilegeParameterTraits } }; -class WebSocketRule : public BaseRule +class WebSocketRule : + public BaseRule, + public PrivilegeParameterTraits { using self_t = WebSocketRule; diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp index a6c86c6..163f884 100644 --- a/include/dbus_monitor.hpp +++ b/include/dbus_monitor.hpp @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -105,8 +106,8 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata, inline void requestRoutes(App& app) { BMCWEB_ROUTE(app, "/subscribe") - .privileges({{"Login"}}) .websocket() + .privileges(redfish::privileges::privilegeSetLogin) .onopen([&](crow::websocket::Connection& conn, const std::shared_ptr&) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/kvm_websocket.hpp b/include/kvm_websocket.hpp index a9dc8ea..3f124a2 100644 --- a/include/kvm_websocket.hpp +++ b/include/kvm_websocket.hpp @@ -4,6 +4,7 @@ #include #include #include +#include #include namespace crow @@ -159,8 +160,9 @@ inline void requestRoutes(App& app) sessions.reserve(maxSessions); BMCWEB_ROUTE(app, "/kvm/0") - .privileges({{"ConfigureComponents", "ConfigureManager"}}) .websocket() + .privileges(redfish::privileges:: + privilegeSetConfigureManagerOrConfigureComponents) .onopen([](crow::websocket::Connection& conn, const std::shared_ptr&) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/obmc_console.hpp b/include/obmc_console.hpp index ff0a51f..22a49a8 100644 --- a/include/obmc_console.hpp +++ b/include/obmc_console.hpp @@ -6,6 +6,7 @@ #include #include #include +#include #include namespace crow @@ -136,8 +137,9 @@ inline void connectHandler(const boost::system::error_code& ec) inline void requestRoutes(App& app) { BMCWEB_ROUTE(app, "/console0") - .privileges({{"ConfigureComponents", "ConfigureManager"}}) .websocket() + .privileges(redfish::privileges:: + privilegeSetConfigureManagerOrConfigureComponents) .onopen([](crow::websocket::Connection& conn, const std::shared_ptr&) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp index 02f958a..ebbe68f 100644 --- a/include/vm_websocket.hpp +++ b/include/vm_websocket.hpp @@ -3,6 +3,7 @@ #include #include #include +#include #include #include @@ -156,8 +157,9 @@ static std::shared_ptr handler; inline void requestRoutes(App& app) { BMCWEB_ROUTE(app, "/vm/0/0") - .privileges({{"ConfigureComponents", "ConfigureManager"}}) .websocket() + .privileges(redfish::privileges:: + privilegeSetConfigureManagerOrConfigureComponents) .onopen([](crow::websocket::Connection& conn, const std::shared_ptr&) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; -- 2.17.1