1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
From c2310caa0362eb01988a43a4b6114c52261628e0 Mon Sep 17 00:00:00 2001
From: AppaRao Puli <apparao.puli@linux.intel.com>
Date: Thu, 8 Oct 2020 12:33:57 +0530
Subject: [PATCH] get on crashdump can follow redfish privileges
Get & Head on crashdump uri's are deviated from redfish privilege
registries(LogService), thinking of security concerns. But it can
also follow normal 'Login' privilege like other LogService URI's.
There is not security issue as 'Login' privilege means user is
already authenticated.
Tested:
- Verified get & head on crashdump uri's with login
user and it works fine.
Change-Id: Iab913b633aa2daf5ecfa111a631071c095fa29d5
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
---
redfish-core/lib/log_services.hpp | 48 +++++++++++++--------------------------
1 file changed, 16 insertions(+), 32 deletions(-)
diff --git a/redfish-core/lib/log_services.hpp b/redfish-core/lib/log_services.hpp
index 590243c..e6090e5 100644
--- a/redfish-core/lib/log_services.hpp
+++ b/redfish-core/lib/log_services.hpp
@@ -2403,11 +2403,9 @@ class CrashdumpService : public Node
CrashdumpService(CrowApp& app) :
Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/")
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -2463,11 +2461,9 @@ class CrashdumpClear : public Node
Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/"
"LogService.ClearLog/")
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
{boost::beast::http::verb::put, {{"ConfigureComponents"}}},
{boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
@@ -2556,11 +2552,9 @@ class CrashdumpEntryCollection : public Node
CrashdumpEntryCollection(CrowApp& app) :
Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Entries/")
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -2643,11 +2637,9 @@ class CrashdumpEntry : public Node
"/redfish/v1/Systems/system/LogServices/Crashdump/Entries/<str>/",
std::string())
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -2678,11 +2670,9 @@ class CrashdumpFile : public Node
"<str>/",
std::string(), std::string())
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -2780,11 +2770,9 @@ class OnDemandCrashdump : public Node
"/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
"Crashdump.OnDemand/")
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
{boost::beast::http::verb::put, {{"ConfigureComponents"}}},
{boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
@@ -2852,11 +2840,9 @@ class TelemetryCrashdump : public Node
"/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
"Crashdump.Telemetry/")
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
{boost::beast::http::verb::put, {{"ConfigureComponents"}}},
{boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
@@ -2924,11 +2910,9 @@ class SendRawPECI : public Node
"/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
"Crashdump.SendRawPeci/")
{
- // Note: Deviated from redfish privilege registry for GET & HEAD
- // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
- {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::get, {{"Login"}}},
+ {boost::beast::http::verb::head, {{"Login"}}},
{boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
{boost::beast::http::verb::put, {{"ConfigureComponents"}}},
{boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
--
2.7.4
|
