diff options
author | Ed Tanous <ed.tanous@intel.com> | 2019-10-11 00:33:54 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2019-10-21 23:25:08 +0300 |
commit | 8251ffee18bc18b7cdda281b3ec137023aa79303 (patch) | |
tree | 13e8e75db89cb31bb595723f758fe4cc319fb954 /include | |
parent | 1f56a3a6031ba5992d52532cf2d32c76253c9167 (diff) | |
download | bmcweb-8251ffee18bc18b7cdda281b3ec137023aa79303.tar.xz |
Add "requires" handlers to all non-trivial routes
This commit is the result of an audit to add user levels to the various
components that need them. As written:
KVM requires admin privilege
Virtual media requires admin privilege
image upload requires admin privilege
/subscribe API requies Login privilege
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I6384f23769a5ac23f653519656721da7373f088f
Diffstat (limited to 'include')
-rw-r--r-- | include/dbus_monitor.hpp | 1 | ||||
-rw-r--r-- | include/image_upload.hpp | 2 | ||||
-rw-r--r-- | include/kvm_websocket.hpp | 1 | ||||
-rw-r--r-- | include/obmc_console.hpp | 1 | ||||
-rw-r--r-- | include/openbmc_dbus_rest.hpp | 1 | ||||
-rw-r--r-- | include/vm_websocket.hpp | 1 |
6 files changed, 7 insertions, 0 deletions
diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp index 662d3c6aa5..0543c7b9f5 100644 --- a/include/dbus_monitor.hpp +++ b/include/dbus_monitor.hpp @@ -114,6 +114,7 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata, template <typename... Middlewares> void requestRoutes(Crow<Middlewares...>& app) { BMCWEB_ROUTE(app, "/subscribe") + .requires({"Login"}) .websocket() .onopen([&](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/image_upload.hpp b/include/image_upload.hpp index ba9c403f29..69e5637361 100644 --- a/include/image_upload.hpp +++ b/include/image_upload.hpp @@ -111,6 +111,7 @@ inline void uploadImageHandler(const crow::Request& req, crow::Response& res, template <typename... Middlewares> void requestRoutes(Crow<Middlewares...>& app) { BMCWEB_ROUTE(app, "/upload/image/<str>") + .requires({"ConfigureComponents", "ConfigureManager"}) .methods("POST"_method, "PUT"_method)([](const crow::Request& req, crow::Response& res, const std::string& filename) { @@ -118,6 +119,7 @@ template <typename... Middlewares> void requestRoutes(Crow<Middlewares...>& app) }); BMCWEB_ROUTE(app, "/upload/image") + .requires({"ConfigureComponents", "ConfigureManager"}) .methods("POST"_method, "PUT"_method)( [](const crow::Request& req, crow::Response& res) { uploadImageHandler(req, res, ""); diff --git a/include/kvm_websocket.hpp b/include/kvm_websocket.hpp index 817f7c4a70..d97b03e885 100644 --- a/include/kvm_websocket.hpp +++ b/include/kvm_websocket.hpp @@ -159,6 +159,7 @@ inline void requestRoutes(CrowApp& app) sessions.reserve(maxSessions); BMCWEB_ROUTE(app, "/kvm/0") + .requires({"ConfigureComponents", "ConfigureManager"}) .websocket() .onopen([](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/obmc_console.hpp b/include/obmc_console.hpp index b8afba6d71..b545f960e1 100644 --- a/include/obmc_console.hpp +++ b/include/obmc_console.hpp @@ -104,6 +104,7 @@ void connectHandler(const boost::system::error_code& ec) void requestRoutes(CrowApp& app) { BMCWEB_ROUTE(app, "/console0") + .requires({"ConfigureComponents", "ConfigureManager"}) .websocket() .onopen([](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/openbmc_dbus_rest.hpp b/include/openbmc_dbus_rest.hpp index 93c198e676..a4cccb167b 100644 --- a/include/openbmc_dbus_rest.hpp +++ b/include/openbmc_dbus_rest.hpp @@ -2233,6 +2233,7 @@ template <typename... Middlewares> void requestRoutes(Crow<Middlewares...> &app) }); BMCWEB_ROUTE(app, "/bus/system/<str>/<path>") + .requires({"ConfigureComponents", "ConfigureManager"}) .methods("GET"_method, "POST"_method)([](const crow::Request &req, crow::Response &res, diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp index 57a690c205..d1127a4209 100644 --- a/include/vm_websocket.hpp +++ b/include/vm_websocket.hpp @@ -160,6 +160,7 @@ static std::shared_ptr<Handler> handler; template <typename... Middlewares> void requestRoutes(Crow<Middlewares...>& app) { BMCWEB_ROUTE(app, "/vm/0/0") + .requires({"ConfigureComponents", "ConfigureManager"}) .websocket() .onopen([](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; |