diff options
| author | Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2020-02-24 12:23:56 +0300 |
|---|---|---|
| committer | Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> | 2020-03-05 11:42:23 +0300 |
| commit | 250b0ebb0e8d55882fa8e6b156f88828a7ba185d (patch) | |
| tree | 146596763a6cc809899e0d931fe0f6bd6012760b /redfish-core/lib/account_service.hpp | |
| parent | 363c23022eb3fb0cde577405e8a084a2e819b642 (diff) | |
| download | bmcweb-250b0ebb0e8d55882fa8e6b156f88828a7ba185d.tar.xz | |
Permission check for virtual media proxy mode
This patch enables checking of user permission for proxy mode, as start of
this kind service is not triggered by redfish (which has permission check by
default).
Permission check is done in .onopen handler of websocket. For this reason
another dbus call for user privileges is added to verify if user has
"ConfigureManager" privilege.
I have chosen this approach, as generic privilege check for all websockets
introduces significant changes in connection upgrade flow which makes
implementaion vague and caused some memory issues difficult to track down.
It is worth noting that other websockets (eg. kvm) uses .required()
function to set privilege but this information is lost during connection
upgrade and is not checked anywhere in upgrade flow.
Tested:
Manual tests with opening websockets via web browser and dedicated nbd proxy
utility. For users with/without appropriate permissions.
Single request and burst of requests has been tested as well.
Change-Id: I2a56bec606fa0e5f3d4232e48794c9055bf6095e
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
Diffstat (limited to 'redfish-core/lib/account_service.hpp')
0 files changed, 0 insertions, 0 deletions