diff options
author | AppaRao Puli <apparao.puli@linux.intel.com> | 2020-04-07 14:33:04 +0300 |
---|---|---|
committer | AppaRao Puli <apparao.puli@linux.intel.com> | 2020-04-22 21:14:21 +0300 |
commit | 3946028d2d3143109bb562841efce3e094c70c0b (patch) | |
tree | f4e5123fae37b84898ff2aafb9d83a0656500c05 /redfish-core/lib/log_services.hpp | |
parent | 0b631aeaba4093945071857d28adb8dafc12f291 (diff) | |
download | bmcweb-3946028d2d3143109bb562841efce3e094c70c0b.tar.xz |
Correct privilege levels for LogService
Correct the privilege levels for LogService as per
privilege registry under redfish specification.
https://redfish.dmtf.org/registries/Redfish_1.0.4_PrivilegeRegistry.json
1) ClearLog actions(EventLog, CrashDump, PostCode,
JournalLog etc..) are subordinates of LogService
should be executed with "ConfigureComponents"
privilege level.
2) For security reasons, Restricted CrashDump
(LogService and LogEntry) to "ConfigureComponents".
Tested:
- Created Operator, User and Administrator users
and validated all methods under LogService, LogEntry
LogServiceCollections and LogEntryCollections, its
subordinates.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I4ce1ee90b3b999a80daa9aa20e5e7d79b64a9b85
Diffstat (limited to 'redfish-core/lib/log_services.hpp')
-rw-r--r-- | redfish-core/lib/log_services.hpp | 54 |
1 files changed, 34 insertions, 20 deletions
diff --git a/redfish-core/lib/log_services.hpp b/redfish-core/lib/log_services.hpp index d53c829339..73a7bb6f4b 100644 --- a/redfish-core/lib/log_services.hpp +++ b/redfish-core/lib/log_services.hpp @@ -1530,9 +1530,11 @@ class CrashdumpService : public Node CrashdumpService(CrowApp &app) : Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/") { + // Note: Deviated from redfish privilege registry for GET & HEAD + // method for security reasons. entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, + {boost::beast::http::verb::get, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::head, {{"ConfigureComponents"}}}, {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, {boost::beast::http::verb::put, {{"ConfigureManager"}}}, {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, @@ -1585,9 +1587,11 @@ class CrashdumpClear : public Node Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/" "LogService.ClearLog/") { + // Note: Deviated from redfish privilege registry for GET & HEAD + // method for security reasons. entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, + {boost::beast::http::verb::get, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::head, {{"ConfigureComponents"}}}, {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, @@ -1676,9 +1680,11 @@ class CrashdumpEntryCollection : public Node CrashdumpEntryCollection(CrowApp &app) : Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Entries/") { + // Note: Deviated from redfish privilege registry for GET & HEAD + // method for security reasons. entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, + {boost::beast::http::verb::get, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::head, {{"ConfigureComponents"}}}, {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, {boost::beast::http::verb::put, {{"ConfigureManager"}}}, {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, @@ -1761,9 +1767,11 @@ class CrashdumpEntry : public Node "/redfish/v1/Systems/system/LogServices/Crashdump/Entries/<str>/", std::string()) { + // Note: Deviated from redfish privilege registry for GET & HEAD + // method for security reasons. entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, + {boost::beast::http::verb::get, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::head, {{"ConfigureComponents"}}}, {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, {boost::beast::http::verb::put, {{"ConfigureManager"}}}, {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, @@ -1794,9 +1802,11 @@ class CrashdumpFile : public Node "<str>/", std::string(), std::string()) { + // Note: Deviated from redfish privilege registry for GET & HEAD + // method for security reasons. entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, + {boost::beast::http::verb::get, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::head, {{"ConfigureComponents"}}}, {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, {boost::beast::http::verb::put, {{"ConfigureManager"}}}, {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, @@ -1894,13 +1904,15 @@ class OnDemandCrashdump : public Node "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/" "Crashdump.OnDemand/") { + // Note: Deviated from redfish privilege registry for GET & HEAD + // method for security reasons. entityPrivileges = { - {boost::beast::http::verb::get, {{"Login"}}}, - {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, - {boost::beast::http::verb::put, {{"ConfigureManager"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, - {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; + {boost::beast::http::verb::get, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::head, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; } private: @@ -1962,6 +1974,8 @@ class SendRawPECI : public Node "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/" "Crashdump.SendRawPeci/") { + // Note: Deviated from redfish privilege registry for GET & HEAD + // method for security reasons. entityPrivileges = { {boost::beast::http::verb::get, {{"ConfigureComponents"}}}, {boost::beast::http::verb::head, {{"ConfigureComponents"}}}, @@ -2152,10 +2166,10 @@ class PostCodesClear : public Node entityPrivileges = { {boost::beast::http::verb::get, {{"Login"}}}, {boost::beast::http::verb::head, {{"Login"}}}, - {boost::beast::http::verb::patch, {{"ConfigureManager"}}}, - {boost::beast::http::verb::put, {{"ConfigureManager"}}}, - {boost::beast::http::verb::delete_, {{"ConfigureManager"}}}, - {boost::beast::http::verb::post, {{"ConfigureManager"}}}}; + {boost::beast::http::verb::patch, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::put, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}}, + {boost::beast::http::verb::post, {{"ConfigureComponents"}}}}; } private: |