summaryrefslogtreecommitdiff
path: root/redfish-core
diff options
context:
space:
mode:
authorAppaRao Puli <apparao.puli@linux.intel.com>2020-04-07 14:33:04 +0300
committerAppaRao Puli <apparao.puli@linux.intel.com>2020-04-22 21:14:21 +0300
commit3946028d2d3143109bb562841efce3e094c70c0b (patch)
treef4e5123fae37b84898ff2aafb9d83a0656500c05 /redfish-core
parent0b631aeaba4093945071857d28adb8dafc12f291 (diff)
downloadbmcweb-3946028d2d3143109bb562841efce3e094c70c0b.tar.xz
Correct privilege levels for LogService
Correct the privilege levels for LogService as per privilege registry under redfish specification. https://redfish.dmtf.org/registries/Redfish_1.0.4_PrivilegeRegistry.json 1) ClearLog actions(EventLog, CrashDump, PostCode, JournalLog etc..) are subordinates of LogService should be executed with "ConfigureComponents" privilege level. 2) For security reasons, Restricted CrashDump (LogService and LogEntry) to "ConfigureComponents". Tested: - Created Operator, User and Administrator users and validated all methods under LogService, LogEntry LogServiceCollections and LogEntryCollections, its subordinates. Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: I4ce1ee90b3b999a80daa9aa20e5e7d79b64a9b85
Diffstat (limited to 'redfish-core')
-rw-r--r--redfish-core/lib/log_services.hpp54
1 files changed, 34 insertions, 20 deletions
diff --git a/redfish-core/lib/log_services.hpp b/redfish-core/lib/log_services.hpp
index d53c829339..73a7bb6f4b 100644
--- a/redfish-core/lib/log_services.hpp
+++ b/redfish-core/lib/log_services.hpp
@@ -1530,9 +1530,11 @@ class CrashdumpService : public Node
CrashdumpService(CrowApp &app) :
Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/")
{
+ // Note: Deviated from redfish privilege registry for GET & HEAD
+ // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"Login"}}},
- {boost::beast::http::verb::head, {{"Login"}}},
+ {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -1585,9 +1587,11 @@ class CrashdumpClear : public Node
Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/"
"LogService.ClearLog/")
{
+ // Note: Deviated from redfish privilege registry for GET & HEAD
+ // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"Login"}}},
- {boost::beast::http::verb::head, {{"Login"}}},
+ {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
{boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
{boost::beast::http::verb::put, {{"ConfigureComponents"}}},
{boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
@@ -1676,9 +1680,11 @@ class CrashdumpEntryCollection : public Node
CrashdumpEntryCollection(CrowApp &app) :
Node(app, "/redfish/v1/Systems/system/LogServices/Crashdump/Entries/")
{
+ // Note: Deviated from redfish privilege registry for GET & HEAD
+ // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"Login"}}},
- {boost::beast::http::verb::head, {{"Login"}}},
+ {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -1761,9 +1767,11 @@ class CrashdumpEntry : public Node
"/redfish/v1/Systems/system/LogServices/Crashdump/Entries/<str>/",
std::string())
{
+ // Note: Deviated from redfish privilege registry for GET & HEAD
+ // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"Login"}}},
- {boost::beast::http::verb::head, {{"Login"}}},
+ {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -1794,9 +1802,11 @@ class CrashdumpFile : public Node
"<str>/",
std::string(), std::string())
{
+ // Note: Deviated from redfish privilege registry for GET & HEAD
+ // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"Login"}}},
- {boost::beast::http::verb::head, {{"Login"}}},
+ {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
{boost::beast::http::verb::patch, {{"ConfigureManager"}}},
{boost::beast::http::verb::put, {{"ConfigureManager"}}},
{boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
@@ -1894,13 +1904,15 @@ class OnDemandCrashdump : public Node
"/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
"Crashdump.OnDemand/")
{
+ // Note: Deviated from redfish privilege registry for GET & HEAD
+ // method for security reasons.
entityPrivileges = {
- {boost::beast::http::verb::get, {{"Login"}}},
- {boost::beast::http::verb::head, {{"Login"}}},
- {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
- {boost::beast::http::verb::put, {{"ConfigureManager"}}},
- {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
- {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
+ {boost::beast::http::verb::get, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::head, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
}
private:
@@ -1962,6 +1974,8 @@ class SendRawPECI : public Node
"/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/"
"Crashdump.SendRawPeci/")
{
+ // Note: Deviated from redfish privilege registry for GET & HEAD
+ // method for security reasons.
entityPrivileges = {
{boost::beast::http::verb::get, {{"ConfigureComponents"}}},
{boost::beast::http::verb::head, {{"ConfigureComponents"}}},
@@ -2152,10 +2166,10 @@ class PostCodesClear : public Node
entityPrivileges = {
{boost::beast::http::verb::get, {{"Login"}}},
{boost::beast::http::verb::head, {{"Login"}}},
- {boost::beast::http::verb::patch, {{"ConfigureManager"}}},
- {boost::beast::http::verb::put, {{"ConfigureManager"}}},
- {boost::beast::http::verb::delete_, {{"ConfigureManager"}}},
- {boost::beast::http::verb::post, {{"ConfigureManager"}}}};
+ {boost::beast::http::verb::patch, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::put, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::delete_, {{"ConfigureComponents"}}},
+ {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
}
private:
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-24 04:03:18 +0300