diff options
| author | Paul Fertser <fercerpav@gmail.com> | 2024-06-27 01:27:59 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2024-07-01 19:06:31 +0300 |
| commit | 478c5a57ac1143d689f3d3670092c2eb75e0f0c4 (patch) | |
| tree | 113757afc7ef099e5cf120af26683ab8107bed2a /redfish-core | |
| parent | 1cf823137844d1f3ef28c3b7129d8a7eb7f2662a (diff) | |
| download | bmcweb-478c5a57ac1143d689f3d3670092c2eb75e0f0c4.tar.xz | |
Fix returning Roles for Sessions POST
When the session is just getting created the normal privileges
validation workflow isn't executed and so the current role remains
unknown. Fix this by refactoring dbus_privileges.hpp to allow obtaining
the information from phosphor-user-manager late in the request
processing.
Tested: Redfish Service Validator passes.
Creating a session for local user:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
{
"@odata.id": "/redfish/v1/SessionService/Sessions/lfFsCNjshV",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "172.40.1.4",
"Description": "Manager User Session",
"Id": "lfFsCNjshV",
"Name": "User Session",
"Roles": [
"Administrator"
],
"UserName": "root"
}
```
Creating a session for remote user mapped to Operator:
```
$ curl -k -H "Content-Type: application/json" -X POST https://172.41.1.250:18080/redfish/v1/SessionService/Sessions -d '{"UserName":ldap_sync", "Password":"ldap_password"}'
{
"@odata.id": "/redfish/v1/SessionService/Sessions/qVffc4ePJK",
"@odata.type": "#Session.v1_7_0.Session",
"ClientOriginIPAddress": "172.40.1.4",
"Description": "Manager User Session",
"Id": "qVffc4ePJK",
"Name": "User Session",
"Roles": [
"Operator"
],
"UserName": "ldap_sync"
}
```
Fixes: https://github.com/openbmc/bmcweb/issues/280
Fixes: ce22f6099e7e28ae26591348bf484ebedbc1ed42
Change-Id: If76c43563244e3819ee3fbc60d9df7f6a21c1fa3
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Diffstat (limited to 'redfish-core')
| -rw-r--r-- | redfish-core/lib/redfish_sessions.hpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp index b38f9249a6..555e7f32ac 100644 --- a/redfish-core/lib/redfish_sessions.hpp +++ b/redfish-core/lib/redfish_sessions.hpp @@ -257,7 +257,9 @@ inline void handleSessionCollectionPost( session->username)); } - fillSessionObject(asyncResp->res, *session); + crow::getUserInfo(asyncResp, username, session, [asyncResp, session]() { + fillSessionObject(asyncResp->res, *session); + }); } inline void handleSessionServiceHead( crow::App& app, const crow::Request& req, |