diff options
-rw-r--r-- | http/http_connection.hpp | 8 | ||||
-rw-r--r-- | include/authorization.hpp | 16 | ||||
-rw-r--r-- | meson.build | 3 | ||||
-rw-r--r-- | meson_options.txt | 1 |
4 files changed, 15 insertions, 13 deletions
diff --git a/http/http_connection.hpp b/http/http_connection.hpp index 4b4310f7d1..fb5eac733e 100644 --- a/http/http_connection.hpp +++ b/http/http_connection.hpp @@ -354,7 +354,7 @@ class Connection : completeRequest(); return; } - +#ifndef BMCWEB_INSECURE_DISABLE_AUTHENTICATION if (!crow::authorization::isOnAllowlist(req->url, req->method()) && thisReq.session == nullptr) { @@ -365,7 +365,7 @@ class Connection : completeRequest(); return; } - +#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION res.setCompleteRequestHandler([self(shared_from_this())] { boost::asio::post(self->adaptor.get_executor(), [self] { self->completeRequest(); }); @@ -566,7 +566,6 @@ class Connection : return; } - boost::beast::http::verb method = parser->get().method(); readClientIp(); boost::asio::ip::address ip; @@ -575,8 +574,11 @@ class Connection : BMCWEB_LOG_DEBUG << "Unable to get client IP"; } sessionIsFromTransport = false; +#ifndef BMCWEB_INSECURE_DISABLE_AUTHENTICATION + boost::beast::http::verb method = parser->get().method(); userSession = crow::authorization::authenticate( ip, res, method, parser->get().base(), userSession); +#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION bool loggedIn = userSession != nullptr; if (loggedIn) { diff --git a/include/authorization.hpp b/include/authorization.hpp index 40a6119877..202628c243 100644 --- a/include/authorization.hpp +++ b/include/authorization.hpp @@ -223,7 +223,8 @@ static std::shared_ptr<persistent_data::UserSession> #endif // checks if request can be forwarded without authentication -static bool isOnAllowlist(std::string_view url, boost::beast::http::verb method) +[[maybe_unused]] static bool isOnAllowlist(std::string_view url, + boost::beast::http::verb method) { if (boost::beast::http::verb::get == method) { @@ -255,12 +256,13 @@ static bool isOnAllowlist(std::string_view url, boost::beast::http::verb method) return false; } -static std::shared_ptr<persistent_data::UserSession> authenticate( - boost::asio::ip::address& ipAddress [[maybe_unused]], - Response& res [[maybe_unused]], boost::beast::http::verb method, - const boost::beast::http::header<true>& reqHeader, - [[maybe_unused]] const std::shared_ptr<persistent_data::UserSession>& - session) +[[maybe_unused]] static std::shared_ptr<persistent_data::UserSession> + authenticate( + boost::asio::ip::address& ipAddress [[maybe_unused]], + Response& res [[maybe_unused]], boost::beast::http::verb method, + const boost::beast::http::header<true>& reqHeader, + [[maybe_unused]] const std::shared_ptr<persistent_data::UserSession>& + session) { const persistent_data::AuthConfigMethods& authMethodsConfig = persistent_data::SessionStore::getInstance().getAuthMethodsConfig(); diff --git a/meson.build b/meson.build index bdfa36eb0c..01417f2b3b 100644 --- a/meson.build +++ b/meson.build @@ -72,7 +72,6 @@ feature_map = { 'insecure-tftp-update' : '-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE', 'kvm' : '-DBMCWEB_ENABLE_KVM' , 'mutual-tls-auth' : '-DBMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION', - 'pam' : '-DWEBSERVER_ENABLE_PAM', 'redfish' : '-DBMCWEB_ENABLE_REDFISH', 'redfish-bmc-journal' : '-DBMCWEB_ENABLE_REDFISH_BMC_JOURNAL', 'redfish-cpu-log' : '-DBMCWEB_ENABLE_REDFISH_CPU_LOG', @@ -263,7 +262,7 @@ language : 'cpp') # automatically during the configure step bmcweb_dependencies = [] -pam = cxx.find_library('pam', required: get_option('pam')) +pam = cxx.find_library('pam', required: true) atomic = cxx.find_library('atomic', required: true) openssl = dependency('openssl', required : true) bmcweb_dependencies += [pam, atomic, openssl] diff --git a/meson_options.txt b/meson_options.txt index 6c0f6434c4..e2addbc0c0 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -1,4 +1,3 @@ -option('pam', type: 'feature', value : 'enabled', description : 'Built static libraries') option('yocto-deps', type: 'feature', value: 'disabled', description : 'Use YOCTO dependencies system') option('kvm', type : 'feature',value : 'enabled', description : 'Enable the KVM host video WebSocket. Path is \'/kvm/0\'. Video is from the BMC\'s \'/dev/video\' device.') option ('tests', type : 'feature', value : 'enabled', description : 'Enable Unit tests for bmcweb') |