diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/async_resolve.hpp | 2 | ||||
-rw-r--r-- | include/authentication.hpp | 123 | ||||
-rw-r--r-- | include/sessions.hpp | 34 | ||||
-rw-r--r-- | include/ssl_key_handler.hpp | 2 | ||||
-rw-r--r-- | include/vm_websocket.hpp | 6 |
5 files changed, 67 insertions, 100 deletions
diff --git a/include/async_resolve.hpp b/include/async_resolve.hpp index 798c3e8964..2d9899d1a4 100644 --- a/include/async_resolve.hpp +++ b/include/async_resolve.hpp @@ -1,5 +1,4 @@ #pragma once -#ifdef BMCWEB_DBUS_DNS_RESOLVER #include "dbus_singleton.hpp" #include "logging.hpp" @@ -124,4 +123,3 @@ class Resolver }; } // namespace async_resolve -#endif diff --git a/include/authentication.hpp b/include/authentication.hpp index ad9759bf49..6483365bef 100644 --- a/include/authentication.hpp +++ b/include/authentication.hpp @@ -32,8 +32,7 @@ inline void cleanupTempSession(const Request& req) } } -#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performBasicAuth(const boost::asio::ip::address& clientIp, std::string_view authHeader) { @@ -86,10 +85,8 @@ static std::shared_ptr<persistent_data::UserSession> user, clientIp, std::nullopt, persistent_data::PersistenceType::SINGLE_REQUEST, isConfigureSelfOnly); } -#endif -#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performTokenAuth(std::string_view authHeader) { BMCWEB_LOG_DEBUG("[AuthMiddleware] Token authentication"); @@ -102,10 +99,8 @@ static std::shared_ptr<persistent_data::UserSession> persistent_data::SessionStore::getInstance().loginSessionByToken(token); return sessionOut; } -#endif -#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performXtokenAuth(const boost::beast::http::header<true>& reqHeader) { BMCWEB_LOG_DEBUG("[AuthMiddleware] X-Auth-Token authentication"); @@ -119,10 +114,8 @@ static std::shared_ptr<persistent_data::UserSession> persistent_data::SessionStore::getInstance().loginSessionByToken(token); return sessionOut; } -#endif -#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performCookieAuth(boost::beast::http::verb method [[maybe_unused]], const boost::beast::http::header<true>& reqHeader) { @@ -159,37 +152,36 @@ static std::shared_ptr<persistent_data::UserSession> return nullptr; } sessionOut->cookieAuth = true; -#ifndef BMCWEB_INSECURE_DISABLE_CSRF_PREVENTION - // RFC7231 defines methods that need csrf protection - if (method != boost::beast::http::verb::get) + + if constexpr (BMCWEB_INSECURE_DISABLE_CSRF) { - std::string_view csrf = reqHeader["X-XSRF-TOKEN"]; - // Make sure both tokens are filled - if (csrf.empty() || sessionOut->csrfToken.empty()) + // RFC7231 defines methods that need csrf protection + if (method != boost::beast::http::verb::get) { - return nullptr; - } + std::string_view csrf = reqHeader["X-XSRF-TOKEN"]; + // Make sure both tokens are filled + if (csrf.empty() || sessionOut->csrfToken.empty()) + { + return nullptr; + } - if (csrf.size() != persistent_data::sessionTokenSize) - { - return nullptr; - } - // Reject if csrf token not available - if (!crow::utility::constantTimeStringCompare( - csrf, sessionOut->csrfToken)) - { - return nullptr; + if (csrf.size() != persistent_data::sessionTokenSize) + { + return nullptr; + } + // Reject if csrf token not available + if (!crow::utility::constantTimeStringCompare( + csrf, sessionOut->csrfToken)) + { + return nullptr; + } } } -#endif - return sessionOut; } return nullptr; } -#endif -#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION -static std::shared_ptr<persistent_data::UserSession> +inline std::shared_ptr<persistent_data::UserSession> performTLSAuth(Response& res, const boost::beast::http::header<true>& reqHeader, const std::weak_ptr<persistent_data::UserSession>& session) @@ -219,11 +211,9 @@ static std::shared_ptr<persistent_data::UserSession> } return nullptr; } -#endif // checks if request can be forwarded without authentication -[[maybe_unused]] static bool isOnAllowlist(std::string_view url, - boost::beast::http::verb method) +inline bool isOnAllowlist(std::string_view url, boost::beast::http::verb method) { if (boost::beast::http::verb::get == method) { @@ -257,51 +247,54 @@ static std::shared_ptr<persistent_data::UserSession> return false; } -[[maybe_unused]] static std::shared_ptr<persistent_data::UserSession> - authenticate( - const boost::asio::ip::address& ipAddress [[maybe_unused]], - Response& res [[maybe_unused]], - boost::beast::http::verb method [[maybe_unused]], - const boost::beast::http::header<true>& reqHeader, - [[maybe_unused]] const std::shared_ptr<persistent_data::UserSession>& - session) +inline std::shared_ptr<persistent_data::UserSession> authenticate( + const boost::asio::ip::address& ipAddress [[maybe_unused]], + Response& res [[maybe_unused]], + boost::beast::http::verb method [[maybe_unused]], + const boost::beast::http::header<true>& reqHeader, + [[maybe_unused]] const std::shared_ptr<persistent_data::UserSession>& + session) { const persistent_data::AuthConfigMethods& authMethodsConfig = persistent_data::SessionStore::getInstance().getAuthMethodsConfig(); std::shared_ptr<persistent_data::UserSession> sessionOut = nullptr; -#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION - if (authMethodsConfig.tls) + if constexpr (BMCWEB_MUTUAL_TLS_AUTH) { - sessionOut = performTLSAuth(res, reqHeader, session); + if (authMethodsConfig.tls) + { + sessionOut = performTLSAuth(res, reqHeader, session); + } } -#endif -#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION - if (sessionOut == nullptr && authMethodsConfig.xtoken) + if constexpr (BMCWEB_XTOKEN_AUTH) { - sessionOut = performXtokenAuth(reqHeader); + if (sessionOut == nullptr && authMethodsConfig.xtoken) + { + sessionOut = performXtokenAuth(reqHeader); + } } -#endif -#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION - if (sessionOut == nullptr && authMethodsConfig.cookie) + if constexpr (BMCWEB_COOKIE_AUTH) { - sessionOut = performCookieAuth(method, reqHeader); + if (sessionOut == nullptr && authMethodsConfig.cookie) + { + sessionOut = performCookieAuth(method, reqHeader); + } } -#endif std::string_view authHeader = reqHeader["Authorization"]; BMCWEB_LOG_DEBUG("authHeader={}", authHeader); - - if (sessionOut == nullptr && authMethodsConfig.sessionToken) + if constexpr (BMCWEB_SESSION_AUTH) { -#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION - sessionOut = performTokenAuth(authHeader); -#endif + if (sessionOut == nullptr && authMethodsConfig.sessionToken) + { + sessionOut = performTokenAuth(authHeader); + } } - if (sessionOut == nullptr && authMethodsConfig.basic) + if constexpr (BMCWEB_BASIC_AUTH) { -#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION - sessionOut = performBasicAuth(ipAddress, authHeader); -#endif + if (sessionOut == nullptr && authMethodsConfig.basic) + { + sessionOut = performBasicAuth(ipAddress, authHeader); + } } if (sessionOut != nullptr) { diff --git a/include/sessions.hpp b/include/sessions.hpp index 1d0b620fb1..50299b8f20 100644 --- a/include/sessions.hpp +++ b/include/sessions.hpp @@ -134,35 +134,11 @@ struct UserSession struct AuthConfigMethods { -#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION - bool basic = true; -#else - bool basic = false; -#endif - -#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION - bool sessionToken = true; -#else - bool sessionToken = false; -#endif - -#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION - bool xtoken = true; -#else - bool xtoken = false; -#endif - -#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION - bool cookie = true; -#else - bool cookie = false; -#endif - -#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION - bool tls = true; -#else - bool tls = false; -#endif + bool basic = BMCWEB_BASIC_AUTH; + bool sessionToken = BMCWEB_SESSION_AUTH; + bool xtoken = BMCWEB_XTOKEN_AUTH; + bool cookie = BMCWEB_COOKIE_AUTH; + bool tls = BMCWEB_MUTUAL_TLS_AUTH; void fromJson(const nlohmann::json& j) { diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index d7255dd87d..36477da02c 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -485,7 +485,7 @@ inline std::shared_ptr<boost::asio::ssl::context> mSslContext->use_private_key_file(sslPemFile, boost::asio::ssl::context::pem); - if constexpr (bmcwebEnableHTTP2) + if constexpr (BMCWEB_EXPERIMENTAL_HTTP2) { SSL_CTX_set_next_protos_advertised_cb(mSslContext->native_handle(), nextProtoCallback, nullptr); diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp index 14672e59d8..b489a4265f 100644 --- a/include/vm_websocket.hpp +++ b/include/vm_websocket.hpp @@ -517,10 +517,10 @@ namespace obmc_vm inline void requestRoutes(App& app) { static_assert( - !(bmcwebVmWebsocket && bmcwebNbdProxy), + !(BMCWEB_VM_WEBSOCKET && BMCWEB_VM_NBDPROXY), "nbd proxy cannot be turned on at the same time as vm websocket."); - if constexpr (bmcwebNbdProxy) + if constexpr (BMCWEB_VM_NBDPROXY) { BMCWEB_ROUTE(app, "/nbd/<str>") .privileges({{"ConfigureComponents", "ConfigureManager"}}) @@ -536,7 +536,7 @@ inline void requestRoutes(App& app) .onclose(nbd_proxy::onClose) .onmessageex(nbd_proxy::onMessage); } - if constexpr (bmcwebVmWebsocket) + if constexpr (BMCWEB_VM_WEBSOCKET) { BMCWEB_ROUTE(app, "/vm/0/0") .privileges({{"ConfigureComponents", "ConfigureManager"}}) |