| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This commit enables privilege check for user(s) in case of upgraded
connections.
Currently users with no privileges will also be able to access
Websockets connections (Ex: KVM).
The privilege check was already in place for normal connections (i.e.
router->handle()). This commit lifts off the privilege check code and
moves it into a common function (validatePrivilege()), which can be used
both by handle() and handleUpgrade() and register required callback to
be called.
Also, the const qualifier for Request in the handleUpgrade() function's
signature is removed to enable setting "isConfigureSelf" field of
request. The signature of handleUpgrade() is made identical to handle()
Tested:
- websocket_test.py Passed
- Admin and Operator users are able to access KVM on WebUI
- Readonly User was unable to access KVM on WebUI
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I6f743c27e7e6077f1c6c56e6958922027e4404e8
|
|
This commit enables passing down the asyncResp (of the connection) to
the handler of upgraded connections. This is already in place for normal
requests (i.e. Class Router -> handle())
This change would enable any async calls that would be required before
upgrade of the connection. For example, as on today, we have only
Authentication of user in place for upgraded connection, but not
Authorization. So, this asyncResp could further be used for such dbus
calls to return informative response.
This commit updates the signature of all the handleUpgrade() functions
present in router.hpp to take in asyncResp object instead of normal
response.
Tested :
- websocket_test.py Passed
- KVM was functional in WebUI.
Change-Id: I1c6c91f126b734e1b5573d5ef204fe2bf6ed6c26
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
|
|
clang14 doesn't compile because of
"moving a temporary object prevents copy elision".
This also alligns the plaintext socket with style of SSL socket.
Tested: trivial change. It builds.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I9203cf162d738290306f9ba73ec0ab8f2ca5033c
|
|
While working on tests, I found that |app.hpp| is missing some boost
headers. I added them manually in this commit.
Tested: code compiles.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I1d2fb0f312e1810d836c986e320263a9581f13f2
|
|
App.sslFile() method is never called, the sslContext is generated in
ensuressl::getSslContext() function now. So remove these unused code.
Tested:
Build pass.
Change-Id: I2737462a3a2ec2e0dc792e5070e9e5a7244bc889
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
There's a number of redundancies in our code that clang can sanitize
out. Fix the existing problems, and enable the checks.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie63d7b7f0777b702fbf1b23a24e1bed7b4f5183b
|
|
We only use a couple macros. Ignore them in the checks.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I38feb10f76f6aaea8899617f081c9be68c88b3eb
|
|
Part of enforcing cpp core guidelines involves explicitly including all
constructors required on a non-trivial class. We were missing quite a
few. In all cases, the copy/move/and operator= methods are simply
deleted.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie8d6e8bf2bc311fa21a9ae48b0d61ee5c1940999
|
|
Clang-13 adds new checks we can turn on, which find quite a few errors.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I74b780760014c898cc440b37aea640b33e91c439
|
|
Get the core using AsyncResp everywhere, and not have each individual handler
creating its own object.We can call app.handle() without fear of the response
getting ended after the first tree is done populating.
Don't use res.end() anymore.
Tested:
1. Validator passed.
Signed-off-by: zhanghaicheng <zhanghch05@inspur.com>
Change-Id: I867367ce4a0caf8c4b3f4e07e06c11feed0782e8
|
|
On systems that don't support ipv6, or systems that don't have an ipv6
address, binding to all ipv6 addresses can fail. Because this is just
the dev server, it's perfectly reasonable to limit to ipv4 addresses
only.
This failure has been reported by several people over time, but it was only
recently that I root caused this as their problem.
This should have no effect on the BMC itself, as the bmc is using socket
activation, and completely bypasses this code path.
Tested:
Launched bmcweb on a system that was previously failing because of a
bind error, and observed that I could launch bmcweb and have it work
correctly.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ife6b051aa62d62e1691c5221d8ddee0b9bd012c0
|
|
camelLower is not a type, camelBack is.
Changes were made automatically with clang-tidy --fix-errors
To be able to apply changes automatically, the only way I've found that
works was to build the version of clang/clang-tidy that yocto has, and
run the fix script within bitbake -c devshell bmcweb. Unfortunately,
yocto has clang-tidy 11, which can apparently find a couple extra errors
in tests we already had enabled. As such, a couple of those are also
included.
Tested:
Ran clang-tidy-11 and got a clean result.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I9d1080b67f0342229c2f267160849445c065ca51
|
|
cppcheck isn't smart enough to recognize these are c++ headers, not c
headers. Considering we're already inconsistent about our naming, it's
easier to just be consistent, and move the last few files to use .hpp
instead of .h.
Tested:
Code builds, no changes.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Ic348d695f8527fa4a0ded53f433e1558c319db40
|
