From 8251ffee18bc18b7cdda281b3ec137023aa79303 Mon Sep 17 00:00:00 2001 From: Ed Tanous Date: Thu, 10 Oct 2019 14:33:54 -0700 Subject: Add "requires" handlers to all non-trivial routes This commit is the result of an audit to add user levels to the various components that need them. As written: KVM requires admin privilege Virtual media requires admin privilege image upload requires admin privilege /subscribe API requies Login privilege Signed-off-by: Ed Tanous Change-Id: I6384f23769a5ac23f653519656721da7373f088f --- include/dbus_monitor.hpp | 1 + include/image_upload.hpp | 2 ++ include/kvm_websocket.hpp | 1 + include/obmc_console.hpp | 1 + include/openbmc_dbus_rest.hpp | 1 + include/vm_websocket.hpp | 1 + 6 files changed, 7 insertions(+) (limited to 'include') diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp index 662d3c6aa5..0543c7b9f5 100644 --- a/include/dbus_monitor.hpp +++ b/include/dbus_monitor.hpp @@ -114,6 +114,7 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata, template void requestRoutes(Crow& app) { BMCWEB_ROUTE(app, "/subscribe") + .requires({"Login"}) .websocket() .onopen([&](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/image_upload.hpp b/include/image_upload.hpp index ba9c403f29..69e5637361 100644 --- a/include/image_upload.hpp +++ b/include/image_upload.hpp @@ -111,6 +111,7 @@ inline void uploadImageHandler(const crow::Request& req, crow::Response& res, template void requestRoutes(Crow& app) { BMCWEB_ROUTE(app, "/upload/image/") + .requires({"ConfigureComponents", "ConfigureManager"}) .methods("POST"_method, "PUT"_method)([](const crow::Request& req, crow::Response& res, const std::string& filename) { @@ -118,6 +119,7 @@ template void requestRoutes(Crow& app) }); BMCWEB_ROUTE(app, "/upload/image") + .requires({"ConfigureComponents", "ConfigureManager"}) .methods("POST"_method, "PUT"_method)( [](const crow::Request& req, crow::Response& res) { uploadImageHandler(req, res, ""); diff --git a/include/kvm_websocket.hpp b/include/kvm_websocket.hpp index 817f7c4a70..d97b03e885 100644 --- a/include/kvm_websocket.hpp +++ b/include/kvm_websocket.hpp @@ -159,6 +159,7 @@ inline void requestRoutes(CrowApp& app) sessions.reserve(maxSessions); BMCWEB_ROUTE(app, "/kvm/0") + .requires({"ConfigureComponents", "ConfigureManager"}) .websocket() .onopen([](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/obmc_console.hpp b/include/obmc_console.hpp index b8afba6d71..b545f960e1 100644 --- a/include/obmc_console.hpp +++ b/include/obmc_console.hpp @@ -104,6 +104,7 @@ void connectHandler(const boost::system::error_code& ec) void requestRoutes(CrowApp& app) { BMCWEB_ROUTE(app, "/console0") + .requires({"ConfigureComponents", "ConfigureManager"}) .websocket() .onopen([](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; diff --git a/include/openbmc_dbus_rest.hpp b/include/openbmc_dbus_rest.hpp index 93c198e676..a4cccb167b 100644 --- a/include/openbmc_dbus_rest.hpp +++ b/include/openbmc_dbus_rest.hpp @@ -2233,6 +2233,7 @@ template void requestRoutes(Crow &app) }); BMCWEB_ROUTE(app, "/bus/system//") + .requires({"ConfigureComponents", "ConfigureManager"}) .methods("GET"_method, "POST"_method)([](const crow::Request &req, crow::Response &res, diff --git a/include/vm_websocket.hpp b/include/vm_websocket.hpp index 57a690c205..d1127a4209 100644 --- a/include/vm_websocket.hpp +++ b/include/vm_websocket.hpp @@ -160,6 +160,7 @@ static std::shared_ptr handler; template void requestRoutes(Crow& app) { BMCWEB_ROUTE(app, "/vm/0/0") + .requires({"ConfigureComponents", "ConfigureManager"}) .websocket() .onopen([](crow::websocket::Connection& conn) { BMCWEB_LOG_DEBUG << "Connection " << &conn << " opened"; -- cgit v1.2.3