meson_options: implement disable-auth; delete pam
Implemented the disable-auth option.
This patch also removed the pam option which never worked.
Tested:
With disable-auth,
```
~# wget -qO- http://localhost/redfish/v1/Systems/
{
"@odata.id": "/redfish/v1/Systems",
"@odata.type": "#ComputerSystemCollection.ComputerSystemCollection",
"Members": [
{
"@odata.id": "/redfish/v1/Systems/system"
}
],
"Members@odata.count": 1,
"Name": "Computer System Collection"
}
```
Without disable-auth,
```
~# wget -qO- http://localhost/redfish/
{
"v1": "/redfish/v1/"
}
~# wget -qO- http://localhost/redfish/v1/Systems/system
wget: server returned error: HTTP/1.1 401 Unauthorized
```
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I88e4e6fa6ed71096bc866b42b9af283645a65988
diff --git a/http/http_connection.hpp b/http/http_connection.hpp
index 4b4310f..fb5eac7 100644
--- a/http/http_connection.hpp
+++ b/http/http_connection.hpp
@@ -354,7 +354,7 @@
completeRequest();
return;
}
-
+#ifndef BMCWEB_INSECURE_DISABLE_AUTHENTICATION
if (!crow::authorization::isOnAllowlist(req->url, req->method()) &&
thisReq.session == nullptr)
{
@@ -365,7 +365,7 @@
completeRequest();
return;
}
-
+#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION
res.setCompleteRequestHandler([self(shared_from_this())] {
boost::asio::post(self->adaptor.get_executor(),
[self] { self->completeRequest(); });
@@ -566,7 +566,6 @@
return;
}
- boost::beast::http::verb method = parser->get().method();
readClientIp();
boost::asio::ip::address ip;
@@ -575,8 +574,11 @@
BMCWEB_LOG_DEBUG << "Unable to get client IP";
}
sessionIsFromTransport = false;
+#ifndef BMCWEB_INSECURE_DISABLE_AUTHENTICATION
+ boost::beast::http::verb method = parser->get().method();
userSession = crow::authorization::authenticate(
ip, res, method, parser->get().base(), userSession);
+#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION
bool loggedIn = userSession != nullptr;
if (loggedIn)
{