Remove authorization checks in nbd_proxy
nbd proxy should not have its own authorization checks, as these are
now handled in the core as of 7e9093e625961f533250a6c193c1a474e98007c4
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8874d8a09278ba21d2acfdf076cb76dee718ecf4
diff --git a/include/nbd_proxy.hpp b/include/nbd_proxy.hpp
index fbbf3cc..75cb2d2 100644
--- a/include/nbd_proxy.hpp
+++ b/include/nbd_proxy.hpp
@@ -257,141 +257,91 @@
{
BMCWEB_LOG_DEBUG << "nbd-proxy.onopen(" << &conn << ")";
- auto getUserInfoHandler =
- [&conn](const boost::system::error_code& ec,
- const dbus::utility::DBusPropertiesMap& userInfo) {
- if (ec)
+ auto openHandler =
+ [&conn](const boost::system::error_code& ec2,
+ const dbus::utility::ManagedObjectType& objects) {
+ const std::string* socketValue = nullptr;
+ const std::string* endpointValue = nullptr;
+ const std::string* endpointObjectPath = nullptr;
+
+ if (ec2)
{
- BMCWEB_LOG_ERROR << "GetUserInfo failed...";
- conn.close("Failed to get user information");
+ BMCWEB_LOG_ERROR << "DBus error: " << ec2.message();
+ conn.close("Failed to create mount point");
return;
}
- const std::string* userRolePtr = nullptr;
- auto userInfoIter =
- std::find_if(userInfo.begin(), userInfo.end(), [](const auto& p) {
- return p.first == "UserPrivilege";
- });
- if (userInfoIter != userInfo.end())
+ for (const auto& [objectPath, interfaces] : objects)
{
- userRolePtr = std::get_if<std::string>(&userInfoIter->second);
+ for (const auto& [interface, properties] : interfaces)
+ {
+ if (interface != "xyz.openbmc_project.VirtualMedia.MountPoint")
+ {
+ continue;
+ }
+
+ for (const auto& [name, value] : properties)
+ {
+ if (name == "EndpointId")
+ {
+ endpointValue = std::get_if<std::string>(&value);
+
+ if (endpointValue == nullptr)
+ {
+ BMCWEB_LOG_ERROR
+ << "EndpointId property value is null";
+ }
+ }
+ if (name == "Socket")
+ {
+ socketValue = std::get_if<std::string>(&value);
+ if (socketValue == nullptr)
+ {
+ BMCWEB_LOG_ERROR << "Socket property value is null";
+ }
+ }
+ }
+ }
+
+ if ((endpointValue != nullptr) && (socketValue != nullptr) &&
+ *endpointValue == conn.req.target())
+ {
+ endpointObjectPath = &objectPath.str;
+ break;
+ }
}
- std::string userRole{};
- if (userRolePtr != nullptr)
+ if (objects.empty() || endpointObjectPath == nullptr)
{
- userRole = *userRolePtr;
- BMCWEB_LOG_DEBUG << "userName = " << conn.getUserName()
- << " userRole = " << *userRolePtr;
- }
-
- // Get the user privileges from the role
- ::redfish::Privileges userPrivileges =
- ::redfish::getUserPrivileges(userRole);
-
- const ::redfish::Privileges requiredPrivileges{requiredPrivilegeString};
-
- if (!userPrivileges.isSupersetOf(requiredPrivileges))
- {
- BMCWEB_LOG_DEBUG << "User " << conn.getUserName()
- << " not authorized for nbd connection";
- conn.close("Unathourized access");
+ BMCWEB_LOG_ERROR << "Cannot find requested EndpointId";
+ conn.close("Failed to match EndpointId");
return;
}
- auto openHandler =
- [&conn](const boost::system::error_code& ec2,
- const dbus::utility::ManagedObjectType& objects) {
- const std::string* socketValue = nullptr;
- const std::string* endpointValue = nullptr;
- const std::string* endpointObjectPath = nullptr;
-
- if (ec2)
+ for (const auto& session : sessions)
+ {
+ if (session.second->getEndpointId() == conn.req.target())
{
- BMCWEB_LOG_ERROR << "DBus error: " << ec2.message();
- conn.close("Failed to create mount point");
+ BMCWEB_LOG_ERROR
+ << "Cannot open new connection - socket is in use";
+ conn.close("Slot is in use");
return;
}
+ }
- for (const auto& [objectPath, interfaces] : objects)
- {
- for (const auto& [interface, properties] : interfaces)
- {
- if (interface !=
- "xyz.openbmc_project.VirtualMedia.MountPoint")
- {
- continue;
- }
+ // If the socket file exists (i.e. after bmcweb crash),
+ // we cannot reuse it.
+ std::remove((*socketValue).c_str());
- for (const auto& [name, value] : properties)
- {
- if (name == "EndpointId")
- {
- endpointValue = std::get_if<std::string>(&value);
+ sessions[&conn] = std::make_shared<NbdProxyServer>(
+ conn, *socketValue, *endpointValue, *endpointObjectPath);
- if (endpointValue == nullptr)
- {
- BMCWEB_LOG_ERROR
- << "EndpointId property value is null";
- }
- }
- if (name == "Socket")
- {
- socketValue = std::get_if<std::string>(&value);
- if (socketValue == nullptr)
- {
- BMCWEB_LOG_ERROR
- << "Socket property value is null";
- }
- }
- }
- }
-
- if ((endpointValue != nullptr) && (socketValue != nullptr) &&
- *endpointValue == conn.req.target())
- {
- endpointObjectPath = &objectPath.str;
- break;
- }
- }
-
- if (objects.empty() || endpointObjectPath == nullptr)
- {
- BMCWEB_LOG_ERROR << "Cannot find requested EndpointId";
- conn.close("Failed to match EndpointId");
- return;
- }
-
- for (const auto& session : sessions)
- {
- if (session.second->getEndpointId() == conn.req.target())
- {
- BMCWEB_LOG_ERROR
- << "Cannot open new connection - socket is in use";
- conn.close("Slot is in use");
- return;
- }
- }
-
- // If the socket file exists (i.e. after bmcweb crash),
- // we cannot reuse it.
- std::remove((*socketValue).c_str());
-
- sessions[&conn] = std::make_shared<NbdProxyServer>(
- conn, *socketValue, *endpointValue, *endpointObjectPath);
-
- sessions[&conn]->run();
- };
- crow::connections::systemBus->async_method_call(
- std::move(openHandler), "xyz.openbmc_project.VirtualMedia",
- "/xyz/openbmc_project/VirtualMedia",
- "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
+ sessions[&conn]->run();
};
-
crow::connections::systemBus->async_method_call(
- std::move(getUserInfoHandler), "xyz.openbmc_project.User.Manager",
- "/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager",
- "GetUserInfo", conn.getUserName());
+ std::move(openHandler), "xyz.openbmc_project.VirtualMedia",
+ "/xyz/openbmc_project/VirtualMedia",
+ "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
}
inline void onClose(crow::websocket::Connection& conn,