Add meson options for all authentication methods.
Add meson options to enabled/disabled authentication methods:
- basic-auth : For enable basic authentication, default is enabled
- session-auth : For enable session token authentication, default is
enabled
- xtoken-auth : For enable x-token authentication, default is enabled
- cookie-auth : For enabled cookie authentication, default is enabled
Signed-off-by: Alan Kuo <Alan_Kuo@quantatw.com>
Change-Id: I52e636f2534a14897cb57d35e563ea8841cc68b9
diff --git a/include/authorization.hpp b/include/authorization.hpp
index 0f73e96..c0a84b6 100644
--- a/include/authorization.hpp
+++ b/include/authorization.hpp
@@ -34,6 +34,7 @@
}
}
+#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION
static std::shared_ptr<persistent_data::UserSession>
performBasicAuth(const boost::asio::ip::address& clientIp,
std::string_view auth_header)
@@ -81,7 +82,9 @@
user, persistent_data::PersistenceType::SINGLE_REQUEST,
isConfigureSelfOnly, clientIp.to_string());
}
+#endif
+#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION
static std::shared_ptr<persistent_data::UserSession>
performTokenAuth(std::string_view auth_header)
{
@@ -92,7 +95,9 @@
persistent_data::SessionStore::getInstance().loginSessionByToken(token);
return session;
}
+#endif
+#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION
static std::shared_ptr<persistent_data::UserSession>
performXtokenAuth(const crow::Request& req)
{
@@ -107,7 +112,9 @@
persistent_data::SessionStore::getInstance().loginSessionByToken(token);
return session;
}
+#endif
+#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION
static std::shared_ptr<persistent_data::UserSession>
performCookieAuth(const crow::Request& req)
{
@@ -164,6 +171,7 @@
#endif
return session;
}
+#endif
#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
static std::shared_ptr<persistent_data::UserSession>
@@ -250,14 +258,18 @@
req.session = performTLSAuth(req, res, session);
}
#endif
+#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION
if (req.session == nullptr && authMethodsConfig.xtoken)
{
req.session = performXtokenAuth(req);
}
+#endif
+#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION
if (req.session == nullptr && authMethodsConfig.cookie)
{
req.session = performCookieAuth(req);
}
+#endif
if (req.session == nullptr)
{
std::string_view authHeader = req.getHeaderValue("Authorization");
@@ -267,12 +279,16 @@
if (boost::starts_with(authHeader, "Token ") &&
authMethodsConfig.sessionToken)
{
+#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION
req.session = performTokenAuth(authHeader);
+#endif
}
else if (boost::starts_with(authHeader, "Basic ") &&
authMethodsConfig.basic)
{
+#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION
req.session = performBasicAuth(req.ipAddress, authHeader);
+#endif
}
}
}
diff --git a/include/sessions.hpp b/include/sessions.hpp
index 1eace0d..85d8ecc 100644
--- a/include/sessions.hpp
+++ b/include/sessions.hpp
@@ -142,11 +142,35 @@
struct AuthConfigMethods
{
- bool xtoken = true;
- bool cookie = true;
- bool sessionToken = true;
+#ifdef BMCWEB_ENABLE_BASIC_AUTHENTICATION
bool basic = true;
+#else
+ bool basic = false;
+#endif
+
+#ifdef BMCWEB_ENABLE_SESSION_AUTHENTICATION
+ bool sessionToken = true;
+#else
+ bool sessionToken = false;
+#endif
+
+#ifdef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION
+ bool xtoken = true;
+#else
+ bool xtoken = false;
+#endif
+
+#ifdef BMCWEB_ENABLE_COOKIE_AUTHENTICATION
+ bool cookie = true;
+#else
+ bool cookie = false;
+#endif
+
+#ifdef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
+ bool tls = true;
+#else
bool tls = false;
+#endif
void fromJson(const nlohmann::json& j)
{
diff --git a/meson.build b/meson.build
index a1e5d80..529b9cb 100644
--- a/meson.build
+++ b/meson.build
@@ -61,6 +61,10 @@
'host-serial-socket' : '-DBMCWEB_ENABLE_HOST_SERIAL_WEBSOCKET',
'ibm-management-console' : '-DBMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE',
'kvm' : '-DBMCWEB_ENABLE_KVM' ,
+'basic-auth' : '-DBMCWEB_ENABLE_BASIC_AUTHENTICATION',
+'session-auth' : '-DBMCWEB_ENABLE_SESSION_AUTHENTICATION',
+'xtoken-auth' : '-DBMCWEB_ENABLE_XTOKEN_AUTHENTICATION',
+'cookie-auth' : '-DBMCWEB_ENABLE_COOKIE_AUTHENTICATION',
'mutual-tls-auth' : '-DBMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION',
'pam' : '-DWEBSERVER_ENABLE_PAM',
'insecure-push-style-notification': '-DBMCWEB_INSECURE_ENABLE_HTTP_PUSH_STYLE_EVENTING',
diff --git a/meson_options.txt b/meson_options.txt
index eaad206..1298b96 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -15,6 +15,10 @@
option('redfish-dbus-log', type : 'feature', value : 'disabled', description : 'Enable DBUS log service transactions through Redfish. Paths are under \'/redfish/v1/Systems/system/LogServices/EventLog/Entries\'')
option('redfish-provisioning-feature', type : 'feature', value : 'disabled', description : 'Enable provisioning feature support in redfish. Paths are under \'/redfish/v1/Systems/system/\'')
option('bmcweb-logging', type : 'feature', value : 'disabled', description : 'Enable output the extended debug logs')
+option('basic-auth', type : 'feature', value : 'enabled', description : '''Enable basic authentication''')
+option('session-auth', type : 'feature', value : 'enabled', description : '''Enable session authentication''')
+option('xtoken-auth', type : 'feature', value : 'enabled', description : '''Enable xtoken authentication''')
+option('cookie-auth', type : 'feature', value : 'enabled', description : '''Enable cookie authentication''')
option('mutual-tls-auth', type : 'feature', value : 'enabled', description : '''Enables authenticating users through TLS client certificates. The insecure-disable-ssl must be disabled for this option to take effect.''')
option('ibm-management-console', type : 'feature', value : 'disabled', description : 'Enable the IBM management console specific functionality. Paths are under \'/ibm/v1/\'')
option('http-body-limit', type: 'integer', min : 0, max : 512, value : 30, description : 'Specifies the http request body length limit')
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 5b06b37..71f9430 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -916,26 +916,57 @@
if (basicAuth)
{
+#ifndef BMCWEB_ENABLE_BASIC_AUTHENTICATION
+ messages::actionNotSupported(
+ asyncResp->res, "Setting BasicAuth when basic-auth feature "
+ "is disabled");
+ return;
+#endif
authMethodsConfig.basic = *basicAuth;
}
if (cookie)
{
+#ifndef BMCWEB_ENABLE_COOKIE_AUTHENTICATION
+ messages::actionNotSupported(
+ asyncResp->res, "Setting Cookie when cookie-auth feature "
+ "is disabled");
+ return;
+#endif
authMethodsConfig.cookie = *cookie;
}
if (sessionToken)
{
+#ifndef BMCWEB_ENABLE_SESSION_AUTHENTICATION
+ messages::actionNotSupported(
+ asyncResp->res,
+ "Setting SessionToken when session-auth feature "
+ "is disabled");
+ return;
+#endif
authMethodsConfig.sessionToken = *sessionToken;
}
if (xToken)
{
+#ifndef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION
+ messages::actionNotSupported(
+ asyncResp->res, "Setting XToken when xtoken-auth feature "
+ "is disabled");
+ return;
+#endif
authMethodsConfig.xtoken = *xToken;
}
if (tls)
{
+#ifndef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
+ messages::actionNotSupported(
+ asyncResp->res, "Setting TLS when mutual-tls-auth feature "
+ "is disabled");
+ return;
+#endif
authMethodsConfig.tls = *tls;
}