Closed ninadpalsule closed 1 year ago
Please take a look at and help to test/debug this: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/62275
ok, thanks. Let me try it.
Apr 10 20:26:35 p10bmc bmcweb[745]: (2023-04-10 20:26:35) [INFO "http_connection.hpp":209] Request: 0x11e3248 HTTP/1.1 GET /console0 ::ffff:X.XX.XX.XXX | Apr 10 20:26:35 p10bmc bmcweb[745]: (2023-04-10 20:26:35) [DEBUG "routing.hpp":1460] Matched rule (upgrade) '/console0' 1 / 2 Apr 10 20:26:36 p10bmc bmcweb[745]: (2023-04-10 20:26:36) [DEBUG "routing.hpp":1299] userName = admin userRole = priv-admin Apr 10 20:26:36 p10bmc bmcweb[745]: (2023-04-10 20:26:36) [DEBUG "routing.hpp":101] checkPrivileges: Active BASE priv: ConfigureManager <<<<<< Apr 10 20:26:36 p10bmc bmcweb[745]: (2023-04-10 20:26:36) [DEBUG "routing.hpp":101] checkPrivileges: Active BASE priv: ConfigureComponents <<<<<< Apr 10 20:26:36 p10bmc bmcweb[745]: (2023-04-10 20:26:36) [ERROR "routing.hpp":1361] isUserPrivileged: URL: /console0 IsPrivelegeSetEmpty: 0 Username: admin
Apr 10 20:05:37 p10bmc bmcweb[755]: (2023-04-10 20:05:37) [INFO "http_connection.hpp":209] Request: 0x1a1c500 HTTP/1.1 GET /console0 ::ffff:X.XX.XX.XXX | Apr 10 20:05:37 p10bmc bmcweb[755]: (2023-04-10 20:05:37) [DEBUG "routing.hpp":1459] Matched rule (upgrade) '/console0' 1 / 2 Apr 10 20:05:37 p10bmc bmcweb[755]: (2023-04-10 20:05:37) [DEBUG "routing.hpp":1298] userName = admin userRole = priv-admin Apr 10 20:05:37 p10bmc bmcweb[755]: (2023-04-10 20:05:37) [DEBUG "routing.hpp":89] checkPrivileges: Privilege set is empty Apr 10 20:05:37 p10bmc bmcweb[755]: (2023-04-10 20:05:37) [ERROR "routing.hpp":1360] isUserPrivileged: URL: /console0 IsPrivelegeSetEmpty: 1 Username: admin Apr 10 20:05:37 p10bmc bmcweb[755]: (2023-04-10 20:05:37) [DEBUG "routing.hpp":387] Websocket handles upgrade
Describe the bug The websocket host console access check is not working as privilege set is empty when checked in the router function
I observed this issue while unit testing hostconsole user group feature. So I added DEBUG print statement in the router handle upgrade code to check if the privilege set is empty or not. The router checkPrivileges() is returning without doing any check because the set is empty.
Environment I tested it with latest upstream bmcweb code on everest machine. $ git rev-parse HEAD 8fd333d664f87c73757e0c5e58c611dc0c3e76d7
To Reproduce
Is this a regression
As per the following comment the developer tried readonly user and it worked. But as per my investigation privilege set is empty hence not checked. https://gerrit.openbmc.org/c/openbmc/bmcweb/+/46991