diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm')
5 files changed, 319 insertions, 379 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0001-Revert-Disable-nbd-proxy-from-the-build.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0001-Revert-Disable-nbd-proxy-from-the-build.patch index 3e3f69d1c..d41383836 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0001-Revert-Disable-nbd-proxy-from-the-build.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0001-Revert-Disable-nbd-proxy-from-the-build.patch @@ -1,32 +1,35 @@ -From 95f002dc969d7d6d64dbf2ee0db7dc1c1c6a9173 Mon Sep 17 00:00:00 2001 -From: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> -Date: Thu, 18 Mar 2021 11:30:28 +0100 +From 3ee7fe58b2acec0a6ae4eabad91a9dd609268870 Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Wed, 14 Jul 2021 09:04:42 +0000 Subject: [PATCH] Revert "Disable nbd proxy from the build" NBD Proxy has been disabled upstream. Reenable as we use it for Virtual Media This reverts commit efb8062c306474942bc94f15d748b2eb0b58fbb6. + +Change-Id: I19a88b30c1074dd376f2df8f5668245b638b881f --- - meson.build | 2 +- - meson_options.txt | 9 +-------- - 2 files changed, 2 insertions(+), 9 deletions(-) + meson.build | 3 ++- + meson_options.txt | 10 ++-------- + 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/meson.build b/meson.build -index 66a066b..cef0a49 100644 +index bdc514b..19364a8 100644 --- a/meson.build +++ b/meson.build -@@ -81,7 +81,7 @@ feature_map = { +@@ -78,7 +78,8 @@ feature_map = { + 'rest' : '-DBMCWEB_ENABLE_DBUS_REST', 'static-hosting' : '-DBMCWEB_ENABLE_STATIC_HOSTING', 'insecure-tftp-update' : '-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE', - 'validate-unsecure-feature' : '-DBMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE', -#'vm-nbdproxy' : '-DBMCWEB_ENABLE_VM_NBDPROXY', ++'validate-unsecure-feature' : '-DBMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE', +'vm-nbdproxy' : '-DBMCWEB_ENABLE_VM_NBDPROXY', 'vm-websocket' : '-DBMCWEB_ENABLE_VM_WEBSOCKET', } diff --git a/meson_options.txt b/meson_options.txt -index 9611631..7ee3ebb 100644 +index 0ab31b8..ea0f2fc 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -3,14 +3,7 @@ option('yocto-deps', type: 'feature', value: 'disabled', description : 'Use YOCT @@ -45,6 +48,14 @@ index 9611631..7ee3ebb 100644 option('rest', type : 'feature', value : 'enabled', description : '''Enable Phosphor REST (D-Bus) APIs. Paths directly map Phosphor D-Bus object paths, for example, \'/xyz/openbmc_project/logging/entry/enumerate\'. See https://github.com/openbmc/docs/blob/master/rest-api.md.''') option('redfish', type : 'feature',value : 'enabled', description: 'Enable Redfish APIs. Paths are under \'/redfish/v1/\'. See https://github.com/openbmc/bmcweb/blob/master/DEVELOPING.md#redfish.') option('host-serial-socket', type : 'feature', value : 'enabled', description : 'Enable host serial console WebSocket. Path is \'/console0\'. See https://github.com/openbmc/docs/blob/master/console.md.') +@@ -37,6 +30,7 @@ option ('https_port', type : 'integer', min : 1, max : 65535, value : 443, descr + # the implications of doing so.In general, enabling these options will cause security + # problems of varying degrees + ++option ('validate-unsecure-feature', type : 'feature', value : 'disabled', description : '''Enables unsecure features required by validation. Note: mustbe turned off for production images.''') + option ('insecure-disable-csrf', type : 'feature', value : 'disabled', description : 'Disable CSRF prevention checks.Should be set to false for production systems.') + option ('insecure-disable-ssl', type : 'feature', value : 'disabled', description : 'Disable SSL ports. Should be set to false for production systems.') + option ('insecure-disable-auth', type : 'feature', value : 'disabled', description : 'Disable authentication on all ports. Should be set to false for production systems') -- -2.26.2 +2.25.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0002-bmcweb-handle-device-or-resource-busy-exception.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0002-bmcweb-handle-device-or-resource-busy-exception.patch index 01c1c858c..e267dc60f 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0002-bmcweb-handle-device-or-resource-busy-exception.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0002-bmcweb-handle-device-or-resource-busy-exception.patch @@ -1,6 +1,6 @@ -From 76480c6a5b1708113f28aecab32a85984371243c Mon Sep 17 00:00:00 2001 -From: Karol Wachowski <karol.wachowski@intel.com> -Date: Fri, 10 Jul 2020 09:54:06 +0000 +From bbb69d73ca8b74d34fa250813123de4274d5327b Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Fri, 23 Jul 2021 12:07:02 +0000 Subject: [PATCH] bmcweb handle device or resource busy exception Use async_method_call_timed() for mount/unmount dbus oprations. @@ -21,23 +21,23 @@ Tested: Verified that after mounting non-existing HTTPS resource Signed-off-by: Karol Wachowski <karol.wachowski@intel.com> Change-Id: Ica62c34db0cce24c4c6169fc661edfde49e948d0 --- - redfish-core/lib/virtual_media.hpp | 144 ++++++++++++++++++++++------- - 1 file changed, 110 insertions(+), 34 deletions(-) + redfish-core/lib/virtual_media.hpp | 142 +++++++++++++++++++++-------- + 1 file changed, 105 insertions(+), 37 deletions(-) diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp -index 95a8881..188248a 100644 +index 6e69f20..7fcbf73 100644 --- a/redfish-core/lib/virtual_media.hpp +++ b/redfish-core/lib/virtual_media.hpp -@@ -24,6 +24,8 @@ - #include <account_service.hpp> +@@ -26,6 +26,8 @@ #include <boost/url/url_view.hpp> + #include <registries/privilege_registry.hpp> +#include <chrono> + namespace redfish - { -@@ -160,6 +162,26 @@ static void vmParseInterfaceObject(const DbusInterfaceType& interface, + /** +@@ -162,6 +164,26 @@ inline void } } @@ -64,156 +64,151 @@ index 95a8881..188248a 100644 /** * @brief Fill template for Virtual Media Item. */ -@@ -856,22 +878,54 @@ class VirtualMediaActionInsertMedia : public Node - } +@@ -712,22 +734,57 @@ inline void doMountVmLegacy(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + } - crow::connections::systemBus->async_method_call( -- [asyncResp, secretPipe](const boost::system::error_code ec, -- bool success) { -+ [asyncResp, service, name, imageUrl, rw, unixFd, -+ secretPipe](const boost::system::error_code ec, -+ const std::variant<int> timeoutProperty) { - if (ec) - { - BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; - messages::internalError(asyncResp->res); -+ return; - } -- else if (!success) + crow::connections::systemBus->async_method_call( +- [asyncResp, secretPipe](const boost::system::error_code ec, +- bool success) { ++ [asyncResp, service, name, imageUrl, rw, unixFd, ++ secretPipe](const boost::system::error_code ec, ++ const std::variant<int> timeoutProperty) { + if (ec) + { + BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; + messages::internalError(asyncResp->res); ++ return; + } +- else if (!success) + -+ auto timeout = vmParseTimeoutProperty(timeoutProperty); -+ if (timeout == std::nullopt) - { -- BMCWEB_LOG_ERROR << "Service responded with error"; -- messages::generalError(asyncResp->res); -+ BMCWEB_LOG_ERROR << "Timeout property is empty."; -+ messages::internalError(asyncResp->res); -+ return; - } ++ auto timeout = vmParseTimeoutProperty(timeoutProperty); ++ if (timeout == std::nullopt) + { +- BMCWEB_LOG_ERROR << "Service responded with error"; +- messages::generalError(asyncResp->res); ++ BMCWEB_LOG_ERROR << "Timeout property is empty."; ++ messages::internalError(asyncResp->res); ++ return; + } + -+ crow::connections::systemBus->async_method_call_timed( -+ [asyncResp, secretPipe](const boost::system::error_code ec, -+ bool success) { -+ if (ec) ++ crow::connections::systemBus->async_method_call_timed( ++ [asyncResp, secretPipe](const boost::system::error_code ec, ++ bool success) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ if (ec == boost::system::errc::device_or_resource_busy) + { -+ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " -+ << ec; -+ if (ec == -+ boost::system::errc::device_or_resource_busy) -+ { -+ messages::resourceInUse(asyncResp->res); -+ } -+ else -+ { -+ messages::internalError(asyncResp->res); -+ } ++ messages::resourceInUse(asyncResp->res); + } -+ else if (!success) ++ else if (ec == boost::system::errc::permission_denied) + { -+ BMCWEB_LOG_ERROR << "Service responded with error"; -+ messages::generalError(asyncResp->res); ++ messages::accessDenied(asyncResp->res, ++ "VirtualMedia.Insert"); + } -+ }, -+ service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, -+ "xyz.openbmc_project.VirtualMedia.Legacy", "Mount", -+ *timeout, imageUrl, rw, unixFd); - }, - service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, -- "xyz.openbmc_project.VirtualMedia.Legacy", "Mount", imageUrl, rw, -- unixFd); -+ "org.freedesktop.DBus.Properties", "Get", -+ "xyz.openbmc_project.VirtualMedia.MountPoint", "Timeout"); - } - }; ++ else ++ { ++ messages::internalError(asyncResp->res); ++ } ++ } ++ else if (!success) ++ { ++ BMCWEB_LOG_ERROR << "Service responded with error "; ++ messages::generalError(asyncResp->res); ++ } ++ }, ++ service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, ++ "xyz.openbmc_project.VirtualMedia.Legacy", "Mount", *timeout, ++ imageUrl, rw, unixFd); + }, + service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, +- "xyz.openbmc_project.VirtualMedia.Legacy", "Mount", imageUrl, rw, +- unixFd); ++ "org.freedesktop.DBus.Properties", "Get", ++ "xyz.openbmc_project.VirtualMedia.MountPoint", "Timeout"); + } -@@ -1003,38 +1057,60 @@ class VirtualMediaActionEjectMedia : public Node - const std::string& service, const std::string& name, - bool legacy) - { -- -- // Legacy mount requires parameter with image -+ std::string objectPath = "/xyz/openbmc_project/VirtualMedia/"; -+ std::string ifaceName = "xyz.openbmc_project.VirtualMedia"; - if (legacy) - { -- crow::connections::systemBus->async_method_call( -- [asyncResp](const boost::system::error_code ec) { -- if (ec) -- { -- BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; -- -- messages::internalError(asyncResp->res); -- return; -- } -- }, -- service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, -- "xyz.openbmc_project.VirtualMedia.Legacy", "Unmount"); -+ objectPath += "Legacy/"; -+ ifaceName += ".Legacy"; - } -- else // proxy -+ else - { -- crow::connections::systemBus->async_method_call( -- [asyncResp](const boost::system::error_code ec) { -- if (ec) -- { -- BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; + /** +@@ -739,38 +796,49 @@ inline void doVmAction(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + const std::string& service, const std::string& name, + bool legacy) + { ++ const std::string vmMode = legacy ? "Legacy" : "Proxy"; ++ const std::string objectPath = ++ "/xyz/openbmc_project/VirtualMedia/" + vmMode + "/" + name; ++ const std::string ifaceName = "xyz.openbmc_project.VirtualMedia." + vmMode; + +- // Legacy mount requires parameter with image +- if (legacy) +- { +- crow::connections::systemBus->async_method_call( +- [asyncResp](const boost::system::error_code ec) { +- if (ec) +- { +- BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; - -- messages::internalError(asyncResp->res); -- return; -- } -- }, -- service, "/xyz/openbmc_project/VirtualMedia/Proxy/" + name, -- "xyz.openbmc_project.VirtualMedia.Proxy", "Unmount"); -+ objectPath += "Proxy/"; -+ ifaceName += ".Proxy"; - } -+ objectPath += name; -+ -+ crow::connections::systemBus->async_method_call( -+ [asyncResp, service, name, objectPath, -+ ifaceName](const boost::system::error_code ec, -+ const std::variant<int> timeoutProperty) { -+ if (ec) -+ { -+ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; -+ messages::internalError(asyncResp->res); -+ return; -+ } -+ -+ auto timeout = vmParseTimeoutProperty(timeoutProperty); -+ if (timeout == std::nullopt) -+ { -+ BMCWEB_LOG_ERROR << "Timeout property is empty."; -+ messages::internalError(asyncResp->res); -+ return; -+ } -+ crow::connections::systemBus->async_method_call_timed( -+ [asyncResp](const boost::system::error_code ec) { -+ if (ec) +- messages::internalError(asyncResp->res); +- return; +- } +- }, +- service, "/xyz/openbmc_project/VirtualMedia/Legacy/" + name, +- "xyz.openbmc_project.VirtualMedia.Legacy", "Unmount"); +- } +- else // proxy +- { +- crow::connections::systemBus->async_method_call( +- [asyncResp](const boost::system::error_code ec) { +- if (ec) +- { +- BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ crow::connections::systemBus->async_method_call( ++ [asyncResp, service, name, objectPath, ++ ifaceName](const boost::system::error_code ec, ++ const std::variant<int> timeoutProperty) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ messages::internalError(asyncResp->res); ++ return; ++ } + +- messages::internalError(asyncResp->res); +- return; +- } +- }, +- service, "/xyz/openbmc_project/VirtualMedia/Proxy/" + name, +- "xyz.openbmc_project.VirtualMedia.Proxy", "Unmount"); +- } ++ auto timeout = vmParseTimeoutProperty(timeoutProperty); ++ if (timeout == std::nullopt) ++ { ++ BMCWEB_LOG_ERROR << "Timeout property is empty."; ++ messages::internalError(asyncResp->res); ++ return; ++ } ++ crow::connections::systemBus->async_method_call_timed( ++ [asyncResp](const boost::system::error_code ec) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " << ec; ++ if (ec == boost::system::errc::device_or_resource_busy) + { -+ BMCWEB_LOG_ERROR << "Bad D-Bus request error: " -+ << ec; -+ if (ec == -+ boost::system::errc::device_or_resource_busy) -+ { -+ messages::resourceInUse(asyncResp->res); -+ } -+ else -+ { -+ messages::internalError(asyncResp->res); -+ } -+ return; ++ messages::resourceInUse(asyncResp->res); + } -+ }, -+ service, objectPath, ifaceName, "Unmount", *timeout); -+ }, -+ service, objectPath, "org.freedesktop.DBus.Properties", "Get", -+ "xyz.openbmc_project.VirtualMedia.MountPoint", "Timeout"); - } - }; ++ else ++ { ++ messages::internalError(asyncResp->res); ++ } ++ return; ++ } ++ }, ++ service, objectPath, ifaceName, "Unmount", *timeout); ++ }, ++ service, objectPath, "org.freedesktop.DBus.Properties", "Get", ++ "xyz.openbmc_project.VirtualMedia.MountPoint", "Timeout"); + } + inline void requestNBDVirtualMediaRoutes(App& app) -- -2.17.1 +2.25.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0004-Invalid-status-code-from-InsertMedia-REST-methods.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0004-Invalid-status-code-from-InsertMedia-REST-methods.patch index 3a9e67217..b29082dce 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0004-Invalid-status-code-from-InsertMedia-REST-methods.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0004-Invalid-status-code-from-InsertMedia-REST-methods.patch @@ -1,8 +1,8 @@ -From 805641a2d189da9befc05168f51cef76da1ba326 Mon Sep 17 00:00:00 2001 -From: Alicja Rybak <alicja.rybak@intel.com> -Date: Tue, 20 Apr 2021 16:32:37 +0200 -Subject: [PATCH] Invalid status code from InsertMedia REST methods GET, - PUT, DELETE, PATCH in proxy mode +From 95f7ca477a8353fa7b99f463de9ee310dda13735 Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Thu, 1 Jul 2021 10:08:27 +0000 +Subject: [PATCH] Invalid status code from InsertMedia REST methods GET, PUT, + DELETE, PATCH in proxy mode Add handlers for GET, PUT, DELETE, PATCH method and function that checks which mode is used and set suitable status code: @@ -11,175 +11,156 @@ Not allowed for Legacy and Not found for Proxy. Change-Id: Ib4c0a3e9a2a8853caa74c59239d9fcfed99c5e8b Signed-off-by: Alicja Rybak <alicja.rybak@intel.com> --- - redfish-core/lib/virtual_media.hpp | 155 +++++++++++++++++++++++++++++ - 1 file changed, 155 insertions(+) + redfish-core/lib/virtual_media.hpp | 129 +++++++++++++++++++++++++++++ + 1 file changed, 129 insertions(+) diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp -index aa7c639..3e28164 100644 +index a834c69..186c04b 100644 --- a/redfish-core/lib/virtual_media.hpp +++ b/redfish-core/lib/virtual_media.hpp -@@ -548,6 +548,161 @@ class VirtualMediaActionInsertMedia : public Node - return true; - } +@@ -28,6 +28,109 @@ -+ /** -+ * @brief Function checks if insert media request is Legacy or Proxy type -+ * and sets suitable response code for unsupported REST method. -+ * -+ */ -+ void CheckProxyMode(const std::shared_ptr<bmcweb::AsyncResp>& aResp, -+ const crow::Request& req, -+ const std::vector<std::string>& params) + namespace redfish + { ++ ++/** ++ * @brief Function checks if insert media request is Legacy or Proxy type ++ * and sets suitable response code for unsupported REST method. ++ * ++ */ ++void CheckProxyMode(const std::shared_ptr<bmcweb::AsyncResp>& aResp, ++ const crow::Request& req, const std::string& name, ++ const std::string& resName) ++{ ++ if (name != "bmc") + { -+ if (params.size() != 2) -+ { -+ messages::internalError(aResp->res); -+ return; -+ } -+ -+ // take resource name from URL -+ const std::string& resName = params[1]; -+ -+ if (params[0] != "bmc") -+ { -+ messages::resourceNotFound(aResp->res, "VirtualMedia.Insert", -+ resName); -+ -+ return; -+ } -+ -+ crow::connections::systemBus->async_method_call( -+ [this, aResp{std::move(aResp)}, req, -+ resName](const boost::system::error_code ec, -+ const GetObjectType& getObjectType) { -+ if (ec) -+ { -+ BMCWEB_LOG_ERROR << "ObjectMapper::GetObject call failed: " -+ << ec; -+ aResp->res.result(boost::beast::http::status::not_found); ++ messages::resourceNotFound(aResp->res, "VirtualMedia.Insert", resName); + -+ return; -+ } -+ std::string service = getObjectType.begin()->first; -+ BMCWEB_LOG_DEBUG << "GetObjectType: " << service; ++ return; ++ } + -+ crow::connections::systemBus->async_method_call( -+ [this, service, resName, req, -+ aResp{aResp}](const boost::system::error_code ec, -+ ManagedObjectType& subtree) { -+ if (ec) ++ crow::connections::systemBus->async_method_call( ++ [aResp, req, resName](const boost::system::error_code ec, ++ const GetObjectType& getObjectType) { ++ if (ec) ++ { ++ BMCWEB_LOG_ERROR << "ObjectMapper::GetObject call failed: " ++ << ec; ++ aResp->res.result(boost::beast::http::status::not_found); ++ ++ return; ++ } ++ std::string service = getObjectType.begin()->first; ++ BMCWEB_LOG_DEBUG << "GetObjectType: " << service; ++ ++ crow::connections::systemBus->async_method_call( ++ [service, resName, req, ++ aResp](const boost::system::error_code ec, ++ ManagedObjectType& subtree) { ++ if (ec) ++ { ++ BMCWEB_LOG_DEBUG << "DBUS response error"; ++ ++ return; ++ } ++ ++ for (auto& item : subtree) ++ { ++ std::string thispath = item.first.filename(); ++ if (thispath.empty()) + { -+ BMCWEB_LOG_DEBUG << "DBUS response error"; ++ continue; ++ } + -+ return; ++ if (thispath != resName) ++ { ++ continue; + } + -+ for (auto& item : subtree) ++ auto mode = item.first.parent_path(); ++ auto type = mode.parent_path(); ++ if (mode.filename().empty() || type.filename().empty()) + { -+ std::string thispath = item.first.filename(); -+ if (thispath.empty()) -+ { -+ continue; -+ } -+ -+ if (thispath != resName) -+ { -+ continue; -+ } -+ -+ auto mode = item.first.parent_path(); -+ auto type = mode.parent_path(); -+ if (mode.filename().empty() || -+ type.filename().empty()) -+ { -+ continue; -+ } -+ -+ if (type.filename() != "VirtualMedia") -+ { -+ continue; -+ } -+ -+ // Check if dbus path is Legacy type -+ if (mode.filename() == "Legacy") -+ { -+ BMCWEB_LOG_DEBUG << "InsertMedia only allowed " -+ "with POST method " -+ "in legacy mode"; -+ aResp->res.result(boost::beast::http::status:: -+ method_not_allowed); -+ -+ return; -+ } -+ // Check if dbus path is Proxy type -+ if (mode.filename() == "Proxy") -+ { -+ // Not possible in proxy mode -+ BMCWEB_LOG_DEBUG << "InsertMedia not " -+ "allowed in proxy mode"; -+ aResp->res.result( -+ boost::beast::http::status::not_found); -+ -+ return; -+ } ++ continue; + } + -+ BMCWEB_LOG_DEBUG << "Parent item not found"; -+ aResp->res.result( -+ boost::beast::http::status::not_found); -+ }, -+ service, "/xyz/openbmc_project/VirtualMedia", -+ "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); -+ }, -+ "xyz.openbmc_project.ObjectMapper", -+ "/xyz/openbmc_project/object_mapper", -+ "xyz.openbmc_project.ObjectMapper", "GetObject", -+ "/xyz/openbmc_project/VirtualMedia", std::array<const char*, 0>()); -+ } ++ if (type.filename() != "VirtualMedia") ++ { ++ continue; ++ } + -+ /** -+ * @brief Function handles GET method request. -+ */ -+ void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, -+ const crow::Request& req, -+ const std::vector<std::string>& params) override -+ { -+ CheckProxyMode(asyncResp, req, params); -+ } ++ // Check if dbus path is Legacy type ++ if (mode.filename() == "Legacy") ++ { ++ BMCWEB_LOG_DEBUG << "InsertMedia only allowed " ++ "with POST method " ++ "in legacy mode"; ++ aResp->res.result( ++ boost::beast::http::status::method_not_allowed); + -+ /** -+ * @brief Function handles PATCH method request. -+ */ -+ void doPatch(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, -+ const crow::Request& req, -+ const std::vector<std::string>& params) override -+ { -+ CheckProxyMode(asyncResp, req, params); -+ } ++ return; ++ } ++ // Check if dbus path is Proxy type ++ if (mode.filename() == "Proxy") ++ { ++ // Not possible in proxy mode ++ BMCWEB_LOG_DEBUG << "InsertMedia not " ++ "allowed in proxy mode"; ++ aResp->res.result( ++ boost::beast::http::status::not_found); + -+ /** -+ * @brief Function handles PUT method request. -+ */ -+ void doPut(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, -+ const crow::Request& req, -+ const std::vector<std::string>& params) override -+ { -+ CheckProxyMode(asyncResp, req, params); -+ } ++ return; ++ } ++ } + -+ /** -+ * @brief Function handles DELETE method request. -+ */ -+ void doDelete(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, -+ const crow::Request& req, -+ const std::vector<std::string>& params) override ++ BMCWEB_LOG_DEBUG << "Parent item not found"; ++ aResp->res.result(boost::beast::http::status::not_found); ++ }, ++ service, "/xyz/openbmc_project/VirtualMedia", ++ "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); ++ }, ++ "xyz.openbmc_project.ObjectMapper", ++ "/xyz/openbmc_project/object_mapper", ++ "xyz.openbmc_project.ObjectMapper", "GetObject", ++ "/xyz/openbmc_project/VirtualMedia", std::array<const char*, 0>()); ++} ++ + /** + * @brief Function extracts transfer protocol name from URI. + */ +@@ -829,6 +932,32 @@ inline void doVmAction(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + + inline void requestNBDVirtualMediaRoutes(App& app) + { ++ BMCWEB_ROUTE(app, "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/" ++ "VirtualMedia.InsertMedia") ++ .privileges({{"Login"}}) ++ .methods(boost::beast::http::verb::get)( ++ [](const crow::Request& req, ++ const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, ++ const std::string& name, const std::string& resName) { ++ CheckProxyMode(asyncResp, req, name, resName); ++ }); ++ ++ for (auto method : ++ {boost::beast::http::verb::patch, boost::beast::http::verb::put, ++ boost::beast::http::verb::delete_}) + { -+ CheckProxyMode(asyncResp, req, params); ++ BMCWEB_ROUTE(app, ++ "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/" ++ "VirtualMedia.InsertMedia") ++ .privileges({{"ConfigureManager"}}) ++ .methods(method)( ++ [](const crow::Request& req, ++ const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, ++ const std::string& name, const std::string& resName) { ++ CheckProxyMode(asyncResp, req, name, resName); ++ }); + } + - /** - * @brief Function handles POST method request. - * + BMCWEB_ROUTE(app, "/redfish/v1/Managers/<str>/VirtualMedia/<str>/Actions/" + "VirtualMedia.InsertMedia") + .privileges({{"ConfigureManager"}}) -- -2.17.1 +2.25.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0006-Bmcweb-handle-permission-denied-exception.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0006-Bmcweb-handle-permission-denied-exception.patch index efce3e72c..6ad7cf174 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0006-Bmcweb-handle-permission-denied-exception.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0006-Bmcweb-handle-permission-denied-exception.patch @@ -1,6 +1,6 @@ -From e7018ea9e3ad1a17e096aec3717a4764c3feac2e Mon Sep 17 00:00:00 2001 -From: Alicja Rybak <alicja.rybak@intel.com> -Date: Wed, 14 Apr 2021 16:26:59 +0200 +From 1d69a22d0ec1eddbe6d703d6824f413f6b68399e Mon Sep 17 00:00:00 2001 +From: Krzysztof Grobelny <krzysztof.grobelny@intel.com> +Date: Thu, 1 Jul 2021 10:41:47 +0000 Subject: [PATCH] Bmcweb handle permission denied exception Add handling of permission denied exception (EPERM) that @@ -13,35 +13,25 @@ VirtualMedia returns EPERM, which bmcweb handles as 403 status code. Change-Id: Ibc18d5ec822c5072605b1fc4651389982002798b Signed-off-by: Alicja Rybak <alicja.rybak@intel.com> --- - redfish-core/lib/virtual_media.hpp | 8 ++++++++ - 1 file changed, 8 insertions(+) + redfish-core/lib/virtual_media.hpp | 5 +++++ + 1 file changed, 5 insertions(+) diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp -index 4c475b7..8151ac0 100644 +index 186c04b..8e7c2e4 100644 --- a/redfish-core/lib/virtual_media.hpp +++ b/redfish-core/lib/virtual_media.hpp -@@ -1073,6 +1073,10 @@ class VirtualMediaActionInsertMedia : public Node - { - messages::resourceInUse(asyncResp->res); - } -+ else if (ec == boost::system::errc::permission_denied) -+ { -+ messages::accessDenied(asyncResp->res, "VirtualMedia.Insert"); -+ } - else - { - messages::internalError(asyncResp->res); -@@ -1267,6 +1271,10 @@ class VirtualMediaActionEjectMedia : public Node - { - messages::resourceInUse(asyncResp->res); - } -+ else if (ec == boost::system::errc::permission_denied) -+ { -+ messages::accessDenied(asyncResp->res, "VirtualMedia.Eject"); -+ } - else - { - messages::internalError(asyncResp->res); +@@ -917,6 +917,11 @@ inline void doVmAction(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, + { + messages::resourceInUse(asyncResp->res); + } ++ else if (ec == boost::system::errc::permission_denied) ++ { ++ messages::accessDenied(asyncResp->res, ++ "VirtualMedia.Insert"); ++ } + else + { + messages::internalError(asyncResp->res); -- -2.17.1 +2.25.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0008-Fix-VM-NBDPROXY-build-issue-with-AsyncResp.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0008-Fix-VM-NBDPROXY-build-issue-with-AsyncResp.patch deleted file mode 100644 index c188b2105..000000000 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/vm/0008-Fix-VM-NBDPROXY-build-issue-with-AsyncResp.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d31d913a8c5dbacf6a36407532cf777852099ced Mon Sep 17 00:00:00 2001 -From: AppaRao Puli <apparao.puli@linux.intel.com> -Date: Sun, 2 May 2021 11:07:16 +0000 -Subject: [PATCH] Fix VM NBDPROXY build issue with AsyncResp - -8d1b46d7 moves bmcweb to using AsyncResp everywhere, and not have -each individual handler creating its own object. - -This commit fixes the build failure when enabling virtual media -compile flag(BMCWEB_ENABLE_VM_NBDPROXY). This is caused by above -mentioned recent change. - -Tested: - - Build is successful with enabled virtual media flag. - -Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> -Change-Id: I363a41a08fae9dc05b3553695b96ffd26948f696 ---- - redfish-core/lib/virtual_media.hpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/redfish-core/lib/virtual_media.hpp b/redfish-core/lib/virtual_media.hpp -index 685ee5c..99542c4 100644 ---- a/redfish-core/lib/virtual_media.hpp -+++ b/redfish-core/lib/virtual_media.hpp -@@ -635,7 +635,7 @@ class VirtualMediaActionInsertMedia : public Node - } - - bool paramsValid = validateParams( -- asyncResp->res, imageUrl, inserted, -+ asyncResp, imageUrl, inserted, - transferMethod, transferProtocolType); - - if (paramsValid == false) --- -2.17.1 - |