From edc6925e8c0d9f60da1f70c524261efaf05b2710 Mon Sep 17 00:00:00 2001
From: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Date: Wed, 30 Jun 2021 15:42:06 +0000
Subject: [PATCH 5/5] Fix:remove bios user pwd change option via Redfish

BMC should not provide user bios setup password change option via
Redfish as per bios security requirements. Only Admin BIOS setup
password is supported.

Added check for the password name action parameter and
do not allow if it has User Password value from redfish side.

Tested: sent POST query in redfish on URI:
https://<ip>/redfish/v1/Systems/system/Bios/Actions/Bios.ChangePassword
error occurs for UserPassword parameter and allows for AdminPassword.

Signed-off-by: Ayushi Smriti <smriti.ayushi@intel.com>
Change-Id: I169cc6a4f786625d9e8b8dfe56816d52b1740f4c
---
 redfish-core/lib/bios.hpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/redfish-core/lib/bios.hpp b/redfish-core/lib/bios.hpp
index 0250c59..360a749 100644
--- a/redfish-core/lib/bios.hpp
+++ b/redfish-core/lib/bios.hpp
@@ -323,6 +323,16 @@ inline void requestRoutesBiosChangePassword(App& app)
                         asyncResp->res, "ChangePassword", "PasswordName");
                     return;
                 }
+
+                // In Intel BIOS, we are not supporting user password in BIOS
+                // setup
+                if (userName == "UserPassword")
+                {
+                    messages::actionParameterUnknown(
+                        asyncResp->res, "ChangePassword", "PasswordName");
+                    return;
+                }
+
                 crow::connections::systemBus->async_method_call(
                     [asyncResp](const boost::system::error_code ec) {
                         if (ec)
-- 
2.17.1