meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/biosconfig/0004-Add-support-to-ChangePassword-action.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

From 0ce94f6caf5d76d7f1abc71f6f8f7dc320517984 Mon Sep 17 00:00:00 2001
From: Kuiying Wang <kuiying.wang@intel.com>
Date: Wed, 23 Dec 2020 14:41:23 +0800
Subject: [PATCH] Add support to ChangePassword action

Tested:

Passed Redfish validator.
Bios change password:
root@intel-obmc:~# cat /var/lib/bios-settings-manager/seedData
{
"UserPwdHash": "08D91157785366CDC3AA64D87E5E3C621EDAB13E26B6E484397EBA5E459E54C567BF5B1FFB36A43B6142B18F8D642E9D",
"AdminPwdHash": "08D91157785366CDC3AA64D87E5E3C621EDAB13E26B6E484397EBA5E459E54C567BF5B1FFB36A43B6142B18F8D642E9D",
"Seed": "123456",
"HashAlgo": "SHA384"
}
POST https://IP_ADDR/redfish/v1/Systems/system/Bios/Actions/Bios.ChangePassword
{
    "NewPassword": "12345678",
    "OldPassword": "1234567890",
    "PasswordName": "Administrator"
}
root@intel-obmc:~# cat /var/lib/bios-settings-manager/passwordData
{
    "CurrentPassword": "1234567890",
    "IsAdminPwdChanged": 1,
    "IsUserPwdChanged": 0,
    "NewPassword": "2DD65D57EB60B1D92C5F3D2DC84724FCEE7BC02E57AA75E834712266ED94CAC704047B2FF7CEC1C36BED280B36BB5AC6",
    "UserName": "Administrator"
}

Change-Id: I90319a68da0b0a7f9c5cd65a8cb8cf52269a5f52
Signed-off-by: Kuiying Wang <kuiying.wang@intel.com>
---
 redfish-core/include/redfish.hpp |  1 +
 redfish-core/lib/bios.hpp        | 70 ++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)

diff --git a/redfish-core/include/redfish.hpp b/redfish-core/include/redfish.hpp
index 298ebb8..4418c3d 100644
--- a/redfish-core/include/redfish.hpp
+++ b/redfish-core/include/redfish.hpp
@@ -159,6 +159,7 @@ class RedfishService
         nodes.emplace_back(std::make_unique<BiosSettings>(app));
         nodes.emplace_back(std::make_unique<BiosAttributeRegistry>(app));
         nodes.emplace_back(std::make_unique<BiosReset>(app));
+        nodes.emplace_back(std::make_unique<BiosChangePassword>(app));
 #ifdef BMCWEB_ENABLE_VM_NBDPROXY
         nodes.emplace_back(std::make_unique<VirtualMedia>(app));
         nodes.emplace_back(std::make_unique<VirtualMediaCollection>(app));
diff --git a/redfish-core/lib/bios.hpp b/redfish-core/lib/bios.hpp
index 1eb7bef..12ec472 100644
--- a/redfish-core/lib/bios.hpp
+++ b/redfish-core/lib/bios.hpp
@@ -184,6 +184,9 @@ class BiosService : public Node
         asyncResp->res.jsonValue["Actions"]["#Bios.ResetBios"] = {
             {"target",
              "/redfish/v1/Systems/system/Bios/Actions/Bios.ResetBios"}};
+        asyncResp->res.jsonValue["Actions"]["#Bios.ChangePassword"] = {
+            {"target",
+             "/redfish/v1/Systems/system/Bios/Actions/Bios.ChangePassword"}};
 
         // Get the ActiveSoftwareImage and SoftwareImages
         fw_util::populateFirmwareInformation(asyncResp, fw_util::biosPurpose,
@@ -669,4 +672,71 @@ class BiosReset : public Node
             std::variant<std::string>(resetFlag));
     }
 };
+
+/**
+ * BiosChangePassword class supports handle POST method for change bios
+ * password. The class retrieves and sends data directly to D-Bus.
+ */
+class BiosChangePassword : public Node
+{
+  public:
+    BiosChangePassword(App& app) :
+        Node(app,
+             "/redfish/v1/Systems/system/Bios/Actions/Bios.ChangePassword/")
+    {
+        entityPrivileges = {
+            {boost::beast::http::verb::post, {{"ConfigureComponents"}}}};
+    }
+
+  private:
+    /**
+     * Function handles POST method request.
+     * Analyzes POST body message before sends Reset request data to D-Bus.
+     */
+    void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
+                const crow::Request& req,
+                const std::vector<std::string>&) override
+    {
+        std::string currentPassword, newPassword, userName;
+        if (!json_util::readJson(req, asyncResp->res, "NewPassword",
+                                 newPassword, "OldPassword", currentPassword,
+                                 "PasswordName", userName))
+        {
+            return;
+        }
+        if (currentPassword.empty())
+        {
+            messages::actionParameterUnknown(asyncResp->res, "ChangePassword",
+                                             "OldPassword");
+            return;
+        }
+        if (newPassword.empty())
+        {
+            messages::actionParameterUnknown(asyncResp->res, "ChangePassword",
+                                             "NewPassword");
+            return;
+        }
+        if (userName.empty())
+        {
+            messages::actionParameterUnknown(asyncResp->res, "ChangePassword",
+                                             "PasswordName");
+            return;
+        }
+        crow::connections::systemBus->async_method_call(
+            [asyncResp](const boost::system::error_code ec) {
+                if (ec)
+                {
+                    BMCWEB_LOG_CRITICAL
+                        << "Failed in doPost(BiosChangePassword) " << ec;
+                    messages::internalError(asyncResp->res);
+                    return;
+                }
+            },
+            "xyz.openbmc_project.BIOSConfigPassword",
+            "/xyz/openbmc_project/bios_config/password",
+            "xyz.openbmc_project.BIOSConfig.Password", "ChangePassword",
+            userName, currentPassword, newPassword);
+    }
+};
+
 } // namespace redfish
-- 
2.17.1