Age | Commit message (Collapse) | Author | Files | Lines |
|
Missing the fstream include is causing build errors that block the
upstream sync, so adding it to fix the build.
Tested:
Confirmed that it builds.
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>
|
|
Change the default behavior of mount/umount dbus calls from blocking to
unblocking ones.
Once mount/unmount is triggered, appropriate action is running in the
background moving handling of operation result to async event. At the
end of processing dbus completion signal is sent to client with uint
value of operation status (identical with errno code).
Tested:
Manual scheduling of mount and unmount operations with monitoring dbus
communication of virtual-media service - matching api calls with
completion signal.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Due to requirements from community, new projects have to be built with
meson.
To unify with other projects some additional warnings has been enabled,
so appropriate code updates has been implemented.
This commit makes both meson and CMake available to simplyfy transition
in openbmc. CMake support will be removed after switching to meson in
openbmc will be accepted.
Tested:
Compiled and smoke tested.
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
* Force udev change event on init
This change provides temporary workaround for HSD HSD18020136609 ("Can not mount image using Virtual media and CIFS protocol"). When in initial state, additional udev change event is triggered for all NBD devices, which prevents from disconnection on first mount attempt after reboot. The actual issue is a regression, introduced after kernel update from 5.10.67 to 5.14.11. The exact source in kernel is yet to be located; after that an actual fix shall be provided and this change will be reverted.
Abstracts echoToFile to a separate class, that may be used by other classes through inheritance. This way, writing to udev files can be handled by different object than UsbGadget.
Tested:
Successful mounts after reboot for all supported methods (Proxy, Legacy HTTPS, Legacy CIFS).
Change-Id: I2ceb826c73b6e46938397060877d35a9fa1c0e03
Signed-off-by: MichalX Orzel <michalx.orzel@intel.com>
|
|
Removed all -Wextra warnings in VM sources.
-Wno-unused-parameter has to be disabled due to lots of such warnings in
sdbusplus.
Tested:
Compilation generates no warnings
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
In the mechanism of passing the password to client application a file
with password is used. Until now, the file has been created with use of
unsecure tmpnam function, which can be a subject of TOCTOU vulnerability.
Changing tmpnam to mkstemp required some changes in the
flow (std::fstream can't reuse file descriptor of opened file,
appropriate file permissions are set by mkstemp).
Tested:
Manually. Password is passed to nbdkit, temporary file permissions are the same as
before.
Change-Id: Icdd1719cafa08946d5b06414a0db7fa4714cb7ee
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Latest changes in kernel introduces changes in mounting parameters.
- nolock parameter is no longer used with cifs (before it was ignored)
- shortened user version of username is no longer valid (even though
it still in the codebase)
Tested:
Updated mount parameter list made CIFS mount possible again
Change-Id: I0f0ecb1f3cdb19144246340e5df12203648648f5
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
On initial state application cleans mounted resources which
were allocated by user befor application crashed.
Without that busy slot is not avaialble anymore for user.
Tested:
1. Mount CIFS share.
2. Send terminate signal to virtual-media (kill -9).
3. Mount CIFS share on the same slot as during step 1.
Change-Id: I7088e94832fb7bec171a56f73bd66cd29e9b246f
Signed-off-by: Krzysztof Richert <krzysztof.richert@intel.com>
|
|
This change allows virtual-media to pass a zero-length string to
nbdkit curl plugin cainfo parameter, which will allow for capath
to be used.
Tested:
Manually, with Virtual-Media HTTPS test in ATF.
Change-Id: I14ffa2ecbb2bd6cadee3bb8929ef2e1b8bbbf157
Signed-off-by: Golgowski, Wiktor <wiktor.golgowski@intel.com>
|
|
Updated TLS 1.2 cipher list and added TLS1.3 cipher list.
Tested by Oleksandr Shulzhenko on local setup.
Change-Id: I218c245d8ddf7e54dae258a39cd78c3255027b6e
Signed-off-by: Karol Niczyj <karol.niczyj@intel.com>
|
|
According to the latest recommendations obsolete cipher suites shall be
forbidden.
Tested:
Python HTTP server configured TLSv1.2 with ECDHE-RSA-CHACHA20-POLY1305
cipher can't be reached.
Change-Id: I370c125b28c4df4bba744ec63536aa8fdebb961d
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Due to security reasons (by security researcher recommendation) remote
source redirections shouldn't be allowed in order to disallow connection
downgrading
Tested:
Tested with python server script forcing redirection
Change-Id: Ia68884dbcc399abc685dcbcf4e205aa62356478f
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Providing comma (,) in username can lead to inject some unappropriate
mount options. In opposite to password, username is not escaped by
kernel driver so we have to disallow such entries.
Tested:
Manually mounting CIFS share with comma
Change-Id: I20ff5089d04f07d7e6aa3190fe83babdd7acfe96
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Due to change of recommendation of minimum TLS version from 1.1 to 1.2,
version passed to CURL plugin of Nbdkit is changed appropriately.
Tested:
Manually; TLSv1.1 server is rejected for Legacy/HTTPs.
Change-Id: Ifc8848817deb9f73a44f551d85f1fe9ba20b3e10
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Due to security reasons "user/username" has to be removed from the
information that is logged by application.
Sensitive data has been moved to "Debug"" level (lowest one) and default
one has moved one level up to "Info".
Also some important information allowing to catch basic errors has been
upgraded to "Info".
Tested:
Manually, mounting both Legacy mode remote types (HTTPs and CIFS) and
checking if journal for VirtualMedia service does not contain sensitive
information.
Change-Id: Ie6c3a79c94637e3632af76daf957e986b2dd3b6d
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Mount function consumes mount parameters as coma delimited options. In
order to make it resistant to classic parameter injection each comma in
username or password parameter that user provides is escaped by second
comma character. This fix appiles such escaping for samba credentials.
Tested:
Tested by inserting media with password=smbpass,ver=1.0. Kernel does
not mount share, showing error appropriate to incorrect credentials:
intel-obmc kernel: CIFS: Status code returned 0xc000006d \
STATUS_LOGON_FAILURE
Change-Id: I3acb24a4b24e798e54e095c69e9c6ec3151e03d1
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
When trying to mount virtual media image in Legacy mode
nbd tries to create unix socket and if the parent directory
does not exist mount fails.
Also used noexcept versions of filesystem operations.
Tested:
Locally, by manually removing the socket's parent folder and
mounting an image in Legacy mode (Samba).
Change-Id: If5beb7add655e09a60511b30e4edbd34c8c15ec5
Signed-off-by: Anna Platash <anna.platash@intel.com>
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
SMB share when mounted leaved a trace in journal with parameters passed
with mount command. Among others password and user name has been
included what raises security issue.
Tested:
Manually, SMB mount does not reveal share credentials in logs any more
Change-Id: I30abbe085620c95d42b19f19d94285a211024cf4
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Invalid status code 500 when slot is inserted twice. Invalid status code 200 when slot is ejected twice.
In both situation code 403 should be returned.
Using [[noreturn]] attribute for handleEvent functions.
Tested:
Manually on hw and verified that status code is 403.
Change-Id: I886c41048d6bcfcb3d47b46fd23a2de564d9dd3e
Signed-off-by: Alicja Rybak <alicja.rybak@intel.com>
|
|
When mounting image with WriteProtected set to true,
it is shown to be false and vice versa.
Change-Id: Id5ff0f0deb5d5822279dd02af0deeb7586dcd065
Signed-off-by: Anna Platash <anna.platash@intel.com>
|
|
Removed following cipher suits:
* AES256-GCM-SHA384
* AES128-GCM-SHA256
* AES256-SHA256
* AES128-SHA256
Tested: - verified manually that listed ciphers are not accepted
- verified manually that it is possible to mount HTTPS resource
using TLS version >= 1.1 and other ciphers
Change-Id: If41dfc8fa8439a1be1fd61dbb639595523a7157d
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
|
|
between Redfish and Web UI
WriteProtected field was not updated in bmcweb.
Added new property WriteProtected to MountPoint interface to
allow bmcweb updating the WriteProtected field value properly.
Tested on manually on ArcherCity by mounting images via RedFish
interface with and without write protection.
Change-Id: I9f642ace2462c52bf964d2e54b0f59fac1b06738
Signed-off-by: Anna Platash <anna.platash@intel.com>
|
|
SMB 3.1.1 provides more secure authentication.
vers=3 is preferred over vers=3.0 as it automatically
negotiates 3.0 or 3.0.2 dialects, if available from server.
While the vers=3.0 uses only 3.0.
Fallback scheme:
try vers=3.1.1
if fails - try vers=3
if fails - unrecoverable error path
Tested:
Manually on ArcherCity. Mounting .iso image in legacy mode (smb),
using RedFish interface.
Change-Id: Ief224353079f1b7200011a00b8d5c482f57f844e
Signed-off-by: Anna Platash <anna.platash@intel.com>
|
|
This change adds nbdkit curl plugin parameters for specifying TLS
version. VM is configured to support TLSv1.1 or greater.
Tested: manually, TLSv1.0 is not negotiated during connection.
Change-Id: I0d1186534ba3ec2f7937fea65c0cc1f01557cf6e
Signed-off-by: Golgowski, Wiktor <wiktor.golgowski@intel.com>
|
|
This reverts commit b253675eb507f07f8072b287c0ea68448808eb0b.
Change-Id: I29c2eb73ecc37e47c4dd44b668c6d9a1ab2f6579
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This change adds nbdkit curl plugin parameters for specifying TLS
version and not allowed cipher suites (OWASP recommendation).
Tested: manually, TLSv1.0 is not negotiated during connection.
Awaiting confirmation for cipher suites.
Warning: this change may break legacy mode, if used with nbdkit
without ssl-version and ssl-cipher-list (see review #272350).
Change-Id: I06c5acc7a87de6c1bd1b0cdcef2af8585a3da965
Signed-off-by: Golgowski, Wiktor <wiktor.golgowski@intel.com>
|
|
Tested: - verified that mount attempt in active state returns operation
not supported (EOPNOTSUPP) error
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
Change-Id: I3d148a6f360e4ede996f99827185ae653e0ed5c5
|
|
It fixes problem with missing information on VirtualMedia Redfish
resource after user mounts media using legacy method.
Part of VirtualMedia Redfish resource after fix:
{
...
"ConnectedVia": "URI",
"Id": "Slot_2",
"Image": null,
"ImageName": "smb://127.0.0.1/public/openSUSE-15.1-x86_64.iso",
"Inserted": true,
...
}
Tested:
- Mounted and ejected media using legacy method with success.
- Received proper details about mounted image from Redfish.
Signed-off-by: Wludzik, Jozef <jozef.wludzik@intel.com>
Change-Id: I445b37aac27dd290ce07f589834c0a6a10d2ceef
|
|
actiavting/deactivating states
Previously mount/unmount waited until timeout occurs, when
operation was already process it could finish before the timeout
causing mount/unmount to get false positive/negative results.
Tested: - Mount/Unmount dbus calls cause EBUSY exception in
actiavting/deactivating states
Change-Id: Idaacde212531c963aec304ac87e536d014d9d8d2
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
|
|
According to security guidelines, files created by service must be
limited to the narrowest set of permissions required. This must be also
true for 3rd party files used by Virtual Media.
- For all regular files and directories created by service umask is
used.
- For sockets, permissions are limited by permissions of parent
directory. For full reference see man unix(7). Below the most important
fragment:
"In the Linux implementation, sockets which are visible in the
filesystem honor the permissions of the directory they are in. Their
owner, group and their permissions can be changed. Creation of a new
socket will fail if the process does not have write and search (execute)
permission on the directory the socket is created in. Connecting to the
socket object requires read/write permission. This behavior differs from
many BSD-derived systems which ignore permissions for UNIX domain
sockets. Portable programs should not rely on this feature for
security."
Change-Id: I22ff531c96c8a6903fecb5d8cc71caf33150a713
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Added Timeout dbus property for block devices in VirtualMedia.
Added throwing EBUSY exception when Mount/Unmount operation times out.
Added transition from ActivatingState to DeactivatingState.
Tested: Verified that after mounting non-existing HTTPS resource
in proxy mode, VirtualMedia recovers restoring ready state
and throws EBUSY during that transition.
Verfied that resources can be mounter/unmounted in both legacy
and proxy mode.
Change-Id: I3768af13663046cc55976ad59062f8bc1d6396ba
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
|
|
OpenBMC uses custom path for certificates: /etc/ssl/certs not
/usr/lib/ssl/certs like curl plugin default. We need to provide it in
order to make curl plugin work in OpenBMC environment.
Tested:
Certificate Authority added with UI allows to use https server signed
with this certificate.
Change-Id: I702179862e9e977efd162bdf19426208c4ce45f0
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
- Previously machine did not handle AnyEvent correctly,
implementation in BaseState was always run
- Changing from ActiveState to ReadyState was bugged,
previously only one of event SubprocessStopped or UdevNotification
caused state change when it is required to wait for both
- Introduced longer timer when waiting for ReadyState during Eject and
ActiveState during Inject, because ndbkit can timeout during Eject and
it is required to complete before next inject can success.
- Added event notification when process is terminated
- Added resourcess classes to handle deletion and notifications
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
Change-Id: Ie914e650c2f15bd73cdc87582ea77a94997a3472
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
|
|
- Flushing file content before deleting it
TESTED: Tested manually, no regression detected.
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Change-Id: Id48ebb6edbb2c0f0fbf930c2be9a63dd1034b7cc
|
|
timeout value was always set to default instead of using configuration
file.
Tested: verified that timeout value set in /etc/virtual-media.json is
actually used by service
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
Change-Id: I6865f25c91d95eb273792798f6159838cfd013c5
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
|
|
Changed recursive removal (std::filesystem::remove_all) of all files in
/sys/kernel/config/usb_gadget/ to rmdir operation
(std::filesystem::remove).
configfs does not allow recursive file removal and returns operation not
permitted on such operations. It is required to execute rmmdir.
Tested: verified that VirtualMedia drives can be restarted properly
(stopped and started again)
Change-Id: Ib0c66723b451e29f28c9c90029365385a41dc558
Signed-off-by: Karol Wachowski <karol.wachowski@intel.com>
|
|
This change modifies the default configuration and removes ability
to configure endpoints in such mode.
Tests performed:
Tested on WilsonCity for regression. Proxy mode works.
Manual configuration injection (modifying virtual-media.json)
didn't enable Legacy endpoints - they are ignored.
Change-Id: Idb63f1cf0f391dc428d6ad3d8e3684017d509369
Signed-off-by: Adrian Ambrożewicz <adrian.ambrozewicz@linux.intel.com>
|
|
restart VM service'.
Due to unsuccessful mounting of image, mount point changes state
to ReadyState and perform reset on target object.
Target is no longer available so fix assumes adding verification
against null value before performing other reset on target fields.
Tested manually for scenarios with valid and invalid passwords.
Change-Id: I6c9d5f680f76af3c2ba609a7889552345451cf28
Signed-off-by: Agata Olender <agata.olender@intel.com>
|
|
Property returns exit code value from nbd-client process for
proxy mode and from nbdkit process for legacy mode.
The initial value for this property is -1 and will be returned
before starting the process and in the process execution time.
Tested manually for proxy and legacy mode:
- initial value before process first run
- initial value in process execution time
- 0 value for successful exit
- specific value for forced process termination
Change-Id: I4cefa423bade522fc2fac0cab620cbba0b66cce2
Signed-off-by: Agata Olender <agata.olender@intel.com>
|
|
This change introduces new 'Mount' API argument - UNIX_FD for named pipe.
This named pipe is utilized to securely send secret data over D-Bus.
Currently data consists of null-terminated char buffers with username and
password.
Data on receiving side is encapsulated into classes whose role is to:
- keep secret as short-lived as possible
- erase secret from memory when it's not needed
- pass secrets (and format them) to another secure container with above
capabilities
New classes:
- Credentials: is a class encapsulating login and password. It zeroes them
at destruction.
- CredentialProvider: contains Credentials, specifies SecureBuffer, allows
to store credentials in SecureBuffer
- SecureBuffer: char vector which zeroes itself at destruction,
used to provision secret data
- VolatileFile: class creating temporary file with 'owner-only' permissions
in /tmp; at destruction overwrites it's contents with '*' and removes it
New behavior:
- when UNIX_FD is provided over D-Bus it's treated as open unix pipe. Data
is read from this pipe and stored securely into CredentialsProvider
- credentials are stored in applications inside CredentialsProvider object,
encapsulated by unique_ptr for as long as it's needed
- strings containing secrets are zeroed immediately after use
- VolatileFile is used to securely pass credentials to nbdkit curl plugin
instead of command line parameters.
Tested:
Manual and automated tests on WilsonCity platform:
- positive and negative tests for authentication on both CIFS and HTTPS
resources
- error injection (ill-formed data transfered over pipe, pipe broken etc.)
Change-Id: I608ae0380b8ad57110bc0939f71eb48604e7dc99
Signed-off-by: Adrian Ambrożewicz <adrian.ambrozewicz@linux.intel.com>
Signed-off-by: Agata Olender <agata.olender@intel.com>
|
|
Previously implemented error handling for Mount checks only if mounting was
successful and returns boolean with the result.
Following change introduces optional error to existing ReadyState
(a.k.a. "idle state"). If state machine enters ReadyState with error it is
stored into ReadyState field with std::errc and std::string message.
In the case of mount failure with such error information stored, Mount
returns graceful D-Bus error reply with specific error code.
Tested:
Manual and automated tests on WilsonCity platform:
- negative tests for invalid network share, unauthorized share access,
error injection (renaming expected unix socket names etc)
Change-Id: I22cf9b17e9e6342aad0ae68766853734fac79b8e
Signed-off-by: Adrian Ambrożewicz <adrian.ambrozewicz@linux.intel.com>
Signed-off-by: Agata Olender <agata.olender@intel.com>
|
|
This change introduces integration of virtual-media application with
NBDKit. NBDKit is used here to connect to externally provided image on web
and expose NBD device internally in BMC for NBD subsystem (already
implemented in Proxy mode) to use.
'Mount' D-Bus call accepts 's imgUrl' and 'b rw'. Based on 's imgUrl'
prefix (https:// or smb://) proper mount type is attempted. 'b rw'
determines Read-Only mode for both USB Gadget and NBD stack.
When 'Mount' is called, virtual-media parses arguments, determines mounting
options and attempts to mount external share.
For SMB protocol native CIFS Linux module is used:
1) mount(8) call is used to mound provided CIFS share
2) NBDKit loads file on mounted filesystem and exposes NBD Server on
internal unix socket
3) Pre-existing code takes care of mouting gadget automatically
(connecting socket to /dev/nbdX and then /dev/nbdX to USB Gadget)
For HTTPS protocol provisioning is performed by NBDKit:
1) NBDKit connects to provided resource and exposes NBD Server on internal
unix socket
2) Pre-existing code takes care of mouting gadget automatically
(connecting socket to /dev/nbdX and then /dev/nbdX to USB Gadget)
Tested:
Manual and automated tests on WilsonCity platform:
- mounting and unmounting images over CIFS and HTTPS (single, multiple
at the same time etc)
- positive and negative tests for D-Bus calls
- ensuring proper information is exposed on D-Bus
Change-Id: Ia2b6e8c13603521063f5c94cdfdb06f2e872e9e7
Signed-off-by: Adrian Ambrożewicz <adrian.ambrozewicz@linux.intel.com>
Signed-off-by: Agata Olender <agata.olender@intel.com>
|
|
MountPoints being inactive for time defined by InactivityTimeout will be unmounted.
Inacitivity is measured based on USB gadget R/W statitics.
InactivityTimeout must be set in json configuration and is common for all MountPoints.
Remaining time to unmount inactive media is exposed per MountPoint on dbus using RemainingInactivityTimeout property.
Change-Id: Ieb80e67dae6c3b4cb0482d801b5b4208884b0809
Signed-off-by: Agata Olender <agata.olender@intel.com>
|
|
This is a first part of bigger functionality which provides host to use
virtual media.
First part provides skeleton and definitions of states and events defining
state machine, also brings working implementation of proxy mode and some
starting point to implement legacy mode.
There are at least three additional patchsets implementing legacy mode with
https and cifs support and secure passing of secrets.
Specifically this change adds StateMachine class used to keep track state of
each mount point:
- StateMachine is made as std::variant of object derived from BasicState.
- Each state has its own possible transitions defined (events).
- Transitions defines appropriate behavior.
- Specific event triggers transition from one to other specific state (1:1
relation).
Tested:
Manual tests on WilsonCity platform:
- mounting and unmounting using redfish and webui
- check state on dbus interfaces
Change-Id: I4b13085e1f8884fcedd7d97e76910c21e87ab7f8
Signed-off-by: Rapkiewicz, Pawel <pawel.rapkiewicz@intel.com>
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Configuration class is used to read configration from file and validate
entries.
Also exposes API to serve stored data.
Change-Id: Id4989ff45ff4a5cf7af7acf76a89b1c5838862f4
Signed-off-by: Rapkiewicz, Pawel <pawel.rapkiewicz@intel.com>
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Added DeviceMonitor which watches for ndb device changes.
Contains:
- Udev library wrappers.
- NBDevice object to manage nbd devices in errorless manner.
- Process library, which manages process spawning.
Change-Id: Iaf3caec56cd6084f1c17ccc5657b9b14c8e82d33
Signed-off-by: Rapkiewicz, Pawel <pawel.rapkiewicz@intel.com>
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Introducing Virtual Media based on State Machine.
- Logging class added
- Stub for Main application
Change-Id: I05ef576c170e2f9acf90800708f4447452f4050f
Signed-off-by: Rapkiewicz, Pawel <pawel.rapkiewicz@intel.com>
Signed-off-by: Czarnowski, Przemyslaw <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Support for Legacy mode added but only for CIFS resources.
DBus "xyz.openbmc_project.VirtualMedia.MountPoint" interface was
extended to support 'ImageUrl'. This property will be used to expose
on DBus HTTPS/CIFS url already mounted in Legacy mode.
Changes does not cover passing credential needed for CIFS
authentication.
Tested:
- CIFS/SMB resource succesfully mounted with DBus call to the
xyz.openbmc_project.VirtualMedia.Legacy:Mount
- CIFS/SMB resource succesfully unmounted with DBus call to the
xyz.openbmc_project.VirtualMedia.Legacy:Unmount
- checked double mount and unmount DBus calls return an error
and put an appropriate trace in logs.
Change-Id: I25b3d11dad6b273e88325beb35580e0baa8568f8
Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
|
|
This is initial version of virtual media support
this covers:
* udev monitoring
* configuration reading
* exposing appropriate interfaces on dbus
* allows mount/umount images from existing unix socket
Does not cover:
* configuration of usb gadget
Integration with bmcweb will be delivered to bmcweb
Change-Id: I358ab80fe32a7ed933007143bfa00da847a95316
Signed-off-by: Rapkiewicz, Pawel <pawel.rapkiewicz@intel.com>
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
|