diff options
author | Sunitha Harish <sunithaharish04@gmail.com> | 2020-05-28 13:09:09 +0300 |
---|---|---|
committer | Sunitha Harish <sunithaharish04@gmail.com> | 2020-06-17 07:26:05 +0300 |
commit | 92f682233ff0b8b20692e337632326cbd5a03676 (patch) | |
tree | dc700a9cfdc6a944581247e62df40dd8a5affa48 /include/sessions.hpp | |
parent | 566329ee0f19fed19cca49aafe7a43799f6c0bba (diff) | |
download | bmcweb-92f682233ff0b8b20692e337632326cbd5a03676.tar.xz |
Fetch the ClientIP during session creation
This commit saves the IP Address of the client from where the session
was created.
- This is not a user supplied value. The BMC will internally pull the
IP address from the incoming create-session request.
- It should also be noted that ClientIP will not change if the same session
token is used from some other IP address for further management of the BMC.
Tested by:
1. Create session
2. Display the Session details with GET command to check the IP from where
the session is created/updated.
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
{
"@odata.id": "/redfish/v1/SessionService/Sessions/<id>",
"@odata.type": "#Session.v1_0_2.Session",
"Description": "Manager User Session",
"Id": "<id>",
"Name": "User Session",
"Oem": {
"OpenBMC": {
"@odata.type": "#OemSession.v1_0_0.Session",
"ClientOriginIP": "<ip address>"
}
},
"UserName": "root"
}
3. Redfish validator is run successfully.
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I0076f260f50a991600ec060c72f3e46fb9a9cbb8
Diffstat (limited to 'include/sessions.hpp')
-rw-r--r-- | include/sessions.hpp | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/include/sessions.hpp b/include/sessions.hpp index e4558094a8..217ce95e73 100644 --- a/include/sessions.hpp +++ b/include/sessions.hpp @@ -44,6 +44,7 @@ struct UserSession std::string username; std::string csrfToken; std::string clientId; + std::string clientIp; std::chrono::time_point<std::chrono::steady_clock> lastUpdated; PersistenceType persistence; bool cookieAuth = false; @@ -101,6 +102,11 @@ struct UserSession { userSession->clientId = *thisValue; } + else if (element.key() == "client_ip") + { + userSession->clientIp = *thisValue; + } + else { BMCWEB_LOG_ERROR @@ -212,7 +218,8 @@ class SessionStore std::shared_ptr<UserSession> generateUserSession( const std::string_view username, PersistenceType persistence = PersistenceType::TIMEOUT, - bool isConfigureSelfOnly = false, const std::string_view clientId = "") + bool isConfigureSelfOnly = false, const std::string_view clientId = "", + const std::string_view clientIp = "") { // TODO(ed) find a secure way to not generate session identifiers if // persistence is set to SINGLE_REQUEST @@ -259,10 +266,11 @@ class SessionStore return nullptr; } } - auto session = std::make_shared<UserSession>(UserSession{ - uniqueId, sessionToken, std::string(username), csrfToken, - std::string(clientId), std::chrono::steady_clock::now(), - persistence, false, isConfigureSelfOnly}); + auto session = std::make_shared<UserSession>( + UserSession{uniqueId, sessionToken, std::string(username), + csrfToken, std::string(clientId), std::string(clientIp), + std::chrono::steady_clock::now(), persistence, false, + isConfigureSelfOnly}); auto it = authTokens.emplace(std::make_pair(sessionToken, session)); // Only need to write to disk if session isn't about to be destroyed. needWrite = persistence == PersistenceType::TIMEOUT; @@ -428,17 +436,16 @@ struct adl_serializer<std::shared_ptr<crow::persistent_data::UserSession>> crow::persistent_data::PersistenceType::SINGLE_REQUEST) { #ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE - j = nlohmann::json{{"unique_id", p->uniqueId}, - {"session_token", p->sessionToken}, - {"username", p->username}, - {"csrf_token", p->csrfToken}, - { "client_id", - p->clientId }}; + j = nlohmann::json{ + {"unique_id", p->uniqueId}, {"session_token", p->sessionToken}, + {"username", p->username}, {"csrf_token", p->csrfToken}, + {"client_id", p->clientId}, { "client_ip", p->clientIp }}; #else j = nlohmann::json{{"unique_id", p->uniqueId}, {"session_token", p->sessionToken}, {"username", p->username}, - {"csrf_token", p->csrfToken}}; + {"csrf_token", p->csrfToken}, + {"client_ip", p->clientIp}}; #endif } } |