diff options
author | Sunitha Harish <sunharis@in.ibm.com> | 2020-10-30 10:37:30 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2020-11-10 19:30:11 +0300 |
commit | c0ea7ae1c502fa2c67b0a58aee05b75581dafa7a (patch) | |
tree | 812b2d37bb153377a5897b434ddef7fc8137d7e9 /include | |
parent | a0744d38e93863ce3fb4bef2d4c70f9e9f640840 (diff) | |
download | bmcweb-c0ea7ae1c502fa2c67b0a58aee05b75581dafa7a.tar.xz |
Redfish Session : Support ClientOriginIPAddress
This commit implements the ClientOriginIPAddress property on
the session resource. The IP address is persisted across the reboot
Tested by:
1. Create session
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":<>, "Password":<>}'
2. Check the session gets updated with the ClientOriginIPAddress
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
3. Redfish validator passed
4. Create session and reboot the BMC to ensure the IP address is persisted
5. Tested the basic auth populates the clientIp at req
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: Iaa60d0657c991bde4bcf6c86819055c71c92e421
Diffstat (limited to 'include')
-rw-r--r-- | include/authorization.hpp | 9 | ||||
-rw-r--r-- | include/login_routes.hpp | 2 | ||||
-rw-r--r-- | include/persistent_data.hpp | 1 |
3 files changed, 8 insertions, 4 deletions
diff --git a/include/authorization.hpp b/include/authorization.hpp index e965508e08..0f73e967cb 100644 --- a/include/authorization.hpp +++ b/include/authorization.hpp @@ -35,7 +35,8 @@ static void cleanupTempSession(Request& req) } static std::shared_ptr<persistent_data::UserSession> - performBasicAuth(std::string_view auth_header) + performBasicAuth(const boost::asio::ip::address& clientIp, + std::string_view auth_header) { BMCWEB_LOG_DEBUG << "[AuthMiddleware] Basic authentication"; @@ -60,6 +61,8 @@ static std::shared_ptr<persistent_data::UserSession> std::string pass = authData.substr(separator); BMCWEB_LOG_DEBUG << "[AuthMiddleware] Authenticating user: " << user; + BMCWEB_LOG_DEBUG << "[AuthMiddleware] User IPAddress: " + << clientIp.to_string(); int pamrc = pamAuthenticateUser(user, pass); bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD; @@ -76,7 +79,7 @@ static std::shared_ptr<persistent_data::UserSession> // calling directly into pam for every request return persistent_data::SessionStore::getInstance().generateUserSession( user, persistent_data::PersistenceType::SINGLE_REQUEST, - isConfigureSelfOnly); + isConfigureSelfOnly, clientIp.to_string()); } static std::shared_ptr<persistent_data::UserSession> @@ -269,7 +272,7 @@ static void authenticate( else if (boost::starts_with(authHeader, "Basic ") && authMethodsConfig.basic) { - req.session = performBasicAuth(authHeader); + req.session = performBasicAuth(req.ipAddress, authHeader); } } } diff --git a/include/login_routes.hpp b/include/login_routes.hpp index 1f7b35a3b4..6879de0d47 100644 --- a/include/login_routes.hpp +++ b/include/login_routes.hpp @@ -141,7 +141,7 @@ inline void requestRoutes(App& app) .generateUserSession( username, persistent_data::PersistenceType::TIMEOUT, - isConfigureSelfOnly); + isConfigureSelfOnly, req.ipAddress.to_string()); if (looksLikePhosphorRest) { diff --git a/include/persistent_data.hpp b/include/persistent_data.hpp index 19c424a202..0ff0c7e1df 100644 --- a/include/persistent_data.hpp +++ b/include/persistent_data.hpp @@ -193,6 +193,7 @@ class ConfigFile {"session_token", p.second->sessionToken}, {"username", p.second->username}, {"csrf_token", p.second->csrfToken}, + {"client_ip", p.second->clientIp}, #ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE {"client_id", p.second->clientId}, #endif |