Redfish: Allow disabling and enabling SSH

This patch adds support for disabling and enabling SSH using
Redfish API.

Tested:Validator passes

1.Disabled SSH from Redfish and verified cannot open a new SSH
connection to the machine, but the original SSH connection still
takes effect and verified ProtocolEnabled is false for SSH.

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": true
  },
  ...
 }

 curl -k -H "X-Auth-Token: $token" -X PATCH '-d
 {"SSH": {"ProtocolEnabled": false}}'
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/

 Open a new SSH connection:
 sudo ssh username@<IP>
 ssh: connect to host <IP> port 22: Connection refused

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": false
  },
  ...
 }

 D-bus has changed to :

 busctl introspect xyz.openbmc_project.Control.Service.Manager
 /xyz/openbmc_project/control/service/dropbear
 NAME                   TYPE      SIGNATURE RESULT/VALUE FLAGS
 ...                    ...       ...
 xyz.openbmc_project.Control.Service.Attributes       interface
 .Enabled                property  b    false  emits-change writable
 .Masked                 property  b    false  emits-change writable
 .Running                property  b    false  emits-change writable
 ...

2.Abled SSH from Redfish, verified can open a new SSH
connection to the machine and ProtocolEnabled is true for SSH.

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": false
  },
  ...
 }

 curl -k -H "X-Auth-Token: $token" -X PATCH '-d
 {"SSH": {"ProtocolEnabled": false}}'
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/

 Open a new SSH connection:
 sudo ssh username@<IP>
 Successfully connected

 curl -k -H "X-Auth-Token: $token" -X  GET
 https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
 {
  "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
  ...
  "SSH": {
    "Port": 22,
    "ProtocolEnabled": true
  },
  ...
 }

 D-bus has changed to :

 busctl introspect xyz.openbmc_project.Control.Service.Manager
 /xyz/openbmc_project/control/service/dropbear
 NAME                   TYPE      SIGNATURE RESULT/VALUE FLAGS
 ...                    ...       ...
 xyz.openbmc_project.Control.Service.Attributes       interface
 .Enabled                property  b    true  emits-change writable
 .Masked                 property  b    false  emits-change writable
 .Running                property  b    true  emits-change writable
 ...

Signed-off-by: Albert Zhang <zhanghaodi@inspur.com>
Change-Id: Ifd80db4d33934e83d4e5f337e5dfd02b4ba39018

1 files changed, 34 insertions, 17 deletions

diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp
index e0b5dac541..d82c2525a1 100644
--- a/redfish-core/lib/network_protocol.hpp
+++ b/redfish-core/lib/network_protocol.hpp
@@ -351,28 +351,23 @@ void handleNTPServersPatch(const std::vector<std::string>& ntpServers,
         std::variant<std::vector<std::string>>{ntpServers});
 }
 
-void handleIpmiProtocolEnabled(
-    const bool ipmiProtocolEnabled,
-    const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
+void handleProtocolEnabled(const bool protocolEnabled,
+                           const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
+                           const std::string_view netBasePath)
 {
     crow::connections::systemBus->async_method_call(
-        [ipmiProtocolEnabled,
-         asyncResp](const boost::system::error_code ec,
-                    const crow::openbmc_mapper::GetSubTreeType& subtree) {
+        [protocolEnabled, asyncResp,
+         netBasePath](const boost::system::error_code ec,
+                      const crow::openbmc_mapper::GetSubTreeType& subtree) {
             if (ec)
             {
                 messages::internalError(asyncResp->res);
                 return;
             }
 
-            constexpr char const* netipmidBasePath =
-                "/xyz/openbmc_project/control/service/"
-                "phosphor_2dipmi_2dnet_40";
-
             for (const auto& entry : subtree)
             {
-                if (boost::algorithm::starts_with(entry.first,
-                                                  netipmidBasePath))
+                if (boost::algorithm::starts_with(entry.first, netBasePath))
                 {
                     crow::connections::systemBus->async_method_call(
                         [asyncResp](const boost::system::error_code ec2) {
@@ -385,7 +380,7 @@ void handleIpmiProtocolEnabled(
                         entry.second.begin()->first, entry.first,
                         "org.freedesktop.DBus.Properties", "Set",
                         "xyz.openbmc_project.Control.Service.Attributes",
-                        "Running", std::variant<bool>{ipmiProtocolEnabled});
+                        "Running", std::variant<bool>{protocolEnabled});
 
                     crow::connections::systemBus->async_method_call(
                         [asyncResp](const boost::system::error_code ec2) {
@@ -398,7 +393,7 @@ void handleIpmiProtocolEnabled(
                         entry.second.begin()->first, entry.first,
                         "org.freedesktop.DBus.Properties", "Set",
                         "xyz.openbmc_project.Control.Service.Attributes",
-                        "Enabled", std::variant<bool>{ipmiProtocolEnabled});
+                        "Enabled", std::variant<bool>{protocolEnabled});
                 }
             }
         },
@@ -459,9 +454,11 @@ inline void requestRoutesNetworkProtocol(App& app)
                 std::optional<std::string> newHostName;
                 std::optional<nlohmann::json> ntp;
                 std::optional<nlohmann::json> ipmi;
+                std::optional<nlohmann::json> ssh;
 
                 if (!json_util::readJson(req, asyncResp->res, "NTP", ntp,
-                                         "HostName", newHostName, "IPMI", ipmi))
+                                         "HostName", newHostName, "IPMI", ipmi,
+                                         "SSH", ssh))
                 {
                     return;
                 }
@@ -515,8 +512,28 @@ inline void requestRoutesNetworkProtocol(App& app)
 
                     if (ipmiProtocolEnabled)
                     {
-                        handleIpmiProtocolEnabled(*ipmiProtocolEnabled,
-                                                  asyncResp);
+                        handleProtocolEnabled(
+                            *ipmiProtocolEnabled, asyncResp,
+                            "/xyz/openbmc_project/control/service/"
+                            "phosphor_2dipmi_2dnet_40");
+                    }
+                }
+
+                if (ssh)
+                {
+                    std::optional<bool> sshProtocolEnabled;
+                    if (!json_util::readJson(*ssh, asyncResp->res,
+                                             "ProtocolEnabled",
+                                             sshProtocolEnabled))
+                    {
+                        return;
+                    }
+
+                    if (sshProtocolEnabled)
+                    {
+                        handleProtocolEnabled(
+                            *sshProtocolEnabled, asyncResp,
+                            "/xyz/openbmc_project/control/service/dropbear");
                     }
                 }
             });