diff options
-rw-r--r-- | meson.build | 2 | ||||
-rw-r--r-- | meson_options.txt | 2 | ||||
-rw-r--r-- | redfish-core/lib/power.hpp | 2 | ||||
-rw-r--r-- | redfish-core/lib/sensors.hpp | 130 | ||||
-rw-r--r-- | redfish-core/lib/thermal.hpp | 2 |
5 files changed, 2 insertions, 136 deletions
diff --git a/meson.build b/meson.build index 7145ce5894..a7e8243d5d 100644 --- a/meson.build +++ b/meson.build @@ -76,10 +76,8 @@ feature_map = { 'redfish-provisioning-feature' : '-DBMCWEB_ENABLE_REDFISH_PROVISIONING_FEATURE', 'redfish-dump-log' : '-DBMCWEB_ENABLE_REDFISH_DUMP_LOG', 'rest' : '-DBMCWEB_ENABLE_DBUS_REST', -'insecure-sensor-override' : '-DBMCWEB_INSECURE_UNRESTRICTED_SENSOR_OVERRIDE', 'static-hosting' : '-DBMCWEB_ENABLE_STATIC_HOSTING', 'insecure-tftp-update' : '-DBMCWEB_INSECURE_ENABLE_REDFISH_FW_TFTP_UPDATE', -'validate-unsecure-feature' : '-DBMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE', #'vm-nbdproxy' : '-DBMCWEB_ENABLE_VM_NBDPROXY', 'vm-websocket' : '-DBMCWEB_ENABLE_VM_WEBSOCKET', } diff --git a/meson_options.txt b/meson_options.txt index 67bc8283fc..92f13e7331 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -41,5 +41,3 @@ option ('insecure-disable-auth', type : 'feature', value : 'disabled', descripti option ('insecure-disable-xss', type : 'feature', value : 'disabled', description : 'Disable XSS preventions') option ('insecure-tftp-update', type : 'feature', value : 'disabled', description : '''Enable TFTP based firmware update transactions through Redfish UpdateService.SimpleUpdate.''') option ('insecure-push-style-notification',type : 'feature', value : 'disabled', description : 'Enable HTTP push style eventing feature') -option ('validate-unsecure-feature', type : 'feature', value : 'disabled', description : '''Enables unsecure features required by validation. Note: mustbe turned off for production images.''') -option ('insecure-sensor-override', type : 'feature', value : 'disabled', description : 'Enables Sensor override feature without any check.') diff --git a/redfish-core/lib/power.hpp b/redfish-core/lib/power.hpp index 3cc022467e..349c1f52d6 100644 --- a/redfish-core/lib/power.hpp +++ b/redfish-core/lib/power.hpp @@ -349,7 +349,7 @@ inline void requestRoutesPower(App& app) allCollections; allCollections.emplace("Voltages", *std::move(voltageCollections)); - checkAndDoSensorsOverride(sensorAsyncResp, allCollections); + setSensorsOverride(sensorAsyncResp, allCollections); } }); } diff --git a/redfish-core/lib/sensors.hpp b/redfish-core/lib/sensors.hpp index 0fc7e702db..b476d32e37 100644 --- a/redfish-core/lib/sensors.hpp +++ b/redfish-core/lib/sensors.hpp @@ -2938,136 +2938,6 @@ inline void setSensorsOverride( getChassis(sensorAsyncResp, std::move(getChassisSensorListCb)); } -inline bool isOverridingAllowed(const std::string& manufacturingModeStatus) -{ - if (manufacturingModeStatus == - "xyz.openbmc_project.Control.Security.SpecialMode.Modes.Manufacturing") - { - return true; - } - -#ifdef BMCWEB_ENABLE_VALIDATION_UNSECURE_FEATURE - if (manufacturingModeStatus == "xyz.openbmc_project.Control.Security." - "SpecialMode.Modes.ValidationUnsecure") - { - return true; - } - -#endif - - return false; -} - -/** - * @brief Entry point for Checking the manufacturing mode before doing sensor - * override values of given sensor - * - * @param sensorAsyncResp response object - * @param allCollections Collections extract from sensors' request patch info - * @param chassisSubNode Chassis Node for which the query has to happen - */ -inline void checkAndDoSensorsOverride( - const std::shared_ptr<SensorsAsyncResp>& sensorAsyncResp, - std::unordered_map<std::string, std::vector<nlohmann::json>>& - allCollections) -{ - BMCWEB_LOG_INFO << "checkAndDoSensorsOverride for subnode" - << sensorAsyncResp->chassisSubNode << "\n"; - - const std::array<std::string, 1> interfaces = { - "xyz.openbmc_project.Security.SpecialMode"}; - - crow::connections::systemBus->async_method_call( - [sensorAsyncResp, allCollections](const boost::system::error_code ec2, - const GetSubTreeType& resp) mutable { - if (ec2) - { - BMCWEB_LOG_DEBUG - << "Error in querying GetSubTree with Object Mapper. " - << ec2; - messages::internalError(sensorAsyncResp->asyncResp->res); - return; - } -#ifdef BMCWEB_INSECURE_UNRESTRICTED_SENSOR_OVERRIDE - // Proceed with sensor override - setSensorsOverride(sensorAsyncResp, allCollections); - return; -#endif - - if (resp.size() != 1) - { - BMCWEB_LOG_WARNING - << "Overriding sensor value is not allowed - Internal " - "error in querying SpecialMode property."; - messages::internalError(sensorAsyncResp->asyncResp->res); - return; - } - const std::string& path = resp[0].first; - const std::string& serviceName = resp[0].second.begin()->first; - - if (path.empty() || serviceName.empty()) - { - BMCWEB_LOG_DEBUG - << "Path or service name is returned as empty. "; - messages::internalError(sensorAsyncResp->asyncResp->res); - return; - } - - // Sensor override is allowed only in manufacturing mode or - // validation unsecure mode . - crow::connections::systemBus->async_method_call( - [sensorAsyncResp, allCollections, - path](const boost::system::error_code ec, - std::variant<std::string>& getManufactMode) mutable { - if (ec) - { - BMCWEB_LOG_DEBUG - << "Error in querying Special mode property " << ec; - messages::internalError( - sensorAsyncResp->asyncResp->res); - return; - } - - const std::string* manufacturingModeStatus = - std::get_if<std::string>(&getManufactMode); - - if (nullptr == manufacturingModeStatus) - { - BMCWEB_LOG_DEBUG << "Sensor override mode is not " - "Enabled. Returning ... "; - messages::internalError( - sensorAsyncResp->asyncResp->res); - return; - } - - if (isOverridingAllowed(*manufacturingModeStatus)) - { - BMCWEB_LOG_INFO << "Manufacturing mode is Enabled. " - "Proceeding further... "; - setSensorsOverride(sensorAsyncResp, allCollections); - } - else - { - BMCWEB_LOG_WARNING - << "Manufacturing mode is not Enabled...can't " - "Override the sensor value. "; - - messages::actionNotSupported( - sensorAsyncResp->asyncResp->res, - "Overriding of Sensor Value for non " - "manufacturing mode"); - return; - } - }, - serviceName, path, "org.freedesktop.DBus.Properties", "Get", - "xyz.openbmc_project.Security.SpecialMode", "SpecialMode"); - }, - - "xyz.openbmc_project.ObjectMapper", - "/xyz/openbmc_project/object_mapper", - "xyz.openbmc_project.ObjectMapper", "GetSubTree", "/", 5, interfaces); -} - /** * @brief Retrieves mapping of Redfish URIs to sensor value property to D-Bus * path of the sensor. diff --git a/redfish-core/lib/thermal.hpp b/redfish-core/lib/thermal.hpp index 078da9cf45..ff1bc95787 100644 --- a/redfish-core/lib/thermal.hpp +++ b/redfish-core/lib/thermal.hpp @@ -92,7 +92,7 @@ inline void requestRoutesThermal(App& app) { allCollections.emplace("Fans", *std::move(fanCollections)); } - checkAndDoSensorsOverride(sensorsAsyncResp, allCollections); + setSensorsOverride(sensorsAsyncResp, allCollections); }); } |