Age | Commit message (Collapse) | Author | Files | Lines |
|
This is an attempt to solve a class of use-after-move bugs on the
Request objects which have popped up several times. This more clearly
identifies code which owns the Request objects and has a need to keep it
alive. Currently it's just the `Connection` (or `HTTP2Connection`)
(which needs to access Request headers while sending the response), and
the `validatePrivilege()` function (which needs to temporarily own the
Request while doing an asynchronous D-Bus call). Route handlers are
provided a non-owning `Request&` for immediate use and required to not
hold the `Request&` for future use.
Tested: Redfish validator passes (with a few unrelated fails).
Redfish URLs are sent to a browser as HTML instead of raw JSON.
Change-Id: Id581fda90b6bceddd08a5dc7ff0a04b91e7394bf
Signed-off-by: Jonathan Doman <jonathan.doman@intel.com>
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Now that we only support string types in the router we no longer need to
build a "Tag" to be used for constructing argument types. Now, we can
just track the number of arguments, which simplifies the code
significantly, and removes the need to convert to and from the tag to
parameter counts.
This in turn deletes a lot of code in the router, removing the need for
tracking tag types.
Tested: Redfish service validator passes. Unit tests pass.
Change-Id: Ide1d665dc1984552681e8c05952b38073d5e32dd
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Minor syntax error injected in:
1873a04f Reduce multi-level calls of req.req members
Tested: Code compiles.
Change-Id: Iec26273349df6063eb425e4a75b1250c17bc6f3f
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Several places access the members of `req` indirectly like
`req.req.method()`. This can be simplified as `req.method()` .
This would also make the code clearer.
Tested:
- Compiles
- Redfish service validator passes
Change-Id: Ie129564ff907cdea7ac224b1e3d80cc0dedfbd7b
Signed-off-by: Myung Bae <myungbae@us.ibm.com>
|
|
clang-tidy-18 must've fixed their checking for these in headers.
Resolve as the robot commands.
Tested: Noop changes made by tidy. Code compiles.
Change-Id: I1de7686c597deffb0df91c30dae1a29f9ba7900e
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Now that our custom body type does things more than files, it makes
sense to rename it. This commit renames the header itself, then all
instances of the class.
Tested: Basic GET requests succeed.
Change-Id: If4361ac8992fc7c268f48a336707f96e68d3576c
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Now that we have a custom boost http body class, we can use it in more
cases. There's some significant overhead and code when switching to a
file body, namely removing all the headers. Making the body class
support strings would allow us to completely avoid that inefficiency.
At the same time, it would mean that we can now use that class for all
cases, including HttpClient, and http::Request. This leads to some code
reduction overall, and means we're reliant on fewer beast structures.
As an added benefit, we no longer have to take a dependency on
boost::variant2.
Tested: Redfish service validator passes, with the exception of
badNamespaceInclude, which is showing warnings prior to this commit.
Change-Id: I061883a73230d6085d951c15891465c2c8445969
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
The muitipart test interacts with some significant details of the
response class. This was largely only done because Request lacked an
addHeader method that Request already had.
Add addHeader() method to the Request class, and adapt multipart unit
tests to use it.
Tested: Unit tests pass. Unit test only changes.
Change-Id: Icb3b92dce6d17011ae0063a962678173b1b01a87
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Response and Request are now movable, so lets use that to our advantage
and make this no longer require a pointer. This removes a couple NOLINT
exceptions in our code, and cleans up a lot of places where we could
potentially get a nullptr.
Tested:
enabled http2-experimental option.
Loaded service root from redfish in curl with logging enabled, logging
verified http/2 was being used.
Redfish service validator passes.
Curl compiled with http returns service root correctly.
Change-Id: I65e11a2311be982df594086413d52838235e1a0c
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This call was neccesary back when we were doing moves of a url_view, but
because this constructor doesn't use a url_view anymore, this isn't
neccesary.
Functionally, this clears up a strange unit test failure that occured in
some cases where this consturctor is used. This constructor is not used
for anything but unit tests.
Tested: Unit tests pass.
Change-Id: I034a69d3a6b6aeada2460bb39f3518846b39f817
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
This reverts commit 8ed41c35a314580bb794fa0fff2e01b0bf7efcf7.
In discord, it was posted 2 systems are hitting 403 Forbidden for all
endpoints.
Reverting fixed the problem, until time is given to dive into this,
just revert.
One of the things wrong is this is missing an After/Want
xyz.openbmc_project.User.Manager.service.
Change-Id: I1766a6ec2dbc9fb52da3940b07ac002a1a6d269a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
There is an async call within the router that leads to a small, but
pervasive performance issue for all queries. Removing that call from the
router has the potential to increase the performance of every
authenticated query, and significantly reduce our dbus traffic for
"simple" operations.
This commit re-implements the role cache in session object that existed
previously many years ago. Each users role is fetched during
authentication and persisted in session object. Each successive request
can then be matched against the privilege which is there in the
in-memory session object.
This was discussed on below commit
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/39756
Tested by:
```
POST /redfish/v1/SessionService/Sessions {"UserName":"root", "Password": “0penBmc”}
```
Followed by redfish queries
Get /redfish/v1/AccountService
Tested user role persistency
Redfish service validator passes.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I575599c29358e32849446ce6ee7f62c8eb3885f6
|
|
HTTP/2 gives a number of optimizations, while keeping support for the
protocol. HTTP/2 support was recently added to the Redfish
specification. The largest performance increase in bmc usage is likely
header compression. Almost all requests reuse the same header values,
so the hpack based compression scheme in HTTP/2 allows OpenBMC to be
more efficient as a transport, and has the potential to significantly
reduce the number of bytes we're sending on the wire.
This commit adds HTTP2 support to bmcweb through nghttp2 library. When
static linked into bmcweb, this support adds 53.4KB to the bmcweb binary
size. nghttp2 is available in meta-oe already.
Given the experimental nature of this option, it is added under the
meson option "experimental-http2" and disabled by default. The hope is
to enable it at some point in the future.
To accomplish the above, there a new class, HTTP2Connection is created.
This is intended to isolate HTTP/2 connections code from HttpConnection
such that it is far less likely to cause bugs, although it does
duplicate about 20 lines of code (async_read_some, async_write_some,
buffers, etc). This seems worth it for the moment.
In a similar way to Websockets, when an HTTP/2 connection is detected
through ALPN, the HTTP2Connection class will be instantiated, and the
socket object passed to it, thus allowing the Connection class to be
destroyed, and the HTTP2Connection to take over for the user.
Tested: Redfish service validator passes with option enabled
With option disabled
GET /redfish/v1 in curl shows ALPN non negotiation, and fallback to
http1.1
With the option enable
GET /redfish/v1 in curl shows ALPN negotiates to HTTP2
Change-Id: I7839e457e0ba918b0695e04babddd0925ed3383c
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
There's some tough-to-track-down safety problems in http Request. This
commit is an attempt to make things more safe, even if it isn't clear
how the old code was wrong.
Previously, the old code took a url_view from the target() string for a
given URI. This was effectively a pointer, and needed to be updated in
custom move/copy constructors that were error prone to write.
This commit moves to taking the URI by non-view, which involves a copy,
but allows us to use the default move and copy constructors, as well as
have no internal references within Request, which should improve the
safety and reviewability.
There's already so many string copies in bmcweb, that this is unlikely
to show up as any sort of performance regression, and simple code is
much better in this case.
Note, because of a bug in boost::url, we have to explicitly construct a
url_view in any case where we want to use segments() or query() on a
const Request. This has been reported to the boost maintainers, and is
being worked for a long term solution.
https://github.com/boostorg/url/pull/704
Tested: Redfish service validator passed on last commit in series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I49a7710e642dff624d578ec1dde088428f284627
|
|
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de
|
|
Per cpp core guidelines, we should be returning this via a function
call, not a direct member variable. Doing this also improves the
safety, as we don't have to remember to move the references over in a
move.
Tested: Tested as part of top patch in series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I837d6fd277ffa076ba5425003d6e6ee79204d014
|
|
string_view should always be passed by value; This commit is a sed
replace of the code to make all string_views pass by value, per general
coding guidelines[1].
[1] https://quuxplusone.github.io/blog/2021/11/09/pass-string-view-by-value/
Tested: Code compiles.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I55b342a29a0fbfce0a4ed9ea63db6014d03b134c
|
|
The new boost URL now interops properly with std::string_view, which is
great, and cleans up a bunch of mediocre code to convert one to another.
It has also been pulled into boost-proper, so we no longer need a
boost-url dependency that's separate.
Unfortunately, boost url makes these improvements by changing
boost::string_view for boost::urls::const_string, which causes us to
have some compile errors on the missing type.
The bulk of these changes fall into a couple categories, and have to be
executed in one commit.
string() is replaced with buffer() on the url and url_view types
boost::string_view is replaced by std::string_view for many times, in
many cases removing a temporary that we had in the code previously.
Tested: Code compiles with boost 1.81.0 beta.
Redfish service validator passes.
Pretty good unit test coverage for URL-specific use cases.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8d3dc89b53d1cc390887fe53605d4867f75f76fd
|
|
If-Match is a header in the HTTP specification[1] designed for handling
atomic operations within a given HTTP tree. It allows a mechanism for
an implementation to explicitly declare "only take this action if the
resource has not been changed". While most things within the Redfish
tree don't require this level of interlocking, it continues to round out
our redfish support for the specific use cases that might require it.
Redfish specification 6.5 states:
If a service supports the return of the ETag header on a resource, the
service may respond with HTTP 428 status code if the If-Match or
If-None-Match header is missing from the PUT or PATCH request for the
same resource, as specified in RFC6585
This commit implements that behavior for all handlers to follow the
following flow.
If If-Match is present
Repeat the same request as a GET
Compare the ETag produced by the GET, to the one provided by If-Match
If they don't match, return 428
if they do match, re-run the query.
[1] https://www.rfc-editor.org/rfc/rfc2616#section-14.24
As a consequence, this requires declaring copy and move constructors
onto the Request object, so the request object can have its lifetime
extended through a request, which is very uncommon.
Tested:
Tests run on /redfish/v1/AccountService/Accounts/root
PATCH with correct If-Match returns 200 success
PATCH with an incorrect If-Match returns 419 precondition required
GET returns the resource as expected
Redfish service validator passes
Redfish protocol validator passes! ! ! ! !
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I530ab255259c32fe4402eb8e5104bd091925c77b
|
|
Added support for readJson for Patch and Action. The only difference is
that Patch does not allow empty json input while Action does. Action with
empty input will use the default value based on the implementation and
return 200 OK response code.
readJsonPatch will replace the existing readJson and be used for path
requests. It will not allow empty json input and all requested
keys are required in the json input.
readJsonAction will be used for Action requests where it is possible for
all of the properties to be optional and allow empty request.
The optional properties are determined by the requested values type.
All current Action readJson are replaced with readJsonAction. It does
not change the existing behavior since it needs `std::optional`.
This will have to be updated later as we define the default behavior.
Tested:
Added unit tests and readJsonAction allows empty empty json object.
No Change to Redfish Tree.
Change-Id: Ia5e1f81695c528a20f1dc985aee19c920d8adaea
Signed-off-by: Willy Tu <wltu@google.com>
|
|
Now that the subtree update is done, this define is no longer needed.
Tested: Code compiles. Noop.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Idc5d7ef69c009982a2476fadc1d95e3280bfff48
|
|
Boost url has changed some APIs again. This commit updates our URIs to
handle it. As part of this work, it also removes some of the debug
prints that were put in early on. These aren't really needed these
days.
This commit invents a temporary #define of NEW_BOOST_URL, so we can get
through the subtree update without a hard dependency on this specific
version of bmcweb. Ideally boost-url would have some version field, but
unfortunately, it is thusfar unversioned, as the long term intent of the
author is to be included in boost, and would be versioned there.
All the code within the else of the NEW_BOOST_URL flag will be removed
once the subtree update is landed.
Tested:
Added CXXFLAGS:append = " -DNEW_BOOST_URL" to the recipe and checked out
on top of the subtree update, and build succeeded.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie2064e45efbc4331bdc5a5ddf44d877cde5e13cb
|
|
Part of enforcing cpp core guidelines involves explicitly including all
constructors required on a non-trivial class. We were missing quite a
few. In all cases, the copy/move/and operator= methods are simply
deleted.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie8d6e8bf2bc311fa21a9ae48b0d61ee5c1940999
|
|
This code was in the codebase previously, and at some point got removed
to make copies. Considering the previous commits to this one, making
copies of the request object is a bad idea, and should be avoided.
Therefore, this commit deletes the copy constructor for the Request
object, making request copies fail to compile.
It should be noted, it does leave the move constructor, which I don't
think it's really used, but as a rule isn't an anti-pattern.
Tested:
Code compiles. No functional change.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib38ed79a7c60340fb00f922f29265a3c3c7beca8
|
|
In the current model, URLs get parsed twice, once to satisfy the
authenticate method, and once again later to satisfy the handle() call.
This commit deduplicates the parsing. This is wasteful, and as of the
previous commit, unnecessary.
Specifically, it moves the actual parsing into the request object, and
adds a target() method to explicitly set a url. This deduplicates the
code that was in http_connection, and centralizes it in request, where
it should really belong.
Tested:
curl --insecure "https://192.168.7.2/redfish/v1"
Returns the redfish v1 resource
curl --insecure "https://192.168.7.2/redfish/v1/Systems"
Returns 401 unauthorized
curl --insecure --user root:0penBmc "https://192.168.7.2/redfish/v1/Systems"
returns the SystemsCollection
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie7ee2d9a9a51bf21c03793b35730e7a0ca82623a
|
|
Update to the latest version of boost::uri
The newest version of boost uri makes some breaking changes that we need
to account for. At the same time, we take the opportunity to move to
the error code based parse methods that don't rely on exceptions.
The biggest changes are:
The standalone build is no longer present. A discussion with the
boost::url maintainers shows that our best option is to do a simple
copy of the headers, and compile boost/url/src.hpp in a separate file.
This is intended to allow people to pull the library in "standalone" and
not have to rely on the build machinery in boost-url, which we don't
really need. Interestingly, this file doesn't have a newline at the
end, which clang correctly flags. OpenBMC doesn't really need that
warning, as we rely on clang-format to do that, so we add
-Wno-newline-eof clang to get the code to compile there.
All url parsers are moved to the parse_uri, or parse_relative_uri
equivalents. This slightly tightens the requirements around what URLs
are accepted, but in no ways that should break anything. (Ie,
"/redfish/v1" is no longer accepted for a virtual media endpoint.
boost::urls::url_view::params_type has been renamed to
query_params_type, and the relevant methods have been updated.
Because of the missing standalone mode, we now need to use
boost::string_view which doesn't implicitly construct from
std::string_view. Some discussion on the boost list shows that this is
coming soon, so that cruft can eventually be cleaned up, but for now we
need the construction.
Tested:
Loaded in qemu, and ran some URLs (/redfish/v1 and /redfish/v1/Chassis)
to ensure that the url handler functions as intended.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I5843776d4ec01b4d92af2ee3a9cf1ebb1d920ae7
|
|
req is being created later, in the connection life cycle. req was
holding many important values when it was passed to authenticate, so the
authenticate call had to be refactored to includes all the data req was
holding.
Also uses of req before handle have been changed to direct calls to
boot::parse
Tested:
Made a request that did not require authentication
$ curl -vvvv --insecure "https://192.168.7.2:18080/redfish/v1"
Got correct service root
Made a unauthenticated request (Chassis)
$ curl -c cjar -b cjar -k -H "Content-Type: application/json" -X GET https://192.168.7.2:18080/redfish/v1/Chassis
Unauthenticated
Made a log-in request
$ curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST https://192.168.7.2:18080/login -d "{\"data\": [ \"root\", \"0penBmc\" ] }"
Made (same) Chassis request
$ curl -c cjar -b cjar -k -H "Content-Type: application/json" -X GET https://192.168.7.2:18080/redfish/v1/Chassis
Tested the websockets using scripts/websocket_test.py
Websockets continued to work after this change.
Followed the mTLS instructions here https://github.com/openbmc/docs/blob/master/security/TLS-configuration.md
mTLS continues to work after this change.
Change-Id: I78f78063be0331be00b66349d5d184847add1708
Signed-off-by: John Edward Broadbent <jebr@google.com>
|
|
https://jenkins.openbmc.org/job/ci-openbmc/3949/distro=ubuntu,label=docker-builder,target=tiogapass/consoleText
This build seems to be failing with an error |
../git/http/http_response.hpp:23:10: error: 'optional' in namespace
'std' does not name a template type | 23 |
std::optional<response_type> stringResponse;
This should fix it by including the relevant headers.
Tested:
Code builds. CI error only.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ifba15559a73d823d791de1d508e136a3c44e6cd1
|
|
This commit implements the ClientOriginIPAddress property on
the session resource. The IP address is persisted across the reboot
Tested by:
1. Create session
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":<>, "Password":<>}'
2. Check the session gets updated with the ClientOriginIPAddress
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
3. Redfish validator passed
4. Create session and reboot the BMC to ensure the IP address is persisted
5. Tested the basic auth populates the clientIp at req
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: Iaa60d0657c991bde4bcf6c86819055c71c92e421
|
|
This reverts commit e436008377fbcf287be02c9e9e1b59c6627d7673.
Reason for revert:
This breaks several things.
1. Not all login endpoints are handled, which lead to returning blank ip addresses
2. IP addresses are not persisted.
3. This crashes occasionally on remote_endpoint, and ignores ec.
Change-Id: I58c875721cf48bf02db833c9c57a9eead5e249d5
|
|
cppcheck isn't smart enough to recognize these are c++ headers, not c
headers. Considering we're already inconsistent about our naming, it's
easier to just be consistent, and move the last few files to use .hpp
instead of .h.
Tested:
Code builds, no changes.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Ic348d695f8527fa4a0ded53f433e1558c319db40
|