Age | Commit message (Collapse) | Author | Files | Lines |
|
This handler transfers data between nbd-client and nbd-server.
basically it invokes nbd-proxy and reads data from socket
and writes on to nbd-client and vice-versa
Change-Id: I429393a5e056647333bf4e148c0df2a5695b2a47
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
|
|
This implements the Redfish PasswordChangeRequired handling. See
section 13.3.7.1 "Password change required handling" in the 1.9.1 spec:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf
These portions of the spec are implemented:
- Authenticatation with a correct but expired password creates a
session:
- The session is restricted to the ConfigureSelf privilege which
allows a user to change their own password (via GET and PATCH
Password for their own account). Support for the ConfigureSelf
privilege is already in BMCWeb.
- The session object has the PasswordChangeRequired message.
- All other operations respond with http status code 403 Forbidden
and include the PasswordChangeRequired message.
- The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER)
PasswordChangeRequired property is implemented for local accounts
but not present for remote accounts.
This has the following additional behavior:
The PasswordChangeRequired property is updated at the start of each new
REST operation, even within an existing session. This behavior
implements a "dynamic" PasswordChangeRequired handling that responds to
changes to the underlying "password expired" status. Specifically:
- Sessions restricted by the PasswordChangeRequired handling lose that
restriction when the underlying account password is changed.
- Sessions become subject to the PasswordChangeRequired handling
restrictions whenever the underlying account password expires.
- The mechanism is to check if the password is expired at the start of
every new REST API operation, effectively updating the ManagerAccount
PasswordChangeRequired property each time. This makes BMCWeb
responsive to changes in the underlying account due to other activity
on the BMC.
Notes:
1. Note that when an account password status is changed (for example,
the password becomes expired or is changed) and that account has
active sessions, those sessions remain. They are not deleted. Any
current operations are allowed to complete. Subsequent operations
with that session pick up the new password status.
2. This does not implement OWASP recommendations which call for sessions
to be dropped when there is a significant change to the underlying
account. For example, when the password is changed, the password
becomes expired, or when the account's Role changes. OWASP's
recommendation is due to the session fixation vulnerability. See the
OWASP Session Management Cheat Sheet section "Renew the Session ID
After Any Privilege Level Change":
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
BMCWeb protects against session fixation vulnerabilities because it
always regenerates new session IDs when successful authentication
creates a new session.
3. Users authenticating via mTLS are not subject to the
PasswordChangeRequired behavior because mTLS takes precedence over
password-based authentication.
Tested:
0. Setup:
- The `passwd --expire USERNAME` command was used to expire
passwords. The `chage USER` command was also used.
- The following were used to change the password: Redfish API,
passwd command, and the SSH password change dialog.
- Tested the following via Basic Auth, /login, and Redfish login
(except where Basic Auth does not create a persistent session).
- Only local user account were tested.
- Did not test authentication via mTLS or with LDAP users.
1. When the password is not expired, authentication behaves as usual
for both correct and incorrect passwords.
2. When the password is incorrect and expired, authentication fails as
usual.
3. When the password is correct but expired:
A. A session is created and has the PasswordChangeRequired message.
B. That session cannot access resources that require Login privilege
and the 403 message contains the PasswordChangeRequired message.
C. That session can be used to GET the user's account, PATCH the
Password, and DELETE the session object.
D. The account PasswordChangeRequired reports true.
4. While a session is established, try expiring and changing
(unexpiring) the password using various mechanisms. Ensure both the
session object and the ManagerAccount PasswordChangeRequired property
report the correct condition, and ensure PasswordChangeRequired
handling (restricting operations to ConfigureSelf when
PasswordChangeRequired is true) is applied correctly.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8
|
|
- HMC constructs the resourceID with the First Segment
data in the First Byte of the resourceID from the MSB
position.
- As BMC is a Little Endian machine, and we need to convert
the endian-ness before processing the resourceID.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ieb0b0f8083c4c2cbd2b19477507e67378d5704ba
|
|
- This commit implements the release all locks functionality
as a part of ReleaseLock API.
- The existing ReleaseLock API is modified in such a way that
based on it can do the following things:
1. Release the locks which are corresponding to a set of
transactionID's(provided as input & `Type:Transaction`)
2. Release all the locks which are corrsponding to a particular
session(where `Type:Session`)
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I89f847bcb85912d4d9f85587ffbf782da885393a
|
|
This commit does the following
=> makes the lock class singleton.
=> during session timeout erase the locks associated
with the session.
=> Erase the locks when the session is explicitly deleted
on a user request.
We need to find a different way of calculating session timeout
currently session timeout gets calculated when the
request comes to BMC.
TODO: We need some module which keeps looking at the sessions
in certain time interval and earse the session if it is
timeout, It is useful in the case where there is resources
which gets free after session timeout.
It may happen that client gets the session, obtain cerain resources
on that session and never sends any request, in that case session timeout
will never occur for that session.
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: Ic9962f761fc84a03747a90bd951ea36eb8962455
|
|
Change the max file size to 500KB
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I4abd33b8a8ec0fe240f55bb5f3a27d25656ee40d
|
|
This commit persists the lock table whenever there is
a change in the lock table during the aquire lock or
release lock.
This commit also restores the locks during start of the
bmcweb as locks are tied up with the session which aquired
the lock.
TestedBy:
Created sessions and acquired multiple locks.
Restart the bmcweb service.
Verified that the locks are persisted per session
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I081f61922e7c0c24db12efc4d446cdd641856279
|
|
- This commit implements the GetLockList rest API, by which
any external client(with admin privelege) can get a list of
locks obtained by providing the list of sessionID's as input.
TestedBy:
1. Get the session ID from the Session Service
curl -k -H "X-Auth-Token: $bmc_tokens" -X GET https://<ip>/redfish/v1/SessionService/Sessions/
{
"@odata.context": "/redfish/v1/$metadata#SessionCollection.SessionCollection",
"@odata.id": "/redfish/v1/SessionService/Sessions/",
"@odata.type": "#SessionCollection.SessionCollection",
"Description": "Session Collection",
"Members": [
{
"@odata.id": "/redfish/v1/SessionService/Sessions/qM4D0VfZt3"
},
{
"@odata.id": "/redfish/v1/SessionService/Sessions/bjYCiBSCIh"
},
{
"@odata.id": "/redfish/v1/SessionService/Sessions/LkfHvJFggY"
},
{
"@odata.id": "/redfish/v1/SessionService/Sessions/6RKP0aN5Gi"
}
],
"Members@odata.count": 4,
"Name": "Session Collection"
}
2. Use the GetLockList API to obtain the locks owned by a particular
session.
curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d
'{"SessionIDs": ["qM4D0VfZt3","bjYCiBSCIh"]}' https://127.0.0.1:2443/ibm/v1/HMC/LockService/Actions/LockService.GetLockList
{
"Records": [
{
"HMCID": "hmc-id",
"LockType": "Read",
"ResourceID": 256,
"SegmentFlags": [
{
"LockFlag": "LockSame",
"SegmentLength": 3
},
{
"LockFlag": "DontLock",
"SegmentLength": 4
}
],
"SessionID": "qM4D0VfZt3",
"TransactionID": 1
}
]
}
Signed-off-by: manojkiraneda <manojkiran.eda@gmail.com>
Change-Id: I9375e2927938ab682df06ef60c823b279a7efead
|
|
- This commit implements the Release Lock rest API, so that
any external client(having admin-privelege) can release the
locks owned by it.
Tested By:
1.curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockSame","SegmentLength":3},
{"LockFlag":"DontLock","SegmentLength":4}
],
"ResourceID": 256
}
]
}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
{
"TransactionID": 1
}
2.curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockSame","SegmentLength":3},
{"LockFlag":"DontLock","SegmentLength":4}
],
"ResourceID": 256
}
]
}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
{
"TransactionID": 2
}
3. Try releasing the lock owned by it
curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d
'{"TransactionIDs": [1]}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.ReleaseLock
4. Try releasing the lock, which is not owned by the same session
curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d
'{"TransactionIDs": [2]}' https://127.0.0.1:2443/ibm/v1/HMC/LockService/Actions/LockService.ReleaseLock
{
"Record": {
"HMCID": "hmc-id",
"LockType": "Read",
"ResourceID": 256,
"SegmentFlags": [
{
"LockFlag": "LockSame",
"SegmentLength": 3
},
{
"LockFlag": "DontLock",
"SegmentLength": 4
}
],
"SessionID": "qM4D0VfZt3",
"TransactionID": 2
}
}
Signed-off-by: manojkiraneda <manojkiran.eda@gmail.com>
Change-Id: I5d75d44ce805358b25dc293db4dc0f44f4317c06
|
|
- This commit implements the rest API by which any external
client(Ex: Hardware Management Console) can request for a
single/multiple locks as per the design specification mentioned
in `docs/designs/management-console/hmc-lock-management.md`
Tested By:
1. curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockSame","SegmentLength":3},
{"LockFlag":"DontLock","SegmentLength":4}
],
"ResourceID": 256
}
]
}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
2.curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockAll","SegmentLength":2},
{"LockFlag":"DontLock","SegmentLength":1}
],
"ResourceID": 234
},
{
"LockType" : "Read",
"SegmentFlags":
[
{"LockFlag":"DontLock","SegmentLength":2},
{"LockFlag":"DontLock","SegmentLength":1}
],
"ResourceID": 234
}
]}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
Signed-off-by: manojkiraneda <manojkiran.eda@gmail.com>
Change-Id: Ia173878702afe7c00160b7935d6a03099b7df622
|
|
std::random_device is not a cryptographically secure
algorithm. Switch to RAND_bytes instead.
Tested: Login and logout works as expected
Change-Id: If24fa6c3a0652c011bc50ae611b180f342d68433
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This adds CSRF check into websockets to avoid
attacks on websockets.
Tested: Could no longer use crosssite scripting to
open websocket. KVM and SOL still work once web-ui
changes are updated
Change-Id: I325079ae3d4db2701671564dff733e034d2670d6
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This will list down the actions implemented by the
Lock Service.
TestedBy:
curl -k -H "X-Auth-Token: $bmc_tokens" -X GET https://<ip>:443/ibm/v1/HMC/LockService
{
"Actions": {
"#LockService.AcquireLock": {
"target": "/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock"
},
"#LockService.GetLockList": {
"target": "/ibm/v1/HMC/LockService/Actions/LockService.GetLockList"
},
"#LockService.ReleaseLock": {
"target": "/ibm/v1/HMC/LockService/Actions/LockService.ReleaseLock"
}
}
}
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: Ifeb53c06c4ff80676c892f1e64518469a3aeb239
|
|
This commit list the config files and implements the
action to delete all the config files
TestedBy:
List config files:
curl -k -H "X-Auth-Token: $bmc_tokens" -X GET
https://<ip>:443/ibm/v1/Host/ConfigFiles
Delete all the config files:
curl -k -H "X-Auth-Token: $bmc_tokens" -X POST
https://<ip>:443/ibm/v1/Host/ConfigFiles/Actions/FileCollection.DeleteAll
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I1a32906709ba32c8bd5328d8eb983705f8a3a6cd
|
|
This commit supports Read, Delete the config files through
REST interface.
Test-by:
1. Read a save area file:
curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/ibm/v1/Host/ConfigFiles/<filename>
2. Delete a save area file:
curl -k -H "X-Auth-Token: $bmc_token" -X DELETE https://${bmc}/ibm/v1/Host/ConfigFiles/<filename>
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: Id326b516e84e93c68d2260f5372e6e7f123a0e87
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
|
|
This change includes:
1. New compiler option for the IBM management console specific functionalities
2. New REST path handler for the IBM path /ibm/v1/Host/ConfigFiles
3. Save-Area file Upload through REST interface PUT command
Tested by :
curl -k -H "X-Auth-Token: $bmc_token" -X PUT https://${bmc}/ibm/v1/Host/ConfigFiles/<filename> --data-binary "@<filepath>"
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I939938009b2de447aea9af5bb3c53bdb845c4084
|
|
This commit introduces the following
=> Service root implementation
=> compiler option for the IBM management console specific functionalities
TestedBy:
curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/ibm/v1
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I2dcb8eee0b69b1723e0cc3d980a5846b3519e7d9
|
|
Add missing res.end() to avoid the hang/timeout.
Tested:
Enabled DBUS and unit tested specified code and
observed no hang.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I29457b9cebea4e2699c8227a46d1d5e06578a5bf
|
|
In code that is clearly working with EC keys, but once was used for RSA
keys, remove the incorrectly named RSA names and comments to reduce
confusion.
Change-Id: Ide6909bb80fea18bfc51bd3376ae8a51be6baa05
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
|
prime256v1 is okay for now, but secp384r1 is more future-proof (gives us
a couple more years) and in this case does not really have any
drawbacks.
Tested: Checked to see that a new secp384r1 key is generated on first
boot and the generate CSR redfish option works.
Change-Id: I334fc56db3dd55058a4c6780f8966bcc48d8f816
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|
|
This patch enables checking of user permission for proxy mode, as start of
this kind service is not triggered by redfish (which has permission check by
default).
Permission check is done in .onopen handler of websocket. For this reason
another dbus call for user privileges is added to verify if user has
"ConfigureManager" privilege.
I have chosen this approach, as generic privilege check for all websockets
introduces significant changes in connection upgrade flow which makes
implementaion vague and caused some memory issues difficult to track down.
It is worth noting that other websockets (eg. kvm) uses .required()
function to set privilege but this information is lost during connection
upgrade and is not checked anywhere in upgrade flow.
Tested:
Manual tests with opening websockets via web browser and dedicated nbd proxy
utility. For users with/without appropriate permissions.
Single request and burst of requests has been tested as well.
Change-Id: I2a56bec606fa0e5f3d4232e48794c9055bf6095e
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Current implementation of the ManagedObjectType is quite complicate,
it has a lot of nested elements and those it is hard to access them.
These new definitions makes the definition more readable and used in
code will improve operations on nested types of the ManagedObjectType.
Tests:
This change is just a definition and does not requires additional
tests.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Icadd57653262009e60e3b4391607d22fa4b7be6b
|
|
Launching a KVM session on the KVM page stopped working. The websocket
connection request began returning connection failure error
codes. This change fixes the asynchronous connection request to allow
it to succeed, and in turn display the KVM session.
Tested:
Connect to BMC using Chrome (FC31), selected Control->KVM sidebar.
Witnessed the KVM session started, and interacted with the SUT while
it was in UEFI.
Connect to BMC using Chrome (Windows 10), selected Control->KVM
sidebar. Witnessed the KVM session started, and interacted with the
SUT while it was in UEFI. Events performed from the Windows browser were
duplicated in the FC31 browser.
Change-Id: Ib3721990dce2e2ba71235371d903fbf508075077
Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
|
|
Considering that the webui is no longer an "IBM" specific entity, and is
now the standard for the project, there's no need for this variable to
call it out explicitly. Update comment and variable name to be more
correct.
Tested: No functional change, only comments.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I2169876c38ccd558a3cfcfc61637720bd290b3ee
|
|
This enhances the return value from the pamAuthenticateUser function so
callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which
means the credentials are correct, but the password must be changed.
Tested: Yes, scenarios via both Redfish login and Basic Auth:
- correct username and password, password is not expired
- correct username and password, password is expired
- correct username and incorrect password, password is not expired
- correct username and incorrect password, password is expired
- non-existent user (passsword is not relevant)
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
|
|
This commit fixes:
- handling of virtual media unmount method
- cancels unix socket async accept upon early websocket closing
(reproduction with rapid start/stop button pressing or closing
websocket just after negotation msg from NBD server)
Tested:
- unmount method via WebUI
- unix socket accept cancellation - modified NBD server to close
websocket after sending negotation message & rapid start/stop button
pressing
Signed-off-by: Iwona Winiarska <iwona.winiarska@intel.com>
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: Ibcbb87a7e35cfbee8c8b4686f64c9090c66f0c17
|
|
This commit sets the mutual TLS option to ON by default.
Core mTLS implementation was accepted under this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23588
where by default the mTLS was disabled.
Tested:
Manual tests were made to verify if this option turns the
mTLS ON.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I3bc5f5453d4c4df1cd7ecb0b8868423285b6ab83
|
|
Through one of the refactors, webserver_common.hpp picked up an include
to itself, presumably when code was moved. This doesn't cause any ill
effects, but is cruft that can be cleaned up.
Tested:
Code compiles. No functional change to verify.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Ie901baa3cfd88decdbecbad01c6b577d92d2441b
|
|
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Tested Redfish ConfigureSelf privilege
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57
|
|
This commit is a fix for revert:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27205
The mTLS will work only when:
* Compilation flag BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION is
enabled and,
* AccountService->Oem->OpenBMC->AuthMethods->TLS is set and,
* at least one certificate is uploaded to TrustStore.
To enforce a new mTLS settings after switching AuthMethods->TLS
all awaiting for acceptance connections are dropped.
In case of authorized mTLS requests a cookie with XSRF-TOKEN entry
and SESSION is added to response. It will force the X-XSRF-TOKEN
challenge in case of applications supporting cookies like web
browsers.
Also some minor log messages changes were made in this commit.
Tested:
validator_service run with status: 'Validation has succeeded'.
Tests were made with Chrome browser Version 78.0.3904.108.
The certificate popup appears only when mTLS is enabled in CMake,
the TLS option is set and at least one CA certificate is present.
In other cases mTLS is not active and there is no popup for certs.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I778b848b767356b60386694f802a89b3c1f6cb14
|
|
BMCWeb was using the "passwd" command PAM configuration settings when changing
the password. This changes it to use PAM service_name="webserver", the same
name it already uses for PAM authentication and account management functions.
Doing so allows the BMC system administrator to provide separate PAM config
files for the "passwd" command and BMCWeb's password changing function, and
for these activities to be correctly identified in the system logs.
Here is a sample incorrect log message (truncated & wrapped):
bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok]
flags=0xc000 service=[passwd] terminal=[<unknown>] user=[testuser]
ruser=[<unknown>] rhost=[<unknown>]
The "service" should be "webserver".
Tested: yes, password change successful
Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
|
This reverts commit 5e931ae994307babe6c3520cbaca6a7139acc81d.
Reason for revert: Causing build failures
/bmcweb/redfish-core/include/node.hpp: In member function ‘bool redfish::Node::isAllowedWithoutConfigureSelf(const crow::Request&)’:
/bmcweb/redfish-core/include/node.hpp:182:36: error: ‘crow::persistent_data::UserRoleMap’ has not been declared
crow::persistent_data::UserRoleMap::getInstance().getUserRole(
When 900f949773795141266271107219ea019f2839cd was merged first
this patch was not successfully rebased.
Change-Id: I947d96362c7dadea5572888468a11fac5ee361d4
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ifd813e1af4dfcb7aeaba18e04b6c9767d2a5e95a
|
|
Comment was incorrect, and probably leftover from a clang-format run.
Tested: No tests needed. Only a comment
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I3f4cb86bc624b02d0bda536bcc66ce7c99882329
|
|
Nbd-proxy is responsible for exposing websocket endpoint in bmcweb.
It matches WS endpoints with unix socket paths using configuration
exposed on D-Bus by Virtual-Media.
Virtual-Media is then notified about unix socket availability through
mount/unmount D-Bus methods.
Currently, this feature is disabled by default.
Tested: Integrated with initial version of Virtual-Media.
Change-Id: I9c572e9841b16785727e5676fea1bb63b0311c63
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
|
Considering that wild card captures are now known to be difficult to
maintain, remove a couple instances of them from app. They are no
longer used as a capture, so can be safely removed with no effect. It's
likely the compiler is doing this already.
Tested:
No functional change. Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I252344a4608f7e107bcb273d725b5a484eb7a17d
|
|
The sessions implementation previously used operator== for session
comparisons. While unlikely to be attackable in the current
implementation, due to the time smearing in a number of cases, modern
security practices recommend using constant time comparison.
Tested By:
Logged into the webui, and observed no change to login flows. Logged
into redfish using Token Auth, and observed no changes. Closed a
previous session, then reopened with the new session information to
verify user sessions are restored properly and still work.
Change-Id: Ie759e4da67ba004fd8c327f177951ac756ea6799
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This makes some browswers fail to login without a
certificate, it needs to stay disabled.
Introduced here:
https://github.com/openbmc/bmcweb/commit/55e43f69#diff-f34027492b16c1b7a880248323fe4fd8R316
Tested: Cert was not required in Chrome on Windows
Change-Id: I27e60e73784d04e14b9b1495ebd1399ad4ab96ab
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This disables ssl renegotiaion based on the potential
DOS attack here: https://www.cvedetails.com/cve/CVE-2011-1473/
Tested: testssl shows it as disabled
https://github.com/drwetter/testssl.sh
validator passed
Fixes https://github.com/openbmc/openbmc/issues/3624
Change-Id: I4bfbd770d25ba5d1a7292421f1ccad2b2e73d3a6
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
User is now able to turn on and off the TLS authentication method.
Tested:
No regression found in manual testing. By default everything works
as before, and disabling TLS method prevents user to authenticate
by it.
Tested with Redfish Service Validator, version 1.2.8
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7be1af659db568caa7e5b97e3844617586d7754
|
|
clang-tidy flagged an error where strings were being constructed at
startup. Move them to const char* to save a little memory, and reduce
the possibility of a error being thrown at startup.
Tested: Code compiles. Error codes need tested functionally.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I227e91879e727f4b19d955111b0d2bac8e81b6ad
|
|
This was an automatic change made by clang-tidy. It moves all uses of
NULL to nullptr, which are equivalent, but nullptr is prefered.
Tested: Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9526599b222693c9723a69934b599c7a5b5d1fbf
|
|
Modern c++ prefers setting default destructors to =default
Tested: clang-tidy modernize-use-equals-default now passes
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9ca746473263abfe2330b7c3e2fe645cf96112f3
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Implemented TLS based user auth. It utilizes certificates stored by
Phosphor Certificate Manager in storage mode, to verify that user
that tries to log in, has a certificate signed by a trusted CA.
More about this can be read in redfish-tls-user-authentication.md design
document.
Tested that it does not break current authentication methods, when not
using TLS Auth - user should not see difference between versions. TLS Auth
itself allows user in when certificate is signed by trusted CA and valid, and
stops working immediatley after it is removed. User is not let in when provided
certificate is not between notBefore and notAfter dates. Session is tested to
not be created when user does not exist in the system (courtesy of earlier
UserManagement usage commits).
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Change-Id: I6bcaff018fe3105f77d3c10f69765e0011af8dab
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
|
|
Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.
Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.
This change is a fix for this request:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23590/18
which was revert here:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/26869
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I66b5ad423746f1992070a14f2983a07b1320190e
|
|
Modified doPatch method to populate redfish user update error codes.
Tested:
Tested user updates with below scenarios
1)Provided username is not exist
2)Replace username already user exists
3)Replace Username is NULL/Invalid
4)Replace username is not starting with alphabet
5)Replace username exceeds more than 16 characters
6)Password is not valid for Replace/existing username
Redfish validator test results:
1 failProp errors in /redfish/v1/Systems/system/LogServices/EventLog
1 problemResource errors in /redfish/v1/Systems/system/LogServices/
EventLog/Entries
Counter({'skipOptional': 17887, 'pass': 12133, 'passGet': 1285,
'metadataNamespaces': 1047, 'serviceNamespaces': 69, 'reflink': 9,
'passAction': 7, 'warningPresent': 6, 'optionalAction': 6,
'repeat': 3, 'invalidPropertyValue': 3, 'failErrorPresent': 1,
'err.LogEntryCollection.LogEntryCollection': 1, 'failProp': 1,
'unvalidated': 1, 'problemResource': 1,
'unverifiedComplexAdditional': 1, 'warnTrailingSlashLink': 1})
Validation has failed: 3 problems found
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibee448c5d5c4f38c5c4cacda757864593f6001fc
|
|
This reverts commit 0ff64dc2cd3a15b4204a477ad2eb5219d66e6110.
Reason for revert: <breaks redfish validator, <edmx:Reference Uri="/redfish/v1/schema/OemAccountService_v1.xml"> but the file name unversioned static/redfish/v1/schema/OemAccountService.xml>
Change-Id: I696dd09bf519e364f5f529a674e047a8eeead578
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.
Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.
Change-Id: I3a775d783ac05998d17b8e91800962bffd8cab52
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
|
|
We had a couple uses of push_back in the code that could be made more
efficient with emplace(). Use them instead.
Tested: No functional change. Needs tested.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I417601e416b1d0be989617a372978d52670135d8
|
|
We had a couple places where the c style headers got checked in for
Tested: Code builds.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iebfbd846033618ff972825a0a9f89e8d05395ce8
|