| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The openbmc_dbus_reset was holding reference of `crow::Response`, set
the response in `~InProgressActionData()`, and call res.end() to
complete the result of the response.
The bmcweb code now uses `std::shared_ptr<AsyncResp>` for the response
and the `res.end()` is handled in `~AsyncResp()`.
By using the reference of `crow::Response`, the `InProgressActionData`
is actually using a dangling reference because the
`std::shared_ptr<AsyncResp>` is already destructed, and bmcweb will
crash on `action` calls, or not crash but get invalid response, as it's
undefined behavior.
Fix the above issue by using `std::shared_ptr<AsyncResp>` to make sure
the response is correctly handled.
Tested:
1. Without the fix, bmcweb crashes, or get no json output response on
the below method call, be noted that it's an invalid call:
```
$ curl -k -H "X-Auth-Token: $token" -x POST -d '{"data": []}' https://${bmc}/xyz/openbmc_project/logging/action/deleteAll
```
2. With the fix, bmcweb gives expected response:
```
$ curl -k -H "X-Auth-Token: $token" -x POST -d '{"data": []}' https://${bmc}/xyz/openbmc_project/logging/action/deleteAll
{
"data": {
"description": "The specified method cannot be found"
},
"message": "404 Not Found",
"status": "error"
}
$ curl -k -H "X-Auth-Token: $token" -x POST -d '{"data": []}' https://${bmc}/xyz/openbmc_project/logging/action/DeleteAll
{
"data": null,
"message": "200 OK",
"status": "ok"
}
```
Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: I38ef34fe8ff18e4e127664c853c6792461f6edf8
|
|
There are currently many files that use the GetManagedObjects method.
Since they are a general method, they are defined in the
dbus_utility.hpp file and refactors them.
Tested:
1. Built bmcweb successfully and Validator passes.
2. We got the same result as previously in the ethernet schema.
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I0c25b7b6b9421bea46ff0afadbaa4783b704e664
|
|
Per cpp core guidelines, these should be methods.
Tested: on last patchset of the series.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de
|
|
These are 4xx errors, 404 not found. Move the logging to WARNING so they
don't log unless WARNING level is enabled. This follows the guidance in
the commit below.
Tested: None.
Change-Id: I38b2bec64507d75286f79d61acf7a96226598e0b
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
In a similar way we've transformed code in bmcweb, move these callbacks
to use non-lambdas, to simplify their use.
Tested: No good test harness here. Inspection only, mechanical
transform.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic5c2c86fef0abfaadb07022123ad93914d5ddf69
|
|
There are currently many files that use the get endpoints methods[1].
Since they are general methods, they are defined in the
dbus_utility.hpp file and will be further refactored in subsequent
patches.
Since the current endpoints of phosphor-objmgr do not support
object_path and fails in romulus CI[2], so we should revert to
std::string.
Also, Updated the populateSoftwareInformation method of sw_utils.hpp
[1] https://github.com/openbmc/docs/blob/master/architecture/object-mapper.md#associations
[2] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/58924/22/include/dbus_utility.hpp#98
When an object with, for example, an object path of pathA uses
the following values:
["foo", "bar", "pathB"]
The mapper will create 2 new objects:
pathA/foo
pathB/bar
Tested: Built bmcweb successuflly and Validator passes
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc
{
"@odata.id": "/redfish/v1/Managers/bmc",
"@odata.type": "#Manager.v1_14_0.Manager",
...
"FirmwareVersion": "2.14.0-dev-95-gea3949e76-dirty",
...
}
Tested: Validator passes
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I32a2c663bf2b8c84517bd0ecb4ccba61ce87c7e2
|
|
The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t
Change-Id: Id13cf695f25312a9561c0954f5ed133985ab1222
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
An Internal server Error will happen if you delete the login user.
Match the "InterfacesRemoved" signal for monitoring the user status and
delete the session to fix this bug.
Tested:
1. Add a new user such as test
2. Login with the new user in web
3. Delete or rename the user by web and ipmi command
4. Refresh the web and a new user was needed to login in the web
Signed-off-by: Xie Ning <xiening.xll@bytedance.com>
Change-Id: I2b53edb71d9a4e904c7da54393539f87eeb2d7a3
|
|
Signed-off-by: Troy Lee <troy_lee@aspeedtech.com>
Change-Id: Id81db4d512b5ea1222a145dc2b9e9907e8b0f084
|
|
By convention, we should be following boost here, and passing error_code
by reference, not by value. This makes our code consistent, and removes
the need for a copy in some cases.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id42ea4a90b6685a84818b87d1506c11256b3b9ae
|
|
string_view should always be passed by value; This commit is a sed
replace of the code to make all string_views pass by value, per general
coding guidelines[1].
[1] https://quuxplusone.github.io/blog/2021/11/09/pass-string-view-by-value/
Tested: Code compiles.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I55b342a29a0fbfce0a4ed9ea63db6014d03b134c
|
|
Only id in event_service and account_service have not been updated due
to the risk of it breaking the username/id. It will require further
testing to verify.
Use urlFromPieces wherever that is needed to insert a variable in the
URI. Don't use urlFromPieces when it is hardcoded values. This allow us
to control all resource URIs that is dynamically added and to sync with
the current recommanded method for `@odata.id`. The goal is to have a
common place to manage the url created from dbus-paths in order to
manage/update it easily when needed.
Tested:
RedfishValidtor Passed for all resource including the sensors with the
fragments.
Change-Id: I95cdfaaee58fc7f21c95f5944e1e5c813b3215f2
Signed-off-by: Willy Tu <wltu@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
There are certain cases where we use this split function, and we expect
tokens to be read out. For example:
/xyz/openbmc_project/sensors/unit/name
Should split into a "" in the first position. This use case is not
common, and a quick grep shows only two places in the code expect this
behavior. Boost::split has this behavior already, which is what this
function is emulating. While we could fix these, in the end they should
be following the rules outlined in COMMON_ERRORS.md, which disallow
this kind of parsing completely.
Tested: New unit tests passing.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iec3dcbf2b495b2b3b4ed419172c4133b16f7c65d
|
|
For systems implementing to the OWASP security guidelines[1] (of which all
should ideally) we should be checking the content-type header all times
that we parse a request as JSON.
This commit adds an option for parsing content-type, and sets a default
of "must get content-type". Ideally this would not be a breaking
change, but given the number of guides and scripts that omit the content
type, it seems worthwhile to add a trapdoor, such that people can opt
into their own model on how they would like to see this checking work.
Tested:
```
curl --insecure -H "Content-Type: application/json" -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
```
Succeeds.
Removing Content-Type argument causes bmc to return
Base.1.13.0.UnrecognizedRequestBody.
[1] cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
Change-Id: Iaa47dd563b40036ff2fc2cacb70d941fd8853038
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
boost::split has a documented false-positive in clang-tidy. While
normally we'd handle this with NOLINTNEXTLINE, this doesn't appear to
work in all cases. Unclear why, but seems to be due to some of our
lambda callback complexity.
Each of these uses is a case where we should be using a more specific
check, rather than split, but for the moment, this is the best we have.
Tested: clang-tidy passes.
[1] https://github.com/llvm/llvm-project/issues/40486
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I144c6610cb740287b7225e2be03b4142a64f9563
|
|
In the continual quest to get tidy passing when run in isolation, fix
some more includes.
This includes removing a circular #include to app.hpp. We don't use
app.hpp in these files, which is why our code compiles but having this
include it here causes a few circular dependencies
app.hpp -> http_server.hpp -> persistent_data.hpp -> app.hpp.
app.hpp -> http_server.hpp -> authentication.hpp -> app.hpp.
This confuses clang when run on header files directly.
Fix a couple more includes at the same time.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib62d78b49c7e38ef7061c9fbbf6b3d463f11917d
|
|
This function is declared in a header, it should be inline, not static.
Tested: Code compiles and passes clang-tidy
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I6b05e3e302d11a64f97f9f444eb0dbc76db3cd70
|
|
This reverts commit 369ea3ffb0c76c33c7ccd0bbb0e8dcb0039cd285.
bmcweb bumps are failing romulus qemu CI tests.
This started with https://gerrit.openbmc.org/c/openbmc/openbmc/+/60786.
https://gerrit.openbmc.org/c/openbmc/openbmc/+/60756 passed.
Only 1 commit diff here.
The manager call is failing here:
```
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc
{
"@odata.id": "/redfish/v1/Managers/bmc",
"@odata.type": "#Manager.v1_14_0.Manager",
...
"UUID": "0623b376-dc4f-4a29-93e0-cc982bfb9aae",
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request failed due to an internal service error.
The service is still operational.",
"MessageArgs": [],
"MessageId": "Base.1.13.0.InternalError",
"MessageSeverity": "Critical",
"Resolution": "Resubmit the request. If the problem persists,
consider resetting the service."
}
],
"code": "Base.1.13.0.InternalError",
"message": "The request failed due to an internal service error.
The service is still operational."
}
}
```
Let's get the bumps back to passing.
Change-Id: Ia27b1a5024b480786cc776c4ab9586bd75bf1242
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This was used way back in the day when bmcweb static files were
ungzipping their contents. Today we push that to the client.
Remove.
Tested: Code compiles. Unused file.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ie798b5eeb8854a677725d90adead8c1bf00bb5f4
|
|
There are currently many files that use the get endpoints methods[1].
Since they are general methods, they are defined in the
dbus_utility.hpp file and will be further refactored in subsequent
patches.
Also, Updated the populateSoftwareInformation method of sw_utils.hpp
[1] https://github.com/openbmc/docs/blob/master/architecture/object-mapper.md#associations
When an object with, for example, an object path of pathA uses
the following values:
["foo", "bar", "pathB"]
The mapper will create 2 new objects:
pathA/foo
pathB/bar
Tested: Built bmcweb successuflly and Validator passes
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc
{
"@odata.id": "/redfish/v1/Managers/bmc",
"@odata.type": "#Manager.v1_14_0.Manager",
...
"FirmwareVersion": "2.14.0-dev-95-gea3949e76-dirty",
...
}
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I6567f63ab63709504b46ed49b00055a8ffc34124
|
|
Since the GetSubTree method has been implemented in dbus_utility and
this commit is to integrate all the places where the GetSubTree
method is called, and use the method in dbus_utility uniformly.
Tested: Redfish Validator Passed
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: If3852b487d74e7cd8f123e0efffbd4affe92743c
|
|
mTLS authentication should have the highest priority (according to code
in [1]) so it shouldn't be affected by cookies. If you provide a valid
certificate and a dummy cookie value, request will fail which means
cookies had higher priority than mTLS.
Tested:
Follow the guide in [2] to create a valid certificate for a user that
can access some resource (for example /redfish/v1/Chassis) and make two
requests:
curl --cert client-cert.pem --key client-key.pem -vvv --cacert
CA-cert.pem https://BMC_IP/redfish/v1/Chassis
curl --cert client-cert.pem --key client-key.pem -vvv --cacert
CA-cert.pem https://BMC_IP/redfish/v1/Chassis -H "Cookie: SESSION=123"
Before this change second request would fail with "401 Unauthorized"
[1]: https://github.com/openbmc/bmcweb/blob/bb759e3aeaadfec9f3aac4485f253bcc8a523e4c/include/authentication.hpp#L275
[2]: https://github.com/openbmc/docs/blob/f4febd002df578bad816239b70950f84ea4567e8/security/TLS-configuration.md
Signed-off-by: Karol Niczyj <karol.niczyj@intel.com>
Signed-off-by: Boleslaw Ogonczyk Makowski <boleslawx.ogonczyk-makowski@intel.com>
Change-Id: I5d6267332b7b97c11f638850108e671d0baa26fd
|
|
There are currently many files that use the GetObject method.
Since they are a general method, they are defined in the
dbus_utility.hpp file and refactors them.
Tested: Built bmcweb successfully and Validator passes.
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: If2af77294389b023b611987252ee6149906fcd25
|
|
Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't catch most of these.
Tested: Code compiles
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8
|
|
We don't follow this cpp core guidelines rule well. This is something
that we should aspire to cleaning up in the future, but for the moment,
lets turn the rule on in clang-tidy to stop the bleeding, add ignores
for the things that we know need some better abstractions, and work on
these over time.
Most of this commit is just adding NOLINTNEXTLINE exceptions for all of
our globals. There was one case in the sensor code where clang
correctly noted that those globals weren't actually const, which got
missed because of the use of auto.
Tested: CI should be good enough for this. Passes clang-tidy.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ieda08fee69a3b209d4b3e9771809a6c41524f066
|
|
Since the GetSubTreePaths method has been implemented in dbus_utility
and this commit is to integrate all the places where the
GetSubTreePaths method is called, and use the method in dbus_utility
uniformly.
Requires https://gerrit.openbmc.org/c/openbmc/sdbusplus/+/60020 to
build.
Tested: Redfish Validator Passed
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: Ie4140d4484a7e4f4b943013f4371ffd2d44a22e9
|
|
This likely has no performance implications in practice, but getting a
clean cppcheck run is good. Suggestion was implemented per cppcheck.
Tested: This is in the deprecated rest API. Not sure how much testing
we need to do.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1658697730ac07c7cdefd2b73c80ee65fba4dedb
|
|
CBOR is a more efficient way to represent json, and something that, as
you can see from this patch, is relatively trivial to implement in our
current nlohmann json handlers. This allows users that specify an
accepts header of "application/cbor" to request the BMC produce a cbor
response.
This feature adds 1520 bytes (1.48KB) to the binary size of bmcweb.
For ServiceRoot
GET /redfish/v1 Accepts: application/json - returns json
GET /redfish/v1 Accepts: application/cbor - returns cbor
GET /redfish/v1 Accepts: */* - returns json
GET /redfish/v1 Accepts: text/html - returns html
GET /redfish/v1 no-accepts header - returns json
For service root, CBOR encoding drops the payload size from 1520 bytes
on my system, to 1021 byes, which is a significant improvement in the
number of bytes we need to compress.
Redfish-service-validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I847e678cf79dfd7d55e6d3b26960c419e47063af
|
|
cppcheck correctly notes that a lot of our variables can be declared at
more specific scopes, and in every case, it seems to be correct.
Tested: Redfish service validator passes. Unit test coverage on others.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia4414410d0e8f74a3bd40fdc0e0232450d1a6416
|
|
GET function on the config files path now lists all the contents
including sub directories. Creation of subdirectories under config files
is not allowed from the UI, however its possible to create manually.
If we try to access a subfolder with GET command, bmcweb handle the
folder name as file name and crashes trying to open.
Hence we limit the use of subfolder under config files by not listing
them in the response of the GET command. And returning an error if the
user is trying to run a GET on subfolder created manually.
Tested:
Create subfolder under configfiles path
curl -k -H "X-Auth-Token: $bmc_token" -X GET -D patch1.txt
https://${bmc}/ibm/v1/Host/ConfigFiles
Without fix:
Lists all contents of the ConfigFiles folder
With Fix:
lists only the regular files
Run the command with subfolder
curl -k -H "X-Auth-Token: $bmc_token" -X GET -D patch1.txt
https://${bmc}/ibm/v1/Host/ConfigFiles/testfolder
Without fix:
bmcweb crashes
With the fix:
“Description”: “Resource Not Found”
Change-Id: I71ef5523c6bc425e880a28a6e1175c677ef0a102
Signed-off-by: Jishnu C M <jishnunambiarcm@duck.com>
|
|
There are a number of properties of Type "string (uri)" for which we
do not currently support adding prefixes. This patch adds support
for all existing URI properties which are missed by the existing
implementation.
This change will be needed by future patches which will expand
aggregation support to all top level collections defined by the
schema. Those collections that are not currently supported include
properties whose URIs should be fixed, but would be missed by the
existing implementation.
Tested:
New unit test passes.
URI properties are still handled correctly.
```shell
curl localhost/redfish/v1/Chassis/5B247A_<chassisID>
{
"@odata.id": "/redfish/v1/Chassis/5B247A_<chassisID>",
"@odata.type": "#Chassis.v1_16_0.Chassis",
"Actions": {
"#Chassis.Reset": {
"@Redfish.ActionInfo": "/redfish/v1/Chassis/5B247A_<chassisID>/ResetActionInfo",
"target": "/redfish/v1/Chassis/5B247A_<chassisID>/Actions/Chassis.Reset"
}
},
...
}
```
Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I3b3e06ee3191564d266598f7bc9f1641e6fcb333
|
|
There are currently many files that use the GetSubTree and
GetSubTreePaths methods. Since they are a general method, they are
defined in the dbus_utility.hpp file and will be further refactored
in subsequent patches.
Also, Updated the doPath method of NetworkProtocol synchronously.
Tested: Built bmcweb successfully and Validator passes
1. doGet NetworkProtocol
curl -k -H "X-Auth-Token: $token"
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
"IPMI": {
"Port": 623,
"ProtocolEnabled": true
},
...
}
2. change the ProtocolEnabled property to false
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json"
-X PATCH -d '{"IPMI": {"ProtocolEnabled" :false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol
3. doGet NetworkProtocol again
curl -k -H "X-Auth-Token: $token"
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
"IPMI": {
"Port": null,
"ProtocolEnabled": false
},
...
}
Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I9ed3de74417d2662a7f433ea4a589f68f514a369
|
|
Refactor getCollectionMembers to make sure all Url created with dbus
paths are generated via UrlFromPieces helper function. This allow us to
manage all URL generated from dbus in one place and allow us to make
future changes to affect all resources.
We can make changes to all resources easier if they are all managed by
one function.
Tested:
Redfish Validator Passed. All Collections working as expected and match
previous implmentation.
Change-Id: I5d3b2b32f047ce4f20a2287a36a3e099efd6eace
Signed-off-by: Willy Tu <wltu@google.com>
|
|
This commit fixed several places (but not all) where wrong include
directory is specified and prevent the clean up in the chidren changes.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ibbba62e2c0cfe3583a65f1befa1b233bd3eebf19
|
|
In 2022.2, Redfish added support for the Context parameter on the
Session Resource. This parameter has the same function that the
OemSession.ClientId field served. This commit moves all the existing
ClientId code to produce Context as well.
Functionally, this has one important difference, in that Context in
Redfish is optionally provided by the user, which means we need to omit
it if not given by the user. The old implementation left it set to
empty string ("").
Because of this, a few minor interfaces need to change to use
std::optional. Existing uses of clientId are moved to using
value_or("") to keep the same behavior as before.
Tested:
curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\":
\"0penBmc\"}" https://192.168.7.2/redfish/v1/SessionService/Sessions
Returns a Session object with no Context key present
curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\":
\"0penBmc\", \"Context\": \"Foobar\"}"
https://192.168.7.2/redfish/v1/SessionService/Sessions
Returns a Session object with:
"Context": "Foobar"
Subsequent Gets of /redfish/v1/SessionService/Sessions/<sid>
return the same session objects, both with and without Context.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4df358623f93f3e6cb659e99970ad909cefebc62
|
|
std::string_view causes invalid memory access in multipart branch when
assigned local variable goes out of scope and string_view is passed to
ramAuthenticateUser. Moved MultipartParser to higher scope, to ensure
it is not deleted before std::string_view.
Tested:
- Executed post on /login, got response:
{
"data": "User 'root' logged in",
"message": "200 OK",
"status": "ok"
}
Change-Id: I0b02dddcb1a887d442525ffedb7a08a00087f2f2
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
|
|
- Index was not checked against size before dereference. Which cased to
override memory.
- Header without colon could put parser into invalid state. Now it will
return with error.
- Content after boundary was not correctly discarded.
- Parser did not check body for final boudary. Now missing final
boundary will return with error.
Tested:
- Tested that payload with header without colon doesn't cause memory
corruption anymore.
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
Change-Id: I12f496ab5f53e6c088cdfdf2e96be636d66f7c7f
|
|
clang-tidy-15 is raising the following warning, which it automatically
fixed:
```
../include/sessions.hpp:262:38: error: unnecessary temporary object created while calling emplace [modernize-use-emplace,-warnings-as-errors]
auto it = authTokens.emplace(std::make_pair(sessionToken, session));
^~~~~~~~~~~~~~~ ~
```
Apply automatically generated fix.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I425efdcba4bf08b03d64f8fb913eab956f5a198d
|
|
An HTTP header of Accepts: */* throws a big wrench into our
implementation for a couple reasons. First, because it's the default in
a lot of commonly-used libraries, and second, because clients use it
when they certainly don't mean what the specification says it should
mean "ie, I accept ANY type".
This commit tries to address some of that, by making an explicit option
for content-type="ANY" and pushes it to the individual callers to handle
explicitly as if it were yet another type. In most protocols, there's a
"most common" representation, so protocols are free to use that, or to
explicitly handle it, and require that the user be explicit.
Tested:
Redfish Protocol Validator no longer locks up. (TBD, getting bugs filed
with protocol validator for this missing Accepts header).
For ServiceRoot
GET /redfish/v1 Accepts: application/json - returns json
GET /redfish/v1 Accepts: */* - returns json
GET /redfish/v1 Accepts: text/html - returns html
GET /redfish/v1 no-accepts header - returns json
Redfish-service-validator passes.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iae6711ae587115d3e159a48a6fc46a903ed6c403
|
|
Like other C++ projects, unit tests normally are in a separate repo and
respect the folder structure of the file under test.
This commit deleted all "ut" folder and move tests to a "test" folder.
The test folder also has similar structure as the main folder.
This commit also made neccessary include changes to make codes compile.
Unused tests are untouched.
Tested: unit test passed.
Reference:
[1] https://github.com/grpc/grpc/tree/master/test
[2] https://github.com/boostorg/core/tree/414dfb466878af427d33b36e6ccf84d21c0e081b/test
[3] Many other OpenBMC repos: https://github.com/openbmc/entity-manager/tree/master/test
[4] https://stackoverflow.com/questions/2360734/whats-a-good-directory-structure-for-larger-c-projects-using-makefile
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I4521c7ef5fa03c47cca5c146d322bbb51365ee96
|
|
We have a number of specialized content-type functions for varying
levels of degree, and most of them rely on quite a few strings. This
commit changes them to consolidate on two APIs.
isContentTypeSupported, which as the name implies, takes a single
content type, and returns a bool about whether or not that content type
is allowed.
getPreferedContentType, which takes an array of multiple options, and
fine the first one in the list that matches the clients expected string.
These two functions makes these functions more able to be reused in the
future, and don't require specialized entries for each possible type or
combination of types that we need to check for.
Tested: Unit tests passing. Pretty good coverage.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8b976d0cefec5f24e62fbbfae33d12cc803cb373
|
|
The following error reports have started to be reported by clang-tidy:
* readability-qualified-auto - add 'const' to `auto&` iterators
* bugprone-use-after-move - add break in loop after element is found
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I5314559f62f58aa032d4c74946b8e3e4ce6be808
|
|
According to Redfish Base Message Registry definition [1], the first
argument of ResourceNotFound and ResourceAlreadyExists is the schema
name of the resource. This patch changes the first argument to non-
versioned schema name treewide.
Tested:
Verified the error message matches the definition, and Redfish Service
Validator passed.
[1] https://redfish.dmtf.org/registries/Base.1.13.0.json
Change-Id: Ib5cd853578ef0bffda1184d10827241e94faaf68
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
This commit optimizes the release lock code and adds some traces to give
more data for lock conflict scenarios
Tested by:
1. With dual client connected, verified the conflicts are returned
2. Tested releaseLock usecase
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I3cf99aaa5cc7c2967ae8dbc9c76c9f7378ecebdd
|
|
This commit fixes the below issues
1. Bump up the ConfigFile directory max limit
For large configurations on the system, the current directory size
upper limit of 10MB was exceeding and BMC was sending the error back
to the client. This fails the entire large config support.
This commit Increases this upper limit of the configFile dir to 25MB
2. Return 409 Error for a lock conflict
Tested by:
1. ConfigFile read
2. Single file upload
3. AcquireLock from the same client returns 409
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I9218e8263f31e519d76683822290dfe259c57192
|
|
used sdbusplus::unpackPropertiesNoThrow in openbmc_dbus_rest.hpp,
memory.hpp and sensors.hpp, also replaced all usages of "GetAll" with
sdbusplus::asio::getAllProperties
bmcweb size: 2697624 -> 2697624 (0)
compressed size: 1129645 -> 1130037 (+392)
Tested:
Performed get on:
- /redfish/v1/Systems/system/Memory/dimm0
Performed get one of the members of:
- /redfish/v1/Chassis/chassis/Sensors
Get result before and after the change was in same format.
Change-Id: I05efcedfd905ea2c8d1d663e909cb59ebc2cf2b7
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>
|
|
This commit adds the initial SSL support for http_client which can be
used for sending asynchronous Events/MetricReports to subscribed Event
Listener servers over secure channel.
Current implementation of http client only works for http protocol.
With current implementation, http client can be configured to work
with secure http (HTTPS). As part of implementation it adds the SSL
handshake mechanism and enforces the peer ceritificate verification.
The http-client uses the cipher suites which are supported by mozilla
browser and as recommended by OWASP. For better security enforcement
its disables the SSLv2, SSLv3, TLSv1, TLSv1.1 as described in below
OWASP cheetsheet.
It is validated with RootCA certificate(PEM) for now. Adding support
for different certificates can be looked in future as need arises.
[1]: https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html
Tested:
- Created new subscription with SSL destination(https) and confirmed
that events are seen on EventListener side.
URI: /redfish/v1/EventService/Subscriptions
Method: POST
Body:
{
"Context": "CustomText",
"Destination": "https://<IP>:4000/service/collector/event_logs",
"EventFormatType": "Event",
"DeliveryRetryPolicy": "RetryForever",
"Protocol": "Redfish"
}
- Unit tested the non-SSL connection by disabling the check in code
(Note: EventService blocks all Non-SSL destinations). Verified that
all events are properly shown on EventListener.
URI: /redfish/v1/EventService/Subscriptions
Method: POST
Body:
{
"Context": "CustomText",
"Destination": "http://<IP>:4001/service/collector/event_logs",
"EventFormatType": "Event",
"Protocol": "Redfish"
}
- Combined above two tests and verified both SSL & Non-SSL work fine in
congention.
- Created subscription with different URI paths on same IP, Port and
protocol and verified that events sent as expected.
Change-Id: I13b2fc942c9ce6c55cd7348aae1e088a3f3d7fd9
Signed-off-by: AppaRao Puli <apparao.puli@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>
|
|
bmcweb does not do anything with the q-factor weighting (;q=) so just
remove it from the encoding.
This is needed because routes like
"/redfish/v1/Systems/system/LogServices/EventLog/Entries/<str>/attachment"
have a check for isOctetAccepted. Even though */* is in the Accept
Header isOctetAccepted still fails due to the q-factor weighting.
On the system I tested, on firefox, Accept looks like:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
The GUI reported being unable to download a AdditionalDataURI (e.g.
...attachment/)
Here is the GUI code attempting to download the additional data:
https://github.com/openbmc/webui-vue/blob/9b79a6e7e3df3d3cbaf9a7750bbe343628022026/src/views/Logs/EventLogs/EventLogs.vue#L155
https://github.com/openbmc/webui-vue/blob/9b79a6e7e3df3d3cbaf9a7750bbe343628022026/src/locales/en-US.json#L251
Today this results in a 400 Bad Request due to isOctetAccepted.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept
Tested:
/redfish/v1/Systems/system/LogServices/PostCodes/Entries/<str>/attachment/
and .../EventLog/Entries/<str>/attachment now return correctly.
Change-Id: I969f5f2c32c4acccd4d80615f17c44d0c8fabd0d
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Type alias ManagedItem is identical to ManagedObjectType::value_type,
remove it.
Tested:
Build pass. No significant change in compressed binary size.
Change-Id: I6d0f0498399ee639d8a5445fe908a7c311327e41
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
|
|
The isConflictRecord method was returning false by default which is
causing ignoring the same resourceId conflicts.
Same resourceId case will pass all the conditions and reach to the end
of the function. Returning true means that there is a conflict.
This commit fixes this by returning true by default
Tested by:
1. Send writeLock requests with same resourceId and segment length
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: Ie65c6394988a357a8c811b621e113c14924bb8f6
|
