Age | Commit message (Collapse) | Author | Files | Lines |
|
We inherited a "using namespace" crow. Lets fix it.
Tested:
Code compiles. No functional changes.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Id47446150dfb312c5cd84a4b4284fb824eba8021
|
|
IBM management console had a using namespace in it. This is against the
coding standard.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Idfd5eac1a91e82f08139d6913a42a6c882072495
|
|
Details on why this revert is needed are here.
https://lists.ozlabs.org/pipermail/openbmc/2020-August/022478.html
Appu and Ravi still have not commented.
It should be noted, this also causes a memory leak in http connection,
where connections refuse to be freed, because of a bad usage of
shared_from_this.
This code wasn't very well thought through, and needs rearchitected to
not break the unit testability of bmcweb, nor cause memory leaks.
https://github.com/openbmc/bmcweb/blob/218bd4746130aac22366968c8c9a34a929e45a3d/http/http_connection.h#L351
Is the memory leak in question.
Specifically, this reverts:
The /attachment download in LogServices. This needs reimplemented
properly, but is an OEM property, so it shouldn't be a big deal to
revert, and shouldn't break our redfish compliance.
The IpAddress property in SessionService. I have no idea why this was
injected, and it's functionally incorrect. IpAddresses are not related
to a session, and IP addresses can change over the course of a session,
so this property is already broken as written. I suspect the author
really wanted RedfishEvent type logging, but that was too complex, so
they half implemented this.
Redfish SSE properties. This needs to be reimplemented similar to the
patchset here:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/13948
Where the ownership of the HTTP connection does not leave the http
framework. As written, the SSE implementation causes ownership issues,
as there's no clear delineation of the ownership between HttpConnection
and the SSE framework.
Tested:
On current master, running this command:
wget -O- --no-http-keep-alive --no-check-certificate https://{bmc
hostname}:18080/redfish/v1
Which should download the service root, then immediately close and
destroy the connection, prints:
(2020-08-28 16:55:24) [DEBUG "routing.h":1258] Matched rule
'/redfish/v1/' 2 / 4
(2020-08-28 16:55:24) [DEBUG "http_response.h":130] calling completion
handler
(2020-08-28 16:55:24) [DEBUG "http_response.h":133] completion handler
was valid
(2020-08-28 16:55:24) [INFO "http_connection.h":429] Response: 0x1e1ee28
/redfish/v1 200 keepalive=0
(2020-08-28 16:55:24) [DEBUG "timer_queue.h":48] timer add inside:
0x1d3d1a8 7
(2020-08-28 16:55:24) [DEBUG "http_connection.h":751] 0x1e1ee28 timer
added: 0x1d3d1a8 7
(2020-08-28 16:55:24) [DEBUG "http_connection.h":655] 0x1e1ee28 doWrite
(2020-08-28 16:55:24) [DEBUG "http_connection.h":663] 0x1e1ee28
async_write 1555 bytes
(2020-08-28 16:55:24) [DEBUG "http_connection.h":697] 0x1e1ee28 timer
cancelled: 0x1d3d1a8 7
(2020-08-28 16:55:24) [DEBUG "http_connection.h":676] 0x1e1ee28 from
write(1)
Then stops. Note, that the connection was not destroyed, and has
leaked. Once this patchset is added, the connection closes and destroys
properly, and doesn't leak, so it prints the above, but also prints.
(2020-08-28 16:27:10) [DEBUG "http_connection.h":305] 0x1d15c90
Connection closed, total 1
Ran Redfish service validator. Saw one unrelated failure due to UUID,
all other things pass.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I18686037bf58f20389d31facc0d77020274d38a1
|
|
clang-tidy warned on some data structures that, if they throw, the
exceptions can't be caught.
Move these data structures to constexpr equivalents to save some memory.
Tested:
Loaded webui. Worked as intended, and static files loaded properly.
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: I331ebfc2451f0cc0a82a1b70d325008c9c80401a
|
|
Unused param errors are throwing from this sources by the recent
CMake changes. Looks like CI build didn't catch these errors then.
Tested: Build is verified.
Signed-off-by: Vikram Bodireddy <vikram.bodireddy@linux.intel.com>
Change-Id: I139c01a78babc1c370c0c5de787291726ea42b53
|
|
There were a couple places in code where we still use index based for
loops. Move these to the more modern range based for loops.
Tested: Needs testing. Changes made by clang-tidy.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I30bf6fae6b2540434d5c98900a8f6bd0c8f2be93
|
|
Boost 1.74.0 got released the yesterday and deprecated some more stuff
that we use. This patchset prepares us so we will build for it when
meta-oe picks it up.
Tested:
Code builds under boost 1.74.0
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Icc6c54da6705098fc76e3ee6dbdc6c3b5c57fbda
|
|
This commit enables the "unused variables" warning in clang. Throughout
this, it did point out several issues that would've been functional
bugs, so I think it was worthwhile. It also cleaned up several unused
variable from old constructs that no longer exist.
Tested:
Built with clang. Code no longer emits warnings.
Downloaded bmcweb to system and pulled up the webui, observed webui
loads and logs in properly.
Change-Id: I51505f4222cc147d6f2b87b14d7e2ac4a74cafa8
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
This commit enables clang warnings, and fixes all warnings that were
found. Most of these fall into a couple categories:
Variable shadow issues were fixed by renaming variables
unused parameter warnings were resolved by either checking error codes
that had been ignored, or removing the name of the variable from the
scope.
Other various warnings were fixed in the best way I was able to come up
with.
Note, the redfish Node class is especially insidious, as it causes all
imlementers to have variables for parameters, regardless of whether or
not they are used. Deprecating the Node class is on my list of things
to do, as it adds extra overhead, and in general isn't a useful
abstraction. For now, I have simply fixed all the handlers.
Tested:
Added the current meta-clang meta layer into bblayers.conf, and added
TOOLCHAIN_pn-bmcweb = "clang" to my local.conf
Signed-off-by: Ed Tanous <ed@tanous.net>
Change-Id: Ia75b94010359170159c703e535d1c1af182fe700
|
|
Middlewares, while kinda cool from an academic standpoint, make our
build times even worse than they already are. Given that we only really
use 1 real middleware today (token auth) and it needs to move into the
parser mode anyway (for security limiting buffer sizes), we might as well
use this as an opportunity to delete some code.
Some other things that happen:
1. Persistent data now moves out of the crow namespace
2. App is no longer a template
3. All request_routes implementations no longer become templates. This
should be a decent (unmeasured) win on compile times.
This commit was part of a commit previously called "various cleanups".
This separates ONLY the middleware deletion part of that.
Note, this also deletes about 400 lines of hard to understand code.
Change-Id: I4c19e25491a153a2aa2e4ef46fc797bcb5b3581a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
Free memory during failed case inside
pamFunctionConversation() function.
Tested:
- Pam authentication works as normal.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I81c06a3d674b0806c96e5847cda6f208795bd02c
|
|
This commit implements the broadcast of the messages from one
connected client to other connected clients via BMC. When the
management console creates a subscription on the BMC, they will
be provided with the broadcast message service.
Tested by: (Used https://github.com/DMTF/Redfish-Event-Listener)
1. Create a subscription
POST -D headers.txt https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination":"https://<host:port>","Protocol":"Redfish"}'
2. Send the message
POST https://${bmc}/ibm/v1/HMC/BroadcastService -d '{"Message":"<msg>"}'
3. Verify the event is generated and posted to the subscriber:
bodydata: {"Message":"<The message from HMC to be forwarded>",
"Name":"Broadcast Event","OriginOfCondition":
"/ibm/v1/HMC/BroadcastService",
"Timestamp":"2020-07-15T12:03:30+00:00"}
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: Ib36b4f25505cf66251adc5aeda282312996c25af
|
|
The commit implements the sending of push style events to the IBM's management client
when a configFile is updated.
Tested-By:
1. Create a subscription by passing "ResourceTypes" as ["IBMConfigFile"]
POST -D headers.txt https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination" : "https://<host:port>,"ResourceTypes":["IBMConfigFile"],"Protocol":"Redfish"}'
2. Update an existing ConfigFile
PUT https://${bmc}/ibm/v1/Host/ConfigFiles/<filename> --data-binary "@<local_path>"
3. Verify the event is generated and posted to the subscriber as the following example:
bodydata: {
"@odata.type":"#Event.v1_4_0.Event",
"Events":[
{
"EventId":1,
"EventTimestamp":"2020-06-26T08:40:04+00:00",
"EventType":"ResourceChanged",
"MemberId":0,
"Message" :"One or more resource properties have changed.",
"MessageArgs":null,
"MessageId":"ResourceEvent.1.0.3.ResourceChanged",
"OriginOfCondition":"/ibm/v1/Host/ConfigFiles/<filename>",
"MessageSeverity":"OK"
}
],
"Id":1,
"Name":"Event Log"
}
4. Verified the event is sent to the subscriber when the resourceType list is empty.
5. Verified the client subscribes for other resource - not ConfigFile ; then
the event is not sent to the subscriber.
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: I785c2a5a6e4e721cf722e94693db3a832f69fa50
|
|
This implements the sendEvent when the IBM management console
creates the ConfigFile at BMC using the PUT operation on the
url /ibm/v1/Host/ConfigFiles
Tested by: (Used https://github.com/DMTF/Redfish-Event-Listener)
1. Create a subscription by passing "ResourceTypes" as ["IBMConfigFile"]
POST -D headers.txt https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination" : "https://<host:port>,"ResourceTypes":["IBMConfigFile"],"Protocol":"Redfish"}'
2. Create a ConfigFile
PUT https://${bmc}/ibm/v1/Host/ConfigFiles/<filename> --data-binary "@<local_path>"
3. Verify the event is generated and posted to the subscriber as below example
bodydata: {
"@odata.type":"#Event.v1_4_0.Event",
"Events":[
{
"EventId":1,
"EventTimestamp":"2020-06-26T08:40:04+00:00",
"EventType":"ResourceAdded",
"MemberId":0,
"Message":"The resource has been created successfully.",
"MessageArgs":null,
"MessageId":"ResourceEvent.1.0.3.ResourceCreated",
"OriginOfCondition":"/ibm/v1/Host/ConfigFiles/<filename>",
"MessageSeverity":"OK"
}
],
"Id":1,
"Name":"Event Log"
}
4. Verified the event is sent to the subscriber when the resourceType list is empty.
5. Verified the client subscribes for other resource - not ConfigFile ; then
the event is not sent to the subscriber.
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: Ic9b195266fe2df67a3160197d03d9ac155ef0cd1
|
|
strncpy has range checks, which reduce the possibility of overrunning
the buffer in the case of a bug.
Tested: clang-tidy cert check now passes. Needs functional testing.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I2fab19ca40f97cc0574146883ee19b573285a59c
|
|
We use std::filesystem now, so use that directly instead of having the
using at the top of the file.
Tested: Code compiles. No functional change.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iab977f08a2a61dcc9f2c82c705e5bcc55304e81a
|
|
This commit supports sending the ResourceTypes list while subscribing
to the events. The "Task" resource is added as a supported type to receive
the task life cycle events.
For IBM's management console along with the Task resource, the support
is provided to subscribe to the "IBMConfigFile" ResourceType to receive
events while creating/updating the ConfigFiles.
Tested by:
1. GET https://${bmc}/redfish/v1/EventService
2. Create subscription :
POST https://${bmc}/redfish/v1/EventService/Subscriptions
-d '{"Destination" : <>, "Protocol":"Redfish", "ResourceTypes": ["Task"]}'
3. GET https://${bmc}/redfish/v1/EventService/Subscriptions/<id>
3. Redfish validator was run successfully
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: Ibaf3f4f5f005a1beedf0a1cd049ae11d93a3af36
|
|
MTLS Auth was not in the authenticate header,
making it authenticate too late now (in handle) as
we now authenticate before reading the headers.
Move it to the authenticate header.
Tested: MTLS in Chrome and via scripting allowed
GETs on resources
Change-Id: Ia765efd5c588b497de010605b474f6bb886a9dd1
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Now websocket client receives a proper reason from a server.
Removed filling asyncResp from onopen() method from nbdproxy.h
because it was redundant. Websocket does not response to client
using asyncResp.
Removed close from NbdProxyServer destructor because it is always
called in onclose() method.
Tested:
- Mounted and unmounted virtual media using proxy mode few times
as administrator with success.
- Mounted virtual media using proxy mode as operator and receives
proper reason on client side.
- Verify if errors are received properly on client side when
mounting operation fails.
Signed-off-by: Wludzik, Jozef <jozef.wludzik@intel.com>
Change-Id: If3b1cc9782de71a0975416872bc2fe8e3824148a
|
|
While a cool example of how to do string matching in constexpr space,
the set of verbs available to HTTP has been fixed for a very long time.
This was ported over to beast a while back, but we kept the API for....
mediocre reasons of backward compatibility. Remove that, and delete the
now unused code.
Tested: Built and loaded on a Witherspoon. Validator passes.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iaf048e196f9b6e71983189877203bf80390df286
Signed-off-by: James Feist <james.feist@linux.intel.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
Currently we parse the whole message before authenticating,
allowing an attacker the ability to upload a large image,
or keep a connection open for the max amount of time easier
than it should be. This moves the authentication to the
earliest point possible, and restricts unauthenticated users
timeouts and max upload sizes. It also makes it so that
unauthenticated users cannot keep the connection alive
forever by refusing to close the connection.
Tested:
- login/logout
- firmware update
- large POST when unauthenticated
- timeouts when unauthenticated
- slowhttptest
Change-Id: Ifa02d8db04eac1821e8950eb85e71634a9e6d265
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
These spelling errors were found using
https://github.com/codespell-project/codespell
Tested: Built and ran against validator.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: I214fe102550295578cfdf0fc58305897d261ce55
|
|
Change-Id: Iafbd209fe2cb4503df995536587d8a80bd887a74
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
- There are few pieces in the code, that depends on boost
1.71 & 1.70 library.
- Now, that bmcweb is moving towards 1.73, we can safely remove
those dependencies.
Tested By:
- Compiled in all sdks & unittests passed.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I9ac6a002bf389afcad0ddb92f2e0205043ddb347
|
|
This commit saves the IP Address of the client from where the session
was created.
- This is not a user supplied value. The BMC will internally pull the
IP address from the incoming create-session request.
- It should also be noted that ClientIP will not change if the same session
token is used from some other IP address for further management of the BMC.
Tested by:
1. Create session
2. Display the Session details with GET command to check the IP from where
the session is created/updated.
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
{
"@odata.id": "/redfish/v1/SessionService/Sessions/<id>",
"@odata.type": "#Session.v1_0_2.Session",
"Description": "Manager User Session",
"Id": "<id>",
"Name": "User Session",
"Oem": {
"OpenBMC": {
"@odata.type": "#OemSession.v1_0_0.Session",
"ClientOriginIP": "<ip address>"
}
},
"UserName": "root"
}
3. Redfish validator is run successfully.
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I0076f260f50a991600ec060c72f3e46fb9a9cbb8
|
|
- The Lock Structure already had the HMC-ID field which
stores the corresponding unique Identifier that tells
us which HMC has acquired the Lock.
- Now, that the Know you client functionality is up, we can
leverage the clientId field in the bmcweb session store to
fill the lock structure with the corresponding hmc identifier.
NOTE : Also note that a Single HMC can have mutliple session that
can acquire different locks, So when the ownership of any lock is
tied up to its cliendId as well as the SessionId.
- Release Lock call on any Transaction ID can only be successful if
the transactionID of corresponding lock has the complete owner-ship
as per the NOTE mentioned above.
Tested By:
1. CREATE Session with Client ID as mentioned below:
'{"UserName":"root", "Password":"0penBmc", "Oem":{"OpenBMC" : {"ClientID":<unique id>}}}'
2. Make sure the GetLockList of the above session populates the CliendID field
as per data mentioned in the login Request.
3. Release Lock on transaction ID with same HMC-ID but with different
sessionID's should be successful only when both the HMC-ID(mapped to
X-Auth tokens in the session store) & Session ID(from the session store)
of the ReleaseLock request matches with the ownwership of the lock pertaining
to the transaction ID in the request.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I60161bea6007782a397fc60f19d44c2211d4cf7f
|
|
This commit implements handling the OemSession ClientID parameter
for the IBM management console.
Each session gets a random generated unique Id (Resource Id); but this Id
is not a parameter that the client can set to a well known identifier.
This Oem parameter ClientID is the string which the client can supply to
uniquely identify itself among other sessions in the BMC. This is a read-only
property which shall be passed in only during the session creation.
1. Create session by supplying the ClientID Oem parameter
2. Display the ClientID associated with the session
3. Persist the ClientID across BMC reboot
Tested by:
============
1. POST https://${bmc}/redfish/v1/SessionService/Sessions -d
'{"UserName":"root", "Password":<>, "Oem":{"OpenBMC" : {"ClientID":"<client unique id>"}}}'
2. GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
{
"@odata.id": "/redfish/v1/SessionService/Sessions/<id>",
"@odata.type": "#Session.v1_0_2.Session",
"Description": "Manager User Session",
"Id": "<id>",
"Name": "User Session",
"Oem": {
"OpenBMC": {
"@odata.type": "#OemSession.v1_0_0.Session",
"ClientID": "<client unique id>"
}
},
"UserName": "root"
}
3. Verified the session creation works fine without the Oem parameters.
4. Redfish validator
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: Ia740a610e3974dc3781bcee702c74ded9903944a
|
|
This include is no longer needed.
Tested: bmcweb built.
Change-Id: Id754779cc8340678f03b8841abee807c90b959ff
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
This is from openbmc/docs/style/cpp/.clang-format
Other OpenBMC repos are doing the same.
Tested: Built and validator passed.
Change-Id: Ief26c755c9ce012823e16a506342b0547a53517a
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
- The idea behind this commit is to enable the unit test
for the lock management algorithm, and below are the unit
test cases that are written:
Testedby:
[----------] 20 tests from locktest
[ RUN ] locktest.ValidationGoodTestCase
[ OK ] locktest.ValidationGoodTestCase (3 ms)
[ RUN ] locktest.ValidationBadTestWithLocktype
[ OK ] locktest.ValidationBadTestWithLocktype (1 ms)
[ RUN ] locktest.ValidationBadTestWithlockFlags
[ OK ] locktest.ValidationBadTestWithlockFlags (0 ms)
[ RUN ] locktest.ValidationBadTestWithSegmentlength
[ OK ] locktest.ValidationBadTestWithSegmentlength (1 ms)
[ RUN ] locktest.MultiRequestWithoutConflict
[ OK ] locktest.MultiRequestWithoutConflict (3 ms)
[ RUN ] locktest.MultiRequestWithConflictduetoSameSegmentLength
[ OK ] locktest.MultiRequestWithConflictduetoSameSegmentLength (2 ms)
[ RUN ] locktest.MultiRequestWithoutConflictduetoDifferentSegmentData
[ OK ] locktest.MultiRequestWithoutConflictduetoDifferentSegmentData (1 ms)
[ RUN ] locktest.MultiRequestWithConflictduetoSameSegmentData
[ OK ] locktest.MultiRequestWithConflictduetoSameSegmentData (2 ms)
[ RUN ] locktest.MultiRequestWithoutConflictduetoDifferentSegmentLength
[ OK ] locktest.MultiRequestWithoutConflictduetoDifferentSegmentLength (1 ms)
[ RUN ] locktest.MultiRequestWithoutConflictduetoReadLocktype
[ OK ] locktest.MultiRequestWithoutConflictduetoReadLocktype (1 ms)
[ RUN ] locktest.MultiRequestWithoutConflictduetoReadLocktypeAndLockall
[ OK ] locktest.MultiRequestWithoutConflictduetoReadLocktypeAndLockall (2 ms)
[ RUN ] locktest.RequestConflictedWithLockTableEntries
[ OK ] locktest.RequestConflictedWithLockTableEntries (6 ms)
[ RUN ] locktest.RequestNotConflictedWithLockTableEntries
[ OK ] locktest.RequestNotConflictedWithLockTableEntries (3 ms)
[ RUN ] locktest.TestGenerateTransactionIDFunction
[ OK ] locktest.TestGenerateTransactionIDFunction (1 ms)
[ RUN ] locktest.ValidateTransactionIDsGoodTestCase
[ OK ] locktest.ValidateTransactionIDsGoodTestCase (3 ms)
[ RUN ] locktest.ValidateTransactionIDsBadTestCase
[ OK ] locktest.ValidateTransactionIDsBadTestCase (2 ms)
[ RUN ] locktest.ValidateisItMyLockGoodTestCase
[ OK ] locktest.ValidateisItMyLockGoodTestCase (2 ms)
[ RUN ] locktest.ValidateisItMyLockBadTestCase
[ OK ] locktest.ValidateisItMyLockBadTestCase (2 ms)
[ RUN ] locktest.ValidateSessionIDForGetlocklistBadTestCase
[ OK ] locktest.ValidateSessionIDForGetlocklistBadTestCase (3 ms)
[ RUN ] locktest.ValidateSessionIDForGetlocklistGoodTestCase
[ OK ] locktest.ValidateSessionIDForGetlocklistGoodTestCase (3 ms)
[----------] 20 tests from locktest (82 ms total)
Signed-off-by: manojkiraneda <manojkiran.eda@gmail.com>
Change-Id: Id274ee356adfa7ba03da02d83b609d37c8c99f8d
|
|
InitiateOffload dbus method modified to accept OffloadUri
parameter.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: I522699072744a836d795b4b6ff3a3feb640b0d0e
|
|
This handler transfers data between nbd-client and nbd-server.
basically it invokes nbd-proxy and reads data from socket
and writes on to nbd-client and vice-versa
Change-Id: I429393a5e056647333bf4e148c0df2a5695b2a47
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
|
|
This implements the Redfish PasswordChangeRequired handling. See
section 13.3.7.1 "Password change required handling" in the 1.9.1 spec:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf
These portions of the spec are implemented:
- Authenticatation with a correct but expired password creates a
session:
- The session is restricted to the ConfigureSelf privilege which
allows a user to change their own password (via GET and PATCH
Password for their own account). Support for the ConfigureSelf
privilege is already in BMCWeb.
- The session object has the PasswordChangeRequired message.
- All other operations respond with http status code 403 Forbidden
and include the PasswordChangeRequired message.
- The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER)
PasswordChangeRequired property is implemented for local accounts
but not present for remote accounts.
This has the following additional behavior:
The PasswordChangeRequired property is updated at the start of each new
REST operation, even within an existing session. This behavior
implements a "dynamic" PasswordChangeRequired handling that responds to
changes to the underlying "password expired" status. Specifically:
- Sessions restricted by the PasswordChangeRequired handling lose that
restriction when the underlying account password is changed.
- Sessions become subject to the PasswordChangeRequired handling
restrictions whenever the underlying account password expires.
- The mechanism is to check if the password is expired at the start of
every new REST API operation, effectively updating the ManagerAccount
PasswordChangeRequired property each time. This makes BMCWeb
responsive to changes in the underlying account due to other activity
on the BMC.
Notes:
1. Note that when an account password status is changed (for example,
the password becomes expired or is changed) and that account has
active sessions, those sessions remain. They are not deleted. Any
current operations are allowed to complete. Subsequent operations
with that session pick up the new password status.
2. This does not implement OWASP recommendations which call for sessions
to be dropped when there is a significant change to the underlying
account. For example, when the password is changed, the password
becomes expired, or when the account's Role changes. OWASP's
recommendation is due to the session fixation vulnerability. See the
OWASP Session Management Cheat Sheet section "Renew the Session ID
After Any Privilege Level Change":
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
BMCWeb protects against session fixation vulnerabilities because it
always regenerates new session IDs when successful authentication
creates a new session.
3. Users authenticating via mTLS are not subject to the
PasswordChangeRequired behavior because mTLS takes precedence over
password-based authentication.
Tested:
0. Setup:
- The `passwd --expire USERNAME` command was used to expire
passwords. The `chage USER` command was also used.
- The following were used to change the password: Redfish API,
passwd command, and the SSH password change dialog.
- Tested the following via Basic Auth, /login, and Redfish login
(except where Basic Auth does not create a persistent session).
- Only local user account were tested.
- Did not test authentication via mTLS or with LDAP users.
1. When the password is not expired, authentication behaves as usual
for both correct and incorrect passwords.
2. When the password is incorrect and expired, authentication fails as
usual.
3. When the password is correct but expired:
A. A session is created and has the PasswordChangeRequired message.
B. That session cannot access resources that require Login privilege
and the 403 message contains the PasswordChangeRequired message.
C. That session can be used to GET the user's account, PATCH the
Password, and DELETE the session object.
D. The account PasswordChangeRequired reports true.
4. While a session is established, try expiring and changing
(unexpiring) the password using various mechanisms. Ensure both the
session object and the ManagerAccount PasswordChangeRequired property
report the correct condition, and ensure PasswordChangeRequired
handling (restricting operations to ConfigureSelf when
PasswordChangeRequired is true) is applied correctly.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8
|
|
- HMC constructs the resourceID with the First Segment
data in the First Byte of the resourceID from the MSB
position.
- As BMC is a Little Endian machine, and we need to convert
the endian-ness before processing the resourceID.
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: Ieb0b0f8083c4c2cbd2b19477507e67378d5704ba
|
|
- This commit implements the release all locks functionality
as a part of ReleaseLock API.
- The existing ReleaseLock API is modified in such a way that
based on it can do the following things:
1. Release the locks which are corresponding to a set of
transactionID's(provided as input & `Type:Transaction`)
2. Release all the locks which are corrsponding to a particular
session(where `Type:Session`)
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>
Change-Id: I89f847bcb85912d4d9f85587ffbf782da885393a
|
|
This commit does the following
=> makes the lock class singleton.
=> during session timeout erase the locks associated
with the session.
=> Erase the locks when the session is explicitly deleted
on a user request.
We need to find a different way of calculating session timeout
currently session timeout gets calculated when the
request comes to BMC.
TODO: We need some module which keeps looking at the sessions
in certain time interval and earse the session if it is
timeout, It is useful in the case where there is resources
which gets free after session timeout.
It may happen that client gets the session, obtain cerain resources
on that session and never sends any request, in that case session timeout
will never occur for that session.
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: Ic9962f761fc84a03747a90bd951ea36eb8962455
|
|
Change the max file size to 500KB
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I4abd33b8a8ec0fe240f55bb5f3a27d25656ee40d
|
|
This commit persists the lock table whenever there is
a change in the lock table during the aquire lock or
release lock.
This commit also restores the locks during start of the
bmcweb as locks are tied up with the session which aquired
the lock.
TestedBy:
Created sessions and acquired multiple locks.
Restart the bmcweb service.
Verified that the locks are persisted per session
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I081f61922e7c0c24db12efc4d446cdd641856279
|
|
- This commit implements the GetLockList rest API, by which
any external client(with admin privelege) can get a list of
locks obtained by providing the list of sessionID's as input.
TestedBy:
1. Get the session ID from the Session Service
curl -k -H "X-Auth-Token: $bmc_tokens" -X GET https://<ip>/redfish/v1/SessionService/Sessions/
{
"@odata.context": "/redfish/v1/$metadata#SessionCollection.SessionCollection",
"@odata.id": "/redfish/v1/SessionService/Sessions/",
"@odata.type": "#SessionCollection.SessionCollection",
"Description": "Session Collection",
"Members": [
{
"@odata.id": "/redfish/v1/SessionService/Sessions/qM4D0VfZt3"
},
{
"@odata.id": "/redfish/v1/SessionService/Sessions/bjYCiBSCIh"
},
{
"@odata.id": "/redfish/v1/SessionService/Sessions/LkfHvJFggY"
},
{
"@odata.id": "/redfish/v1/SessionService/Sessions/6RKP0aN5Gi"
}
],
"Members@odata.count": 4,
"Name": "Session Collection"
}
2. Use the GetLockList API to obtain the locks owned by a particular
session.
curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d
'{"SessionIDs": ["qM4D0VfZt3","bjYCiBSCIh"]}' https://127.0.0.1:2443/ibm/v1/HMC/LockService/Actions/LockService.GetLockList
{
"Records": [
{
"HMCID": "hmc-id",
"LockType": "Read",
"ResourceID": 256,
"SegmentFlags": [
{
"LockFlag": "LockSame",
"SegmentLength": 3
},
{
"LockFlag": "DontLock",
"SegmentLength": 4
}
],
"SessionID": "qM4D0VfZt3",
"TransactionID": 1
}
]
}
Signed-off-by: manojkiraneda <manojkiran.eda@gmail.com>
Change-Id: I9375e2927938ab682df06ef60c823b279a7efead
|
|
- This commit implements the Release Lock rest API, so that
any external client(having admin-privelege) can release the
locks owned by it.
Tested By:
1.curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockSame","SegmentLength":3},
{"LockFlag":"DontLock","SegmentLength":4}
],
"ResourceID": 256
}
]
}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
{
"TransactionID": 1
}
2.curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockSame","SegmentLength":3},
{"LockFlag":"DontLock","SegmentLength":4}
],
"ResourceID": 256
}
]
}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
{
"TransactionID": 2
}
3. Try releasing the lock owned by it
curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d
'{"TransactionIDs": [1]}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.ReleaseLock
4. Try releasing the lock, which is not owned by the same session
curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d
'{"TransactionIDs": [2]}' https://127.0.0.1:2443/ibm/v1/HMC/LockService/Actions/LockService.ReleaseLock
{
"Record": {
"HMCID": "hmc-id",
"LockType": "Read",
"ResourceID": 256,
"SegmentFlags": [
{
"LockFlag": "LockSame",
"SegmentLength": 3
},
{
"LockFlag": "DontLock",
"SegmentLength": 4
}
],
"SessionID": "qM4D0VfZt3",
"TransactionID": 2
}
}
Signed-off-by: manojkiraneda <manojkiran.eda@gmail.com>
Change-Id: I5d75d44ce805358b25dc293db4dc0f44f4317c06
|
|
- This commit implements the rest API by which any external
client(Ex: Hardware Management Console) can request for a
single/multiple locks as per the design specification mentioned
in `docs/designs/management-console/hmc-lock-management.md`
Tested By:
1. curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockSame","SegmentLength":3},
{"LockFlag":"DontLock","SegmentLength":4}
],
"ResourceID": 256
}
]
}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
2.curl -k -H "X-Auth-Token:$bmc_tokens" -XPOST -H "Content-type: application/json" -d '{
"Request" :[
{
"LockType":"Read",
"SegmentFlags":
[
{"LockFlag":"LockAll","SegmentLength":2},
{"LockFlag":"DontLock","SegmentLength":1}
],
"ResourceID": 234
},
{
"LockType" : "Read",
"SegmentFlags":
[
{"LockFlag":"DontLock","SegmentLength":2},
{"LockFlag":"DontLock","SegmentLength":1}
],
"ResourceID": 234
}
]}' https://<ip>/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock
Signed-off-by: manojkiraneda <manojkiran.eda@gmail.com>
Change-Id: Ia173878702afe7c00160b7935d6a03099b7df622
|
|
std::random_device is not a cryptographically secure
algorithm. Switch to RAND_bytes instead.
Tested: Login and logout works as expected
Change-Id: If24fa6c3a0652c011bc50ae611b180f342d68433
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This adds CSRF check into websockets to avoid
attacks on websockets.
Tested: Could no longer use crosssite scripting to
open websocket. KVM and SOL still work once web-ui
changes are updated
Change-Id: I325079ae3d4db2701671564dff733e034d2670d6
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This will list down the actions implemented by the
Lock Service.
TestedBy:
curl -k -H "X-Auth-Token: $bmc_tokens" -X GET https://<ip>:443/ibm/v1/HMC/LockService
{
"Actions": {
"#LockService.AcquireLock": {
"target": "/ibm/v1/HMC/LockService/Actions/LockService.AcquireLock"
},
"#LockService.GetLockList": {
"target": "/ibm/v1/HMC/LockService/Actions/LockService.GetLockList"
},
"#LockService.ReleaseLock": {
"target": "/ibm/v1/HMC/LockService/Actions/LockService.ReleaseLock"
}
}
}
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: Ifeb53c06c4ff80676c892f1e64518469a3aeb239
|
|
This commit list the config files and implements the
action to delete all the config files
TestedBy:
List config files:
curl -k -H "X-Auth-Token: $bmc_tokens" -X GET
https://<ip>:443/ibm/v1/Host/ConfigFiles
Delete all the config files:
curl -k -H "X-Auth-Token: $bmc_tokens" -X POST
https://<ip>:443/ibm/v1/Host/ConfigFiles/Actions/FileCollection.DeleteAll
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I1a32906709ba32c8bd5328d8eb983705f8a3a6cd
|
|
This commit supports Read, Delete the config files through
REST interface.
Test-by:
1. Read a save area file:
curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/ibm/v1/Host/ConfigFiles/<filename>
2. Delete a save area file:
curl -k -H "X-Auth-Token: $bmc_token" -X DELETE https://${bmc}/ibm/v1/Host/ConfigFiles/<filename>
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: Id326b516e84e93c68d2260f5372e6e7f123a0e87
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
|
|
This change includes:
1. New compiler option for the IBM management console specific functionalities
2. New REST path handler for the IBM path /ibm/v1/Host/ConfigFiles
3. Save-Area file Upload through REST interface PUT command
Tested by :
curl -k -H "X-Auth-Token: $bmc_token" -X PUT https://${bmc}/ibm/v1/Host/ConfigFiles/<filename> --data-binary "@<filepath>"
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I939938009b2de447aea9af5bb3c53bdb845c4084
|
|
This commit introduces the following
=> Service root implementation
=> compiler option for the IBM management console specific functionalities
TestedBy:
curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/ibm/v1
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I2dcb8eee0b69b1723e0cc3d980a5846b3519e7d9
|
|
Add missing res.end() to avoid the hang/timeout.
Tested:
Enabled DBUS and unit tested specified code and
observed no hang.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
Change-Id: I29457b9cebea4e2699c8227a46d1d5e06578a5bf
|
|
In code that is clearly working with EC keys, but once was used for RSA
keys, remove the incorrectly named RSA names and comments to reduce
confusion.
Change-Id: Ide6909bb80fea18bfc51bd3376ae8a51be6baa05
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
|