Age | Commit message (Collapse) | Author | Files | Lines |
|
Add a range check for numerical values so that they are not truncated.
Tested:
<type>:<interface>:<property>
- bool: RebootPolicy: AutoReboot
Valid: 0, 1
Invalid: null, -1, 2
- int64_t: Ambient Temp Sensor: WarningHigh
Valid: -9223372036854775808, -1, 2500, 9223372036854775807
Invalid: null, -9223372036854775809
- uint8_t: Software: Priority
Valid: 0, 1, 255
Invalid: null, -1, 256
- uint16_t: LED Physical: Period
Valid: 0, 1000, 65535
Invalid: null, -1, 65536
- uint32_t: State PowerOnHours: POHCounter
Valid: 0, 20, 4294967295
Invalid: -1, 4294967296
- uint64_t: State BMC: LastRebootTime
Valid: 0, 1566402464000, 18446744073709551615
Invalid: -1, 18446744073709551616
Closes: openbmc/bmcweb#101
Change-Id: I652333b0042b28ffb0a47b478d1a0a6e7ec994a7
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
Some of the alphanumeric characters used to generate session IDs and CSRF
tokens were incorrectly lowercase; that reduced their entropy.
Tested: no; not needed
Change-Id: I383813ea9af77b1393fba516cd7e61570d5b5667
Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
|
|
bmcweb_persistent_data.json have all the session info,
any user having less privilege can get access to this file
which is having sensitive data(user authentication token)
This commit fixes this bug by allowing the read write permission
to the owner and group and others would not be having either read
or write permission.
TestedBy: -> Create the redfish session
-> check the permission of the file.
-> Stop the bmcweb and remove the session file
restart the bmcweb and check the permission
of the file.
-> Create the session again and perfrom the
GET request on Manager,AccountService to verify the
other operation is working.
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I1e69ac147a2cfc3dff150322aee1f430ac552a5a
|
|
Issue:
The downloaded dump file name is having dump id instead of actual dump
file name.
Solution:
Added "Content-Disposition" header into http response packet with
filename as actual dump file name. So, The downloaded dump file
will be saved in actual dump file name when downloading the dump file
by using dump id.
Tested By:
- curl -O -J -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token"
https: //$bmc_ip/download/dump/DUMP_ID
Change-Id: Id4726da20081e7d57d62038f672169f440edecfd
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
|
|
bmcweb fails when attempting to login with a Content header of
application/json; charset=utf8. This is because of an exact string
compare. This commit changes the check to only check the begining of
the string, and adds some logging to make it more clear when we hit this
in the future.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I972a80c174a18295205340271b781c9d6693ee17
|
|
Currently, bmcweb is generating self signed certificate when uploaded
certificate is not in trust-chain while validating that certificate.
As per design direction, bmcweb and Certificate Manager should ignore
trust chain related errors and same feature addressed in certificate
manager.
Reference change id from Certificate Manager:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/13875
With this change, the user can upload self signed CA certificate
without Root CA-Certificate in certificate store and bmcweb won't generate
self signed certificate when uploaded certificate is not in
trust-chain.
Trust chain error info:
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
X509_V_ERR_CERT_UNTRUSTED
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
Change-Id: Ieedd602541d6d5284be3e22ffd5db3ee875065fe
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
|
|
This commit gets the role of the user from the session object and
map it with the redfish privileges and then allow/reject the asked
operation depending on the userprivileges and the entity privileges.
Change-Id: I40be06c28e80b47fe76891cacf863f8495bace88
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
|
|
Tested:
with this change, CI for the commit https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/20134
passes.
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: I983494e4e42bb4cce31482918c01c9e81a51132e
|
|
Certificate reading is failed if Key and Certificate in different order
Git Issue ID:
- https://github.com/openbmc/bmcweb/issues/91
Root Cause:
In uploaded certificate the order is in CSR and then RSA, due
to this certificate reading is failed when same file pointer are used
for read key and certificate.
Solution:
Setting file pointer to point beginning of the file to avoid
key and certificate order error and it will support both order.
Tested By:
- Uploaded the certificate by changing component order.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -H
"Content-Type: application/octet-stream" -X POST -T cert.pem
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates
Change-Id: I6f6d41e7b8a7c2f7c5ce53c5d1bbdf69189119b2
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
|
|
This commit fetches the user privilege during creation of the
session by making D-bus call and add the privilege in the
user session object.
Change-Id: I0e9da8a52df00fc753b13101066ce6d0be9e2ce3
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
|
|
When invoking a D-Bus method call via the 'action' URL, return
the error that came back from the D-Bus call as opposed to just
hardcoding one.
Tested: A POST on /xyz/openbmc_project/dump/action/CreateDump when
no more dumps can be created now returns:
{
"data": {
"description": "xyz.openbmc_project.Dump.Create.Error.QuotaExceeded"
},
"message": "Dump not captured due to a cap.",
"status": "error"
}
Change-Id: Ifd0c97f82ff05842fa0f36ef3bb1aaba42ad7d49
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
1. Move the system endpoints to AsyncResp where possible. This starts
to clean up our scope issues, and makes the code a bit cleaner, as it's
not tabbed in as much. It's by no means a fix, but it certainly is
better, and easier to verify. Also it gives us throw protection as far
as the connection objects go.
2. Implement the "properties" field when accessing urls like:
/bus/system/<serviceName>/<ObjectPath>/<InterfaceName>
Tested:
Called GET on
/bus/system/xyz.openbmc_project.FanSensor/xyz/openbmc_project/sensors/fan_tach/Fan_1/xyz.openbmc_project.Sensor.Value
and observed the response:
{
"bus_name": "xyz.openbmc_project.FanSensor",
"interface": "xyz.openbmc_project.Sensor.Value",
"methods": [],
"object_path": "/xyz/openbmc_project/sensors/fan_tach/Fan_1",
"properties": {
"MaxValue": 14000.0,
"MinValue": 0.0,
"Value": null
},
"signals": [],
"status": "ok"
}
Previous to this patch, properties was an empty object {}
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I8fceb395fb64f2a1857df8ba64b5914c09c18552
|
|
sdbusplus adds message::get_error() to provide the actual sd_bus_error
of a message.
With this, return the error's name and message in REST API so that the
correct error is returned to end user.
Tested: Verify the REST API output when trying to set host time while
the settings does not allow that:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data": 1436655598435272}' https://$bmc/xyz/openbmc_project/time/bmc/attr/Elapsed
{
"data": {
"description": "xyz.openbmc_project.Time.Error.NotAllowed"
},
"message": "The operation is not allowed",
"status": "error"
}
Resolves openbmc/bmcweb#83
Change-Id: I0bd5405c6748d124f9dd8a341e29f3918445158e
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
Implements CertificateService schema to list the actions
available.
Implements CertificateLocations schema to list the
certificates present in the system.
Implements CertificateCollection schema to upload/list
existing HTTPS certificates
Implements Certificate schema to view existing HTTPS
certificate
Cater for reloading the SSL context after a certificate
is uploaded.
Fix Certificate signature validation failure
At present bmcweb uses the certificate from "/home/root/server.pem"
the same is modified to "/etc/ssl/certs/https/server.pem" as
phosphor-certificate-manager uses the specified path to
install/replace certificates.
Bmcweb creates a self-signed certificate when certificate is not
present. Catered for creating "/etc/ssl/certs/https/" direcotry
structure so that self signed certificate is created in the path.
Implements ReplaceCertificate action of Certificate
Service for replacing existing HTTPS certificates
Cleanup of older self-signed certificate at /home/root/server.pem
1. Tested schema with validator and no issues
2. Privilege map for certificate service is not yet pubished
2. GET on /redfish/v1/CertificateService/
"CertificateService": {
"@odata.id": "/redfish/v1/CertificateService"
},
3. GET on /redfish/v1/CertificateService/CertificateLocations/
"@odata.context":
"/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
"@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
"Description": "Defines a resource that an administrator can use in order to
locate all certificates installed on a given service",
"Id": "CertificateLocations",
"Name": "Certificate Locations"
4.POST on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates
{
Returns contents of certificate
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
"@odata.type": "#Certificate.v1A_0_0.Certificate",
"Id": "1",
"Issuer": {
...
...
}
5.GET on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateCollection.CertificateCollection",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates",
"@odata.type": "#CertificateCollection.CertificatesCollection",
"Description": "A Collection of HTTPS certificate instances",
"Members": [
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
],
"Members@odata.count": 1,
"Name": "HTTPS Certificate Collection"
}
6.GET on /redfish/v1/CertificateService/CertificateLocations/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
"@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
"Description": "Defines a resource that an administrator can use in order to
locate all certificates installed on a given service",
"Id": "CertificateLocations",
"Links": {
"Certificates": [
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
],
"Certificates@odata.count": 1
},
"Name": "Certificate Locations"
}
7.GET on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString":
"-----BEGINCERTIFICATE-----\n....\n-----ENDCERTIFICATE-----\n",
"CertificateType": "PEM",
"Description": "HTTPS Certificate",
"Id": "1",
"Issuer": {
}
8. Verified SSL context is reloaded after a certificate is installed.
9.curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate/
-d @data_https.json
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString": "-----BEGIN CERTIFICATE----END CERTIFICATE-----\n",
"Description": "HTTPS certificate",
"Id": "1",
"Issuer": {
}
4. data_https.json file contents
{
"CertificateString": "-----BEGIN PRIVATE
KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDClW1COSab2O0W\nW0SgTzLxQ1Igl4EpbEmTK8CAQ+wI7loTDZ7sZwYdf6yc9TAs/yNKjlJljgedGszv\nbC7sPNpH4FA63kaM6TbBBKTRshwZ3myXiBOOkOBs6w6V7+c7uEPcMFge6/4W1VXD\nReMi016cnPWZsmQyGzpmPM49YNEDZBfdKZ/pLuCYc9L9t706U7FrUSGfM7swB+mC\n8NH9qMixMuWAV9SBvzUWI6p4OCmN8a/F+4lOdbPMVEUqQ0hCBCjGM4qmiy/5Ng6y\n6rKeJlUdmOSTk8ojrNGcOXKh0nRafNEQFkIuoPHt8k5B/Yw2CX6s2BoGwvF+hS03\n+z3qVSw3AgMBAAECggEBAKpe92kybRGr3/rhMrdCYRJJpZEP1nGUdN89QbGMxxAS\n0h84n9vRYNNXRKWxMNtVEWtoLdDpiNUP8Dv59yO1LFIen2DL2e3rDJv4Gu/YCS7F\nR0NuS+FaDIaRURYLFeV+MzyJv75jVvhbFlqByJxngcGS1KAcSApvOLTnrJSlPpy9\n8ec5gnDhdOUND9PaQt8xCqMs1RPpjqvrgRzMEodZoqT5v+b0K1GmsAdbSHNP2mLM\nrqtpFDefiM1YfsTHUtxQykxG2Ipd2jzJ0a8O0qmVqdXcP9J9aqLcmD/2/r96GEV6\n/5qvIBj3SRFobxCiCwfys2XOXfjz2J+BUZzGoZvKeRECgYEA518hT6mn46LhwrTI\nW+Qpi7iTJgOfeLC+Ng855VHVQFED1P3T2lfyfGDyqKI/wV1DJIJmO8iOXerSPnhi\nb7reQkyHj6ERUtuE+6BQ9oTw2QD3EEvzOK2PEH5UipbhVTDnC3fT62Vz2yb3tR8D\n2h0XVJkj/dng9p1Td5aDGMriRRMCgYEA10vTyYqBPjDIEYw/Sc9aQk2kT6x3hrRQ\ngR4xyuI31RTCRD/KpLh/7z4s11Wkr+F9CyASeLbqu6zymlLOlS5p7IUkJ/x2X027\nJWVY1SR+oF3iF3SHiP4XkOVvWOKwIVUhgTjK1+Di6i3AlwIeAOS7VCCP6W0gbnwJ\nyyAAHZ30NM0CgYAqTur4dj2NEqvVvtkkdIRkWEwQF3mByE//8qjTljM4n5fjysaC\nlrJwrAmzbHfcFAHDG1U2eWYPJnFrmvflFnauCPCBAyL308xtdtNXQNgJ1nNXN4wy\nQQp4KaGr9gseWOLm5fKKiPK2kFmbdSBvMgKiJZ6/PKg2cG5i39L5JaBaoQKBgApw\nqOJ7Du1fHDSNonwHzA6vCSq76Efl8olwV2XJNn/ks87vcPov4DRPxYjjpErLGm8x\nrPOhmxxitJj7Lv1Y9NX9VtWBjpPshwi3M2mSjXllVBNjGTdxat8h4RZkV7omEKvd\nfyicxSQp987a0W2lqdfYhGIDYrE43pi1AoxtHmx5AoGBAJSoRy62oZbW6vjfdkuf\nvVnjNfFZwuiPV/X2NT+BhNPe5ZKFtC6gGedHLaIBBD3ItRhGuHZxgWXccPjGHofi\n6DlPdp2NePJgDT2maSjGSiAcHxyXdmW+Ev27NblvAxktoTUcVqSENrKFb+Fh4FXN\nlXiJzOEwAXiP2ZFbMRyNF/MI\n-----END
PRIVATE KEY-----\n-----BEGIN
CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIJAI1Wr/fK5F0GMA0GCSqGSIb3DQEBCwUAMDIxHDAaBgNV\nBAoME29wZW5ibWMtcHJvamVjdC54eXoxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x\nOTAyMDExMzIyMDhaFw0yOTAxMjkxMzIyMDhaMDIxHDAaBgNVBAoME29wZW5ibWMt\ncHJvamVjdC54eXoxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAMKVbUI5JpvY7RZbRKBPMvFDUiCXgSlsSZMrwIBD7Aju\nWhMNnuxnBh1/rJz1MCz/I0qOUmWOB50azO9sLuw82kfgUDreRozpNsEEpNGyHBne\nbJeIE46Q4GzrDpXv5zu4Q9wwWB7r/hbVVcNF4yLTXpyc9ZmyZDIbOmY8zj1g0QNk\nF90pn+ku4Jhz0v23vTpTsWtRIZ8zuzAH6YLw0f2oyLEy5YBX1IG/NRYjqng4KY3x\nr8X7iU51s8xURSpDSEIEKMYziqaLL/k2DrLqsp4mVR2Y5JOTyiOs0Zw5cqHSdFp8\n0RAWQi6g8e3yTkH9jDYJfqzYGgbC8X6FLTf7PepVLDcCAwEAAaNQME4wHQYDVR0O\nBBYEFDDohRZ1+QlC3WdIkOAdBHXVyW/SMB8GA1UdIwQYMBaAFDDohRZ1+QlC3WdI\nkOAdBHXVyW/SMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFN0DWy6\nYPXHzidWMKKyQiJ5diqUv6LbujKOHUk+/LGSoCqcUp8NvmFDKWYP9MxjOAi9TVbs\nRGlIHBl38oSwKUayXBTY/vVeSLls90giUAOjswoRbBBQZvKyfEuFpc1zUsrhGLDC\n/6DuRt9l0DWcMcmP6Yh3jePIIwTr3bpxBGrwNLly8fPf16q4bWRIAcI3ZgLOhsrN\nLfD2kf56oYViM44d54Wa0qjuCfeTnJ46x/lo6w2kB9IzF7lwpipMU7+AG8ijDdaQ\nn8t0nADpv6tNNargLcOTTfJ0/P2PaKxwA1B88NhjlymBnNbz4epIn4T3KyysgS62\nzwqs66LPWoDerzc=\n-----END
CERTIFICATE-----",
"CertificateType": "PEM",
"CertificateUri":
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
}
Change-Id: I2acbf8afa06bbf7d029d4971f7ab3b3988f5f060
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Resolves openbmc/bmcweb#82
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
Change-Id: I944c1f9afe03ca58f61fdde34f83f092ff8d8ab2
|
|
The boost::system::error_code returned by the DBus call will contain the
DBus error name and description in its error_category, use the
category's name and message as REST API's description and message.
Tested: Verify the REST API output when trying to set host time while
the settings does not allow that:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data": 1436655598435272}' https://$bmc/xyz/openbmc_project/time/bmc/attr/Elapsed
{
"data": {
"description": "xyz.openbmc_project.Time.Error.NotAllowed"
},
"message": "The operation is not allowed",
"status": "error"
}
Resolves openbmc/bmcweb#83
Change-Id: I90c11c0fc61e55329c809ecb5f948ae041a579d0
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
This function is a utility function which would be needed
by other files.
TestedBy: ran the redfish validator: PASS
Change-Id: I2a0d07f264952f47a724da11f72b15ca5e019d62
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
|
|
This adds fan profiles to redfish. This uses the
Thermal Mode interface to allow switching between
different fan profiles. Only the selected fan profile
will be seen. When adding a new controller, they will
also be added to the configuration item for that profile.
Patching of the profile to switch between supported
profiles is also supported.
Tested: Could change profiles in redfish.
Python test script:
def testProfile():
a = {
"Oem": {
"OpenBmc": {
"Fan": {
"Profile" : "Acoustic"
}
}
}
}
return a
def dopatch():
resp = requests.patch(address, json=testProfile(), verify=False,
auth=("root", "0penBmc"))
resp.raise_for_status()
Change-Id: Ie2d8582616ed5bde58e3328b21ba8c59437e88ce
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
On receiving a websocket request on endpoint /vm/0/0,
connect to the nbd-proxy app and send/receive stdio.
Tested: Verified that the host could see the virtual
media usb device, mounted it manually and checked
the contents of the iso file used for the test were
there. To test, used the html and js script:
https://github.com/openbmc/jsnbd/tree/master/web
and an Ubuntu iso image file.
Verified that it worked after closing the websocket
(using the stop function from the html file), to
check that the processes were cleaned up and freed
up for a subsequent request.
Change-Id: I0b070310b070c086d67d0ae3e2c165551d6b87cc
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
Follow-on to https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/18891
Tested: Checked that the host console and virtual media endpoints
still worked as expected.
Change-Id: Ifdc5f21f3668bdf9bd24189504aaeb17b232c921
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
|
We're at CPP17 everywhere now, no need to keep the
experimental refrerence.
Tested: It builds
Change-Id: I5f6571eb411bf055e9715f7d96d1be5a3cb2e119
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
A step towards upstream OpenBMC shipping free of any branding (other
than OpenBMC branding) or company references.
Tested: Did not test
Change-Id: I4fea765949ff3ad94e3cd52fedec597a77db0e79
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
|
|
A recent change to the URL routing broke all /org endpoints, which now
return 404 instead of the correct data. This resolves it, and points at
the correct object paths again.
Tested:
Given this is a CI failure, will rely on CI to test the /org endpoints.
Resolves #72
Change-Id: I779bb32f1f2bcba45fdb64f5bf510e7fa832e2d2
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset is the beginings of the infrastructure to allow
separate registrations, and map privileges to the actual node in the
url table rather than having each registration manage privileges
manually.
Tested by:
Running redfish compliance tool. All things still pass.
Change-Id: I72d278cc19c60ba5b6e563fbd705b0551faf9a6a
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit does 2 things.
1. Upgrades and prepares bmcweb for boost 1.70.
2. Allows us to compile with BOOST_AIO_NO_DEPRECATED
Tested: Compiled against 1.69 and 1.70. All changes should be no-op.
Change-Id: I557ecd840fe2b88c0fa01978a1b666b40ccccca4
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This reverts commit 6ea007a2faec52ad62680015d2a3f00371a1e351.
Reason for revert: Reports of bmcweb seg faults.
Change-Id: I408f1bb29c2f8e427a6621cdaac8c31b847ebf06
|
|
bmcweb classically has not taken a strong opinion on warnings. With
this commit, that policy is changing, and bmcweb will invoke the best
warnings we are able to enable, and turn on -Werror for all builds.
This is intended to reduce the likelihood of hard-to-debug situations
that the compiler coulve caught early on.
Change-Id: I57474410821e82666b3a108cfd0db7d070e8900a
Signed-off-by: Ed Tanous <ed@tanous.net>
|
|
When logging out of the API, there was no JSON text response.
This implements the requested feature.
Tested: Verified appropriate response is generated when /logout
is called
E.g.
curl -c cjar -b cjar -k -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: g3Heq5rYsz1j0iv4MbUp" \
-d '{"data": [ ] }' \
https://${bmc}/logout
{
"data": "User 'root' logged out",
"message": "200 OK",
"status": "ok"
}
Change-Id: I905f5a0855abaa76ae57cf32b8bae758722f6b9f
Signed-off-by: Anthony Wilson <wilsonan@us.ibm.com>
|
|
This commit simplifies input buffer delivering logic by removing
a doWrite() call from readDone(). Input events can be delivered
through websocket's onmessage handler only and it's enough.
Also, it fixes a suspicious weak point of commit/consume pair on
outputBuffer.
Change-Id: I5b777993a9d6f05375da0422b168c25dacb1b9f9
Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
|
|
The timeout was 10 seconds for:
1. The uploaded contenet is written to tmpfs
2. Wait for software version manager to parse the content and create the
version object.
For a tarball without compression, the timeout is enough, but for a
compressed tarball, the timeout may not be enough, e.g. Palmetto takes
about 9.x seconds to decompress the PNOR tarball.
Change the timeout to 15 seconds, and start the timer after the file is
written to tmpfs.
Partially resovles openbmc/bmcweb#60
Tested: Verify no more 400 error on uploading gzipped tarball.
Change-Id: I4e621236ed0c10892f8a5fef0d6a3ca2af911e93
Signed-off-by: Lei YU <mine260309@gmail.com>
|
|
With boost 1.69, we get the new option, BOOST_BEAST_USE_STD_STRING_VIEW
which allows us to use std::string for all beast interfaces, instead of
boost string_view. This was originally intended to try to reduce the
binary size, but the comparison shows only a minor improvement.
boost::string_view: 7420780 bytes
std::string_view: 7419948 bytes
832 bytes saved ! ! ! ! !
So instead, we will use the argument that it's more standard and easier
for people to grok.
Tested By:
Pulled down some bmcweb endpoints, and observed no change. Because the
two objects are essentially drop in replacements for one another, there
should be no change.
Change-Id: I001e8cf2a0124de4792a7154bf246e3c35ef3f97
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
A quick scan with infer, a static analysis package.
https://fbinfer.com/docs/getting-started.html
Revealed a couple of legitimate bugs. I'm attaching the people on the
blame result to this review so they can look over the change. These are
unlikely to be exploitable in practice, but we should fix them anyway,
to clean up the analysis results.
Tested By:
Code still compiles, changes should be no-op.
Change-Id: I615dad6eb86fa2ea1709e2e2b009d07036d5f8de
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This is the second attempt to make cipher suites more restrictive. This
was previously attempted in patchset
54fd221a9139f46c7c95b4a22cc09e6e7ce4cbbc
Which caused some compatibility issues. This is the second attempt,
which does a better job. OWASP does not enable eppiliptic curve TLS 1.2
cipher suites, which at this time are required for bmcweb to function.
Previously, bmcweb was utilitizing the "mozilla compatibility" cipher
suites. This is overly lenient on broken ciphers and can cause some
issues with security reviews.
This commit also fixes our TLS logic to support _only_ TLS 1.2 and 1.3,
as only updating the cipher suites caused us to fall into TLS 1.3 only,
which broke compatibility with a lot of operating systems.
Tested by:
Ran the testssl.sh script here:
https://github.com/drwetter/testssl.sh
Observed the following in the output:
testssl.sh 3.0rc3 from https://testssl.sh/dev/
(977dc1ac4 2019-02-06 22:42:14 -- )
This program is free software. Distribution and
modification under GPLv2 permitted.
USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
Please file bugs @ https://testssl.sh/bugs/
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
on Hades:/home/ed/testssl.sh/bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Start 2019-02-08 11:04:50 -->> 10.243.49.64:18080 (10.243.49.64) <<--
rDNS (10.243.49.64): wolfpass.jf.intel.com.
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 not offered
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK)
Triple DES Ciphers not offered (OK)
128 Bit ciphers (SEED, IDEA, 128 Bit CBC) offered
High encryption (AES/Aria/Camellia, !AEAD) offered (OK)
Strong encryption (AEAD ciphers) offered (OK)
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
PFS is offered (OK) TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 TLS_AES_128_GCM_SHA256
ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256
Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448
Testing server preferences
Has server cipher order? yes (OK) -- only for < TLS 1.3
Negotiated protocol TLSv1.3
Negotiated cipher TLS_AES_256_GCM_SHA384, 253 bit ECDH (X25519)
Cipher order
TLSv1.2: ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA256
TLSv1.3: TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256
Testing server defaults (Server Hello)
TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "supported versions/#43"
"key share/#51" "supported_groups/#10" "max fragment length/#1" "encrypt-then-mac/#22"
"extended master secret/#23"
Session Ticket RFC 5077 hint 7200 seconds, session tickets keys seems to be rotated < daily
SSL Session ID support yes
Session Resumption Tickets: yes, ID: no
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm ECDSA with SHA256
Server key size EC 256 bits
Server key usage --
Server extended key usage --
Serial / Fingerprints 669B86F0 / SHA1 0F6BF7C8F1AB59767FCA372A88F7F5457CFE00FB
SHA256 1D8C3AC5BA670C8C4EE8F5A76C8597226D89744510A4998B1A7888EF566256E5
Common Name (CN) testhost
subjectAltName (SAN) missing (NOT ok) -- Browsers are complaining
Issuer self-signed (NOT ok)
Trust (hostname) certificate does not match supplied URI
Chain of trust NOT ok (self signed)
EV cert (experimental) no
"eTLS" (visibility info) not present
Certificate Validity (UTC) 3648 >= 60 days (2019-02-07 10:23 --> 2029-02-04 10:23)
# of certificates provided 1
Certificate Revocation List --
OCSP URI --
NOT ok -- neither CRL nor OCSP URI provided
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) not offered
Certificate Transparency --
Testing HTTP header response @ "/"
HTTP Status Code 200 OK
HTTP clock skew -83092 sec from localtime
Strict Transport Security 365 days=31536000 s, includeSubDomains, preload
Public Key Pinning --
Server banner iBMC
Application banner --
Cookie(s) (none issued at "/")
Security headers X-Frame-Options DENY
X-XSS-Protection 1; mode=block
X-Content-Type-Options nosniff
Content-Security-Policy default-src 'self'
X-UA-Compatible IE=11
Reverse Proxy banner --
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), reply empty
ROBOT Server does not support any cipher suites that use RSA key transport
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
Can be ignored for static pages or if no secrets in the page
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507) No fallback possible, no protocol below TLS 1.2 offered (OK)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) no SSL3 or TLS1 (OK)
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 521 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
xc024 ECDHE-ECDSA-AES256-SHA384 ECDH 521 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 521 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 521 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
xc023 ECDHE-ECDSA-AES128-SHA256 ECDH 521 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Running client simulations (HTTP) via sockets
Android 4.2.2 No connection
Android 4.4.2 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 521 bit ECDH (P-521)
Android 5.0.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 521 bit ECDH (P-521)
Android 6.0 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Android 7.0 TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, 253 bit ECDH (X25519)
Chrome 65 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
Chrome 70 Win 10 TLSv1.3 TLS_AES_128_GCM_SHA256, 253 bit ECDH (X25519)
Firefox 59 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
Firefox 62 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 253 bit ECDH (X25519)
IE 6 XP No connection
IE 7 Vista No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
IE 11 Win 8.1 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
IE 11 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Edge 13 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Edge 13 Win Phone 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Edge 15 Win 10 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 253 bit ECDH (X25519)
Opera 17 Win 7 TLSv1.2 ECDHE-ECDSA-AES128-SHA256, 256 bit ECDH (P-256)
Safari 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Tor 17.0.9 Win 7 No connection
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 TLSv1.2 ECDHE-ECDSA-AES256-SHA384, 256 bit ECDH (P-256)
Java 9.0.4 TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
OpenSSL 1.0.1l TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 521 bit ECDH (P-521)
OpenSSL 1.0.2e TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit ECDH (P-256)
Done 2019-02-08 11:06:45 [ 118s] -->> 10.243.49.64:18080 (10.243.49.64) <<--
Change-Id: I92a77807848354379ea2cbaa31767eeceadae295
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset implements a KVM websocket proxy designed to interoperate
with phosphor-webui and KVM. in short, IP address 127.0.0.1:5900 is
proxied to the websocket. This allows someone to connect from a browser
session.
Requires patchset here for the phosphor-webui side:
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-webui/+/10268/
and requires the kvm patches here:
https://gerrit.openbmc-project.xyz/#/c/openbmc/meta-phosphor/+/13536/
Tested By:
Launched webui, observed KVM. Moved mouse, and typed on keyboard,
changes appeared on host system.
Change-Id: I407488f4b16be208b188a0abc19954a0243af173
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Change-Id: I9d7069668f91f2ac72d2f4a440f63e0e85dd5269
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Boost beast, ASIO, and networking TS already have mechanisms for
injecting unit tests, using template parameters. We already use this to
some extent, although we pass through socket_adapters. Now that we have
constexpr if, we have the ability to simplify this code quite a bit.
Tested by:
Pulled down phosphor-webui, ran redfish service validator. Observed no
errors.
Change-Id: Ib8734aeb4c9139b56705060f6196e8ae16458fe9
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Use new_method_call() + async_send() to get back an sd_bus_message
from the org.freedesktop.DBus.Properties.GetAll call in the GET
handler, and then use convertDBusToJSON to extract any possible
property type instead of having to use a variant with all possible
property types defined ahead of time.
Tested: Did a get on several different paths, including one in
/org/open_power/ that had a signature of a(tx) that previously
didn't return anything.
Resolves openbmc/bmcweb#34
Change-Id: I40309664fa969741c4af9a60b9059c60bf6f35f4
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
Instead of hardcoding the possible variant types in
the PropertiesChanged and InterfacesAdded callbacks used
by the /subscribe REST operation, use convertDBusToJSON
which can convert every D-Bus type to JSON.
Tested: With the web UI running:
* Restart the State.Host service, which triggers an
InterfacesAdded callback since the web UI subscribes
to that. It no longer crashes bmcweb with an sdbusplus
error.
* Change power states, and verify the web UI sees them
through its subscription on the CurrentHostState property.
Resolves openbmc/bmcweb#35
Change-Id: Ifa16c159d199005b42e3dfd4419bd3f9792c2d22
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
When convertDBusToJSON processed an sd_bus_message with
a signature that had multiple high level entries, the
handler code tried to reassign a reference variable to
a new array entry, but references can't be reassigned,
so all it did was reset the passed in JSON object to
the empty value at the end of the array.
Instead, do this with a pointer.
Tested: A message with a signature of "sa{sv}as" was failing,
with nlohmann::json complaining about trying to do a
push_back on a string object. With this fix, that no longer
happens.
Change-Id: Idb3d3a56f0bd38f559f96f828ad95db65bbd11e1
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
This reverts commit 54fd221a9139f46c7c95b4a22cc09e6e7ce4cbbc.
Reason for revert: This breaks compatibility with python automation running on ubuntu 16.04, and regresses our ability to run the test harness. Suspect we need to run compat C by default, but lets revert for now to stabilize.
Change-Id: I4a01450836d917cd9558bc826c1877e629280850
|
|
Return a method_not_allowed response when the path for a
DELETE is invalid. This matches what the phosphor-rest
server did.
Change-Id: I6db577d25d92bdbee9e97355ff11a15a5c68288b
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
Make the following fixes to the image upload code
to make it behave like the phosphor-rest implementation,
which should work for both UBI and non-UBI image formats.
1) Subscribe to an intefacesAdded signal on
/xyz/openbmc_project/software upon invocation.
2) If the signal callback happens within 10s, check that the
xyz.openbmc_project.Software.Version interface was created,
and if it was read the version ID from the last segment of
the object path in the signal data and return it in the
call response.
3) If the callback doesn't occur within 10s, return a 400
error.
Resolves openbmc/bmcweb#30
Change-Id: Ic9572488c13cadfb19c0d57a97833a627cf45df5
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
This commit moves content security policy to use the modern header, not
a header begining with X.
Requires the content-security-policy patch series to function correctly.
Tested by:
Launched phosphor-webui, and observed webui launch, and no warnings in
debug tools.
Change-Id: I14a422d8a4047d0b05c937a31a5845f8eeb858c6
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
Previously, bmcweb was utilitizing the "mozilla compatibility" cipher
suites. This is overly lenient on broken ciphers and can cause some
issues with security reviews. In researching this, it looks like we
never actually documented that we follow Mozilla ciphers, aside from the
statement "The OpenBMC webserver shall follow the latest OWASP recommendations for
authentication, session management, and security." Considering that
we're moving _to_ OWASP recommendations, this commit is simply making us
follow the advice we already document, although this commit also updates
the documentation to be more clear.
Tested By:
Loaded on a BMC, opened web page in browser, and observed phosphor-webui
loaded correctly.
Change-Id: I912b35d378ce955c1472b2d54f1a365f6efea160
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
There is a possibility that a method may be implemented
by either different services or interfaces, and 1 or more
of them may return data.
In the unlikely case that is encountered, attempt to handle
that by first setting the final response data to the first
data back from a method, and then on future method responses
that return data:
* If the new and old responses are both dictionaries,
add the new keys/values to the original ones.
* If the new and old responses are both arrays,
add the new array elements to the original array.
* If the new data is of a different type than the
previous data, convert the overall response into
an array and add the new and original responses
as array elements.
Change-Id: I23edc3d9f8154aba1ba4276112cde6ecb4345fdf
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
Variants are in their own container. In order to
get the type of the data contained in the variant,
the peek API needs to be used.
Resolves openbmc/bmcweb#24
Change-Id: I085064a8eabe2f57cfa0f1977fe7b9c19baa80e2
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
A struct is in its own sd_bus_message container,
and the output JSON looks like an array.
Change-Id: Ie8e5848a5fa9bc9605f5dda06dc1b5d7be4dea3c
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
Add support for returning arrays and dictionaries
from methods.
Note that a dictionary can only be seen inside of
an array, and every key/value pair is in its own
sd_bus_message container.
Change-Id: I4f8ff671f7c4403d83443482e7db0487bdc03ff1
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
When converting a bool from JSON into D-Bus, a
dereference was missing causing the code to always
output a 1 since since it checked the address value
and not the actual bool value.
Change-Id: I521418c25bd23c64b59d599f5c5298d8b89cd67c
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
|
Add support for returning the basic D-Bus types,
such as int, string, etc, from methods.
It does this by using the sd_bus_message_read_basic
API to pull the data out of the method response message,
and then converts it to JSON.
Future commits will add array/dict/variant support.
Change-Id: I937d22330a9c2df443942ea84e45d894244388ff
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|