summaryrefslogtreecommitdiff
path: root/redfish-core/lib/redfish_sessions.hpp
AgeCommit message (Collapse)AuthorFilesLines
2021-07-13Make code compile with clang-13Ed Tanous1-3/+3
Clang-13 rightfully warns that the hasWebuiRoute variable isn't declared as static. This commit resolves that, and adds the static keyword so it can be used in multiple compile units. It also adds the static keyword to the privilege registry, and the inline keyword to many methods that now need it. clang-format is also updated to version 12 in parse_registies.py, as that's what CI uses, and what most people have installed. Tested: Followed clang-tidy instructions in README.md "bitbake bmcweb" step now succeeds. Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Id43b13606754cb37a404799fce155599ac3a3240
2021-07-08Automate PrivilegeRegistry to codeEd Tanous1-5/+11
This commit attempts to automate the creation of our privileges structures from the redfish privilege registry. It accomplishes this by updating parse_registries.py to also pull down the privilege registry from DMTF. The script then generates privilege_registry.hpp, which include const defines for all the privilege registry entries in the same format that the Privileges struct accepts. This allows new clients to simply reference the variable to these privilege structures, instead of having to manually (ie error pronely) put the privileges in themselves. This commit updates all the routes. For the moment, override and OEM schemas are not considered. Today we don't have any OEM-specific Redfish routes, so the existing ones inherit their parents schema. Overrides have other issues, and are already incorrect as Redfish defines them. Binary size remains unchanged after this patchset. Tested: Ran redfish service validator Ran test case from f9a6708c4c6490257e2eb6a8c04458f500902476 to ensure that the new privileges constructor didn't cause us to regress the brace construction initializer. Checked binary size with: gzip -c $BBPATH/tmp/work/s7106-openbmc-linux-gnueabi/obmc-phosphor-image/1.0-r0/rootfs/usr/bin/bmcweb | wc -c 1244048 (tested on previous patchset) Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Ideede3d5b39d50bffe7fe78a0848bdbc22ac387f
2021-06-11Fix Session delete to return 200Ed Tanous1-1/+1
the tests on https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/43984 identified that there are some that actually look at response codes, and expect 200. This would show up as failures that looked like: Test SSL Connection :: This testcase is for testing the SSL connec... | FAIL | Parent suite setup failed: ValueError: The HTTP status code was not valid: status: 204 valid_status_codes: [0]: 200 This commit fixes the behavior change to move back to the old behavior, and causes SessionService Delete to return 200 with a success message. This commit changes this code back to 200, even though 204 is valid and the test should pass for both, 200 with a success message more closely follows Redfish. Tested: Code builds. Expect the above bump to test this behavior directly. Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: I1d6bbfab867dc757c78f745119cfd9835ebbc505
2021-06-09Remove the Node classEd Tanous1-1/+0
Fixes #181 Lots of specific details around why the node class have been removed are in the previous patchsets. This commit actually does the deed and makes it go away entirely. Now that this is finally done, we can compare binary size. Surprisingly enough, this series saves a full 72KB of compressed binary size, which amounts to about 6.4% of the total code size. Before: 1197632 bytes After: 1124688 bytes This IMO makes it worth it, considering we've significantly reduced the amount of code at the same time. Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: I3c8688715f933b381cad0be75a079ccfd72c3130
2021-06-09Move Sessions to non Node structureEd Tanous1-288/+239
This commit, in line with 7e860f1550c8686eec42f7a75bc5f2ef51e756ad moves the session service over to the normal BMCWEB routes. This is relatively painless, with the exception of the fact that the previous classes held members of the other classes in their struct. This was an attempt at a design pattern from very early on that never really worked in practice, so it was largely abandoned, and now this is cleaning up the last remains of it. This commit accomplishes this by making two critical changes, first, Delete /redfish/v1/SessionService/Sessions/<sessionId> no longer returns the structure of the session that was deleted, instead returns 204 unmodified, which is very similar to what we do in other cases. While this is a breaking change, it's not clear what a user would even do with a returned deleted session, so it seems really unlikely to break anyone. This commit also creates a separate method to fill in a session object with a given session details, such that the POST and GET methods can share a single implementation. This is more efficient than the old way, as it prevents a double lookup from the session store. Tested: Tested redfish validator on system. No new failures (UUID failure still present) Change-Id: If5d2b2c5a21af05ed0cb02a15bd1c1c976b8da12 Signed-off-by: Ed Tanous <edtanous@google.com>
2021-06-08Remove Node class from Account ServiceEd Tanous1-2/+4
This is a progression of 7e860f1550c8686eec42f7a75bc5f2ef51e756ad, which correctly noted that AccountService has a number of class specific variables. This commit removes the Node class from those in line with the aformentioned patchset, and at the same time removes the need for the isAllowedWithoutConfigureSelf method, which was relying on state captured to do some complex rule checking. Fortunately, it is relatively easy to check current permissions at runtime using the Privileges::isSupersetOf check against the current users role. This significantly reduces the complexity of the code, while still giving the same result (users with only ConfigureSelf cannot see or modify other users). Ideally these two things, isAllowedWithoutConfigureSelf, and the Node moving would've been done in separate commits, but given that the former would've required moving a number of features out of the node derived class anyway, separating them would lead to essentially the same diff twice, hence why they are combined for easier review. Tested: Ran Redfish service validator. No new errors. (UUID error present that appears to be unrelated) Change-Id: Iad919dbc7ab7e8d47cc1160999ed9f43f685fa56 Signed-off-by: Ed Tanous <edtanous@google.com>
2021-06-03Remove Redfish Node classJohn Edward Broadbent1-0/+2
Reduces the total number of lines and will allow for easier testing of the redfish responses. A main purpose of the node class was to set app.routeDynamic(). However now app.routeDynamic can handle the complexity that was once in critical to node. The macro app.routeDynamic() provides a shorter cleaner interface to the unerlying app.routeDyanic call. The old pattern set permissions for 6 interfaces (get, head, patch, put, delete_, and post) even if only one interface is created. That pattern creates unneeded code that can be safely removed with no effect. Unit test for the responses would have to mock the node the class in order to fully test responses. see https://github.com/openbmc/bmcweb/issues/181 The following files still need node to be extracted. virtual_media.hpp account_service.hpp redfish_sessions.hpp ethernet.hpp The files above use a pattern that is not trivial to address. Often their responses call an async lambda capturing the inherited class. ie (https://github.com/openbmc/bmcweb/blob/ffed87b5ad1797ca966d030e7f979770 28d258fa/redfish-core/lib/account_service.hpp#L1393) At a later point I plan to remove node from the files above. Tested: I ran the docker unit test with the following command. WORKSPACE=$(pwd) UNIT_TEST_PKG=bmcweb ./openbmc-build-scripts/run-unit-test-docker.sh I ran the validator and this change did not create any issues. python3 RedfishServiceValidator.py -c config.ini Signed-off-by: John Edward Broadbent <jebr@google.com> Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: I147a0289c52cb4198345b1ad9bfe6fdddf57f3df
2021-04-08Using AsyncResp everywherezhanghch051-69/+68
Get the core using AsyncResp everywhere, and not have each individual handler creating its own object.We can call app.handle() without fear of the response getting ended after the first tree is done populating. Don't use res.end() anymore. Tested: 1. Validator passed. Signed-off-by: zhanghaicheng <zhanghch05@inspur.com> Change-Id: I867367ce4a0caf8c4b3f4e07e06c11feed0782e8
2021-03-11Redfish Session : Fix clientIp getting mapped to clientIdSunitha Harish1-2/+2
When the session is created using /login, the ClientOriginIPAddress is mapped to the clientId parameter which displayed the clientIP instead of the of clientId. The similar problem is observed with auth methods other than sessions created using the SessionService resource This commit swaps the clientId and clientIp parameters passed to generateUserSession API, so that the optional clientId is passed as the last parameter Tested by : 1. Create session using Redfish command POST https://${bmc}/login -d '{"username": <>,"password": <>}' POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"username": <>,"password": <>}' 2. Open the GUI session to check the clientId is not displaying the ClientOriginIPAddress Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com> Change-Id: I6cee3de963c489e690d2ad0bb09ba78dca39e4f9
2020-11-10Redfish Session : Support ClientOriginIPAddressSunitha Harish1-5/+4
This commit implements the ClientOriginIPAddress property on the session resource. The IP address is persisted across the reboot Tested by: 1. Create session POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":<>, "Password":<>}' 2. Check the session gets updated with the ClientOriginIPAddress GET https://${bmc}/redfish/v1/SessionService/Sessions/<id> 3. Redfish validator passed 4. Create session and reboot the BMC to ensure the IP address is persisted 5. Tested the basic auth populates the clientIp at req Signed-off-by: Sunitha Harish <sunharis@in.ibm.com> Change-Id: Iaa60d0657c991bde4bcf6c86819055c71c92e421
2020-10-29Revert "Redfish Session : Support ClientOriginIPAddress"Ed Tanous1-5/+4
This reverts commit e436008377fbcf287be02c9e9e1b59c6627d7673. Reason for revert: This breaks several things. 1. Not all login endpoints are handled, which lead to returning blank ip addresses 2. IP addresses are not persisted. 3. This crashes occasionally on remote_endpoint, and ignores ec. Change-Id: I58c875721cf48bf02db833c9c57a9eead5e249d5
2020-10-08Redfish Session : Support ClientOriginIPAddressSunitha Harish1-4/+5
This commit implements the ClientOriginIPAddress property on the session resource Tested by: 1. Create session POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":<>, "Password":<>}' 2. Check the session gets updated with the ClientOriginIPAddress GET https://${bmc}/redfish/v1/SessionService/Sessions/<id> 3. Redfish validator passed Signed-off-by: Sunitha Harish <sunharis@in.ibm.com> Change-Id: I4c5c6f651bb6faec0cb1b1b78d9da593ecb85ff0
2020-10-05Add PATCH support for SessionTimeout PropertyManojkiran Eda1-0/+34
- This commit would add the patch support for the session timeout propery under the sessionservice. - This commit also brings in support for persistent session timeout property. Tested By: 1. Redfish validator passed. 2. PATCH the session time out property using the below command PATCH -d '{"SessionTimeout": 100}' https://<bmcip>/redfish/v1/SessionService 3. GET on sessionservice should return the value of time out which is patched by using the above command & also GET on the session service fails with Unauthorized error post the patched timeout value. 4. And also, the existing sessions that are open for the new timeout value are also closed. 5. As per the schema , the range of values that are allowed for session timeout are between 30 sec to 86400 sec, so any value which is patched out of the range is failed with an appropriate error message. 6. PATCH the session timeout to new value using 2, and them restart the bmcweb and the GET using 3 should return the new value. Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com> Change-Id: Id50eacc5018b7a82371fd37a2ae1e7fb7596ed2b
2020-09-03Revert http::Request::socket() callbackEd Tanous1-7/+0
Details on why this revert is needed are here. https://lists.ozlabs.org/pipermail/openbmc/2020-August/022478.html Appu and Ravi still have not commented. It should be noted, this also causes a memory leak in http connection, where connections refuse to be freed, because of a bad usage of shared_from_this. This code wasn't very well thought through, and needs rearchitected to not break the unit testability of bmcweb, nor cause memory leaks. https://github.com/openbmc/bmcweb/blob/218bd4746130aac22366968c8c9a34a929e45a3d/http/http_connection.h#L351 Is the memory leak in question. Specifically, this reverts: The /attachment download in LogServices. This needs reimplemented properly, but is an OEM property, so it shouldn't be a big deal to revert, and shouldn't break our redfish compliance. The IpAddress property in SessionService. I have no idea why this was injected, and it's functionally incorrect. IpAddresses are not related to a session, and IP addresses can change over the course of a session, so this property is already broken as written. I suspect the author really wanted RedfishEvent type logging, but that was too complex, so they half implemented this. Redfish SSE properties. This needs to be reimplemented similar to the patchset here: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/13948 Where the ownership of the HTTP connection does not leave the http framework. As written, the SSE implementation causes ownership issues, as there's no clear delineation of the ownership between HttpConnection and the SSE framework. Tested: On current master, running this command: wget -O- --no-http-keep-alive --no-check-certificate https://{bmc hostname}:18080/redfish/v1 Which should download the service root, then immediately close and destroy the connection, prints: (2020-08-28 16:55:24) [DEBUG "routing.h":1258] Matched rule '/redfish/v1/' 2 / 4 (2020-08-28 16:55:24) [DEBUG "http_response.h":130] calling completion handler (2020-08-28 16:55:24) [DEBUG "http_response.h":133] completion handler was valid (2020-08-28 16:55:24) [INFO "http_connection.h":429] Response: 0x1e1ee28 /redfish/v1 200 keepalive=0 (2020-08-28 16:55:24) [DEBUG "timer_queue.h":48] timer add inside: 0x1d3d1a8 7 (2020-08-28 16:55:24) [DEBUG "http_connection.h":751] 0x1e1ee28 timer added: 0x1d3d1a8 7 (2020-08-28 16:55:24) [DEBUG "http_connection.h":655] 0x1e1ee28 doWrite (2020-08-28 16:55:24) [DEBUG "http_connection.h":663] 0x1e1ee28 async_write 1555 bytes (2020-08-28 16:55:24) [DEBUG "http_connection.h":697] 0x1e1ee28 timer cancelled: 0x1d3d1a8 7 (2020-08-28 16:55:24) [DEBUG "http_connection.h":676] 0x1e1ee28 from write(1) Then stops. Note, that the connection was not destroyed, and has leaked. Once this patchset is added, the connection closes and destroys properly, and doesn't leak, so it prints the above, but also prints. (2020-08-28 16:27:10) [DEBUG "http_connection.h":305] 0x1d15c90 Connection closed, total 1 Ran Redfish service validator. Saw one unrelated failure due to UUID, all other things pass. Signed-off-by: Ed Tanous <ed@tanous.net> Change-Id: I18686037bf58f20389d31facc0d77020274d38a1
2020-08-17Enable unused variable warnings and resolveEd Tanous1-6/+6
This commit enables the "unused variables" warning in clang. Throughout this, it did point out several issues that would've been functional bugs, so I think it was worthwhile. It also cleaned up several unused variable from old constructs that no longer exist. Tested: Built with clang. Code no longer emits warnings. Downloaded bmcweb to system and pulled up the webui, observed webui loads and logs in properly. Change-Id: I51505f4222cc147d6f2b87b14d7e2ac4a74cafa8 Signed-off-by: Ed Tanous <ed@tanous.net>
2020-08-17Remove middlewaresEd Tanous1-17/+14
Middlewares, while kinda cool from an academic standpoint, make our build times even worse than they already are. Given that we only really use 1 real middleware today (token auth) and it needs to move into the parser mode anyway (for security limiting buffer sizes), we might as well use this as an opportunity to delete some code. Some other things that happen: 1. Persistent data now moves out of the crow namespace 2. App is no longer a template 3. All request_routes implementations no longer become templates. This should be a decent (unmeasured) win on compile times. This commit was part of a commit previously called "various cleanups". This separates ONLY the middleware deletion part of that. Note, this also deletes about 400 lines of hard to understand code. Change-Id: I4c19e25491a153a2aa2e4ef46fc797bcb5b3581a Signed-off-by: Ed Tanous <ed@tanous.net>
2020-07-01Fix : Compilation issue when ssl is disabledManojkiran Eda1-0/+5
- When the SSL is disabled, the socket that bmcweb uses would be a basic_socket type , and that does not have a next_layer as that itself is the basic socket, we can directly read the socket object/ or use the lowest_layer() of the socket to get the ip address from it. - When SSL is enabled, the socket that bmcweb uses would be an ssl stream over basic_socket, and here the next_layer would be basic_socket, so the existing logic holds good. - The idea behind this commit is to , have a conditional check for SSL vs non-SSL configurations before reading the socket for ip address. Tested By: * cmake -DBMCWEB_INSECURE_DISABLE_SSL=1 -DCMAKE_BUILD_TYPE:type=Debug ../ ; make - The above Compilation was successfull. Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com> Change-Id: I2b9a127be30b11b056641342e0af06118c526528
2020-06-17Fetch the ClientIP during session creationSunitha Harish1-4/+9
This commit saves the IP Address of the client from where the session was created. - This is not a user supplied value. The BMC will internally pull the IP address from the incoming create-session request. - It should also be noted that ClientIP will not change if the same session token is used from some other IP address for further management of the BMC. Tested by: 1. Create session 2. Display the Session details with GET command to check the IP from where the session is created/updated. GET https://${bmc}/redfish/v1/SessionService/Sessions/<id> { "@odata.id": "/redfish/v1/SessionService/Sessions/<id>", "@odata.type": "#Session.v1_0_2.Session", "Description": "Manager User Session", "Id": "<id>", "Name": "User Session", "Oem": { "OpenBMC": { "@odata.type": "#OemSession.v1_0_0.Session", "ClientOriginIP": "<ip address>" } }, "UserName": "root" } 3. Redfish validator is run successfully. Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com> Change-Id: I0076f260f50a991600ec060c72f3e46fb9a9cbb8
2020-06-17Session creation : Get and Set Oem ClientIDSunitha Harish1-4/+26
This commit implements handling the OemSession ClientID parameter for the IBM management console. Each session gets a random generated unique Id (Resource Id); but this Id is not a parameter that the client can set to a well known identifier. This Oem parameter ClientID is the string which the client can supply to uniquely identify itself among other sessions in the BMC. This is a read-only property which shall be passed in only during the session creation. 1. Create session by supplying the ClientID Oem parameter 2. Display the ClientID associated with the session 3. Persist the ClientID across BMC reboot Tested by: ============ 1. POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":<>, "Oem":{"OpenBMC" : {"ClientID":"<client unique id>"}}}' 2. GET https://${bmc}/redfish/v1/SessionService/Sessions/<id> { "@odata.id": "/redfish/v1/SessionService/Sessions/<id>", "@odata.type": "#Session.v1_0_2.Session", "Description": "Manager User Session", "Id": "<id>", "Name": "User Session", "Oem": { "OpenBMC": { "@odata.type": "#OemSession.v1_0_0.Session", "ClientID": "<client unique id>" } }, "UserName": "root" } 3. Verified the session creation works fine without the Oem parameters. 4. Redfish validator Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com> Change-Id: Ia740a610e3974dc3781bcee702c74ded9903944a
2020-05-20Implement Redfish PasswordChangeRequiredJoseph Reynolds1-2/+12
This implements the Redfish PasswordChangeRequired handling. See section 13.3.7.1 "Password change required handling" in the 1.9.1 spec: https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf These portions of the spec are implemented: - Authenticatation with a correct but expired password creates a session: - The session is restricted to the ConfigureSelf privilege which allows a user to change their own password (via GET and PATCH Password for their own account). Support for the ConfigureSelf privilege is already in BMCWeb. - The session object has the PasswordChangeRequired message. - All other operations respond with http status code 403 Forbidden and include the PasswordChangeRequired message. - The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER) PasswordChangeRequired property is implemented for local accounts but not present for remote accounts. This has the following additional behavior: The PasswordChangeRequired property is updated at the start of each new REST operation, even within an existing session. This behavior implements a "dynamic" PasswordChangeRequired handling that responds to changes to the underlying "password expired" status. Specifically: - Sessions restricted by the PasswordChangeRequired handling lose that restriction when the underlying account password is changed. - Sessions become subject to the PasswordChangeRequired handling restrictions whenever the underlying account password expires. - The mechanism is to check if the password is expired at the start of every new REST API operation, effectively updating the ManagerAccount PasswordChangeRequired property each time. This makes BMCWeb responsive to changes in the underlying account due to other activity on the BMC. Notes: 1. Note that when an account password status is changed (for example, the password becomes expired or is changed) and that account has active sessions, those sessions remain. They are not deleted. Any current operations are allowed to complete. Subsequent operations with that session pick up the new password status. 2. This does not implement OWASP recommendations which call for sessions to be dropped when there is a significant change to the underlying account. For example, when the password is changed, the password becomes expired, or when the account's Role changes. OWASP's recommendation is due to the session fixation vulnerability. See the OWASP Session Management Cheat Sheet section "Renew the Session ID After Any Privilege Level Change": https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change BMCWeb protects against session fixation vulnerabilities because it always regenerates new session IDs when successful authentication creates a new session. 3. Users authenticating via mTLS are not subject to the PasswordChangeRequired behavior because mTLS takes precedence over password-based authentication. Tested: 0. Setup: - The `passwd --expire USERNAME` command was used to expire passwords. The `chage USER` command was also used. - The following were used to change the password: Redfish API, passwd command, and the SSH password change dialog. - Tested the following via Basic Auth, /login, and Redfish login (except where Basic Auth does not create a persistent session). - Only local user account were tested. - Did not test authentication via mTLS or with LDAP users. 1. When the password is not expired, authentication behaves as usual for both correct and incorrect passwords. 2. When the password is incorrect and expired, authentication fails as usual. 3. When the password is correct but expired: A. A session is created and has the PasswordChangeRequired message. B. That session cannot access resources that require Login privilege and the 403 message contains the PasswordChangeRequired message. C. That session can be used to GET the user's account, PATCH the Password, and DELETE the session object. D. The account PasswordChangeRequired reports true. 4. While a session is established, try expiring and changing (unexpiring) the password using various mechanisms. Ensure both the session object and the ManagerAccount PasswordChangeRequired property report the correct condition, and ensure PasswordChangeRequired handling (restricting operations to ConfigureSelf when PasswordChangeRequired is true) is applied correctly. Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8
2020-02-20sessions: Remove odata.contextGunnar Mills1-6/+0
Redfish made odata.context optional (1.6.0 of DSP0266, Sept 2018). Redfish has removed odata.context from example payloads in the specification (1.7.0 of DSP0266), removed it from the mockups, and Redfish recommended not using. Change-Id: Iffc75a7cb68f22d67548e5632d7ebfbdd67d6598 Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
2020-01-30Enhance return value from pamAuthenticateUserJoseph Reynolds1-1/+1
This enhances the return value from the pamAuthenticateUser function so callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which means the credentials are correct, but the password must be changed. Tested: Yes, scenarios via both Redfish login and Basic Auth: - correct username and password, password is not expired - correct username and password, password is expired - correct username and incorrect password, password is not expired - correct username and incorrect password, password is expired - non-existent user (passsword is not relevant) Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
2019-12-06bmcweb: Handle ConfigureSelf privilegeJoseph Reynolds1-1/+19
Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege. Redfish document DSP2046 defines the ConfigureSelf privilege as "Can change the password for the current user account and log out of their own sessions." This notion is formalized in the Redfish DSP8011 PrivilegeRegistry where ConfigureSelf appears in three operations: - ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation. - ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH Password property override. - Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation. Tested: Yes, tested the above operations using users with various Roles to determine which operations are allowed. ReadOnly users (privileges: Login, ConfigureSelf): - Can GET their own account. - Can change their password. - Can log out. - Cannot change any other properties of their own account. - Cannot change anyone else's password. - Cannot GET someone else's account. - Cannot log out anyone else. Operator users (privileges: Login, ConfigureComponents, ConfigureSelf): - Same access as a ReadOnly user. Administrator users (all privileges): - Can do everything Operator can do. - Can change one or more properties of their account - Can GET and change properties of someone else's account. - Can logoff any session. Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
2019-04-01Allow multiple registrationsTanous1-0/+1
This patchset is the beginings of the infrastructure to allow separate registrations, and map privileges to the actual node in the url table rather than having each registration manage privileges manually. Tested by: Running redfish compliance tool. All things still pass. Change-Id: I72d278cc19c60ba5b6e563fbd705b0551faf9a6a Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2019-02-13bmcweb: Fix some errors in Redfish SessionsEd Tanous1-0/+3
Two errors were identified in the Redfish sessions implementation. 1. All user "roles" return a description containing Adminstrator, instead of containing the name of the role. 2. The SessionService implementation was missing the link to sessions collection. These are resolved in this commit. Tested By: Ran service validator, no errors. Change-Id: Ib48ab1756d78724b4bab124c8cf135c8a61d94a6 Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-12-07bmcweb: Session member count is zeroEd Tanous1-2/+0
A botched merge conflict caused issues with the session service, and accidentally hardcoded the session info response to a size zero structure. This resolves it. Tested By: Ran sessionService and observed sessions present Change-Id: I1186f0416c099df5f39a9f894ccfcc20691ceb03 Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-11-26bmcweb: Redfish away from json cacheEd Tanous1-35/+31
In the original incarnation of bmcweb, route registration was done automatically. This has proved to be a terrible idea, wraught with corner cases and issues. The route registration is currently the only user of the redfish::Node::json element. Unfortunately, as written, this structure consumes a lot of memory that's duplicated and not very useful. From a performance perspective, there is almost no difference between rebuilding the structure for each GET request, and having the "cache" that needs to be copied into the response and modified before it can be useful. In the programming tradeoffs for bmc, lower memory usage is more important than latency, especially at these levels. Change-Id: I785e8352123e5e886acf05cd59cb23648f93839d Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-11-15Simplify Redfish error message property interfaceJason M. Bills1-2/+2
The error message code used a json_pointer object which must begin with a '/' character and had to be sent as an extra parameter. This change simplifies the interface by using a string so there doesn't have to be a '/'. This allowed the same property argument passed for the message to be used for the property field path. Tested: Sent an error with a property and verified that it is correctly displayed. Change-Id: I0571e2eee627cedf29d751588a4f1bceee66f084 Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
2018-10-23Improve the Redfish error reporting interfaceJason M. Bills1-26/+7
Makes the Redfish error reporting interface automatically handle setting the http status and JSON content in the response object. When using an AsyncResp object, this allows for simply calling the Redfish error and returning. Change-Id: Icfdce2de763225f070e8dd61e591f296703f46bb Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
2018-10-22Implement a new way of unpacking json to structsEd Tanous1-42/+4
The existing way of decoding json structures, while fast has some disadvantages. 1. it's very verbose to write. 2. It requires in depth knowlege of redfish error messages to get correct. 3. It _can_ lead to undesired behavior, like half of a patch being applied, if only some of the values have bad types. This commit implements a new interface for decoding redfish json named.... readJson. It is a templated function, that lets you decode json values based on type easily, while still handling all the correct error codes that were handled previously. Use is done similar to the example below: std::string required; boost::optional<std::string> optional; if (!json_util::readJson(req, res, "OptionalParam", optional, "RequiredParam", required)) { return; } if (optional){ // optional param was given, take action. } As part of this patchset, the systems schema is moved to the new interface, which deletes some of the code involved and shows the improvement in clarity. Change-Id: I041a97c84d294df8cd4de4c2702e5ee22c0bc120 Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-10-22Clean up SessionService POSTEd Tanous1-114/+53
Previously, SessionService would return a json decode error for all errors, even if certain keys were incorrect. This updates the POST handler to use a better method, and should reduce the binary size a little, given that we're removing the possibly throwing get<> code. This needs a very good review. This endpoint is available pre-auth, and needs to be secure regardless of input. Tested By: curl --noproxy "*" -k -X POST -d '{"UserName": "root", "Password": "0penBmc"}' https://10.243.48.30/redfish/v1/SessionService/Sessions/ Returns correct response. Tested several variations, including extra parameters, missing username, missing password, ect. Got correct error code in all cases. Change-Id: Ic8e6edd9f7badc0d22aa8dafa9c0c260386712ac Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-09-05Move to clang-format-6.0Ed Tanous1-284/+320
This commit moves the codebase to the lastest clang-format file from upstream, as well as clang-format-6.0. Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-08-13Implement Location header for session authEd Tanous1-0/+3
From the redfish specification 1.5.0, page 98: """ The response to the POST request to create a session shall include the following: ... A Location header that contains a hyperlink to the newly created session resource """ This implements the location header properly, per specification. Tested by: Attempting POST on the Sessions resource, and observing a "Location" header be set. Change-Id: Ia62c385bedf67e6267d573771b04a211ba332f21 Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-07-27Move over to upstream c++ styleEd Tanous1-46/+45
This patchset moves bmcweb over to the upstream style naming conventions for variables, classes, and functions, as well as imposes the latest clang-format file. This changeset was mostly built automatically by the included .clang-tidy file, which has the ability to autoformat and auto rename variables. At some point in the future I would like to see this in greater use, but for now, we will impose it on bmcweb, and see how it goes. Tested: Code still compiles, and appears to run, although other issues are possible and likely. Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1 Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-07-25Make SessionStore a proper singletonBorawski.Lukasz1-7/+11
- SessionStore class now has a proper singleton structure - session_storage_singleton.hpp is removed - from_json(..) function for SessionStore is changed to a specialized template - minor cosmetic fixes added - Move the template class usages of Crow App over to a non-template parameter Change-Id: Ic9effd5b7bac089a84c80a0caa97bd46d4984416 Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com> Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-06-29Boost beastEd Tanous1-34/+42
This commit is the beginings of attempting to transition away from crow, and toward boost::beast. Unit tests are passing, and implementation appears to be slightly faster than crow. Change-Id: Ic8d946dc7a04f514c67b1098f181eee1ced69171
2018-04-22Introduce Redfish Error messages definitionsKowalski, Kamil1-13/+68
Added a python script that should be use to generate error_messages.cpp na .hpp files. These files as are not subject to change in a dynamic manner, should be regenerated only when MessageRegistry changes. Tested on x86 Ubuntu VM and Wolfpass platform: a) No regression in BMCWeb interface - Went through WebUI observed no changes in functionality b) No regression in Redfish functionality - Went through nodes and observed no changes in functionality - Sessions now return error messages in addition to HTTP codes Change-Id: I4aba9ee247b6cd2c46a9c158d14bdc7546e9b11b Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com> Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-04-22Minor fixes to make redfish pass compliance testsEd Tanous1-4/+2
1. Role members needs to be an array, not an object 2. Fix accounts schema to use the new user manager 3. Remove "status" field hardcodes 4. Hardcode chassisType to rackmount for now 5. Work around bug in get sub routes 6. Add ID to SessionService Schema Change-Id: Ibb13d6ace747ac028e840638868c3a01d65dedfa Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-03-28Make a few changes to privileges commitEd Tanous1-32/+24
1. Create char* overloads for the things that need it. 2. Fix up a couple errant moves 3. Use the gtest APIs for testing container membership, rather than sort 4. Move the index management to vector rather than map to avoid a lookup 5. Remove errant use of .at() 6. Move privilege comparison into the privilege class, in order to keep the bitset implementation private. This removes the requirment on the forward declaration of PrivilegeProvider, and the use of friend class 7. Remove unimplemented override strcutures. Feel free to add them back once implemented 8. Make setSignlePrivilege return a code if the set failed 9. Remove the need for an extra construction of a blank privileges object for things that require no privileges. Tested by: updating unit tests with the appropriate APIs. Relevant unit tests pass Change-Id: Ie9cde003b6c865979b4cac086379d0a3473896ce Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-03-28Redfish SessionServiceBorawski.Lukasz1-0/+35
- added node version of the SessionService implementation - added a default timeout member and a get timeout method to the SessionStore class Change-Id: I532080789b3d687208510f8b748402735ed888d8 Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
2018-03-28Improved Refish subroutesBorawski.Lukasz1-24/+19
- getSubroutes() is now a method of the Node class - getSubroutes() is called only once per node at construction time, not at each GET request - template parameter removed from the Node class Change-Id: Ie4eb8766717aae566c13c295458fe0dba8ab84c0 Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
2018-03-28Privilege implementation changeBorawski.Lukasz1-9/+24
- privilege_registry.json has been removed - PrivilegeProvider class has been removed - default privileges for nodes are now hard-coded - privilege overriding feature is not yet implemented Change-Id: Ic9fdfa1c692c1abd26e339e2a8c702fc4aebd19f Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
2018-03-28Redfish privilegesBorawski.Lukasz1-3/+3
Redfish privilege authorization subsystem controlled by the privilege_registy.json configuration file. PropertyOverrides, SubordinateOverrides and ResourceURIOverrides are not yet implemented. Change-Id: I4d5670d557f4da172460ada3512e015830dab667 Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com> Signed-off-by: Ed Tanous <ed.tanous@intel.com>
2018-02-06Session and SessionCollectionKowalski, Kamil1-0/+226
New Redfish-Core nodes added (removed from redfish_v1.hpp) - Session and SessionCollection. Tested manually on x86 VM and Wolfpass Platform. Behavior almost identical to what was before - differences: - SessionCollection - now only returns TIMEOUT presistence sessions, not SINGLE - Aquiring sessions from session storage now applies timeouts Change-Id: I68bf4fa7fa1c8371216a7d4daa30bbfb653cfa72 Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
generated by cgit v1.2.3 (git 2.39.0) at 2024-07-23 04:00:54 +0300