From 482a69e72d6be4d9fdefa7b45207e8ac83d4a1a5 Mon Sep 17 00:00:00 2001 From: Ravi Teja Date: Mon, 22 Apr 2024 06:56:13 -0500 Subject: AccountService: Add HTTPBasicAuth support This commit adds HTTPBasicAuth Get/Patch support Tested By: Redfish service validator passes. ``` curl -k --user "root:0penBmc" -H "Content-Type: application/json" -X PATCH -d '{"HTTPBasicAuth":"Enabled"}' https://192.168.7.2/redfish/v1/AccountService ``` Succeeds with various values. Enabled: Basic auth succeeds. Disabled: Basic auth no longer works. AccountService reports "Disabled" For HTTPBasicAuth status. Change-Id: Ic417bf3cd4135f05ab34c8613c7fbce953157b03 Signed-off-by: Ravi Teja Signed-off-by: Ed Tanous --- Redfish.md | 1 + redfish-core/lib/account_service.hpp | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/Redfish.md b/Redfish.md index 91c2c01601..5e410ad616 100644 --- a/Redfish.md +++ b/Redfish.md @@ -58,6 +58,7 @@ Fields common to all schemas - AccountLockoutThreshold - Accounts - Description +- HTTPBasicAuth - LDAP - MaxPasswordLength - MinPasswordLength diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 7df5d83ab2..aab116e6b1 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -1191,8 +1191,7 @@ inline void nlohmann::json& json = asyncResp->res.jsonValue; json["@odata.id"] = "/redfish/v1/AccountService"; - json["@odata.type"] = "#AccountService." - "v1_10_0.AccountService"; + json["@odata.type"] = "#AccountService.v1_15_0.AccountService"; json["Id"] = "AccountService"; json["Name"] = "Account Service"; json["Description"] = "Account Service"; @@ -1200,6 +1199,15 @@ inline void json["MaxPasswordLength"] = 20; json["Accounts"]["@odata.id"] = "/redfish/v1/AccountService/Accounts"; json["Roles"]["@odata.id"] = "/redfish/v1/AccountService/Roles"; + json["HTTPBasicAuth"] = authMethodsConfig.basic + ? account_service::BasicAuthState::Enabled + : account_service::BasicAuthState::Disabled; + + nlohmann::json::array_t allowed; + allowed.emplace_back(account_service::BasicAuthState::Enabled); + allowed.emplace_back(account_service::BasicAuthState::Disabled); + json["HTTPBasicAuth@AllowableValues"] = std::move(allowed); + json["Oem"]["OpenBMC"]["@odata.type"] = "#OpenBMCAccountService.v1_0_0.AccountService"; json["Oem"]["OpenBMC"]["@odata.id"] = @@ -1300,6 +1308,7 @@ inline void handleAccountServicePatch( LdapPatchParams ldapObject; LdapPatchParams activeDirectoryObject; AuthMethods auth; + std::optional httpBasicAuth; // clang-format off if (!json_util::readJsonPatch( req, asyncResp->res, @@ -1329,12 +1338,30 @@ inline void handleAccountServicePatch( "Oem/OpenBMC/AuthMethods/Cookie", auth.cookie, "Oem/OpenBMC/AuthMethods/SessionToken", auth.sessionToken, "Oem/OpenBMC/AuthMethods/TLS", auth.tls, - "Oem/OpenBMC/AuthMethods/XToken", auth.xToken)) + "Oem/OpenBMC/AuthMethods/XToken", auth.xToken, + "HTTPBasicAuth", httpBasicAuth)) { return; } // clang-format on + if (httpBasicAuth) + { + if (*httpBasicAuth == "Enabled") + { + auth.basicAuth = true; + } + else if (*httpBasicAuth == "Disabled") + { + auth.basicAuth = false; + } + else + { + messages::propertyValueNotInList(asyncResp->res, "HttpBasicAuth", + *httpBasicAuth); + } + } + if (minPasswordLength) { setDbusProperty( -- cgit v1.2.3