bmcweb/redfish-core/lib, branch master

Add a pid controller size limit

2020-02-10T20:23:25+00:00

Right now there is no limit, so someone could attack the bmc by adding a very large number of controllers. Create a limit so this isn't possible. Tested: Add / Remove functionality still works Change-Id: Ib408293431250d93b0af71616a1668f6a3d0904a Signed-off-by: James Feist

PID: Don't attempt to delete unknown objects

2020-02-10T20:23:16+00:00

This puts a block in to return early if we are asked to delete something we can't find on D-Bus. This code path was creating a segfault, but theres no reason to continue after we can't find an object we are asked to delete, so we can just avoid it. Also clean up the end iterator dereference so it doesn't happen in any other path. Tested: Segfault goes away Change-Id: I33622e5e8ab09fba0681e4f86f4a7068f6ef0be7 Signed-off-by: James Feist

Update AccountService Privilege

2020-02-10T18:34:06+00:00

"GET" should be a "Login" Privilege for the AccountService resource. This makes sense, a "Readonly" and "Operator" user should be able to see properties like MaxPasswordLength and MinPasswordLength since they are allowed to change their own password. This was changed in Redfish 2019.3, redfish issue 1914 explains more. From Redfish_1.0.4_PrivilegeRegistry.json: "Entity": "AccountService", "OperationMap": { "GET": [ { "Privilege": [ "Login" ] } ], "HEAD": [ { "Privilege": [ "Login" ] } ], "PATCH": [ { "Privilege": [ "ConfigureUsers" ] } ], "PUT": [ { "Privilege": [ "ConfigureUsers" ] } ], "DELETE": [ { "Privilege": [ "ConfigureUsers" ] } ], "POST": [ { "Privilege": [ "ConfigureUsers" ] } ] Change-Id: Iab8acbac97a58aed865bf94f665d6c9a32de81dd Tested: Build for Witherspoon and AccountService looks good. Signed-off-by: Gunnar Mills

Add Power Supply Attributes

2020-02-07T21:15:21+00:00

Map DeratingFactor from PowerSupplyAttributes.interface.yaml to the Redfish property PowerSupply "EfficiencyPercent". Only do this call when the "Power" schema is called. Use the InventoryItem class introduced in adc4f0db57568c5e5d2a3398fce00dbb050a3b72 Tested: Power, Thermal, all look good. Passed the Redfish Validator. "PowerSupplies": [ { "@odata.id": "/redfish/v1/Chassis/chassis/Power#/PowerSupplies/0", "EfficiencyPercent": 90, "IndicatorLED": "Off", "Manufacturer": "", "MemberId": "powersupply0", "Model": "2B1D", "Name": "powersupply0", "PartNumber": "01KL471", "PowerInputWatts": 12.0, "SerialNumber": "71G370", "Status": { "Health": "OK", "State": "Enabled" } }, Change-Id: I344577a7a3d72cd37d5f6bab03edbdce13b9f764 Signed-off-by: Gunnar Mills

Move Crashdump to OemCrashdump

2020-02-07T19:07:33+00:00

All other Oem Schemas start with Oem. This is used by the update_schemas.py to determine an Oem schema and is a reasonable requirement for Oem schemas. https://github.com/openbmc/bmcweb/blob/a3268f98f308ca7c8660b1ace44d5b9a40be204b/scripts/update_schemas.py#L43 Tested: Ran the validator against this change on a Witherspoon with BMCWEB_ENABLE_REDFISH_CPU_LOG enabled and OemCheck true. Validator passed. Might be worth running on a system that actually uses BMCWEB_ENABLE_REDFISH_CPU_LOG. curl -k https://${bmc}/redfish/v1/Systems/system/LogServices/Crashdump { "@odata.context": "/redfish/v1/$metadata#LogService.LogService", "@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump", "@odata.type": "#LogService.v1_1_0.LogService", "Actions": { "#LogService.ClearLog": { "target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/LogService.ClearLog" }, "Oem": { "#Crashdump.OnDemand": { "target": "/redfish/v1/Systems/system/LogServices/Crashdump/Actions/Oem/Crashdump.OnDemand" } } }, "Description": "Oem Crashdump Service", "Entries": { "@odata.id": "/redfish/v1/Systems/system/LogServices/Crashdump/Entries" }, "Id": "Oem Crashdump", "MaxNumberOfRecords": 3, "Name": "Open BMC Oem Crashdump Service", "OverWritePolicy": "WrapsWhenFull" } Change-Id: Iacc11be1284b99c2ed9a6c2ca0a936bd97855afb Signed-off-by: Gunnar Mills

Add support to fetch the 'Updateable' components

2020-02-03T17:57:27+00:00

Currently 'Updateable' property value in SoftwareInventory schema is hardcoded. Added support to look through the updateable software associations objects and use it for 'Updateable' Redfish property in SoftwareInventory. Tested: - Checked 'Updateable' Property value for both programmable and non-programmable firmware inventory components and it works as expected. - Ran the Redfish validator and no new issues found. Signed-off-by: AppaRao Puli Change-Id: Ia24f942f3afe49674ec3628cac0356a5496ef337

Enhance return value from pamAuthenticateUser

2020-01-30T16:24:12+00:00

This enhances the return value from the pamAuthenticateUser function so callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which means the credentials are correct, but the password must be changed. Tested: Yes, scenarios via both Redfish login and Basic Auth: - correct username and password, password is not expired - correct username and password, password is expired - correct username and incorrect password, password is not expired - correct username and incorrect password, password is expired - non-existent user (passsword is not relevant) Signed-off-by: Joseph Reynolds Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015

Add OemVirtualMedia schema

2020-01-27T09:53:14+00:00

OEM Schema for VirtualMedia added. Also OpenBMC level has been added to OEM field in the code to conform to schema standard. Tested: Manually using full stack of VirtualMedia. * Inserting/ejecting media in both legacy and proxy mode * Redfish Service Validator 1.3.2 ran Change-Id: Iaa87dd767a4bf2062bd4e74dd790a2496aca96de Signed-off-by: Przemyslaw Czarnowski

InsertMedia and EjectMedia actions added to VirtualMedia schema

2020-01-27T09:53:00+00:00

As continuation for VirtualMedia Redfish support, this patch adds insertion and eject actions into existing VirtualMedia code base. Testing: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, with logs enabled and Valgrind) - Manual result validation * Tests run: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item - GET/PUT/DELETE on action - POST on action - EjectMedia/InsertMedia, legacy mode - POST on action - InsertMedia, proxy mode - POST on action - input validation (empty, invalid URL), legacy mode * Redfish Service Validator tested, no new issues found. Change-Id: Icccc433c1e84bc2ac37d9c295fe72749187fb735 Signed-off-by: Przemyslaw Czarnowski

Add VirtualMedia schema to Redfish

2020-01-27T09:52:18+00:00

This change adds VirtualMedia scheme to Redfish. Implementation is based on input from virtual-media module and nbd proxy which is a bmcweb part. The code is used only in case ndb-proxy is supported in bmcweb (BMCWEB_ENABLE_VM_NBDPROXY compilation flag). Tested: * Manual tests together with nbd proxy and virtual media app - For requests: Postman and/or HTTPie, started with logs enabled and Valgrind - Manual result validation * Tests ran: - GET on collection with manual validation - PUT/POST/DELETE on collection - GET on item/nonexistent item - PUT/POST/DELETE on item * Redfish Service Validator tested, no new issues found. Signed-off-by: Przemyslaw Czarnowski Change-Id: I5415dc0ffe52069fd35bc614b0378bbc4ad41ff6