| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Considering that the webui is no longer an "IBM" specific entity, and is
now the standard for the project, there's no need for this variable to
call it out explicitly. Update comment and variable name to be more
correct.
Tested: No functional change, only comments.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I2169876c38ccd558a3cfcfc61637720bd290b3ee
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enhances the return value from the pamAuthenticateUser function so
callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which
means the credentials are correct, but the password must be changed.
Tested: Yes, scenarios via both Redfish login and Basic Auth:
- correct username and password, password is not expired
- correct username and password, password is expired
- correct username and incorrect password, password is not expired
- correct username and incorrect password, password is expired
- non-existent user (passsword is not relevant)
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes:
- handling of virtual media unmount method
- cancels unix socket async accept upon early websocket closing
(reproduction with rapid start/stop button pressing or closing
websocket just after negotation msg from NBD server)
Tested:
- unmount method via WebUI
- unix socket accept cancellation - modified NBD server to close
websocket after sending negotation message & rapid start/stop button
pressing
Signed-off-by: Iwona Winiarska <iwona.winiarska@intel.com>
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
Change-Id: Ibcbb87a7e35cfbee8c8b4686f64c9090c66f0c17
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit sets the mutual TLS option to ON by default.
Core mTLS implementation was accepted under this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23588
where by default the mTLS was disabled.
Tested:
Manual tests were made to verify if this option turns the
mTLS ON.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I3bc5f5453d4c4df1cd7ecb0b8868423285b6ab83
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Through one of the refactors, webserver_common.hpp picked up an include
to itself, presumably when code was moved. This doesn't cause any ill
effects, but is cruft that can be cleaned up.
Tested:
Code compiles. No functional change to verify.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Ie901baa3cfd88decdbecbad01c6b577d92d2441b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Tested Redfish ConfigureSelf privilege
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is a fix for revert:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27205
The mTLS will work only when:
* Compilation flag BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION is
enabled and,
* AccountService->Oem->OpenBMC->AuthMethods->TLS is set and,
* at least one certificate is uploaded to TrustStore.
To enforce a new mTLS settings after switching AuthMethods->TLS
all awaiting for acceptance connections are dropped.
In case of authorized mTLS requests a cookie with XSRF-TOKEN entry
and SESSION is added to response. It will force the X-XSRF-TOKEN
challenge in case of applications supporting cookies like web
browsers.
Also some minor log messages changes were made in this commit.
Tested:
validator_service run with status: 'Validation has succeeded'.
Tests were made with Chrome browser Version 78.0.3904.108.
The certificate popup appears only when mTLS is enabled in CMake,
the TLS option is set and at least one CA certificate is present.
In other cases mTLS is not active and there is no popup for certs.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I778b848b767356b60386694f802a89b3c1f6cb14
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BMCWeb was using the "passwd" command PAM configuration settings when changing
the password. This changes it to use PAM service_name="webserver", the same
name it already uses for PAM authentication and account management functions.
Doing so allows the BMC system administrator to provide separate PAM config
files for the "passwd" command and BMCWeb's password changing function, and
for these activities to be correctly identified in the system logs.
Here is a sample incorrect log message (truncated & wrapped):
bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok]
flags=0xc000 service=[passwd] terminal=[<unknown>] user=[testuser]
ruser=[<unknown>] rhost=[<unknown>]
The "service" should be "webserver".
Tested: yes, password change successful
Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 5e931ae994307babe6c3520cbaca6a7139acc81d.
Reason for revert: Causing build failures
/bmcweb/redfish-core/include/node.hpp: In member function ‘bool redfish::Node::isAllowedWithoutConfigureSelf(const crow::Request&)’:
/bmcweb/redfish-core/include/node.hpp:182:36: error: ‘crow::persistent_data::UserRoleMap’ has not been declared
crow::persistent_data::UserRoleMap::getInstance().getUserRole(
When 900f949773795141266271107219ea019f2839cd was merged first
this patch was not successfully rebased.
Change-Id: I947d96362c7dadea5572888468a11fac5ee361d4
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified the code to make an asynchronous call to GetUserInfo to get
the user role for authorization.
For local users, DBus matches are used to store user role map hot in
memory. Hence, bmcweb has to know whether a user is a local user or
LDAP user to get the role. To avoid this, removed the existing DBus
matches and modified the code to call GetUserInfo to get the role of
local users as well as LDAP users.
Tested:
- Created a local user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a local user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having admin privilege and verified that he is
able to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
- Created a remote user having user privilege and verified that he is
unauthorized to restart the system
/redfish/v1/Systems/system/Actions/ComputerSystem.Reset
-d '{"ResetType": "GracefulRestart"}'
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: Ifd813e1af4dfcb7aeaba18e04b6c9767d2a5e95a
|
| |
|
|
|
|
|
|
|
| |
Comment was incorrect, and probably leftover from a clang-format run.
Tested: No tests needed. Only a comment
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I3f4cb86bc624b02d0bda536bcc66ce7c99882329
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nbd-proxy is responsible for exposing websocket endpoint in bmcweb.
It matches WS endpoints with unix socket paths using configuration
exposed on D-Bus by Virtual-Media.
Virtual-Media is then notified about unix socket availability through
mount/unmount D-Bus methods.
Currently, this feature is disabled by default.
Tested: Integrated with initial version of Virtual-Media.
Change-Id: I9c572e9841b16785727e5676fea1bb63b0311c63
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Considering that wild card captures are now known to be difficult to
maintain, remove a couple instances of them from app. They are no
longer used as a capture, so can be safely removed with no effect. It's
likely the compiler is doing this already.
Tested:
No functional change. Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I252344a4608f7e107bcb273d725b5a484eb7a17d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sessions implementation previously used operator== for session
comparisons. While unlikely to be attackable in the current
implementation, due to the time smearing in a number of cases, modern
security practices recommend using constant time comparison.
Tested By:
Logged into the webui, and observed no change to login flows. Logged
into redfish using Token Auth, and observed no changes. Closed a
previous session, then reopened with the new session information to
verify user sessions are restored properly and still work.
Change-Id: Ie759e4da67ba004fd8c327f177951ac756ea6799
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This makes some browswers fail to login without a
certificate, it needs to stay disabled.
Introduced here:
https://github.com/openbmc/bmcweb/commit/55e43f69#diff-f34027492b16c1b7a880248323fe4fd8R316
Tested: Cert was not required in Chrome on Windows
Change-Id: I27e60e73784d04e14b9b1495ebd1399ad4ab96ab
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This disables ssl renegotiaion based on the potential
DOS attack here: https://www.cvedetails.com/cve/CVE-2011-1473/
Tested: testssl shows it as disabled
https://github.com/drwetter/testssl.sh
validator passed
Fixes https://github.com/openbmc/openbmc/issues/3624
Change-Id: I4bfbd770d25ba5d1a7292421f1ccad2b2e73d3a6
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
User is now able to turn on and off the TLS authentication method.
Tested:
No regression found in manual testing. By default everything works
as before, and disabling TLS method prevents user to authenticate
by it.
Tested with Redfish Service Validator, version 1.2.8
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7be1af659db568caa7e5b97e3844617586d7754
|
| |
|
|
|
|
|
|
|
|
|
| |
clang-tidy flagged an error where strings were being constructed at
startup. Move them to const char* to save a little memory, and reduce
the possibility of a error being thrown at startup.
Tested: Code compiles. Error codes need tested functionally.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I227e91879e727f4b19d955111b0d2bac8e81b6ad
|
| |
|
|
|
|
|
|
|
|
| |
This was an automatic change made by clang-tidy. It moves all uses of
NULL to nullptr, which are equivalent, but nullptr is prefered.
Tested: Code compiles.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9526599b222693c9723a69934b599c7a5b5d1fbf
|
| |
|
|
|
|
|
|
|
|
| |
Modern c++ prefers setting default destructors to =default
Tested: clang-tidy modernize-use-equals-default now passes
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9ca746473263abfe2330b7c3e2fe645cf96112f3
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implemented TLS based user auth. It utilizes certificates stored by
Phosphor Certificate Manager in storage mode, to verify that user
that tries to log in, has a certificate signed by a trusted CA.
More about this can be read in redfish-tls-user-authentication.md design
document.
Tested that it does not break current authentication methods, when not
using TLS Auth - user should not see difference between versions. TLS Auth
itself allows user in when certificate is signed by trusted CA and valid, and
stops working immediatley after it is removed. User is not let in when provided
certificate is not between notBefore and notAfter dates. Session is tested to
not be created when user does not exist in the system (courtesy of earlier
UserManagement usage commits).
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Change-Id: I6bcaff018fe3105f77d3c10f69765e0011af8dab
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.
Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.
This change is a fix for this request:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23590/18
which was revert here:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/26869
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: I66b5ad423746f1992070a14f2983a07b1320190e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modified doPatch method to populate redfish user update error codes.
Tested:
Tested user updates with below scenarios
1)Provided username is not exist
2)Replace username already user exists
3)Replace Username is NULL/Invalid
4)Replace username is not starting with alphabet
5)Replace username exceeds more than 16 characters
6)Password is not valid for Replace/existing username
Redfish validator test results:
1 failProp errors in /redfish/v1/Systems/system/LogServices/EventLog
1 problemResource errors in /redfish/v1/Systems/system/LogServices/
EventLog/Entries
Counter({'skipOptional': 17887, 'pass': 12133, 'passGet': 1285,
'metadataNamespaces': 1047, 'serviceNamespaces': 69, 'reflink': 9,
'passAction': 7, 'warningPresent': 6, 'optionalAction': 6,
'repeat': 3, 'invalidPropertyValue': 3, 'failErrorPresent': 1,
'err.LogEntryCollection.LogEntryCollection': 1, 'failProp': 1,
'unvalidated': 1, 'problemResource': 1,
'unverifiedComplexAdditional': 1, 'warnTrailingSlashLink': 1})
Validation has failed: 3 problems found
Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Ibee448c5d5c4f38c5c4cacda757864593f6001fc
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 0ff64dc2cd3a15b4204a477ad2eb5219d66e6110.
Reason for revert: <breaks redfish validator, <edmx:Reference Uri="/redfish/v1/schema/OemAccountService_v1.xml"> but the file name unversioned static/redfish/v1/schema/OemAccountService.xml>
Change-Id: I696dd09bf519e364f5f529a674e047a8eeead578
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added Oem extension for AccountService allowing user to configure
which authentication methods should be enabled. User is now able
to turn on and off authentication methods like BasicAuth, XToken, etc.
User is not allowed to turn off all of the methods at once - at least
one method has to be active to prevent lock-out. This configuration
is persistent, will be saved on file-system and will be loaded on
bmcweb's restart.
Tested:
No regression found in manual testing. By default everything works as before,
and disabling auth method prevents user to authenticate by it. Tested that
user is not allowed to disable all the methods - either in one PATCH or by
disabling them one at a time.
ServiceValidator run with success.
Change-Id: I3a775d783ac05998d17b8e91800962bffd8cab52
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
We had a couple uses of push_back in the code that could be made more
efficient with emplace(). Use them instead.
Tested: No functional change. Needs tested.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I417601e416b1d0be989617a372978d52670135d8
|
| |
|
|
|
|
|
|
|
| |
We had a couple places where the c style headers got checked in for
Tested: Code builds.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iebfbd846033618ff972825a0a9f89e8d05395ce8
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is the result of an audit to add user levels to the various
components that need them. As written:
KVM requires admin privilege
Virtual media requires admin privilege
image upload requires admin privilege
/subscribe API requies Login privilege
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I6384f23769a5ac23f653519656721da7373f088f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently, a number of people in the community have made the (admittedly
easy) mistake that we use a significant portion of crow.
Today, we use crow for the router, and the "app" structure, and even
those have been significantly modified to meet the bmc needs. All other
components have been replaced with Boost beast. This commit removes the
crow mentions from the Readme, and moves the crow folder to "http" to
camouflage it a little. No code content has changed.
Tested:
Code compiles. No functional change made to any executable code.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iceb57b26306cc8bdcfc77f3874246338864fd118
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Content-Security-Policy is a bit odd when loading from another source.
Technically, everything is cross site when in a debug context, so
blocking cross site scripting in this case is a bit non-sensical.
Tested:
This was reported to me, but I was unable to reproduce, so no way to
really test. Pushing for someone else to be able to test first, then
will update this once done.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9ae125a5577c43164d5b3b1280b783336fbfec71
|
| |
|
|
|
|
|
|
|
|
|
| |
-werror on the newest version of GCC finds even more stuff than was
found before. Fix all of them.
Tested: No functional change. In theory these cases can't occur unless
a dbus interface is broken.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Id11e29e4851075b511e69cbc006aa8d7e1e229f0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
using the list of warnings from here:
https://github.com/lefticus/cppbestpractices/blob/e73393f25a85f83fed7399d8b65cb117d00b2231/02-Use_the_Tools_Available.md#L100
Seems like a good place to start, and would improve things a bit
type-wise. This patchset attempts to correct all the issues in one
shot.
Tested:
It builds. Will test various subsystems that have been touched
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I588c26440e5a97f718a0f0ea74cc84107d53aa1e
|
| |
|
|
|
|
|
|
|
|
| |
These files aren't used, and are cruft that should've been cleaned up a
long time ago.
Tested: Project still builds. Files were not used
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I658eeebcafc9d20af44609f441b078c3c448a683
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we have a live role map, there's no need to track the users
role in the session object, we have the ability to get it every time.
This issue manifests itself in a fairly nefarious situation:
1. Log in, user is assigned a session, with role
2. BMC reboots. Session is persisted and restored, but role is removed.
3. User now has a valid session, but isn't authorized to do anything,
which results in a 403. In the webui, this results in an inability to
log out.
Tested (TODO):
Log in and log out functions. Reboot BMC, verify that webui doesn't log
back out or return 403.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I9bbf682d062150aa1c877217f037221471e58e9f
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, bmcweb allows just one KVM session. To make it support
multiple concurrent KVM sessions, this commit adds KVM session class
implementation. It limits the number of sessions to 4 to secure the
connection quality.
Tested: Up to 4 concurrent KVM sessions worked.
Change-Id: I37342ba2e30f840131d6287b4249a298aa17a1f1
Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patchset consists of two primary changes.
1. Content-Security-Policy is adjusted such that the "default" allowed
source is none, then we explicitly enable the few features we actually
use by setting them to self
2. Updates the XSS variables to simply forward back the hostname given
in the AccessControlAllowOrigin flag, which means that webpack dev
server could be running on any port.
Tested:
Tested IE11, Edge, Firefox, and Chrome for CSP errors. Firefox flags
one error that doesn't seem to effect the webui. All other browsers
load without issue.
Tested launching webpack-dev-server with XSS settings enabled.
Launches without warning on any port
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Id38f607917d19b0106c4c7708c764c45b646891e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a range check for numerical values so that they are not truncated.
Tested:
<type>:<interface>:<property>
- bool: RebootPolicy: AutoReboot
Valid: 0, 1
Invalid: null, -1, 2
- int64_t: Ambient Temp Sensor: WarningHigh
Valid: -9223372036854775808, -1, 2500, 9223372036854775807
Invalid: null, -9223372036854775809
- uint8_t: Software: Priority
Valid: 0, 1, 255
Invalid: null, -1, 256
- uint16_t: LED Physical: Period
Valid: 0, 1000, 65535
Invalid: null, -1, 65536
- uint32_t: State PowerOnHours: POHCounter
Valid: 0, 20, 4294967295
Invalid: -1, 4294967296
- uint64_t: State BMC: LastRebootTime
Valid: 0, 1566402464000, 18446744073709551615
Invalid: -1, 18446744073709551616
Closes: openbmc/bmcweb#101
Change-Id: I652333b0042b28ffb0a47b478d1a0a6e7ec994a7
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Some of the alphanumeric characters used to generate session IDs and CSRF
tokens were incorrectly lowercase; that reduced their entropy.
Tested: no; not needed
Change-Id: I383813ea9af77b1393fba516cd7e61570d5b5667
Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bmcweb_persistent_data.json have all the session info,
any user having less privilege can get access to this file
which is having sensitive data(user authentication token)
This commit fixes this bug by allowing the read write permission
to the owner and group and others would not be having either read
or write permission.
TestedBy: -> Create the redfish session
-> check the permission of the file.
-> Stop the bmcweb and remove the session file
restart the bmcweb and check the permission
of the file.
-> Create the session again and perfrom the
GET request on Manager,AccountService to verify the
other operation is working.
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I1e69ac147a2cfc3dff150322aee1f430ac552a5a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issue:
The downloaded dump file name is having dump id instead of actual dump
file name.
Solution:
Added "Content-Disposition" header into http response packet with
filename as actual dump file name. So, The downloaded dump file
will be saved in actual dump file name when downloading the dump file
by using dump id.
Tested By:
- curl -O -J -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token"
https: //$bmc_ip/download/dump/DUMP_ID
Change-Id: Id4726da20081e7d57d62038f672169f440edecfd
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
bmcweb fails when attempting to login with a Content header of
application/json; charset=utf8. This is because of an exact string
compare. This commit changes the check to only check the begining of
the string, and adds some logging to make it more clear when we hit this
in the future.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I972a80c174a18295205340271b781c9d6693ee17
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, bmcweb is generating self signed certificate when uploaded
certificate is not in trust-chain while validating that certificate.
As per design direction, bmcweb and Certificate Manager should ignore
trust chain related errors and same feature addressed in certificate
manager.
Reference change id from Certificate Manager:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/13875
With this change, the user can upload self signed CA certificate
without Root CA-Certificate in certificate store and bmcweb won't generate
self signed certificate when uploaded certificate is not in
trust-chain.
Trust chain error info:
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
X509_V_ERR_CERT_UNTRUSTED
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
Change-Id: Ieedd602541d6d5284be3e22ffd5db3ee875065fe
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
This commit gets the role of the user from the session object and
map it with the redfish privileges and then allow/reject the asked
operation depending on the userprivileges and the entity privileges.
Change-Id: I40be06c28e80b47fe76891cacf863f8495bace88
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Tested:
with this change, CI for the commit https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/20134
passes.
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com>
Change-Id: I983494e4e42bb4cce31482918c01c9e81a51132e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certificate reading is failed if Key and Certificate in different order
Git Issue ID:
- https://github.com/openbmc/bmcweb/issues/91
Root Cause:
In uploaded certificate the order is in CSR and then RSA, due
to this certificate reading is failed when same file pointer are used
for read key and certificate.
Solution:
Setting file pointer to point beginning of the file to avoid
key and certificate order error and it will support both order.
Tested By:
- Uploaded the certificate by changing component order.
curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -H
"Content-Type: application/octet-stream" -X POST -T cert.pem
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates
Change-Id: I6f6d41e7b8a7c2f7c5ce53c5d1bbdf69189119b2
Signed-off-by: Ramesh Iyyar <rameshi1@in.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
This commit fetches the user privilege during creation of the
session by making D-bus call and add the privilege in the
user session object.
Change-Id: I0e9da8a52df00fc753b13101066ce6d0be9e2ce3
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When invoking a D-Bus method call via the 'action' URL, return
the error that came back from the D-Bus call as opposed to just
hardcoding one.
Tested: A POST on /xyz/openbmc_project/dump/action/CreateDump when
no more dumps can be created now returns:
{
"data": {
"description": "xyz.openbmc_project.Dump.Create.Error.QuotaExceeded"
},
"message": "Dump not captured due to a cap.",
"status": "error"
}
Change-Id: Ifd0c97f82ff05842fa0f36ef3bb1aaba42ad7d49
Signed-off-by: Matt Spinler <spinler@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Move the system endpoints to AsyncResp where possible. This starts
to clean up our scope issues, and makes the code a bit cleaner, as it's
not tabbed in as much. It's by no means a fix, but it certainly is
better, and easier to verify. Also it gives us throw protection as far
as the connection objects go.
2. Implement the "properties" field when accessing urls like:
/bus/system/<serviceName>/<ObjectPath>/<InterfaceName>
Tested:
Called GET on
/bus/system/xyz.openbmc_project.FanSensor/xyz/openbmc_project/sensors/fan_tach/Fan_1/xyz.openbmc_project.Sensor.Value
and observed the response:
{
"bus_name": "xyz.openbmc_project.FanSensor",
"interface": "xyz.openbmc_project.Sensor.Value",
"methods": [],
"object_path": "/xyz/openbmc_project/sensors/fan_tach/Fan_1",
"properties": {
"MaxValue": 14000.0,
"MinValue": 0.0,
"Value": null
},
"signals": [],
"status": "ok"
}
Previous to this patch, properties was an empty object {}
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I8fceb395fb64f2a1857df8ba64b5914c09c18552
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sdbusplus adds message::get_error() to provide the actual sd_bus_error
of a message.
With this, return the error's name and message in REST API so that the
correct error is returned to end user.
Tested: Verify the REST API output when trying to set host time while
the settings does not allow that:
$ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data": 1436655598435272}' https://$bmc/xyz/openbmc_project/time/bmc/attr/Elapsed
{
"data": {
"description": "xyz.openbmc_project.Time.Error.NotAllowed"
},
"message": "The operation is not allowed",
"status": "error"
}
Resolves openbmc/bmcweb#83
Change-Id: I0bd5405c6748d124f9dd8a341e29f3918445158e
Signed-off-by: Lei YU <mine260309@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implements CertificateService schema to list the actions
available.
Implements CertificateLocations schema to list the
certificates present in the system.
Implements CertificateCollection schema to upload/list
existing HTTPS certificates
Implements Certificate schema to view existing HTTPS
certificate
Cater for reloading the SSL context after a certificate
is uploaded.
Fix Certificate signature validation failure
At present bmcweb uses the certificate from "/home/root/server.pem"
the same is modified to "/etc/ssl/certs/https/server.pem" as
phosphor-certificate-manager uses the specified path to
install/replace certificates.
Bmcweb creates a self-signed certificate when certificate is not
present. Catered for creating "/etc/ssl/certs/https/" direcotry
structure so that self signed certificate is created in the path.
Implements ReplaceCertificate action of Certificate
Service for replacing existing HTTPS certificates
Cleanup of older self-signed certificate at /home/root/server.pem
1. Tested schema with validator and no issues
2. Privilege map for certificate service is not yet pubished
2. GET on /redfish/v1/CertificateService/
"CertificateService": {
"@odata.id": "/redfish/v1/CertificateService"
},
3. GET on /redfish/v1/CertificateService/CertificateLocations/
"@odata.context":
"/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
"@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
"Description": "Defines a resource that an administrator can use in order to
locate all certificates installed on a given service",
"Id": "CertificateLocations",
"Name": "Certificate Locations"
4.POST on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates
{
Returns contents of certificate
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/AccountService/LDAP/Certificates/1",
"@odata.type": "#Certificate.v1A_0_0.Certificate",
"Id": "1",
"Issuer": {
...
...
}
5.GET on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateCollection.CertificateCollection",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates",
"@odata.type": "#CertificateCollection.CertificatesCollection",
"Description": "A Collection of HTTPS certificate instances",
"Members": [
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
],
"Members@odata.count": 1,
"Name": "HTTPS Certificate Collection"
}
6.GET on /redfish/v1/CertificateService/CertificateLocations/
{
"@odata.context":
"/redfish/v1/$metadata#CertificateLocations.CertificateLocations",
"@odata.id": "/redfish/v1/CertificateService/CertificateLocations",
"@odata.type": "#CertificateLocations.v1_0_0.CertificateLocations",
"Description": "Defines a resource that an administrator can use in order to
locate all certificates installed on a given service",
"Id": "CertificateLocations",
"Links": {
"Certificates": [
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
],
"Certificates@odata.count": 1
},
"Name": "Certificate Locations"
}
7.GET on /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString":
"-----BEGINCERTIFICATE-----\n....\n-----ENDCERTIFICATE-----\n",
"CertificateType": "PEM",
"Description": "HTTPS Certificate",
"Id": "1",
"Issuer": {
}
8. Verified SSL context is reloaded after a certificate is installed.
9.curl -c cjar -b cjar -k -H "X-Auth-Token: $bmc_token" -X POST
https://${bmc}/redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate/
-d @data_https.json
{
"@odata.context": "/redfish/v1/$metadata#Certificate.Certificate",
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1",
"@odata.type": "#Certificate.v1_0_0.Certificate",
"CertificateString": "-----BEGIN CERTIFICATE----END CERTIFICATE-----\n",
"Description": "HTTPS certificate",
"Id": "1",
"Issuer": {
}
4. data_https.json file contents
{
"CertificateString": "-----BEGIN PRIVATE
KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDClW1COSab2O0W\nW0SgTzLxQ1Igl4EpbEmTK8CAQ+wI7loTDZ7sZwYdf6yc9TAs/yNKjlJljgedGszv\nbC7sPNpH4FA63kaM6TbBBKTRshwZ3myXiBOOkOBs6w6V7+c7uEPcMFge6/4W1VXD\nReMi016cnPWZsmQyGzpmPM49YNEDZBfdKZ/pLuCYc9L9t706U7FrUSGfM7swB+mC\n8NH9qMixMuWAV9SBvzUWI6p4OCmN8a/F+4lOdbPMVEUqQ0hCBCjGM4qmiy/5Ng6y\n6rKeJlUdmOSTk8ojrNGcOXKh0nRafNEQFkIuoPHt8k5B/Yw2CX6s2BoGwvF+hS03\n+z3qVSw3AgMBAAECggEBAKpe92kybRGr3/rhMrdCYRJJpZEP1nGUdN89QbGMxxAS\n0h84n9vRYNNXRKWxMNtVEWtoLdDpiNUP8Dv59yO1LFIen2DL2e3rDJv4Gu/YCS7F\nR0NuS+FaDIaRURYLFeV+MzyJv75jVvhbFlqByJxngcGS1KAcSApvOLTnrJSlPpy9\n8ec5gnDhdOUND9PaQt8xCqMs1RPpjqvrgRzMEodZoqT5v+b0K1GmsAdbSHNP2mLM\nrqtpFDefiM1YfsTHUtxQykxG2Ipd2jzJ0a8O0qmVqdXcP9J9aqLcmD/2/r96GEV6\n/5qvIBj3SRFobxCiCwfys2XOXfjz2J+BUZzGoZvKeRECgYEA518hT6mn46LhwrTI\nW+Qpi7iTJgOfeLC+Ng855VHVQFED1P3T2lfyfGDyqKI/wV1DJIJmO8iOXerSPnhi\nb7reQkyHj6ERUtuE+6BQ9oTw2QD3EEvzOK2PEH5UipbhVTDnC3fT62Vz2yb3tR8D\n2h0XVJkj/dng9p1Td5aDGMriRRMCgYEA10vTyYqBPjDIEYw/Sc9aQk2kT6x3hrRQ\ngR4xyuI31RTCRD/KpLh/7z4s11Wkr+F9CyASeLbqu6zymlLOlS5p7IUkJ/x2X027\nJWVY1SR+oF3iF3SHiP4XkOVvWOKwIVUhgTjK1+Di6i3AlwIeAOS7VCCP6W0gbnwJ\nyyAAHZ30NM0CgYAqTur4dj2NEqvVvtkkdIRkWEwQF3mByE//8qjTljM4n5fjysaC\nlrJwrAmzbHfcFAHDG1U2eWYPJnFrmvflFnauCPCBAyL308xtdtNXQNgJ1nNXN4wy\nQQp4KaGr9gseWOLm5fKKiPK2kFmbdSBvMgKiJZ6/PKg2cG5i39L5JaBaoQKBgApw\nqOJ7Du1fHDSNonwHzA6vCSq76Efl8olwV2XJNn/ks87vcPov4DRPxYjjpErLGm8x\nrPOhmxxitJj7Lv1Y9NX9VtWBjpPshwi3M2mSjXllVBNjGTdxat8h4RZkV7omEKvd\nfyicxSQp987a0W2lqdfYhGIDYrE43pi1AoxtHmx5AoGBAJSoRy62oZbW6vjfdkuf\nvVnjNfFZwuiPV/X2NT+BhNPe5ZKFtC6gGedHLaIBBD3ItRhGuHZxgWXccPjGHofi\n6DlPdp2NePJgDT2maSjGSiAcHxyXdmW+Ev27NblvAxktoTUcVqSENrKFb+Fh4FXN\nlXiJzOEwAXiP2ZFbMRyNF/MI\n-----END
PRIVATE KEY-----\n-----BEGIN
CERTIFICATE-----\nMIIDNzCCAh+gAwIBAgIJAI1Wr/fK5F0GMA0GCSqGSIb3DQEBCwUAMDIxHDAaBgNV\nBAoME29wZW5ibWMtcHJvamVjdC54eXoxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x\nOTAyMDExMzIyMDhaFw0yOTAxMjkxMzIyMDhaMDIxHDAaBgNVBAoME29wZW5ibWMt\ncHJvamVjdC54eXoxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAMKVbUI5JpvY7RZbRKBPMvFDUiCXgSlsSZMrwIBD7Aju\nWhMNnuxnBh1/rJz1MCz/I0qOUmWOB50azO9sLuw82kfgUDreRozpNsEEpNGyHBne\nbJeIE46Q4GzrDpXv5zu4Q9wwWB7r/hbVVcNF4yLTXpyc9ZmyZDIbOmY8zj1g0QNk\nF90pn+ku4Jhz0v23vTpTsWtRIZ8zuzAH6YLw0f2oyLEy5YBX1IG/NRYjqng4KY3x\nr8X7iU51s8xURSpDSEIEKMYziqaLL/k2DrLqsp4mVR2Y5JOTyiOs0Zw5cqHSdFp8\n0RAWQi6g8e3yTkH9jDYJfqzYGgbC8X6FLTf7PepVLDcCAwEAAaNQME4wHQYDVR0O\nBBYEFDDohRZ1+QlC3WdIkOAdBHXVyW/SMB8GA1UdIwQYMBaAFDDohRZ1+QlC3WdI\nkOAdBHXVyW/SMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFN0DWy6\nYPXHzidWMKKyQiJ5diqUv6LbujKOHUk+/LGSoCqcUp8NvmFDKWYP9MxjOAi9TVbs\nRGlIHBl38oSwKUayXBTY/vVeSLls90giUAOjswoRbBBQZvKyfEuFpc1zUsrhGLDC\n/6DuRt9l0DWcMcmP6Yh3jePIIwTr3bpxBGrwNLly8fPf16q4bWRIAcI3ZgLOhsrN\nLfD2kf56oYViM44d54Wa0qjuCfeTnJ46x/lo6w2kB9IzF7lwpipMU7+AG8ijDdaQ\nn8t0nADpv6tNNargLcOTTfJ0/P2PaKxwA1B88NhjlymBnNbz4epIn4T3KyysgS62\nzwqs66LPWoDerzc=\n-----END
CERTIFICATE-----",
"CertificateType": "PEM",
"CertificateUri":
{
"@odata.id":
"/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1"
}
}
Change-Id: I2acbf8afa06bbf7d029d4971f7ab3b3988f5f060
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
