summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Filippov <a.filippov@yadro.com>2018-03-20 12:02:23 +0300
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2018-05-30 18:56:05 +0000
commitd08a4569ad2dbc68ad1f5797dc318ab4555559fb (patch)
tree36cd5f49af00111fddcbd0e27c48f9bc1d56d8fc
parenteace1bcbd2748411c98e2acd21eb3bca803ff283 (diff)
downloadphosphor-rest-server-d08a4569ad2dbc68ad1f5797dc318ab4555559fb.zip
phosphor-rest-server-d08a4569ad2dbc68ad1f5797dc318ab4555559fb.tar.gz
Prevent users from logging in while BMC is not yet ready.
Reject user logins while BMC_READY state has not been reached yet, and report the reason in response. Resolves: openbmc/openbmc#2974 This behavior may be enabled by appending `--with-bmc-check` to command line arguments. When it is enabled it maybe temporary disabled by sending `force` flag with the login request: ``` { "data": [ "username", "password" ], "force": true } ``` Tested: When trying to login in REST receiving response with code 503 while BMC is booting. Change-Id: I04fce09de2b7a3074b5253346a87773641fd57d0 Signed-off-by: Alexander Filippov <a.filippov@yadro.com>
-rw-r--r--module/obmc/wsgi/apps/rest_dbus.py32
1 files changed, 32 insertions, 0 deletions
diff --git a/module/obmc/wsgi/apps/rest_dbus.py b/module/obmc/wsgi/apps/rest_dbus.py
index ffbab94..bf4fe7c 100644
--- a/module/obmc/wsgi/apps/rest_dbus.py
+++ b/module/obmc/wsgi/apps/rest_dbus.py
@@ -15,6 +15,7 @@
# permissions and limitations under the License.
import os
+import sys
import dbus
import dbus.exceptions
import json
@@ -630,8 +631,13 @@ class SessionHandler(MethodHandler):
no_user_str = "No user logged in"
bad_json_str = "Expecting request format { 'data': " \
"[<username>, <password>] }, got '%s'"
+ bmc_not_ready_str = "BMC is not ready (booting)"
_require_auth = None
MAX_SESSIONS = 16
+ BMCSTATE_IFACE = 'xyz.openbmc_project.State.BMC'
+ BMCSTATE_PATH = '/xyz/openbmc_project/state/bmc0'
+ BMCSTATE_PROPERTY = 'CurrentBMCState'
+ BMCSTATE_READY = 'xyz.openbmc_project.State.BMC.BMCState.Ready'
def __init__(self, app, bus):
super(SessionHandler, self).__init__(
@@ -696,6 +702,15 @@ class SessionHandler(MethodHandler):
if not self.authenticate(*request.parameter_list):
abort(401, self.bad_passwd_str)
+ force = False
+ try:
+ force = request.json.get('force')
+ except (ValueError, AttributeError, KeyError, TypeError):
+ force = False
+
+ if not force and not self.is_bmc_ready():
+ abort(503, self.bmc_not_ready_str)
+
user = request.parameter_list[0]
session = self.new_session()
session['user'] = user
@@ -705,6 +720,22 @@ class SessionHandler(MethodHandler):
httponly=True)
return self.login_str % (user, 'in')
+ def is_bmc_ready(self):
+ if not self.app.with_bmc_check:
+ return True
+
+ try:
+ obj = self.bus.get_object(self.BMCSTATE_IFACE, self.BMCSTATE_PATH)
+ iface = dbus.Interface(obj, dbus.PROPERTIES_IFACE)
+ state = iface.Get(self.BMCSTATE_IFACE, self.BMCSTATE_PROPERTY)
+ if state == self.BMCSTATE_READY:
+ return True
+
+ except dbus.exceptions.DBusException:
+ pass
+
+ return False
+
def find(self, **kw):
pass
@@ -1419,6 +1450,7 @@ class App(Bottle):
super(App, self).__init__(autojson=False)
self.have_wsock = kw.get('have_wsock', False)
+ self.with_bmc_check = '--with-bmc-check' in sys.argv
self.bus = dbus.SystemBus()
self.mapper = obmc.mapper.Mapper(self.bus)
OpenPOWER on IntegriCloud