Added new pre-defined usergroup called hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed

Added new pre-defined usergroup called hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group and they are in an administrator role.

Note: The changes are spread across multiple repositories listed under
"Related commits:"

The bmcweb changes to incorporate new group are as follows:
- The new user is added in the hostconsole group only if it has an
administrative role.
- The ssh usergroup is only translated to ManagerConsole redfish group
and hostconsole usergroup is translated to HostConsole redfish group.
- The following changes are made to check the privileges for host console
access
- The new OEM privilege "OpenBMCHostConsole" added for host console
access. This privilege is not shared externally hence it is not
documented.
- Updated obmc_console BMCWEB_ROUTE to use the new privilege.
- Router functions now save user role and user groups in the session
- getUserPrivileges() function now takes session reference instead
of user role. This function now also checks for the user group
"hostconsole" and add the new privilege if user is member of this
group.
- Updated all callers of the getUserPrivileges to pass session
reference.
- Added test to validate that new privilege is set correctly.

Tested:
Loaded code on the system and validated that;
- New user gets added in hostconsole group. NOTE: Prior to this commit
all groups are assigned to new user. This drop does not change that
behavior.
- Access from the web gui is only available for users in hostconsole
group. Used IBM internal simulator called simics to test this. This
simulator allows accessing openbmc from GUI.
- Checked the role collection and there is no change.
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Administrator
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/ReadOnly
$ curl -k -H "X-Auth-Token: $TOKEN" -X GET \
https://${bmc}/redfish/v1/AccountService/Roles/Operator

- HostConsole is in AccountType when hostconsole group is present in
UserGroups D-Bus property

$ id user99
uid=1006(user99) gid=100(users) groups=1000(priv-admin),1005(web),\
1006(redfish),1013(hostconsole),100(users)

$ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"HostConsole",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Administrator",
"UserName": "user99"

- The hostconsole group is not present for readonly or operator users
and also made sure that console access is not provided. This testing
is done one the system and console access was tried by modifying the
https://github.com/openbmc/bmcweb/blob/master/scripts/websocket_test.py

+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "ReadOnly",
"UserName": "user99"

[INFO "http_connection.hpp":209] Request: 0x150ac38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-user
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege

+ curl -k https://${bmc}/redfish/v1/AccountService/Accounts/user99
{
"@odata.id": "/redfish/v1/AccountService/Accounts/user99",
"@odata.type": "#ManagerAccount.v1_4_0.ManagerAccount",
"AccountTypes": [
"IPMI",
"Redfish",
"WebUI",
"ManagerConsole"
],
"Description": "User Account",
"Enabled": true,
"Id": "user99",
"Links": {
"Role": {
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
}
},
"Locked": false,
"Locked@Redfish.AllowableValues": [
"false"
],
"Name": "User Account",
"Password": null,
"PasswordChangeRequired": false,
"RoleId": "Operator",
"UserName": "user99"

[INFO "http_connection.hpp":209] Request: 0x21c7c38 HTTP/1.1 GET /console0 ::ffff:x.x.xx.xxx
[DEBUG "routing.hpp":1265] Matched rule (upgrade) '/console0' 1 / 2
[DEBUG "routing.hpp":1084] userName = user99 userRole = priv-operator
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ipmi
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=redfish
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=ssh
[DEBUG "routing.hpp":1123] IsUserPrivileged: group=web
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: Login
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureComponents
[DEBUG "routing.hpp":93] checkPrivileges: BASE USER: ConfigureSelf
[DEBUG "routing.hpp":113] checkPrivileges: OEM REQUIRED: OpenBMCHostConsole
[ERROR "routing.hpp":1192] Insufficient Privilege

Related commits:
NOTE: docs, openbmc, obmc-console changes are already merged. bmcweb
and phosphor-user-manager will be merged together.
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580

Change-Id: Ia5a33dafc9a76444e6a8e74e752f0f90cb0a31c8
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>

show more ...

Boost::urls::format

Boost 1.82 dropped a lovely new toy, boost::urls::format, which is a lot
like our urlFromPieces method, but better in that it makes the resulting
uris more readable, and allows d

Boost::urls::format

Boost 1.82 dropped a lovely new toy, boost::urls::format, which is a lot
like our urlFromPieces method, but better in that it makes the resulting
uris more readable, and allows doing things like fragments in a single
line instead of multiple. We should prefer it in some cases.

Tested:
Redfish service validator passes.
Spot checks of URLs work as expected.
Unit tests pass.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia7b38f0a95771c862507e7d5b4aa68aa1c98403c

show more ...

Fix certificate replacement error code issue

We get 500 Internal Server Error when we try to replace certificate
without providing certificate but expected response is 400 Bad Request.
So fixed the

Fix certificate replacement error code issue

We get 500 Internal Server Error when we try to replace certificate
without providing certificate but expected response is 400 Bad Request.
So fixed the issue by removal of overriding the error code.

Tested:
Response for attempt to replace certificate without certificate or
without required json key

Before changes:
500 Internal Server Error

After changes:
400 Bad Request

Change-Id: I7f672d40f73f8cd1491625ba6714bd3ad2594faf
Signed-off-by: vijayabharathi shetty <vijayabharathix.shetty@intel.com>

show more ...

fix more push vs emplace calls

It seems like clang-tidy doesn't catch every place that an emplace could
be used instead of a push. Use a few grep/sed pairs to find and fix up
some common patterns.

fix more push vs emplace calls

It seems like clang-tidy doesn't catch every place that an emplace could
be used instead of a push. Use a few grep/sed pairs to find and fix up
some common patterns.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I93eaec26b8e3be240599e92b66cf54947073dc4c

show more ...

use emplace where appropriate per clang-tidy

The clang-tidy warning 'modernize-use-emplace' correctly flags a
few places where emplace should be used over push.

Signed-off-by: Patrick Williams <pat

use emplace where appropriate per clang-tidy

The clang-tidy warning 'modernize-use-emplace' correctly flags a
few places where emplace should be used over push.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6ca79285a87d6927e718345dc8dce0387e6b1eda

show more ...

certificate-service: fix clang-tidy warnings

```
../redfish-core/lib/certificate_service.hpp:154:32: error: 'i' is an unsafe pointer used for buffer access [-Werror,-Wunsafe-buffer-usage]
std::s

certificate-service: fix clang-tidy warnings

```
../redfish-core/lib/certificate_service.hpp:154:32: error: 'i' is an unsafe pointer used for buffer access [-Werror,-Wunsafe-buffer-usage]
std::string_view::iterator i = value.begin();
```

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I6b6fb17d58bb7a3bd861aaf020540586490693da

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I75f89d2959b0f1338c20d72ad669fbdc1d720835
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Remove body member from Request

Per cpp core guidelines, these should be methods.

Tested: on last patchset of the series.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68d

Remove body member from Request

Per cpp core guidelines, these should be methods.

Tested: on last patchset of the series.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ib16479db9d2b68da68e7ad6e825c7e205c64f1de

show more ...

Take boost error_code by reference

By convention, we should be following boost here, and passing error_code
by reference, not by value. This makes our code consistent, and removes
the need for a co

Take boost error_code by reference

By convention, we should be following boost here, and passing error_code
by reference, not by value. This makes our code consistent, and removes
the need for a copy in some cases.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id42ea4a90b6685a84818b87d1506c11256b3b9ae

show more ...

Pass string views by value

string_view should always be passed by value; This commit is a sed
replace of the code to make all string_views pass by value, per general
coding guidelines[1].

[1] http

Pass string views by value

string_view should always be passed by value; This commit is a sed
replace of the code to make all string_views pass by value, per general
coding guidelines[1].

[1] https://quuxplusone.github.io/blog/2021/11/09/pass-string-view-by-value/

Tested: Code compiles.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I55b342a29a0fbfce0a4ed9ea63db6014d03b134c

show more ...

Add option for validating content-type header

For systems implementing to the OWASP security guidelines[1] (of which all
should ideally) we should be checking the content-type header all times
that

Add option for validating content-type header

For systems implementing to the OWASP security guidelines[1] (of which all
should ideally) we should be checking the content-type header all times
that we parse a request as JSON.

This commit adds an option for parsing content-type, and sets a default
of "must get content-type". Ideally this would not be a breaking
change, but given the number of guides and scripts that omit the content
type, it seems worthwhile to add a trapdoor, such that people can opt
into their own model on how they would like to see this checking work.

Tested:
```
curl --insecure -H "Content-Type: application/json" -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":"root", "Password":"0penBmc"}'
```

Succeeds.

Removing Content-Type argument causes bmc to return
Base.1.13.0.UnrecognizedRequestBody.

[1] cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html

Change-Id: Iaa47dd563b40036ff2fc2cacb70d941fd8853038
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Fix a boatload of #includes

Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't

Fix a boatload of #includes

Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't catch most of these.

Tested: Code compiles

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8

show more ...

Add check for globals

We don't follow this cpp core guidelines rule well. This is something
that we should aspire to cleaning up in the future, but for the moment,
lets turn the rule on in clang-ti

Add check for globals

We don't follow this cpp core guidelines rule well. This is something
that we should aspire to cleaning up in the future, but for the moment,
lets turn the rule on in clang-tidy to stop the bleeding, add ignores
for the things that we know need some better abstractions, and work on
these over time.

Most of this commit is just adding NOLINTNEXTLINE exceptions for all of
our globals. There was one case in the sensor code where clang
correctly noted that those globals weren't actually const, which got
missed because of the use of auto.

Tested: CI should be good enough for this. Passes clang-tidy.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ieda08fee69a3b209d4b3e9771809a6c41524f066

show more ...

Refactor GetSubTreePaths method

Since the GetSubTreePaths method has been implemented in dbus_utility
and this commit is to integrate all the places where the
GetSubTreePaths method is called, and u

Refactor GetSubTreePaths method

Since the GetSubTreePaths method has been implemented in dbus_utility
and this commit is to integrate all the places where the
GetSubTreePaths method is called, and use the method in dbus_utility
uniformly.

Requires https://gerrit.openbmc.org/c/openbmc/sdbusplus/+/60020 to
build.

Tested: Redfish Validator Passed

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: Ie4140d4484a7e4f4b943013f4371ffd2d44a22e9

show more ...

Remove old TODO

This TODO was implemented long ago by DMTF. Remove the comment.

Tested: Comment only.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4b0fc7c6fefa316d1cf824711d542f17a6

Remove old TODO

This TODO was implemented long ago by DMTF. Remove the comment.

Tested: Comment only.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4b0fc7c6fefa316d1cf824711d542f17a6f1a682

show more ...

certificate: Allow deleting LDAP client certificate

Users should be able to delete LDAP client certificate, and phosphor-
certificate-manager already supports this. This patch adds the Redfish
API e

certificate: Allow deleting LDAP client certificate

Users should be able to delete LDAP client certificate, and phosphor-
certificate-manager already supports this. This patch adds the Redfish
API endpoint for it.

Tested:
DELETE /redfish/v1/AccountService/LDAP/Certificates/1 removes the LDAP
client certificate installed on system.

Change-Id: If1c082c78c404b5877e74ba50de3a970cd823a90
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

certificate: Add deleteCertificate function

This patch adds deleteCertificate function to delete an installed cert,
which is used in current DELETE TrustStore cert handler and incoming
DELETE LDAP c

certificate: Add deleteCertificate function

This patch adds deleteCertificate function to delete an installed cert,
which is used in current DELETE TrustStore cert handler and incoming
DELETE LDAP client store cert handler. Compared to having two lambdas,
it reduces code redundancy and has slightly smaller compressed binary
size (~700B).

Tested:
Code move only, DELETE /redfish/v1/Managers/bmc/Truststore/Certificates
/<id> works exactly the same as before.

Change-Id: I93c07845e4be3c0304b3c3e8ff4249885c9ab908
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

certificate: Replace lambda with inline function

For API endpoints, it is suggested to break out the entire handlers
into a function, and not rely on a lambda at all. This brings more
readability as

certificate: Replace lambda with inline function

For API endpoints, it is suggested to break out the entire handlers
into a function, and not rely on a lambda at all. This brings more
readability as it reduces indents.

Tested:
Code compiles, and Redfish Service Validator passed.

Change-Id: I5132149c00b6f553931dae562b83bc7aee678105
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Remove nlohmann brace initialization

There's a few last places (outside of tests) where we still use
nlohmann brace initialization. Per the transforms we've been doing,
move these to constructing t

Remove nlohmann brace initialization

There's a few last places (outside of tests) where we still use
nlohmann brace initialization. Per the transforms we've been doing,
move these to constructing the objects explicitly, using operator[],
nlohmann::object_t and nlohmann::array_t. Theses were found by manual
inspection grepping for all uses of nlohmann::json.

This is done to reduce binary size and reduce the number of intermediate
objects being constructed. This commit saves a trivial amount of size
(~4KB, Half a percent of total) and in addition but makes our
construction consistent.

Tested:
Redfish service validator passes.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I7478479a9fdc41b254eef325002d413c1fb411a0

show more ...

Update content of ResourceNotFound/ResourceAlreadyExists message

According to Redfish Base Message Registry definition [1], the first
argument of ResourceNotFound and ResourceAlreadyExists is the sc

Update content of ResourceNotFound/ResourceAlreadyExists message

According to Redfish Base Message Registry definition [1], the first
argument of ResourceNotFound and ResourceAlreadyExists is the schema
name of the resource. This patch changes the first argument to non-
versioned schema name treewide.

Tested:
Verified the error message matches the definition, and Redfish Service
Validator passed.

[1] https://redfish.dmtf.org/registries/Base.1.13.0.json

Change-Id: Ib5cd853578ef0bffda1184d10827241e94faaf68
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

used sdbusplus::unpackPropertiesNoThrow part 4

used sdbusplus::unpackPropertiesNoThrow in certificate_service.hpp, also
replaced all usages of "GetAll" with sdbusplus::asio::getAllProperties

bm

used sdbusplus::unpackPropertiesNoThrow part 4

used sdbusplus::unpackPropertiesNoThrow in certificate_service.hpp, also
replaced all usages of "GetAll" with sdbusplus::asio::getAllProperties

bmcweb size: 2668888 -> 2664776 (-4112)
compressed size: 1127280 -> 1125100 (-2180)

Tested:
Performed get on:
- /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1

Get result before and after the change was in same format, values for:
ValidNotAfter, ValidNotBefore and CertificateString were different
(but it is expected behaiour)

Change-Id: If94adea317dea18cb984788dc1515778ce4097c6
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>

show more ...

Move time utils to be in one place

We've accumulated several time utility functions in the http classes.
Time isn't a core HTTP primitive, so http is not where those functions
below.

This commit mo

Move time utils to be in one place

We've accumulated several time utility functions in the http classes.
Time isn't a core HTTP primitive, so http is not where those functions
below.

This commit moves all the time functions from the crow::utility
namespace into the redfish::time_utils namespace, as well as moves the
unit tests.

No code changes where made to the individual functions, with the
exception of changing the namespace on the unit tests.

Tested: Unit tests pass.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8493375f60aea31899c84ae703e0f71a17dbdb73

show more ...

Use enum overload for field setting

There are two overloads of addHeader, one that takes a string, and one
that takes a boost enum. For most common headers, boost contains a
string table with all o

Use enum overload for field setting

There are two overloads of addHeader, one that takes a string, and one
that takes a boost enum. For most common headers, boost contains a
string table with all of those entries anyway, so there's no point in
duplicating the strings, and ensures that we don't make trivial
mistakes, like capitalization or - versus underscore that aren't caught
at compile time.

Tested:
This saves a trivial amount (572 bytes) of compressed binary size.

curl --insecure -vvv --user root:0penBmc https://192.168.7.2/redfish/v1

returns < Content-Type: application/json

curl --insecure -vvv -H "Accept: text/html" --user root:0penBmc https://192.168.7.2/redfish/v1

Returns
< Content-Type: text/html;charset=UTF-8

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I34c198b4f9e219247fcfe719f9b3616d35aea3dc

show more ...

certificate: Use urlFromPieces to generate URL

urlFromPieces is a better way for generating URLs as it automatically
escapes special characters. Use it.

Tested:
Verified reading and uploading certi

certificate: Use urlFromPieces to generate URL

urlFromPieces is a better way for generating URLs as it automatically
escapes special characters. Use it.

Tested:
Verified reading and uploading certificates are responded with correct
URL to the certificate, and Redfish Service Validator passed.

Change-Id: I7a4fb76d0a0baa2dacff192973aa61b478e91158
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

certificate: Parse URL with readUrlSegments in ReplaceCertificate

readUrlSegments both validates and reads segments from URL, using it is
way better than comparing the URL with boost::start_with now

certificate: Parse URL with readUrlSegments in ReplaceCertificate

readUrlSegments both validates and reads segments from URL, using it is
way better than comparing the URL with boost::start_with now (which
violates common error #12). It also removes the last part that relies
on the incorrect assumption that the certificate id is always a number.

Also removes the boost::convert dependency as it is not longer needed.

Tested:
* Verified calling ReplaceCertificate with malformed CertificateUri
gives ActionParameterNotSupported error.
* Replacing certificate at a valid but non-existing returns 404 Not
found
* Replacing an existing certificate operates successfully.

Change-Id: I96ffe7060b3350ea9240ef64624246af0fdd3da0
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...