Session: Add v1 to urlFromPieces

Commit eddfc43 forgot the v1 in these URLs.
The bump is failing the validator:
```
138 err.Session.Session errors in /redfish/v1/SessionService/Sessions
138 failMand

Session: Add v1 to urlFromPieces

Commit eddfc43 forgot the v1 in these URLs.
The bump is failing the validator:
```
138 err.Session.Session errors in /redfish/v1/SessionService/Sessions
138 failMandatoryProp errors in /redfish/v1/SessionService/Sessions
1 failGet errors in /redfish/SessionService/Sessions/laEDBoxyVi
1 failGet errors in /redfish/SessionService/Sessions/NP9WrNsFwx
```
Note the missing v1 above

Tested: None.

Change-Id: I95c114f6e151b0a91080a47f3fcd7ae6d3a9668e
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Update most resources to use urlFromPieces

Only id in event_service and account_service have not been updated due
to the risk of it breaking the username/id. It will require further
testing to verif

Update most resources to use urlFromPieces

Only id in event_service and account_service have not been updated due
to the risk of it breaking the username/id. It will require further
testing to verify.

Use urlFromPieces wherever that is needed to insert a variable in the
URI. Don't use urlFromPieces when it is hardcoded values. This allow us
to control all resource URIs that is dynamically added and to sync with
the current recommanded method for `@odata.id`. The goal is to have a
common place to manage the url created from dbus-paths in order to
manage/update it easily when needed.

Tested:
RedfishValidtor Passed for all resource including the sensors with the
fragments.

Change-Id: I95cdfaaee58fc7f21c95f5944e1e5c813b3215f2
Signed-off-by: Willy Tu <wltu@google.com>
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Remove proprietary OEMSession support

Per https://gerrit.openbmc.org/c/openbmc/bmcweb/+/56088, this feature
would be supported to the end of 2022, at which point people will have
moved over to the s

Remove proprietary OEMSession support

Per https://gerrit.openbmc.org/c/openbmc/bmcweb/+/56088, this feature
would be supported to the end of 2022, at which point people will have
moved over to the standard Context parameter in the DMTF-published
Session schema.

Tested: Code removal. Code compiles.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I0ae832bde740b025150242085bf1d2909ed1ec21

show more ...

Fix a boatload of #includes

Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't

Fix a boatload of #includes

Most of these missing includes were found by running clang-tidy on all
files, including headers. The existing scripts just run clang-tidy on
source files, which doesn't catch most of these.

Tested: Code compiles

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic741fbb2cc9e5e92955fd5a1b778a482830e80e8

show more ...

Move ClientID parameter out of OEM

In 2022.2, Redfish added support for the Context parameter on the
Session Resource. This parameter has the same function that the
OemSession.ClientId field served

Move ClientID parameter out of OEM

In 2022.2, Redfish added support for the Context parameter on the
Session Resource. This parameter has the same function that the
OemSession.ClientId field served. This commit moves all the existing
ClientId code to produce Context as well.

Functionally, this has one important difference, in that Context in
Redfish is optionally provided by the user, which means we need to omit
it if not given by the user. The old implementation left it set to
empty string ("").

Because of this, a few minor interfaces need to change to use
std::optional. Existing uses of clientId are moved to using
value_or("") to keep the same behavior as before.

Tested:
curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\":
\"0penBmc\"}" https://192.168.7.2/redfish/v1/SessionService/Sessions

Returns a Session object with no Context key present

curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\":
\"0penBmc\", \"Context\": \"Foobar\"}"
https://192.168.7.2/redfish/v1/SessionService/Sessions

Returns a Session object with:
"Context": "Foobar"

Subsequent Gets of /redfish/v1/SessionService/Sessions/<sid>
return the same session objects, both with and without Context.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4df358623f93f3e6cb659e99970ad909cefebc62

show more ...

Add Link support to Sessions

Similar to prior patchsets, add Link support to Session objects.

Tested: Redfish-protocol-validator passes.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I

Add Link support to Sessions

Similar to prior patchsets, add Link support to Session objects.

Tested: Redfish-protocol-validator passes.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Icc74fc9d4ae2c6224528bc32b3696bf113d35d55

show more ...

redfish session: fix null ptr dereference

The session post handler creates a session object locally before setting
the reference in the request object. When the user's password has
expired, don't lo

redfish session: fix null ptr dereference

The session post handler creates a session object locally before setting
the reference in the request object. When the user's password has
expired, don't look for session information (like the username) via the
request object reference.

Tested: Prior to this change, posting to the Session collection will
cause bmcweb to crash when the user's password is expired. With this
change applied, the user is logged in with the correct configure self
role and Base.1.11.0.PasswordChangeRequired is returned in the response.
The user can subsequently change their password using the session.

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I3014181af71f75e65f6640efe47064d7adc1e9e9

show more ...

redfish session: Handle generateUserSession errors

generateUserSession returns a null pointer when it fails. Check for
that failure and return an error to the user, to avoid a null pointer
derefere

redfish session: Handle generateUserSession errors

generateUserSession returns a null pointer when it fails. Check for
that failure and return an error to the user, to avoid a null pointer
dereference.

Tested: Nope
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I56144483d542555051acc02655558854205f39a6

show more ...

IWYU redfish_sessions.hpp

Fix the includes.

Tested: Code compiles.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I589aa64c14847bb82087a5201959e2ca1271ae41

Expose AsyncResp shared_ptr when handling response

For Redfish Aggregation, we need a common point to check the D-Bus
for satellite configs. If they are available then we perform the
aggregation op

Expose AsyncResp shared_ptr when handling response

For Redfish Aggregation, we need a common point to check the D-Bus
for satellite configs. If they are available then we perform the
aggregation operations. The functions in query.hpp are used by all
endpoints making them the logical location. The aggregation code
requires a shared_ptr to the AsyncResp so these functions need to be
able to supply that.

This patch is broken out of a future patch for routing Redfish
Aggregation requests
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/53310

The follow commands can be used to perform most of the replacements:
find . -type f | xargs sed -i 's/setUpRedfishRoute(app, req, asyncResp->res/setUpRedfishRoute(app, req, asyncResp/g'
find . -type f | xargs sed -i 's/setUpRedfishRouteWithDelegation(app, req, asyncResp->res/setUpRedfishRouteWithDelegation(app, req, asyncResp/g'

Signed-off-by: Carson Labrado <clabrado@google.com>
Change-Id: I4f4f9f22cdcfb14a3bd94b9a8f3d64aae34e57bc

show more ...

Make code compile on clang again

The usual updates to make code compile on clang again. Extra semicolons
that have snuck in, missing inline and static definitions.

Tested: Code compiles on clang.

Make code compile on clang again

The usual updates to make code compile on clang again. Extra semicolons
that have snuck in, missing inline and static definitions.

Tested: Code compiles on clang.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id7f889de98cafaa89471d75ed3e3bb97ab3855cd

show more ...

Fix segmentation fault when deleting the sessions

Fix the segmentation fault caused by deleting the sessions via Redfish.
Do not compare the username when deleting the sessions with no-auth.

Tested

Fix segmentation fault when deleting the sessions

Fix the segmentation fault caused by deleting the sessions via Redfish.
Do not compare the username when deleting the sessions with no-auth.

Tested: Delete the session via Redfish and bmcweb not crashed

Signed-off-by: wukaihua-fii-na <eason.kh.wu@fii-na.com>
Change-Id: I7f5268e7243a22ba5010ba5b8b4c82f19b8b4f20

show more ...

Remove brace initialization of json objects

Brace initialization of json objects, while quite interesting from an
academic sense, are very difficult for people to grok, and lead to
inconsistencies.

Remove brace initialization of json objects

Brace initialization of json objects, while quite interesting from an
academic sense, are very difficult for people to grok, and lead to
inconsistencies. This patchset aims to remove a majority of them in
lieu of operator[]. Interestingly, this saves about 1% of the binary
size of bmcweb.

This also has an added benefit that as a design pattern, we're never
constructing a new object, then moving it into place, we're always
adding to the existing object, which in the future _could_ make things
like OEM schemas or properties easier, as there's no case where we're
completely replacing the response object.

Tested:
Ran redfish service validator. No new failures.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Iae409b0a40ddd3ae6112cb2d52c6f6ab388595fe

show more ...

Add setUpRedfishRoute to all nodes in redfish

For better or worse, the series ahead of this is making use of
setUpRedfishRoute to do the common "redfish specified" things that need
to be done for a

Add setUpRedfishRoute to all nodes in redfish

For better or worse, the series ahead of this is making use of
setUpRedfishRoute to do the common "redfish specified" things that need
to be done for a connection, like header checking, filtering, and other
things. In the current model, where BMCWEB_ROUTE is a common function
for all HTTP routes, this means we need to propagate this injection call
into the whole tree ahead of the requests being handled.

In a perfect world, we would invent something like a REDFISH_ROUTE
macro, but because macros are discouraged, the routes take a variadic
template of parameters, and each call to the route has a .privileges()
call in the middle, there's no good way to effect this change in a less
costly manner. This was messaged both in the prior reviews, and on
discord sourcing improvements on this pattern, to which none arose.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id29cc799e214edad41e48fc7ce6eed0521f90ecb

show more ...

Make bmcweb pass REQ_POST_CREATE_TO_MEMBERS_PROP

The Members property within resources is expected to allow create in the
same way the Collection resource does. From the spec:

Submitting a POST re

Make bmcweb pass REQ_POST_CREATE_TO_MEMBERS_PROP

The Members property within resources is expected to allow create in the
same way the Collection resource does. From the spec:

Submitting a POST request to a resource collection is equivalent to
submitting the same request to the Members property of that resource
collection. Services that support the addition of Members to a resource
collection shall support both forms.

Related: #192

Tested:
Redfish protocol validator, REQ_POST_CREATE_TO_MEMBERS_PROP now passes.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I5c22325946eab9aec8c690450aa2ea24a6e4e485

show more ...

Move SessionService to free methods

In line with other patchsets doing the same thing, move SessionService
to free methods.

Tested:
curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\"

Move SessionService to free methods

In line with other patchsets doing the same thing, move SessionService
to free methods.

Tested:
curl --insecure -X POST -d "{\"UserName\": \"root\", \"Password\": \"0penBmc\"}" https://192.168.7.2/redfish/v1/SessionService/Sessions
succeeds and returns a result.

redfishtool -S Always -A Session -u root -p 0penBmc -vvvvv -r 192.168.7.2 raw GET "/redfish/v1/SessionService/Sessions"

Succeeds and returns the sesion created previously, and deletes its own
session successfully.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I38aeeef2143898510e6c645719deaa7d56a418dc

show more ...

Add url type safety to message registry

There are a number of places where we use message registry messages
incorrectly. This patchset attempts to fix them, and invoke some type
safety when they're

Add url type safety to message registry

There are a number of places where we use message registry messages
incorrectly. This patchset attempts to fix them, and invoke some type
safety when they're used such that they're more obvious to use.

Namely, it changes a number of the message registry methods to accept a
boost::urls::url_view for its argument instead of a const std::string&.
This forces the calling code to correctly encode a URL to use the
method, which should make it obvious that it's not for an ID, a property
name, or anything else. In the course of doing this, several places
were found to be using the first argument incorrectly.

Tested:
curl --insecure --user root:0penBmc https://192.168.7.2/redfish/v1/Chassis/foobar

Returns:
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found.",
"MessageArgs": [
"#Chassis.v1_16_0.Chassis",
"foobar"
],
"MessageId": "Base.1.8.1.ResourceNotFound",
"MessageSeverity": "Critical",
"Resolution": "Provide a valid resource identifier and resubmit the request."
}
],
"code": "Base.1.8.1.ResourceNotFound",
"message": "The requested resource of type #Chassis.v1_16_0.Chassis named foobar was not found."
}

Identically to previously.

Also tested with IDs that contained % encoded characters, like
foobar%10, which gave the same result.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Icbb3bce5d190a260610087c9ef35e7becc5a50c7

show more ...

json_utils: Add support jsonRead Patch/Action

Added support for readJson for Patch and Action. The only difference is
that Patch does not allow empty json input while Action does. Action with
empty

json_utils: Add support jsonRead Patch/Action

Added support for readJson for Patch and Action. The only difference is
that Patch does not allow empty json input while Action does. Action with
empty input will use the default value based on the implementation and
return 200 OK response code.

readJsonPatch will replace the existing readJson and be used for path
requests. It will not allow empty json input and all requested
keys are required in the json input.

readJsonAction will be used for Action requests where it is possible for
all of the properties to be optional and allow empty request.
The optional properties are determined by the requested values type.

All current Action readJson are replaced with readJsonAction. It does
not change the existing behavior since it needs `std::optional`.
This will have to be updated later as we define the default behavior.

Tested:
Added unit tests and readJsonAction allows empty empty json object.

No Change to Redfish Tree.

Change-Id: Ia5e1f81695c528a20f1dc985aee19c920d8adaea
Signed-off-by: Willy Tu <wltu@google.com>

show more ...

Convert IPv4-mapped IPv6 ClientIP back to IPv4

Current HTTP server creates an IPv6 acceptor to accept both IPv4 and
IPv6 connections. In this way, IPv4 address will be presented as IPv6
address in I

Convert IPv4-mapped IPv6 ClientIP back to IPv4

Current HTTP server creates an IPv6 acceptor to accept both IPv4 and
IPv6 connections. In this way, IPv4 address will be presented as IPv6
address in IPv4-mapped format. This patch converts it back to IPv4.

Tested:
Verified the ClientOriginIP in Session is shown in native IPv4 format
instead of IPv4-mapped IPv6 format.

Change-Id: Icd51260b2d4572d52f5c670128b7f07f6b5e6912
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Make code compile with clang-13

Clang-13 rightfully warns that the hasWebuiRoute variable isn't declared
as static. This commit resolves that, and adds the static keyword so it
can be used in multi

Make code compile with clang-13

Clang-13 rightfully warns that the hasWebuiRoute variable isn't declared
as static. This commit resolves that, and adds the static keyword so it
can be used in multiple compile units. It also adds the static keyword
to the privilege registry, and the inline keyword to many methods that
now need it.

clang-format is also updated to version 12 in parse_registies.py, as
that's what CI uses, and what most people have installed.

Tested:
Followed clang-tidy instructions in README.md
"bitbake bmcweb" step now succeeds.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Id43b13606754cb37a404799fce155599ac3a3240

show more ...

Automate PrivilegeRegistry to code

This commit attempts to automate the creation of our privileges
structures from the redfish privilege registry. It accomplishes this by
updating parse_registries.

Automate PrivilegeRegistry to code

This commit attempts to automate the creation of our privileges
structures from the redfish privilege registry. It accomplishes this by
updating parse_registries.py to also pull down the privilege registry
from DMTF.
The script then generates privilege_registry.hpp, which include const
defines for all the privilege registry entries in the same format that
the Privileges struct accepts. This allows new clients to simply
reference the variable to these privilege structures, instead of having
to manually (ie error pronely) put the privileges in themselves.

This commit updates all the routes.

For the moment, override and OEM schemas are not considered. Today we
don't have any OEM-specific Redfish routes, so the existing ones inherit
their parents schema. Overrides have other issues, and are already
incorrect as Redfish defines them.

Binary size remains unchanged after this patchset.

Tested:
Ran redfish service validator

Ran test case from f9a6708c4c6490257e2eb6a8c04458f500902476 to ensure
that the new privileges constructor didn't cause us to regress the brace
construction initializer.

Checked binary size with:
gzip -c
$BBPATH/tmp/work/s7106-openbmc-linux-gnueabi/obmc-phosphor-image/1.0-r0/rootfs/usr/bin/bmcweb
| wc -c
1244048

(tested on previous patchset)

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ideede3d5b39d50bffe7fe78a0848bdbc22ac387f

show more ...

Fix Session delete to return 200

the tests on
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/43984 identified
that there are some that actually look at response codes, and expect
200. This

Fix Session delete to return 200

the tests on
https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/43984 identified
that there are some that actually look at response codes, and expect
200. This would show up as failures that looked like:

Test SSL Connection :: This testcase is for testing the SSL connec... | FAIL |
Parent suite setup failed:
ValueError: The HTTP status code was not valid:
status: 204
valid_status_codes:
[0]: 200


This commit fixes the behavior change to move back to the old behavior,
and causes SessionService Delete to return 200 with a success message.
This commit changes this code back to 200, even though 204 is valid and
the test should pass for both, 200 with a success message more closely
follows Redfish.

Tested:
Code builds. Expect the above bump to test this behavior directly.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I1d6bbfab867dc757c78f745119cfd9835ebbc505

show more ...

Remove the Node class

Fixes #181

Lots of specific details around why the node class have been removed are
in the previous patchsets. This commit actually does the deed and makes
it go away entirel

Remove the Node class

Fixes #181

Lots of specific details around why the node class have been removed are
in the previous patchsets. This commit actually does the deed and makes
it go away entirely.

Now that this is finally done, we can compare binary size. Surprisingly
enough, this series saves a full 72KB of compressed binary size, which
amounts to about 6.4% of the total code size.

Before: 1197632 bytes
After: 1124688 bytes

This IMO makes it worth it, considering we've significantly reduced the
amount of code at the same time.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I3c8688715f933b381cad0be75a079ccfd72c3130

show more ...

Move Sessions to non Node structure

This commit, in line with 7e860f1550c8686eec42f7a75bc5f2ef51e756ad moves
the session service over to the normal BMCWEB routes. This is
relatively painless, with

Move Sessions to non Node structure

This commit, in line with 7e860f1550c8686eec42f7a75bc5f2ef51e756ad moves
the session service over to the normal BMCWEB routes. This is
relatively painless, with the exception of the fact that the previous
classes held members of the other classes in their struct. This was an
attempt at a design pattern from very early on that never really worked
in practice, so it was largely abandoned, and now this is cleaning up
the last remains of it.

This commit accomplishes this by making two critical changes, first,
Delete /redfish/v1/SessionService/Sessions/<sessionId> no longer returns
the structure of the session that was deleted, instead returns 204
unmodified, which is very similar to what we do in other cases. While
this is a breaking change, it's not clear what a user would even do with
a returned deleted session, so it seems really unlikely to break anyone.

This commit also creates a separate method to fill in a session object
with a given session details, such that the POST and GET methods can
share a single implementation. This is more efficient than the old way,
as it prevents a double lookup from the session store.

Tested:
Tested redfish validator on system. No new failures (UUID failure still
present)

Change-Id: If5d2b2c5a21af05ed0cb02a15bd1c1c976b8da12
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Remove Node class from Account Service

This is a progression of 7e860f1550c8686eec42f7a75bc5f2ef51e756ad, which
correctly noted that AccountService has a number of class specific
variables. This co

Remove Node class from Account Service

This is a progression of 7e860f1550c8686eec42f7a75bc5f2ef51e756ad, which
correctly noted that AccountService has a number of class specific
variables. This commit removes the Node class from those in line with
the aformentioned patchset, and at the same time removes the need for
the isAllowedWithoutConfigureSelf method, which was relying on state
captured to do some complex rule checking. Fortunately, it is
relatively easy to check current permissions at runtime using the
Privileges::isSupersetOf check against the current users role. This
significantly reduces the complexity of the code, while still giving the
same result (users with only ConfigureSelf cannot see or modify other
users). Ideally these two things, isAllowedWithoutConfigureSelf, and
the Node moving would've been done in separate commits, but given that
the former would've required moving a number of features out of the node
derived class anyway, separating them would lead to essentially the same
diff twice, hence why they are combined for easier review.

Tested:
Ran Redfish service validator. No new errors. (UUID error present that
appears to be unrelated)

Change-Id: Iad919dbc7ab7e8d47cc1160999ed9f43f685fa56
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...