1214b7e7 | 04-Jun-2020 |
Gunnar Mills <gmills@us.ibm.com> |
clang-format: update to latest from docs repo
This is from openbmc/docs/style/cpp/.clang-format
Other OpenBMC repos are doing the same.
Tested: Built and validator passed. Change-Id: Ief26c755c9ce
clang-format: update to latest from docs repo
This is from openbmc/docs/style/cpp/.clang-format
Other OpenBMC repos are doing the same.
Tested: Built and validator passed. Change-Id: Ief26c755c9ce012823e16a506342b0547a53517a Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
show more ...
|
92a74e56 | 04-Jun-2020 |
AppaRao Puli <apparao.puli@linux.intel.com> |
fix for bmcweb CI build failure
CI builds are failing due to formatting issue. Below commit reverted the format to clang-6 from clang-10 and causing the failure. https://gerrit.openbmc-project.xyz/#
fix for bmcweb CI build failure
CI builds are failing due to formatting issue. Below commit reverted the format to clang-6 from clang-10 and causing the failure. https://gerrit.openbmc-project.xyz/#/c/openbmc/bmcweb/+/32702/
Tested: Build success.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: Ic75f7baeed9ff1013df37575dc180fb1c7d196fc
show more ...
|
dc3fbbd0 | 22-May-2020 |
Tony Lee <tony.lee@quantatw.com> |
Fix duplicate NTP servers patch
Duplicate NTP servers value should not be patch.
Tested: 1. Patch duplicate NTP servers curl -k -H "X-Auth-Token: $bmc_token" -XPATCH https://${bmc}/redfish/v1/Manag
Fix duplicate NTP servers patch
Duplicate NTP servers value should not be patch.
Tested: 1. Patch duplicate NTP servers curl -k -H "X-Auth-Token: $bmc_token" -XPATCH https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol -d '{"NTP":{"NTPServers":["9.9.9.9","9.9.9.9","1.1.1.1","9.9.9.9"]}}'
2. GET NTP servers information curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol { "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol", "@odata.type": "#ManagerNetworkProtocol.v1_5_0.ManagerNetworkProtocol", "Description": "Manager Network Service", "FQDN": "", "HTTP": { "Port": 0, "ProtocolEnabled": false }, "HTTPS": { "Certificates": { "@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates" }, "Port": 443, "ProtocolEnabled": true }, "HostName": "", "IPMI": { "Port": 623, "ProtocolEnabled": true }, "Id": "NetworkProtocol", "NTP": { "NTPServers": [ "1.1.1.1", "9.9.9.9" ], "ProtocolEnabled": false },
Signed-off-by: Tony Lee <tony.lee@quantatw.com> Change-Id: Idb63cf5e28d36a5df1aae9b0a7d53a1b7a9c8d91
show more ...
|
4722efeb | 03-Feb-2020 |
raviteja-b <raviteja28031990@gmail.com> |
Redfish:Dump offload handler implementation using nbd-proxy
This handler transfers data between nbd-client and nbd-server. basically it invokes nbd-proxy and reads data from socket and writes on to
Redfish:Dump offload handler implementation using nbd-proxy
This handler transfers data between nbd-client and nbd-server. basically it invokes nbd-proxy and reads data from socket and writes on to nbd-client and vice-versa
Change-Id: I429393a5e056647333bf4e148c0df2a5695b2a47 Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
show more ...
|
3bf4e632 | 06-Feb-2020 |
Joseph Reynolds <joseph-reynolds@charter.net> |
Implement Redfish PasswordChangeRequired
This implements the Redfish PasswordChangeRequired handling. See section 13.3.7.1 "Password change required handling" in the 1.9.1 spec: https://www.dmtf.or
Implement Redfish PasswordChangeRequired
This implements the Redfish PasswordChangeRequired handling. See section 13.3.7.1 "Password change required handling" in the 1.9.1 spec: https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf
These portions of the spec are implemented: - Authenticatation with a correct but expired password creates a session: - The session is restricted to the ConfigureSelf privilege which allows a user to change their own password (via GET and PATCH Password for their own account). Support for the ConfigureSelf privilege is already in BMCWeb. - The session object has the PasswordChangeRequired message. - All other operations respond with http status code 403 Forbidden and include the PasswordChangeRequired message. - The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER) PasswordChangeRequired property is implemented for local accounts but not present for remote accounts.
This has the following additional behavior:
The PasswordChangeRequired property is updated at the start of each new REST operation, even within an existing session. This behavior implements a "dynamic" PasswordChangeRequired handling that responds to changes to the underlying "password expired" status. Specifically: - Sessions restricted by the PasswordChangeRequired handling lose that restriction when the underlying account password is changed. - Sessions become subject to the PasswordChangeRequired handling restrictions whenever the underlying account password expires. - The mechanism is to check if the password is expired at the start of every new REST API operation, effectively updating the ManagerAccount PasswordChangeRequired property each time. This makes BMCWeb responsive to changes in the underlying account due to other activity on the BMC.
Notes: 1. Note that when an account password status is changed (for example, the password becomes expired or is changed) and that account has active sessions, those sessions remain. They are not deleted. Any current operations are allowed to complete. Subsequent operations with that session pick up the new password status.
2. This does not implement OWASP recommendations which call for sessions to be dropped when there is a significant change to the underlying account. For example, when the password is changed, the password becomes expired, or when the account's Role changes. OWASP's recommendation is due to the session fixation vulnerability. See the OWASP Session Management Cheat Sheet section "Renew the Session ID After Any Privilege Level Change": https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
BMCWeb protects against session fixation vulnerabilities because it always regenerates new session IDs when successful authentication creates a new session.
3. Users authenticating via mTLS are not subject to the PasswordChangeRequired behavior because mTLS takes precedence over password-based authentication.
Tested: 0. Setup: - The `passwd --expire USERNAME` command was used to expire passwords. The `chage USER` command was also used. - The following were used to change the password: Redfish API, passwd command, and the SSH password change dialog. - Tested the following via Basic Auth, /login, and Redfish login (except where Basic Auth does not create a persistent session). - Only local user account were tested. - Did not test authentication via mTLS or with LDAP users. 1. When the password is not expired, authentication behaves as usual for both correct and incorrect passwords. 2. When the password is incorrect and expired, authentication fails as usual. 3. When the password is correct but expired: A. A session is created and has the PasswordChangeRequired message. B. That session cannot access resources that require Login privilege and the 403 message contains the PasswordChangeRequired message. C. That session can be used to GET the user's account, PATCH the Password, and DELETE the session object. D. The account PasswordChangeRequired reports true. 4. While a session is established, try expiring and changing (unexpiring) the password using various mechanisms. Ensure both the session object and the ManagerAccount PasswordChangeRequired property report the correct condition, and ensure PasswordChangeRequired handling (restricting operations to ConfigureSelf when PasswordChangeRequired is true) is applied correctly.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8
show more ...
|
f4ef2acd | 06-May-2020 |
Chanyoung Park <park910113@gmail.com> |
Fix incorrect decoding of query string
QueryString class decodes incorrectly when it encounters percent-encoded query strings "%xy", and cause the http request class to have wrong query parameters.
Fix incorrect decoding of query string
QueryString class decodes incorrectly when it encounters percent-encoded query strings "%xy", and cause the http request class to have wrong query parameters. Fixed a bug in the process of converting 2-digit hexadecimal number to a single byte.
Tested: - Generate requests contains percent-encoded query strings - Check the urlParams field in crow::Request class and it works as expected
Example: - Before: GET https://{bmc}/...?a=b%20c&d=e req->urlParams: [ a=b, d=e ] - After: GET https://{bmc}/...?a=b%20c&d=e req->urlParams: [ a=b c, d=e ]
Signed-off-by: Chanyoung Park <park910113@gmail.com> Change-Id: Ic1bfc74bbf4882e55445dba246ca769699fab332
show more ...
|
2a5689a7 | 29-Apr-2020 |
AppaRao Puli <apparao.puli@linux.intel.com> |
EventService: Queuing the request data and retry
Add support to queue the request event data. Maintaining the proper state of connection and retry for appropriate action depending on state. If max r
EventService: Queuing the request data and retry
Add support to queue the request event data. Maintaining the proper state of connection and retry for appropriate action depending on state. If max retries are reached then suspend the retries. Need to add async timeout between retries and take action as configured 'DeliveryRetryPolicy' by user.
Tested: - Using Telemetry reports, streamed data to validate the queue by stopping listener. - Verified the retry logic. - Verfiied the appropriate action depending failed state of connection.
Change-Id: Idd562cd512897625bf7b0d9a376207db5cb8642f Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
show more ...
|
bd030d0a | 19-Mar-2020 |
AppaRao Puli <apparao.puli@linux.intel.com> |
Http client support
Add Http client support to asynchronously open the TCP connection with client and send data(POST only). This doesn't have support to keep open connection alive and also re-attemp
Http client support
Add Http client support to asynchronously open the TCP connection with client and send data(POST only). This doesn't have support to keep open connection alive and also re-attempt send message during fail cases.
Tested: - Able to push data to HTTP server successfully.
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com> Change-Id: I2c1abf8ac4b002278377761d2dbc8b563808efcb
show more ...
|
f8aa3d27 | 08-Apr-2020 |
James Feist <james.feist@linux.intel.com> |
Add CSRF check into websockets
This adds CSRF check into websockets to avoid attacks on websockets.
Tested: Could no longer use crosssite scripting to open websocket. KVM and SOL still work once we
Add CSRF check into websockets
This adds CSRF check into websockets to avoid attacks on websockets.
Tested: Could no longer use crosssite scripting to open websocket. KVM and SOL still work once web-ui changes are updated
Change-Id: I325079ae3d4db2701671564dff733e034d2670d6 Signed-off-by: James Feist <james.feist@linux.intel.com>
show more ...
|
cb6cb49d | 03-Apr-2020 |
James Feist <james.feist@linux.intel.com> |
Protect against timer exhaustion
Currently there is no check to see if all timers are used. This adds a check so that under many connections we don't get a double free.
Tested: Spun up many connect
Protect against timer exhaustion
Currently there is no check to see if all timers are used. This adds a check so that under many connections we don't get a double free.
Tested: Spun up many connections and double free went away
Change-Id: I7c6914f566064c57ad28d3bfe79a53e44f598a35 Signed-off-by: James Feist <james.feist@linux.intel.com>
show more ...
|
f0af8594 | 27-Mar-2020 |
James Feist <james.feist@linux.intel.com> |
Protect against slow read attack
Right now as long as an attacker continutes to do a slow read, the connection will stay open forever. Set a timeout so this can't happen.
Tested: Used slowhttptest
Protect against slow read attack
Right now as long as an attacker continutes to do a slow read, the connection will stay open forever. Set a timeout so this can't happen.
Tested: Used slowhttptest to verify this wouldn't happen
Change-Id: I4dbe2a18f9ccce0ba36875572ec3df6bf3be6a1e Signed-off-by: James Feist <james.feist@linux.intel.com>
show more ...
|
09d02f87 | 30-Mar-2020 |
Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> |
Fix for possible memory leak in mTLS.
Freeing resources returned by X509_get_ext_d2i method.
Tested: Manual test were made to verify if TLS authentication works as before.
Signed-off-by: Zbi
Fix for possible memory leak in mTLS.
Freeing resources returned by X509_get_ext_d2i method.
Tested: Manual test were made to verify if TLS authentication works as before.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: I937d7a13b9b63501fd58b846e6050c5523f76cc4
show more ...
|
fe306728 | 12-Mar-2020 |
James Feist <james.feist@linux.intel.com> |
Task: Add payload support
This adds the payload values to task responses.
Tested: passed validator
Change-Id: I50467e28ce8142d198f916ea0c63bd413edcd524 Signed-off-by: James Feist <james.feist@linu
Task: Add payload support
This adds the payload values to task responses.
Tested: passed validator
Change-Id: I50467e28ce8142d198f916ea0c63bd413edcd524 Signed-off-by: James Feist <james.feist@linux.intel.com>
show more ...
|
250b0ebb | 24-Feb-2020 |
Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com> |
Permission check for virtual media proxy mode
This patch enables checking of user permission for proxy mode, as start of this kind service is not triggered by redfish (which has permission check by
Permission check for virtual media proxy mode
This patch enables checking of user permission for proxy mode, as start of this kind service is not triggered by redfish (which has permission check by default). Permission check is done in .onopen handler of websocket. For this reason another dbus call for user privileges is added to verify if user has "ConfigureManager" privilege.
I have chosen this approach, as generic privilege check for all websockets introduces significant changes in connection upgrade flow which makes implementaion vague and caused some memory issues difficult to track down.
It is worth noting that other websockets (eg. kvm) uses .required() function to set privilege but this information is lost during connection upgrade and is not checked anywhere in upgrade flow.
Tested: Manual tests with opening websockets via web browser and dedicated nbd proxy utility. For users with/without appropriate permissions. Single request and burst of requests has been tested as well.
Change-Id: I2a56bec606fa0e5f3d4232e48794c9055bf6095e Signed-off-by: Przemyslaw Czarnowski <przemyslaw.hawrylewicz.czarnowski@intel.com>
show more ...
|
45b1b135 | 13-Feb-2020 |
James Feist <james.feist@linux.intel.com> |
Fix off by 1 error
i can increment > qs_kv_size with some inputs. Fix this by incrementing earlier in the loop instead so we don't have to increment after the loop and possibly go past max.
Tested:
Fix off by 1 error
i can increment > qs_kv_size with some inputs. Fix this by incrementing earlier in the loop instead so we don't have to increment after the loop and possibly go past max.
Tested: Used bad string and no longer saw segfault
Change-Id: Ia68cd9b24e9a0b16646197983c513d78df2239ed Signed-off-by: James Feist <james.feist@linux.intel.com>
show more ...
|
2b5e08e2 | 09-Jan-2020 |
Jan Sowinski <jan.sowinski@intel.com> |
Fix timeout issue during image upload
This commit fixes timeout issues when transfering bigger payloads like update image.
Tested by uploading image:
curl -k -H "X-Auth-Token: $token" -H "Conten
Fix timeout issue during image upload
This commit fixes timeout issues when transfering bigger payloads like update image.
Tested by uploading image:
curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \ -X POST -T test.tar https://$bmc/upload/image
# slow connection upload (~10kB/s) curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" \ -X POST -T test.tar https://$bmc/upload/image --limit-rate 10k
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com> Change-Id: I913136013afb58c97071819288460f4cb64d0d83
show more ...
|
ee52ae10 | 09-Jan-2020 |
Jan Sowinski <jan.sowinski@intel.com> |
Revert "Revert "Connection and websockets fixes""
This reverts commit a8086647b103f55116ce4c872e1455ebf1f3e346.
Reason for revert: Restoring commit c00500b as base for upload image issue fix
Chang
Revert "Revert "Connection and websockets fixes""
This reverts commit a8086647b103f55116ce4c872e1455ebf1f3e346.
Reason for revert: Restoring commit c00500b as base for upload image issue fix
Change-Id: I1dd5d3fda2d1ee6f4027193a0506d5ca764b01e4 Signed-off-by: Jan Sowinski <jan.sowinski@intel.com>
show more ...
|
a8086647 | 07-Jan-2020 |
James Feist <james.feist@linux.intel.com> |
Revert "Connection and websockets fixes"
This reverts commit c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a.
Reason: Makes image upload fail
Tested: Image upload works again
requests.post( 'ht
Revert "Connection and websockets fixes"
This reverts commit c00500bcb9c5145f5cacb78bbe3dd694fb85ba0a.
Reason: Makes image upload fail
Tested: Image upload works again
requests.post( 'https://{}/redfish/v1/UpdateService'.format(args.address), data=file.read(), verify=False, auth=(args.username, args.password))
Change-Id: Iaf780d052d98accdead32e87f468002f5141b19a Signed-off-by: James Feist <james.feist@linux.intel.com>
show more ...
|
0e1cf26b | 05-Dec-2019 |
Adriana Kobylak <anoo@us.ibm.com> |
Make the max http request body size configurable
OpenBMC supports "System" or "bundled" images that contain two or more firmware images, such as BMC and Host or PSU firmware, making the resulting im
Make the max http request body size configurable
OpenBMC supports "System" or "bundled" images that contain two or more firmware images, such as BMC and Host or PSU firmware, making the resulting image file greater than the current limit of 30MB.
Make the http request body size configurable to allow bigger files to be uploaded.
Tested: - Upload a regular BMC image still works. - Uploading a 50MB firmware image that contains the host fw fails: $ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image curl: (52) Empty reply from server
- With the "-DBMCWEB_HTTP_REQ_BODY_LIMIT_MB=128" compile option works: $ curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/octet-stream" -X POST -T obmc-phosphor-image-witherspoon-128.ubi.mtd.tar https://${bmc}/upload/image { "data": "19e6fe13", "message": "200 OK", "status": "ok" }
Change-Id: I0b0e1032c9daf00a01e42ac5ee1c0d979f857d5e Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
show more ...
|
c00500bc | 03-Dec-2019 |
Jan Sowinski <jan.sowinski@intel.com> |
Connection and websockets fixes
This commit fixes issue around Connection class and websockets - controlling connection lifetime by shared_ptr instead of manual new/delete - fixed memory leak wh
Connection and websockets fixes
This commit fixes issue around Connection class and websockets - controlling connection lifetime by shared_ptr instead of manual new/delete - fixed memory leak when upgrading connection to websockets - removed dangling reference to conn.req in websockets - fixed lack of reponse for invalid websockets URLs - fixed not working connections deadline timer
There is no noticable performance impact after switching connection management to shared pointers. Benchmark results using: wrk https://${bmc} shared_ptr: 144.29 Requests/sec new/delete: 144.41 Requests/sec
Tested manually: performance: wrk https://${bmc} memory leaks: top websockets: webui- KVM and VirtualMedia HTTP GET on random Redfish schemas: postman
Signed-off-by: Jan Sowinski <jan.sowinski@intel.com> Change-Id: I63f7395ba081a68e7900eae2ed204acd50f58689
show more ...
|
cac94c55 | 07-Nov-2019 |
Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> |
Turning ON the mutual TLS
This commit sets the mutual TLS option to ON by default.
Core mTLS implementation was accepted under this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+
Turning ON the mutual TLS
This commit sets the mutual TLS option to ON by default.
Core mTLS implementation was accepted under this commit:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23588
where by default the mTLS was disabled.
Tested: Manual tests were made to verify if this option turns the mTLS ON.
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: I3bc5f5453d4c4df1cd7ecb0b8868423285b6ab83
show more ...
|
b28eb8ed | 23-Oct-2019 |
Ed Tanous <ed.tanous@intel.com> |
Implement a TODO(ed) in comment
I now understand the router properly (as I did a while back). This call is correct, as "/" and "" are considered the same by the router.
Tested: Comment change, no
Implement a TODO(ed) in comment
I now understand the router properly (as I did a while back). This call is correct, as "/" and "" are considered the same by the router.
Tested: Comment change, no impact to code.
Signed-off-by: Ed Tanous <ed.tanous@intel.com> Change-Id: Ic6fc17f0e7137bbc3674c2290d10dcdba9b4ed18
show more ...
|
a6e2f1c4 | 11-Dec-2019 |
Jason M. Bills <jason.m.bills@linux.intel.com> |
Consolidate regex calls when converting links
We currently use multiple regex calls to convert specific fields to links. Rather than continuing to add new regex calls for individual link types, we
Consolidate regex calls when converting links
We currently use multiple regex calls to convert specific fields to links. Rather than continuing to add new regex calls for individual link types, we can use one regex to convert all '/redfish/' paths to links.
Tested: Checked that all provided redfish paths are converted to links: odata.id, odata.context, nextLink, Uri, etc.
Change-Id: I2f06e2d5ee9b3d88141f1629f168b3667669d93f Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
show more ...
|
61dbeef9 | 13-Dec-2019 |
RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com> |
Fix authorization for LDAP users
Modified the code to make an asynchronous call to GetUserInfo to get the user role for authorization.
For local users, DBus matches are used to store user role map
Fix authorization for LDAP users
Modified the code to make an asynchronous call to GetUserInfo to get the user role for authorization.
For local users, DBus matches are used to store user role map hot in memory. Hence, bmcweb has to know whether a user is a local user or LDAP user to get the role. To avoid this, removed the existing DBus matches and modified the code to call GetUserInfo to get the role of local users as well as LDAP users.
Tested: - Created a local user having admin privilege and verified that he is able to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a local user having user privilege and verified that he is unauthorized to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a remote user having admin privilege and verified that he is able to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Created a remote user having user privilege and verified that he is unauthorized to restart the system /redfish/v1/Systems/system/Actions/ComputerSystem.Reset -d '{"ResetType": "GracefulRestart"}' - Tested Redfish ConfigureSelf privilege
Signed-off-by: RAJESWARAN THILLAIGOVINDAN <rajeswgo@in.ibm.com> Change-Id: Ic3e46a0c0aff2cf456c98048350e58e302011c57
show more ...
|
26139a5a | 11-Dec-2019 |
Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> |
Adding a new value to cookie
This new value will be used by javascript in phosphor-webui to perform login-less authentication.
Tested: Manually tests were performed on Chrome browser. Having enab
Adding a new value to cookie
This new value will be used by javascript in phosphor-webui to perform login-less authentication.
Tested: Manually tests were performed on Chrome browser. Having enabled and configured mTLS user is able to authenticate with proper certificates. The login page is not displayed unless user logs out.
Appropriate phosphor-webui changes can be found here: https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-webui/+/27851
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: Iac76459e1843a5c8bd2287c6e078319aebedfdcc
show more ...
|