Make UserSubscription as shared_ptr in Subscription

Currently UserSubscription are used as value in Subscription. This
causes the copy of the object between subscriptionsMap and
subscriptionConfigMa

Make UserSubscription as shared_ptr in Subscription

Currently UserSubscription are used as value in Subscription. This
causes the copy of the object between subscriptionsMap and
subscriptionConfigMap when doing PATCH.

Using a shared_ptr for UserSubscription avoids the memory copy of it.

Tested:

- Using Redfish Event Listener, test subscriptions and eventing.
- Redfish Service Validator passes

Change-Id: I5821b72f28ba737a5c9b75288d377766c84c6a6a
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Fix persistent data directory creation

The commit c282e8b6c7f7f4e4ec94e4d1f1a380803e13da08 [1] causes an error
like

```
Oct 23 16:46:25 p10bmc bmcwebd[8985]: [CRITICAL persistent_data.hpp:220] Can'

Fix persistent data directory creation

The commit c282e8b6c7f7f4e4ec94e4d1f1a380803e13da08 [1] causes an error
like

```
Oct 23 16:46:25 p10bmc bmcwebd[8985]: [CRITICAL persistent_data.hpp:220] Can't create persistent folders Invalid argument
```

It is because the given persistent data filename does not contain the
directory name.

Tested:

- Update subscription data like
```
curl -k -X PATCH https://${bmc}/redfish/v1/EventService/Subscriptions/${SUBID} \
-H "Content-Type: application/json" \
-d '{"VerifyCertificate": false}'
```

- And check the above error.
- Restart bmcweb and check whether it is stored

[1] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75314

Change-Id: I0aa4768bbdb195b5247fd30c5078ada60187a4b3
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Remove annoying log

This log logs for every file on startup, and doesn't really add a lot of
value. Remove.

Tested: static files are no longer logged on startup.

Change-Id: I9394c2c28457b6e846733

Remove annoying log

This log logs for every file on startup, and doesn't really add a lot of
value. Remove.

Tested: static files are no longer logged on startup.

Change-Id: I9394c2c28457b6e846733dde7712aa97bb5a96fc
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Make sure directory exists

Handle cases where the persistent data directory might not exist, or
might not be writable (as would be the case in unit tests) by ignoring
the error.

This allows unit te

Make sure directory exists

Handle cases where the persistent data directory might not exist, or
might not be writable (as would be the case in unit tests) by ignoring
the error.

This allows unit tests to fail gracefully

Tested: Unit tests pass when persistent data dir isn't writable.
bmcweb boots and restores file session file normally when manually
restarted.

Change-Id: Idbd5155bed8be20738a85a55f0d4f876344a2439
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix Persistent Subscription PATCH

The `RedfishEvent` subscription is expected to be persistent over bmc
reboot or bmcweb restart. However, the properties on PATCH are
currently not persistent after

Fix Persistent Subscription PATCH

The `RedfishEvent` subscription is expected to be persistent over bmc
reboot or bmcweb restart. However, the properties on PATCH are
currently not persistent after reboot or bmcweb restart.

This commit is to sync those properties to the persistent store after
PATCH.

In addition, this commit fixes a missing `id` copy when a new
UserSubscription is created in [1] (introduced by [2]). As a result, it
may cause the following messages during bmcweb start after subscription
POST or PATCH like
```
Oct 16 14:37:34 p10bmc systemd[1]: Started Start bmcwebd server.
Oct 16 14:37:34 p10bmc bmcwebd[15320]: [ERROR event_service_store.hpp:253] Subscription missing required field information, refusing to restore
Oct 16 14:37:34 p10bmc bmcwebd[15320]: [ERROR persistent_data.hpp:166] Problem reading subscription from persistent store
```
After this, those subscriptions become lost.

Tested:

1. Subscription PATCH

- Create a subscription (e.g. use Redfish-Service-Validator).

- GET subscription and check the properties
```
SUBID=<id>
curl -k -X GET https://${bmc}/redfish/v1/EventService/Subscriptions/${SUBID}
```

- PATCH subscription with a different value.
```
curl -k -X PATCH https://${bmc}/redfish/v1/EventService/Subscriptions/${SUBID} \
-H "Content-Type: application/json" -d '{"DeliveryRetryPolicy":"RetryForever"}'
```

- Reboot BMC or restart bmcweb

- GET subscription and check the properties
```
curl -k -X GET https://${bmc}/redfish/v1/EventService/Subscriptions/${SUBID}
````

Before the fix, the property values are the same as before PATCH.
After the fix, the last patched property values will be kept.

2. Redfish Service Validator passes

[1] https://github.com/openbmc/bmcweb/blob/21a94d5cd4be74a85c978c0cd63e4c633093c531/redfish-core/include/event_service_manager.hpp#L812
[2] https://gerrit.openbmc.org/c/openbmc/bmcweb/+/65720

Change-Id: If5d2f622cc945faa6999d1e3e70211e881e19a79
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Move UserSubscription to composition

This allows for two very important simplifying changes. First, we can
use the default copy operators on the UserSubscription class, which is
far less error pron

Move UserSubscription to composition

This allows for two very important simplifying changes. First, we can
use the default copy operators on the UserSubscription class, which is
far less error prone than writing it manually, which we have two copies
of in code already.

Second, it allows the Subscription class to move to using values rather
than shared_ptr everywhere, which cleans up a significant amount of
code.

Tested:
Ran Redfish-Event-Listener, subscription created and destroyed
correctly.
Calling POST SubmitTestEvent showed events propagating to server.

Change-Id: I6d258cfe3594edddf3960ae2d4559d70acca1bf8
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Reformat with Never-AlignTrailingComments style

clang-format currently formats the codes to align the trailing comments
of the consecutive lines via `AlignTrailingComments/Kind` as `Always` in
`.cla

Reformat with Never-AlignTrailingComments style

clang-format currently formats the codes to align the trailing comments
of the consecutive lines via `AlignTrailingComments/Kind` as `Always` in
`.clang-format` file.

This could shift the comment lines by the neighboring code changes and
also potentially mislead the `diff` of code changes.

This commit is to keep the existing trailing comments as they were.

Tested:
- Check whitespace only
- Code compiles & CI passes.

Change-Id: I1c64d53572a81d5012aa748fe44478f80c271c5f
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Add extra subscription params support

OriginResource allows filtering messages on a per-device basis. This
was already listed as supported in our docs.

RegistryPrefixes is also added.

Tested: Uni

Add extra subscription params support

OriginResource allows filtering messages on a per-device basis. This
was already listed as supported in our docs.

RegistryPrefixes is also added.

Tested: Unit tests pass.

Change-Id: Idfde8416f2f466ce11957177e052b540fc669888
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix status for non-existent JsonSchema FileGet

This will fix the incorrect status 500 to status 404 for the
non-eixstent JsonSchema FileGet.

```
% redfishtool raw GET -r ${bmc} -u root -p 0penBmc

Fix status for non-existent JsonSchema FileGet

This will fix the incorrect status 500 to status 404 for the
non-eixstent JsonSchema FileGet.

```
% redfishtool raw GET -r ${bmc} -u root -p 0penBmc -S Always /redfish/v1/JsonSchemas/ComputerSystem/ComputerSystem.v1_99_1.json
redfishtool: Transport: Response Error: status_code: 500 -- Internal Server Error
redfishtool: raw: Error getting response
```

This commit also refactor `Response::openFile()` to return `ec` so that
the caller can check the reason of the failure.

Tested:
- Verify redfishtool result for the non-existent JsonSchema file like
```
% redfishtool raw GET -r ${bmc} -u root -p 0penBmc -S Always /redfish/v1/JsonSchemas/<schema>/<non-existent-schema>.json
redfishtool: Transport: Response Error: status_code: 404 -- Not Found
redfishtool: raw: Error getting response
```
- Redfish Service validator passes

Change-Id: I98927c076bb6e7dfb3742183b4b3545e328d2657
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Remove duplicated block comments

Static analysis flags that these two comments are redundant[1], which
seem to be duplicated a lot in copyright headers. Although there is a
larger discussion that c

Remove duplicated block comments

Static analysis flags that these two comments are redundant[1], which
seem to be duplicated a lot in copyright headers. Although there is a
larger discussion that can likely be had.

[1] https://sonarcloud.io/project/issues?issueStatuses=OPEN%2CCONFIRMED&id=edtanous_bmcweb&open=AY9_HYjgKXKyw1ZFwgVP

Tested: Comment change only. Code compiles.

Change-Id: Ia960317761f558a87842347ca0b5f3da63f8e730
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

dbus_utility: Support new ObjectMapper methods

The new ObjectMapper methods are added as part of

https://gerrit.openbmc.org/c/openbmc/phosphor-objmgr/+/70699

- GetAssociatedSubTreeById
- GetAssoci

dbus_utility: Support new ObjectMapper methods

The new ObjectMapper methods are added as part of

https://gerrit.openbmc.org/c/openbmc/phosphor-objmgr/+/70699

- GetAssociatedSubTreeById
- GetAssociatedSubTreePathsById

The two methods are meant to be used to replace places where two dbus
calls are used to get associated objects

Change-Id: Ia6dc198ea3c63b9d5a49ba09f1fa999381de8a7c
Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>

show more ...

Fix static analysis issues

[1] https://sonarcloud.io/project/issues?impactSeverities=HIGH&issueStatuses=OPEN%2CCONFIRMED&tags=since-c%2B%2B11&types=CODE_SMELL&id=edtanous_bmcweb&open=AY9_HYhXKXKyw1Z

Fix static analysis issues

[1] https://sonarcloud.io/project/issues?impactSeverities=HIGH&issueStatuses=OPEN%2CCONFIRMED&tags=since-c%2B%2B11&types=CODE_SMELL&id=edtanous_bmcweb&open=AY9_HYhXKXKyw1ZFwgTE

Change-Id: If3d42dd1afed1abe8e4a7db02da9c3b26c4508c2
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Pam refactoring: To support multiple prompts

The commit refactors pam_authenticated.cpp to support newer prompts
which may come in future for various MFA options. Now the support
restricted to unix

Pam refactoring: To support multiple prompts

The commit refactors pam_authenticated.cpp to support newer prompts
which may come in future for various MFA options. Now the support
restricted to unix Password and google authenticator Verification Code.

Tested by:

1: Successful session creation
2: Successful patch operation for password change using below
curl -k -H "Content-Type: application/json" -H
"X-Auth-Token: $bmc_token" -X
PATCH https://${bmc}/redfish/v1/AccountService/Accounts/root
-d '{"Password":"xxxxxxxx"}'

Change-Id: Iea8696c8a28adefcd5bf62e22978010f38ce8084
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>

show more ...

Move response creation into PasswordData class

No functional changes.

Tested: WIP

Change-Id: Ia306322e08690375f170ae82a82cde2aa8ce850d
Signed-off-by: Ed Tanous <etanous@nvidia.com>

Remove IWYU pragmas

These were added as part of
d5c80ad9c07b94465d8ea62d2b6f87c30cac765e: test treewide: iwyu

Since then, Nan hasn't been very active on the project, and to my
knowledge, since the

Remove IWYU pragmas

These were added as part of
d5c80ad9c07b94465d8ea62d2b6f87c30cac765e: test treewide: iwyu

Since then, Nan hasn't been very active on the project, and to my
knowledge, since the initial run, we've never used IWYU again.

clang-include-cleaner seems to work well without needing these pragmas,
and is what we're using, even if it's less useful than IWYU.

Remove all mention of IWYU.

Tested: Code compiles.

Change-Id: I06feedeeac9a114f5bdec81d59ca83223efd8aa7
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix password update

There is a regression issue found with this commit in password update
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/73605
This commit fixes PAM conversation for password update

Fix password update

There is a regression issue found with this commit in password update
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/73605
This commit fixes PAM conversation for password update

Tested by:
PATCH https://${bmc}/redfish/v1/AccountService/Accounts/root -d
'{"Password":"0penBmc1"}'

Change-Id: Ifcede67364c35ced899a3f726f67253cdb51002e
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

Redfish Session: Implement MFA "Token" property

This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.

Tested

Redfish Session: Implement MFA "Token" property

This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.

Tested by:

Verified redfish session and login redfish commands with or without
TOTP token for MFA enabled/disabled users.

User authentication with MFA token:
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"root", "Password": "0penBmc","Token":"510760"}'

User authentication without MFA token:
POST https://${bmc}/login -d '{"username" : "newuser", "password"
:"0penBmc"}'

POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"newuser", "Password": "0penBmc"}'

In case of invalid MFA token or password then authentication fails and
returns "ResourceAtUriUnauthorized" error message.

Change-Id: I639163dd3d49ff8ed886f72c99ad264317d59c34
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

Fix NOLINT in pam module

There's a number of places in the pam module where we do pointer
manipulation by hand. This is because pam relies on passing pointers.

This commit updates to at least usin

Fix NOLINT in pam module

There's a number of places in the pam module where we do pointer
manipulation by hand. This is because pam relies on passing pointers.

This commit updates to at least using unqiue_ptr with release(), as well
as std::span, rather than using raw pointers.

Tested: Tested in token commit. Will merge at same time.

Change-Id: Ie49f7e6eeaa5c7ac1798b9a123e3ab5439a4ab28
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Remove inline operator

Clang-18 flags this as a redundant inline operator, which is correct.
Remove it.

Tested: Code compiles.

Change-Id: I89d808f05cfc123b7884d1e0652cdd3912e2a674
Signed-off-by: E

Remove inline operator

Clang-18 flags this as a redundant inline operator, which is correct.
Remove it.

Tested: Code compiles.

Change-Id: I89d808f05cfc123b7884d1e0652cdd3912e2a674
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add missing nullptr check

Static analysis flags two missing nullptr checks. Add them.

Tested: dbus-rest is a deprecated option, so unit testing is the only
difference there.
Log services notify wa

Add missing nullptr check

Static analysis flags two missing nullptr checks. Add them.

Tested: dbus-rest is a deprecated option, so unit testing is the only
difference there.
Log services notify was added recently. Need help testing, otherwise
inspection only.

Change-Id: If92153ffa9c9fdf8903ce386f025ceebcf7510eb
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Break out SSL key handler into a compile unit

This commit allows for no code to have to pull in openssl headers
directly. All openssl code is now included in compile units, or
transitively from boo

Break out SSL key handler into a compile unit

This commit allows for no code to have to pull in openssl headers
directly. All openssl code is now included in compile units, or
transitively from boost.

Because http2 is optional, no-unneeded-internal-declaration is needed to
prevent clang from marking the functions as unused. Chromium has
disabled this as well[1]

Tested:
Redfish service validator passes.

[1] https://issues.chromium.org/issues/40340369

Change-Id: I327e8ffa45941c2282db804d0be56cf64155e67d
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Combine cipher suite lists

It's better to not have to update this in two places.

Tested: Inspection only.

Change-Id: I5c81e50806fe71dd251c22132d93ecbc55fc3865
Signed-off-by: Ed Tanous <etanous@nvi

Combine cipher suite lists

It's better to not have to update this in two places.

Tested: Inspection only.

Change-Id: I5c81e50806fe71dd251c22132d93ecbc55fc3865
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Update client ciphers to mozilla intermediate

Our client cipher suites are out of date with what mozilla recommends.
Update them to the latest.

https://ssl-config.mozilla.org/guidelines/5.7.json

F

Update client ciphers to mozilla intermediate

Our client cipher suites are out of date with what mozilla recommends.
Update them to the latest.

https://ssl-config.mozilla.org/guidelines/5.7.json

Functionally, this only removes the two remaining AES cipher suites.
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384

And replaces
TLS_CHACHA20_POLY1305_SHA256
with
DHE-RSA-CHACHA20-POLY1305

Functionally this should have no impact on any system.

Change-Id: I7680b06ea34c2a3c0bfd747aa3c3500c0f30151e
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove support for openssl < 3.0

OpenSSL 3.0+ has technically been required since
e79239970c3701f12903e8ac1574b9210b69aebc checked in 7 months ago. We
don't seem to be going backwards, so remove co

Remove support for openssl < 3.0

OpenSSL 3.0+ has technically been required since
e79239970c3701f12903e8ac1574b9210b69aebc checked in 7 months ago. We
don't seem to be going backwards, so remove code support for <3.0.

OpenSSL 1.1.1 was declared EOL 10 months ago [1]

[1] https://endoflife.date/openssl

Change-Id: I54f0d475dfa79ee7959f1b4278d3790c988de0af
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...