IBM Mgmt console lock algorithm improvement

This commit optimizes the release lock code and adds some traces to give
more data for lock conflict scenarios

Tested by:
1. With dual client connected,

IBM Mgmt console lock algorithm improvement

This commit optimizes the release lock code and adds some traces to give
more data for lock conflict scenarios

Tested by:
1. With dual client connected, verified the conflicts are returned
2. Tested releaseLock usecase

Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I3cf99aaa5cc7c2967ae8dbc9c76c9f7378ecebdd

show more ...

Fixes for IBM Management Console usecases

This commit fixes the below issues

1. Bump up the ConfigFile directory max limit
For large configurations on the system, the current directory size
u

Fixes for IBM Management Console usecases

This commit fixes the below issues

1. Bump up the ConfigFile directory max limit
For large configurations on the system, the current directory size
upper limit of 10MB was exceeding and BMC was sending the error back
to the client. This fails the entire large config support.
This commit Increases this upper limit of the configFile dir to 25MB

2. Return 409 Error for a lock conflict

Tested by:
1. ConfigFile read
2. Single file upload
3. AcquireLock from the same client returns 409

Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I9218e8263f31e519d76683822290dfe259c57192

show more ...

used sdbusplus::unpackPropertiesNoThrow part 6

used sdbusplus::unpackPropertiesNoThrow in openbmc_dbus_rest.hpp,
memory.hpp and sensors.hpp, also replaced all usages of "GetAll" with
sdbusplus::asio

used sdbusplus::unpackPropertiesNoThrow part 6

used sdbusplus::unpackPropertiesNoThrow in openbmc_dbus_rest.hpp,
memory.hpp and sensors.hpp, also replaced all usages of "GetAll" with
sdbusplus::asio::getAllProperties

bmcweb size: 2697624 -> 2697624 (0)
compressed size: 1129645 -> 1130037 (+392)

Tested:
Performed get on:
- /redfish/v1/Systems/system/Memory/dimm0

Performed get one of the members of:
- /redfish/v1/Chassis/chassis/Sensors

Get result before and after the change was in same format.

Change-Id: I05efcedfd905ea2c8d1d663e909cb59ebc2cf2b7
Signed-off-by: Krzysztof Grobelny <krzysztof.grobelny@intel.com>

show more ...

Add SSL support for http_client (EventService)

This commit adds the initial SSL support for http_client which can be
used for sending asynchronous Events/MetricReports to subscribed Event
Listener s

Add SSL support for http_client (EventService)

This commit adds the initial SSL support for http_client which can be
used for sending asynchronous Events/MetricReports to subscribed Event
Listener servers over secure channel.

Current implementation of http client only works for http protocol.
With current implementation, http client can be configured to work
with secure http (HTTPS). As part of implementation it adds the SSL
handshake mechanism and enforces the peer ceritificate verification.

The http-client uses the cipher suites which are supported by mozilla
browser and as recommended by OWASP. For better security enforcement
its disables the SSLv2, SSLv3, TLSv1, TLSv1.1 as described in below
OWASP cheetsheet.

It is validated with RootCA certificate(PEM) for now. Adding support
for different certificates can be looked in future as need arises.

[1]: https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html

Tested:
- Created new subscription with SSL destination(https) and confirmed
that events are seen on EventListener side.
URI: /redfish/v1/EventService/Subscriptions
Method: POST
Body:
{
"Context": "CustomText",
"Destination": "https://<IP>:4000/service/collector/event_logs",
"EventFormatType": "Event",
"DeliveryRetryPolicy": "RetryForever",
"Protocol": "Redfish"
}

- Unit tested the non-SSL connection by disabling the check in code
(Note: EventService blocks all Non-SSL destinations). Verified that
all events are properly shown on EventListener.
URI: /redfish/v1/EventService/Subscriptions
Method: POST
Body:
{
"Context": "CustomText",
"Destination": "http://<IP>:4001/service/collector/event_logs",
"EventFormatType": "Event",
"Protocol": "Redfish"
}

- Combined above two tests and verified both SSL & Non-SSL work fine in
congention.

- Created subscription with different URI paths on same IP, Port and
protocol and verified that events sent as expected.

Change-Id: I13b2fc942c9ce6c55cd7348aae1e088a3f3d7fd9
Signed-off-by: AppaRao Puli <apparao.puli@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

Remove q-factor weighting on Accept Header

bmcweb does not do anything with the q-factor weighting (;q=) so just
remove it from the encoding.

This is needed because routes like
"/redfish/v1/Systems

Remove q-factor weighting on Accept Header

bmcweb does not do anything with the q-factor weighting (;q=) so just
remove it from the encoding.

This is needed because routes like
"/redfish/v1/Systems/system/LogServices/EventLog/Entries/<str>/attachment"
have a check for isOctetAccepted. Even though */* is in the Accept
Header isOctetAccepted still fails due to the q-factor weighting.

On the system I tested, on firefox, Accept looks like:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

The GUI reported being unable to download a AdditionalDataURI (e.g.
...attachment/)

Here is the GUI code attempting to download the additional data:
https://github.com/openbmc/webui-vue/blob/9b79a6e7e3df3d3cbaf9a7750bbe343628022026/src/views/Logs/EventLogs/EventLogs.vue#L155
https://github.com/openbmc/webui-vue/blob/9b79a6e7e3df3d3cbaf9a7750bbe343628022026/src/locales/en-US.json#L251

Today this results in a 400 Bad Request due to isOctetAccepted.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept

Tested:
/redfish/v1/Systems/system/LogServices/PostCodes/Entries/<str>/attachment/
and .../EventLog/Entries/<str>/attachment now return correctly.

Change-Id: I969f5f2c32c4acccd4d80615f17c44d0c8fabd0d
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

dbus_utility: Remove ManagedItem type alias

Type alias ManagedItem is identical to ManagedObjectType::value_type,
remove it.

Tested:
Build pass. No significant change in compressed binary size.

Ch

dbus_utility: Remove ManagedItem type alias

Type alias ManagedItem is identical to ManagedObjectType::value_type,
remove it.

Tested:
Build pass. No significant change in compressed binary size.

Change-Id: I6d0f0498399ee639d8a5445fe908a7c311327e41
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

IBM Mgmt console writeLock conflict fix

The isConflictRecord method was returning false by default which is
causing ignoring the same resourceId conflicts.
Same resourceId case will pass all the con

IBM Mgmt console writeLock conflict fix

The isConflictRecord method was returning false by default which is
causing ignoring the same resourceId conflicts.
Same resourceId case will pass all the conditions and reach to the end
of the function. Returning true means that there is a conflict.

This commit fixes this by returning true by default

Tested by:
1. Send writeLock requests with same resourceId and segment length

Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: Ie65c6394988a357a8c811b621e113c14924bb8f6

show more ...

Use enum overload for field setting

There are two overloads of addHeader, one that takes a string, and one
that takes a boost enum. For most common headers, boost contains a
string table with all o

Use enum overload for field setting

There are two overloads of addHeader, one that takes a string, and one
that takes a boost enum. For most common headers, boost contains a
string table with all of those entries anyway, so there's no point in
duplicating the strings, and ensures that we don't make trivial
mistakes, like capitalization or - versus underscore that aren't caught
at compile time.

Tested:
This saves a trivial amount (572 bytes) of compressed binary size.

curl --insecure -vvv --user root:0penBmc https://192.168.7.2/redfish/v1

returns < Content-Type: application/json

curl --insecure -vvv -H "Accept: text/html" --user root:0penBmc https://192.168.7.2/redfish/v1

Returns
< Content-Type: text/html;charset=UTF-8

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I34c198b4f9e219247fcfe719f9b3616d35aea3dc

show more ...

Preserve headers from the root object on expand

There is a bug where, when running an expand query, headers from the
response object get dropped. These headers include OData.type, and the
newly min

Preserve headers from the root object on expand

There is a bug where, when running an expand query, headers from the
response object get dropped. These headers include OData.type, and the
newly minted Link header, as well as possible others.

This was actually noted in a TODO, although the author of the TODO,
didn't fully understand the consequences at the time, and thought there
was no functional impact.

To resolve this, this commit resolves the TODO, and allows the Response
object to be moved out, instead of having to create a new one, which
preserves all the response state. To do this, it creates a move
constructor on the Response object for this use. The move constructor
is relatively benign, with one caveat, that we might be moving while in
a completion handler (as is the most common use). So both the existing
operator= and Response() move constructor are amended to handle this
case, and simply null out the response object in the copied object,
which would be correct behavior, given that each callback handler should
only be called once per Response object.

Tested:
curl --insecure --user root:0penBmc -vvvv
https://192.168.7.2/redfish/v1\?\$expand\=\*\(\$levels\=2\)

returns the same body as previously, now with the included:
OData-Version: 4.0
Allow: Get

headers in the response.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I221364dd4304903b37cacb1386f621b073a0a891

show more ...

authn: correct meson behaviors

Today `basic-auth` (and other options) can be enabled even if
`insecure-disable-auth` is enabled, which doesn't make sense.
With this block this commit added in meson,

authn: correct meson behaviors

Today `basic-auth` (and other options) can be enabled even if
`insecure-disable-auth` is enabled, which doesn't make sense.
With this block this commit added in meson, If we disable authx with
`insecure-disable-auth`, then all these auth options will be ignored.

Tested:
1. code compiles with and without 'insecure-disable-auth'.
2. No new service validator errors when 'insecure-disable-auth' is
turned on.
3. No new service validator errors when 'insecure-disable-auth' is
turned off.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I2c634851f7aa7b9e57158770c5d40c12954c93a7

show more ...

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I46a5eec210002af84239af74a93c830b1d4a13f1

show more ...

test treewide: iwyu

These changes are done by running iwyu manually under clang14.

Suppressed some obvious impl or details headers. Kept the recommended
public headers.

IWYU can increase readabili

test treewide: iwyu

These changes are done by running iwyu manually under clang14.

Suppressed some obvious impl or details headers. Kept the recommended
public headers.

IWYU can increase readability, make maintenance easier, and avoid errors
in some cases. See details in
https://github.com/include-what-you-use/include-what-you-use/blob/master/docs/WhyIWYU.md.

This commit also uses its best effort to correct obvious errors through
iwyu pragma.
See reference here:
https://github.com/include-what-you-use/include-what-you-use#how-to-correct-iwyu-mistakes

Tested: unit test passed.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I983b6f75601707cbb0f2f04546c3362ff4ba7fee

show more ...

Remove usages of boost::starts/ends_with

Per the coding standard, now that C++ supports std::string::starts_with
and std::string::ends_with, we should be using them over the boost
alternatives. Thi

Remove usages of boost::starts/ends_with

Per the coding standard, now that C++ supports std::string::starts_with
and std::string::ends_with, we should be using them over the boost
alternatives. This commit goes through and updates all usages.

Arguably some of these are incorrect, and instances of common error 13,
but because this is mostly a mechanical it intentionally doesn't try to
handle it.

Tested: Unit tests pass.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ic4c6e5d0da90f7442693199dc691a47d2240fa4f

show more ...

Fix const correctness issues

cppcheck correctly notes that a lot of variables in the new code can be
const. Make most of them const.

Tested: WIP

Signed-off-by: Ed Tanous <edtanous@google.com>
Cha

Fix const correctness issues

cppcheck correctly notes that a lot of variables in the new code can be
const. Make most of them const.

Tested: WIP

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I8f37b6353fd707923f533e1d61c5b5419282bf23

show more ...

Google RoT: simplify subtree iteration

Use structured binding declaration to avoid verbose typing of subtree
response.

Tested:
1. code compiles
2. tested on hardware and RoT resources worked as exp

Google RoT: simplify subtree iteration

Use structured binding declaration to avoid verbose typing of subtree
response.

Tested:
1. code compiles
2. tested on hardware and RoT resources worked as expected.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I22758c196a097cce8e94208085fd59ce1363cefc

show more ...

Google RoT: add unit tests for /google/v1

Tested: unit test worked.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I4feb6c9cdf52930617a7011732a5837f06c1adda

Google RoT: remove global constant strings

These variables are replaced by local string literals, which has
better readability.

Tested: tested on real hardware.

GET: /google/v1/RootOfTrustCollecti

Google RoT: remove global constant strings

These variables are replaced by local string literals, which has
better readability.

Tested: tested on real hardware.

GET: /google/v1/RootOfTrustCollection
{
"@odata.id": "/google/v1/RootOfTrustCollection",
"@odata.type": "#RootOfTrustCollection.RootOfTrustCollection",
"Members": [
{
"@odata.id": "/google/v1/RootOfTrustCollection/Hoth"
}
],
"Members@odata.count": 1
}

GET /google/v1/RootOfTrustCollection/Hoth
{
"@odata.id": "/google/v1/RootOfTrustCollection/Hoth",
"@odata.type": "#RootOfTrust.v1_0_0.RootOfTrust",
"Actions": {
"#RootOfTrust.SendCommand": {
"target": "/google/v1/RootOfTrustCollection/Hoth/Actions/RootOfTrust.SendCommand"
}
},
"Description": "Google Root Of Trust",
"Id": "Hoth",
"Location": {
"PartLocation": {
"LocationType": "Embedded",
"ServiceLabel": "Hoth"
}
},
"Name": "Hoth",
"Status": {
"State": "Enabled"
}
}

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I4c21eeb6a521b657bd9a8eb7394e7748d000ad52

show more ...

Google RoT: allign callback style

The current convention:
1. route handler should be named as "handleAbcResouceMethod"
2. prefer inline functions instead of local lambdas

Tested:
1. compiles
2. on

Google RoT: allign callback style

The current convention:
1. route handler should be named as "handleAbcResouceMethod"
2. prefer inline functions instead of local lambdas

Tested:
1. compiles
2. on Google hardware, the commands in
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/52222/32 worked

GET: /google/v1/RootOfTrustCollection
{
"@odata.id": "/google/v1/RootOfTrustCollection",
"@odata.type": "#RootOfTrustCollection.RootOfTrustCollection",
"Members": [
{
"@odata.id": "/google/v1/RootOfTrustCollection/Hoth"
}
],
"Members@odata.count": 1
}

GET /google/v1/RootOfTrustCollection/Hoth
{
"@odata.id": "/google/v1/RootOfTrustCollection/Hoth",
"@odata.type": "#RootOfTrust.v1_0_0.RootOfTrust",
"Actions": {
"#RootOfTrust.SendCommand": {
"target": "/google/v1/RootOfTrustCollection/Hoth/Actions/RootOfTrust.SendCommand"
}
},
"Description": "Google Root Of Trust",
"Id": "Hoth",
"Location": {
"PartLocation": {
"LocationType": "Embedded",
"ServiceLabel": "Hoth"
}
},
"Name": "Hoth",
"Status": {
"State": "Enabled"
}
}

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I0221b4b183579b33d0848d96a20398aee1a211d4

show more ...

dbus_singleton: use stack variable and extern

Currently, the |systemBus| connection is a static variable declared in
headers. This has a problem that every translation unit will keep its
own copy. I

dbus_singleton: use stack variable and extern

Currently, the |systemBus| connection is a static variable declared in
headers. This has a problem that every translation unit will keep its
own copy. It's not a problem today because there's only one translation
unit "webserver_main.cpp.o". This issue was brounght up in
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/54758

Actually, the |systemBus| doesn't need to be a singleton. It can just be
a stack variable, which is normally more efficient than heap variables.

To keep minimum changes treeside, this commits keeps the existing
|systemBus| variable as an external variable. It is defined in its own
translation unit. It is initialized in the main translation unit.

Reference:
1. Extern
https://stackoverflow.com/questions/1433204/how-do-i-use-extern-to-share-variables-between-source-files

Tested:
1. Romulus QEMU robot Redfish test passed;
2. Start and restart service on real hardware, no issues;
3. No new validator failures
4. Code compies

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I03b387bd5f218a86c9d1765415a46e3c2ad83ff9

show more ...

Google RoT: avoid potential dangling pointer

The struct |ResolvedEntity| stores a pointer which might be dangling in
the future when interface is not longer a string literal. Given that the
interfac

Google RoT: avoid potential dangling pointer

The struct |ResolvedEntity| stores a pointer which might be dangling in
the future when interface is not longer a string literal. Given that the
interface string is small enough, this commits changes the data member
to a string which is constructed (copied) from the string literal today.

Tested: trivial change. Compiles.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I2759635f7fa296cc8aa141735efb3799a1503726

show more ...

dbus_utility_test: fix test case names

This commit applies the GTest test case naming convention: Camel case,
use decriptive Test names.

It also groups test cases according to the name.

Reference:

dbus_utility_test: fix test case names

This commit applies the GTest test case naming convention: Camel case,
use decriptive Test names.

It also groups test cases according to the name.

Reference:
https://testing.googleblog.com/2014/10/testing-on-toilet-writing-descriptive.html
http://google.github.io/googletest/primer.html#simple-tests

Tested: unit test passes.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ibd1bfcb4456b64e43f437cc2afa7464f03ee634c

show more ...

Remove unused variables

cppcheck finds a few variables that were unused in a few modules. Clean
them up.

Tested: Code compiles, unit tests pass.

Signed-off-by: Ed Tanous <edtanous@google.com>
Cha

Remove unused variables

cppcheck finds a few variables that were unused in a few modules. Clean
them up.

Tested: Code compiles, unit tests pass.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I7a95025891bb537b45b99b3cd649ad05533e78f4

show more ...

Make nbd-proxy header build in all cases

We very intentionally don't do this "only include header if option is
enabled" thing to make sure that compile issues are seen across all
builds.

Tested: Co

Make nbd-proxy header build in all cases

We very intentionally don't do this "only include header if option is
enabled" thing to make sure that compile issues are seen across all
builds.

Tested: Code compiles. Header changes only.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I749aed62ed6cd73690f3d89d75df65bec77562c2

show more ...

Remove BLONS

This file was used in unit tests a while ago. It's not really a good
test list, and ideally would be replaced with coverage directed fuzzing
if we ever needed something like this in th

Remove BLONS

This file was used in unit tests a while ago. It's not really a good
test list, and ideally would be replaced with coverage directed fuzzing
if we ever needed something like this in the future.

Tested: Delete only.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I9a7d3c422226e0366399ab43abd92f762e3e4fc7

show more ...

Require explicit decorator on one arg constructors

We essentially follow this rule already, not relying on implicit
operators, although there are a number of cases where in theory we
could've implic

Require explicit decorator on one arg constructors

We essentially follow this rule already, not relying on implicit
operators, although there are a number of cases where in theory we
could've implicitly constructed an object.

This commit enables the clang-tidy check.

Tested: Code compiles, passes clang-tidy.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: Ia428463313b075c69614fdb326e8c5c094e7adde

show more ...