Do not allow data beyond the trailer

There is nothing in the multipart spec[1] that states that a parser
should allow any bytes after a multipart payload.

Several unit tests have a \r\n after their

Do not allow data beyond the trailer

There is nothing in the multipart spec[1] that states that a parser
should allow any bytes after a multipart payload.

Several unit tests have a \r\n after their boundary condition that
previously the parser just ignored. Testing shows this is fairly
normal, so handle both cases still, but if any other characters show up,
fail the parse.

Unit test is also simplified to be more clear.

Tested: Unit test coverage

[1] https://datatracker.ietf.org/doc/html/rfc7578#section-4.1

Change-Id: I16643c61867708886cc87c236447ec1c19bf934f
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Don't use at for field access in tests

at() throws an exception when a field doesn't exist. This is somewhat
paradoxical when using EXPECT_EQ, as that is not supposed to stop the
test on a failure.

Don't use at for field access in tests

at() throws an exception when a field doesn't exist. This is somewhat
paradoxical when using EXPECT_EQ, as that is not supposed to stop the
test on a failure. Convert calls to use operator[] which does not
throw.

Tested: Unit test

Change-Id: I9f1af1732294f2755f0beb422cffe0eb379f4e76
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add temp file and FD support to TemporaryFileHandle

This commit adds file descriptor and temporary file management to
DuplicatableFileHandle, removing the redundant test-only
TemporaryFileHandle uti

Add temp file and FD support to TemporaryFileHandle

This commit adds file descriptor and temporary file management to
DuplicatableFileHandle, removing the redundant test-only
TemporaryFileHandle utility.

Changes:
- Add file descriptor constructor and setFd() method
- Add temporary file constructor with string_view content
- Add filePath member and automatic cleanup in destructor
- Add configurable temp-dir meson option (default: /tmp/bmcweb)
- Remove include/file_test_utilities.hpp
- Update all tests to use DuplicatableFileHandle
- Rename stringPath to filePath

These features will be used by the multipart parser to stream
large uploads to temporary files instead of keeping them in memory,
and by the update service to pass file descriptors over D-Bus.

Change-Id: I982f5928d453f9f0c13d91c3525006134ddc87b3
Signed-off-by: Rajeev Ranjan <ranjan.rajeev1609@gmail.com>

show more ...

fix: add account checking inside verifyMtls

Currently if we don't have account in bmcweb but have valid format
certificate, we will have 500 internal server error when we send request
to bmcweb. But

fix: add account checking inside verifyMtls

Currently if we don't have account in bmcweb but have valid format
certificate, we will have 500 internal server error when we send request
to bmcweb. But, if we don't have valid format certificate, we will get
401 unauthorized. This is not ideal as the http code is not appropriate.
Also, this might introduce some security risk as the user can deduce
whether their certificate format is valid or not based on the http code.

This patch is intended to solve this issue by checking whether the
username exists in the system. If not, we will return nullptr inside
verifyMtls function, which result in 401 unauthorized response if the
user have valid format of certificate, but there is no related username
inside the system

Change-Id: I479a10ed2bcce2c9969e19fa3aab9686ba4c71be
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Remove getNthStringFromPath function

This utility function is being removed for several reasons. First, it
does not verify the full string on URIs and paths, so things like
/foo/bar/baz/valid_id wo

Remove getNthStringFromPath function

This utility function is being removed for several reasons. First, it
does not verify the full string on URIs and paths, so things like
/foo/bar/baz/valid_id would still pass this check.

Second, it is used for both URIs and dbus paths, both of which we have
better utility functions these days respectively, boost::url for urls
and sdbusplus::message::object_path for dbus paths. Neither of the two
is escaped properly when this function is used.

Therefore, remove it and replace it with the appropriate alternatives.

The existing URI functions were found to not accept fragments (given
they are rarely used in PATCH). Add support for fragments to cover the
getNthStringFromPath use cases.

Tested: Redfish service validator passes.

Change-Id: Ibc6755ad69397123d7fef0e0b764042bbb48888b
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix includes

Our includes haven't been enforced by tidy in a while. Run the script,
check in the result, minus the false positives.

Change-Id: I6a6da26f5ba5082d9b4aa17cdc9f55ebd8cd41a6
Signed-off-

Fix includes

Our includes haven't been enforced by tidy in a while. Run the script,
check in the result, minus the false positives.

Change-Id: I6a6da26f5ba5082d9b4aa17cdc9f55ebd8cd41a6
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Rearrange features

The backends are different things compared to generic code. Today,
these are all included in the /include folder, but it's not very clear
what options control which backends, or

Rearrange features

The backends are different things compared to generic code. Today,
these are all included in the /include folder, but it's not very clear
what options control which backends, or how things map together. This
also means that we can't separate ownership between the various
companies.

This commit is a proposal to try to create a features folder,
separated by the code for the various backends, to make interacting
with this easier. It takes the form

features/<option name>/files.hpp
features/<option name>/files_test.hpp

Note, redfish-core was already at top level, and contains lots of code,
so to prevent lots of conflicts, it's simply symlinked into that folder
to make clear that it is a backend, but not to move the implementation
and cause code conflicts.

Tested: Unit tests pass. Code compiles.

Change-Id: Idcc80ffcfd99c876734ee41d53f894ca5583fed5
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Remove implicit conversions

Since 2020, nlohmann has recognized that implicit conversions to and
from json are an issue. Many bugs have been caused at both development
time and runtime due to unexp

Remove implicit conversions

Since 2020, nlohmann has recognized that implicit conversions to and
from json are an issue. Many bugs have been caused at both development
time and runtime due to unexpected implicit conversions from json to
std::string/int/bool. This commit disables implicit conversions using
JSON_USE_IMPLICIT_CONVERSIONS [1]. This option will become the default
in the future. That comment was written 3 years ago at this point, so
we should prepare.

Tested:
Redfish service validator passes.

[1] https://json.nlohmann.me/api/macros/json_use_implicit_conversions/
Change-Id: Id6cc47b9bbf8889e4777fd6d77ec992f3139962c
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

mtls: implement UPN parse mode

This commit is intended to implement the UserPrincipalName (UPN) parse
mode on mutual TLS (MTLS). By implementing this we can use the X509
certificate extension Subjec

mtls: implement UPN parse mode

This commit is intended to implement the UserPrincipalName (UPN) parse
mode on mutual TLS (MTLS). By implementing this we can use the X509
certificate extension Subject Alternative Name (SAN), specifically UPN
to be used as the username

In our case, this feature is needed because we have a specific format
on our Subject CN of X509 certificate. This format cannot directly
mapped to the username of bmcweb because it contains special
characters (`/` and `:`), which cannot exist in the username.
Changing the format of our Subject CN is very risky. By enabling
this feature we can use other field, which is the SAN extension to
be used as the username and do not change our Subject CN on the
X509 certificate

In general, by implementing this feature, we can enable multiple
options for the system. There might be other cases where we want to
have the username of the bmcweb is not equal to the Subject CN of the
certificate, instead the username is added as the UserPrincipalName
field in the certificate

The format of the UPN is `<username>@<domain>` [1][2]. The format
is similar to email format. The domain name identifies the domain
in which the user is located [3] and it should match the device name's
domain (domain forest).

Tested
- Test using `generate_auth_certificate.py` (extended on patch [4])
- Manual testing (please see the script mentioned above for more detail)
- Setup certificate with UPN inside SAN extension
- Change the CertificateMappingAttribute to use UPN
- Get request to `/SessionService/Sessions`
- Run unit tests

[1] UPN Format: https://learn.microsoft.com/en-us/windows/win32/secauthn/user-name-formats#user-principal-name
[2] UPN Properties: https://learn.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname
[3] UPN Glossary: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/719b890d-62e6-4322-b9b1-1f34d11535b4#gt_9d606f55-b798-4def-bf96-97b878bb92c6
[4] Patch Testing Script: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/78837

Change-Id: I490da8b95aee9579546971e58ab2c4afd64c5997
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This pa

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.

[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects

Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Handle all possible subtypes

Accept header allows any possible parameter value, and expects
that unknown property subtypes are simply ignored.

We were previously enforcing that things either match

Handle all possible subtypes

Accept header allows any possible parameter value, and expects
that unknown property subtypes are simply ignored.

We were previously enforcing that things either match q=<number>
or have no params. bmcweb has no usage of the params, but allow
them to parse silently per the spec in case someone sends them.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/MIME_types#structure_of_a_mime_type

This more meets the intent. In theory we could parse only q and charset
values, but allowing any key/values here makes us more resilient against
new mime types being added.

Tested: Unit tests included and passing

Change-Id: I1500be0da4c0c72185ee5bda5dfc31885dc6102d
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add content-encoding parser

Similar to content-type, add an http content-encoding parser.

Tested: Unit tests pass.

Change-Id: Ic62809934f84804c910458184de19ca9a4207ce5
Signed-off-by: Ed Tanous <et

Add content-encoding parser

Similar to content-type, add an http content-encoding parser.

Tested: Unit tests pass.

Change-Id: Ic62809934f84804c910458184de19ca9a4207ce5
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Make accepts a real parser

We somewhat copped out a little with regards to this originally, because
writing parsers is hard, and we don't have to implement the full field
of what the Accepts header

Make accepts a real parser

We somewhat copped out a little with regards to this originally, because
writing parsers is hard, and we don't have to implement the full field
of what the Accepts header allows.

We should aim to be correct where we can, so implement a real parser
that parses values, including the floats.

Tested: Unit tests pass, good coverage.

Change-Id: I1b4232929367d230641be9f41f5af6e6dbcea037
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Remove IWYU pragmas

These were added as part of
d5c80ad9c07b94465d8ea62d2b6f87c30cac765e: test treewide: iwyu

Since then, Nan hasn't been very active on the project, and to my
knowledge, since the

Remove IWYU pragmas

These were added as part of
d5c80ad9c07b94465d8ea62d2b6f87c30cac765e: test treewide: iwyu

Since then, Nan hasn't been very active on the project, and to my
knowledge, since the initial run, we've never used IWYU again.

clang-include-cleaner seems to work well without needing these pragmas,
and is what we're using, even if it's less useful than IWYU.

Remove all mention of IWYU.

Tested: Code compiles.

Change-Id: I06feedeeac9a114f5bdec81d59ca83223efd8aa7
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix includes

This commit is automatically generated by enabling clang-include-fixer.

Tested: Code compiles.

Change-Id: I475d7b9d43e95bbdeeaadf11905d3b2a60aa8ef3
Signed-off-by: Ed Tanous <etanous@n

Fix includes

This commit is automatically generated by enabling clang-include-fixer.

Tested: Code compiles.

Change-Id: I475d7b9d43e95bbdeeaadf11905d3b2a60aa8ef3
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first,

Make schemas selectable

Which schemas are installed should be selectable in both a meson config,
and trivially by forks. This commit gets us closer to that idea.

It does it in several ways, first, the code for generating
JsonSchemaFile resources has been changed to be generated at runtime,
based on files on disk. This is slightly slower, but allows installing
schemas from anywhere, and matches the CSDL handling.

Next, the schema folders are separated into two sets
csdl -> This includes the complete schema pack from dmtf
installed -> this includes only the schemas the bmc includes

Similar folders exist for json-schema and json-schema-installed.

This allows any additional schemas to be a single symlink addition.
Note, this also checks in all of the dmtf json schemas, not just the
versions we use. This allows us to update the schema pack without
needing to break our versions we ship.

Because the static files are now selectable, all files need to be in a
folder. This forces the css and image for the redfish built-in gui to
be moved.

Tested:
/redfish/v1/JsonSchemas returns the correct result
/redfish/v1/JsonSchemas/UpdateService returns a JsonSchemaFile instance
/redfish/v1/JsonSchemas/UpdateService/UpdateService<version>json returns
the JsonSchemaFile contents.

Redfish service validator passes.

Change-Id: Ie96b2e4b623788dc2ec94eb40fcfd80325f0d826
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Break out random ID methods

The method of creating a random ID from an openssl random generator of a
particular length is something that is generally useful, and something
we can write unit tests fo

Break out random ID methods

The method of creating a random ID from an openssl random generator of a
particular length is something that is generally useful, and something
we can write unit tests for. Add it.

Tested:
Redfish service validator login flows work correctly in redfish service
validator.

Change-Id: Ic3b58d33f1421f3eb39e2d57585958f87f6fb8ea
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Make cert generate for readonly directories

When run from a development PC, we shouldn't REQUIRE that the cert
directory exists or is writable.

This commit reworks the SSL cert generation to genera

Make cert generate for readonly directories

When run from a development PC, we shouldn't REQUIRE that the cert
directory exists or is writable.

This commit reworks the SSL cert generation to generate a string with
the certification info, instead of writing it to disk and reading it
back. This allows bmcweb to start up in read-only environments, or
environments where there isn't access to the key information.

Tested: Launching the application on a dev desktop without an ssl
directory present no longer crashes.

Change-Id: I0d44eb1ce8d298986c5560803ca2d72958d3707c
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...