Fixes the method signature generation logic

During generation of the method signature, Both Input and Output argument
is being used, where only Input argument should have been considered.

This meth

Fixes the method signature generation logic

During generation of the method signature, Both Input and Output argument
is being used, where only Input argument should have been considered.

This method signature is required as we convert the input values into its actual
types by introspecting the interface.
https://github.com/openbmc/openbmc/issues/1160

Fixes openbmc/openbmc#3453

Change-Id: I3eb99736295b76176a9964f7542f326007e1c4a4
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>

show more ...

rest_dbus: get_host_interface: Iterate through busnames

The mapper may return multiple busnames, as it's the case for an
object that has associations. So if the path is not found on the
busname, con

rest_dbus: get_host_interface: Iterate through busnames

The mapper may return multiple busnames, as it's the case for an
object that has associations. So if the path is not found on the
busname, continue to see if there are more busnames to try instead
of quitting on the first try.

Fixes: openbmc/openbmc#3460

Tested: Verified the software interfaces are working again, and
that a dummy busname still raises an exception for the case where
none of the busnames returned by the mapper hold the requested
path.

Change-Id: Iaf36dd94f728d147f20c23666e5c19062b33f97a
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

show more ...

phosphor-rest-server: connect with the correct sockaddr size

With the obmc-console-server binding to the correct socket, this is not
needed.

Abstract unix sockets start with the nul-charater, but a

phosphor-rest-server: connect with the correct sockaddr size

With the obmc-console-server binding to the correct socket, this is not
needed.

Abstract unix sockets start with the nul-charater, but are not nul
terminated. In fact, the nul-character has no meaning in the path.
According to the man page unix(7),

abstract: an abstract socket address is distinguished (from a pathname
socket) by the fact that sun_path[0] is a null byte ('\0').
The socket's address in this namespace is given by the
additional bytes in sun_path that are covered by the
specified length of the address structure. (Null bytes in
the name have no special significance.)

This means that when calling bind/connect, the size of the sockaddr
structure is not sizeof(sockaddr_un), it is sizeof(sockaddr_un) -
sizeof(sun_path) + (path_len)

Change-Id: I1d978af9ace7fa137bab2f596a217d1ba243e5be
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Ensure websocket termination handled correctly

Currently when a websocket is terminated on the client side, the logic
in EventNotifier continues to run. This is because the WebSocketError
exceptions

Ensure websocket termination handled correctly

Currently when a websocket is terminated on the client side, the logic
in EventNotifier continues to run. This is because the WebSocketError
exceptions are detected in the properties/interface handlers where
that exception is just ignored.

This exception can not be sent back up to the main loop because
it goes through the dbus libraries which will fail when it
sees it.

Use a class variable to indicate when a websocket error has
been hit and break out of the loop. Also, remove signal handlers.

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

Removed good path tracing.

Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I068f19fd75aa03fb71d98e9ff75f596941c8622f

show more ...

LDAP config: don't log bind password

Add a way to prevent json body logging for routes with sensitive data
such as passwords.

This is basically done via a list of URLs. Add the LDAP create config
U

LDAP config: don't log bind password

Add a way to prevent json body logging for routes with sensitive data
such as passwords.

This is basically done via a list of URLs. Add the LDAP create config
URL to this list.

Tested:

Before:
phosphor-gevent[1481]: <BMC IP> user:root POST
http://127.0.0.1:8081/xyz/openbmc_project/user/ldap/action/CreateConfig
json:{u'data': [False, u'ldap://<LDAP server IP>/',
u'cn=Sivas,cn=Users,dc=Corp,dc=ibm,dc=com',
u'cn=Users,dc=Corp,dc=ibm,dc=com', u'<password>',
u'xyz.openbmc_project.User.Ldap.Create.SearchScope.sub',
u'xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory']} 200 OK

After:
phosphor-gevent[1710]: <BMC IP> user:root POST
http://127.0.0.1:8081/xyz/openbmc_project/user/ldap/action/CreateConfig
json:None 200 OK

Change-Id: I99979e5e373784c7eabb55861dae70bb283859a4
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

show more ...

certificate handler: fixup return code

Map a certificate install fail to a 400. This is likely due to an
invalid certificate.

Change-Id: Ie451aa356e4a708889aa7475f10a1c122253e859
Signed-off-by: Dee

certificate handler: fixup return code

Map a certificate install fail to a 400. This is likely due to an
invalid certificate.

Change-Id: Ie451aa356e4a708889aa7475f10a1c122253e859
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

show more ...

Implement certificate delete

Implement the DELETE verb on certificate endpoints. This calls the D-Bus
delete interface on corresponding D-Bus objects.

Change-Id: Id829f9064474edd2324ce3c4a66148041b

Implement certificate delete

Implement the DELETE verb on certificate endpoints. This calls the D-Bus
delete interface on corresponding D-Bus objects.

Change-Id: Id829f9064474edd2324ce3c4a66148041b70a95b
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

show more ...

certificate handler: use mapper

Use mapper to retrieve a D-Bus busname, instead of assuming a well-known
busname.

Change-Id: I668f750ab098b847bf3a662abdf6614170471c41
Signed-off-by: Deepak Kodihall

certificate handler: use mapper

Use mapper to retrieve a D-Bus busname, instead of assuming a well-known
busname.

Change-Id: I668f750ab098b847bf3a662abdf6614170471c41
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

show more ...

Upload and activate new certificate file.

Handle the rest interface to activate new certificate.

Change-Id: Ida636a129a042eaa03c754f57fe1bb134446e086
Signed-off-by: Dhruvaraj Subhashchandran <dhruv

Upload and activate new certificate file.

Handle the rest interface to activate new certificate.

Change-Id: Ida636a129a042eaa03c754f57fe1bb134446e086
Signed-off-by: Dhruvaraj Subhashchandran <dhruvaraj@in.ibm.com>

show more ...

Purge semicolons

Change-Id: Ibca457d0721cce4a76152c2095026adc1bdcdfea
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

Log requests only if setting is enabled

Log requests only if corresponding setting is turned on.

The Logging plug-in reads the D-Bus setting and caches the value. It
updates the value if the D-Bus

Log requests only if setting is enabled

Log requests only if corresponding setting is turned on.

The Logging plug-in reads the D-Bus setting and caches the value. It
updates the value if the D-Bus property changes.

The D-Bus setting object is at
/xyz/openbmc_project/logging/rest_api_logs.

Change-Id: If4afcbfd3898d09c6ef31cc7c79a058cb5017769
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

show more ...

Log requests and responses

Enable logging for audit purposes - logs are emitted only for PUT, POST,
PATCH and DELETE, not for GET.

A log would be emitted in this format :
<client IP> user:<user> <v

Log requests and responses

Enable logging for audit purposes - logs are emitted only for PUT, POST,
PATCH and DELETE, not for GET.

A log would be emitted in this format :
<client IP> user:<user> <verb> <url> json:<json-body, if it exists> <response>

Change-Id: I2d31ef8feacef79c7f488d826e0262a9cc852246
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

show more ...

Explicitly convert dbus.Booleans to bools

The dbus.Boolean data type that the dbus python module uses for
booleans is based on an int, so the JSON encoder class serializes
it to a 1 and 0 instead of

Explicitly convert dbus.Booleans to bools

The dbus.Boolean data type that the dbus python module uses for
booleans is based on an int, so the JSON encoder class serializes
it to a 1 and 0 instead of the native JSON bool presentation of
true and false. Though the encoder module does allow for custom
serialization functions, it only does so for data types that it
doesn't recognize, and it does recognize a dbus.Boolean though it
thinks it's an int.

To get around this limitation, walk the response dictionary
object and convert all dbus.Booleans to bools before encoding
the response. The only time that data is copied is when a boolean
is in a dbus.Struct, which is an immutable tuple, so it will be
made into a list during revision before converting it back when
complete.

There is a slight performance penalty to pay for this. Measurements
showed enumerating the whole /xyz/openbmc_project tree take about
1 second longer.

Resolves openbmc/openbmc#3154

Tested: Lots of REST calls and output inspection.

Change-Id: I591f010798a80aeafd02289e3d35c335540f6562
Signed-off-by: Matt Spinler <spinler@us.ibm.com>

show more ...

rest_dbus: Add read-only property error

There is now support in sdbusplus to mark a property as
read-only, so that a REST request to modify it would return
org.freedesktop.DBus.Error.PropertyReadOnl

rest_dbus: Add read-only property error

There is now support in sdbusplus to mark a property as
read-only, so that a REST request to modify it would return
org.freedesktop.DBus.Error.PropertyReadOnly.

Add support for this error to provide a more useful and
compact error instead of the default 500 Internal Error with
the traceback.

Tested:
Instead of a 500 error with traceback, a compact 403 error
is displayed:
$ curl b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data": 50}' https://${bmc}/xyz/openbmc_project/control/power_supply/attr/DeratingFactor
{
"data": {
"description": "org.freedesktop.DBus.Error.PropertyReadOnly: Property 'DeratingFactor' is not writable."
},
"message": "403 Forbidden",
"status": "error"
}

Change-Id: I5648a99c7656a6f9d9a8ca967418fabd64b080c6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

show more ...

Revert "Provide the infrastructure to whitelist given URL from REST server"

This reverts commit 0cf702c3948487089723d539efc59275b958bf34.

This commit broke accessing the Web UI. Reverting until thi

Revert "Provide the infrastructure to whitelist given URL from REST server"

This reverts commit 0cf702c3948487089723d539efc59275b958bf34.

This commit broke accessing the Web UI. Reverting until this can be
fixed.

Change-Id: Ie49bbcd51561cca5d587bd161ec51f3b6d22ffd0
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Fix error message in do_put()

do_put() always reports "Failed to convert to type" when it gets
exception during retry.
This is not wrong because it may gets the real error from Dbus instead
of conve

Fix error message in do_put()

do_put() always reports "Failed to convert to type" when it gets
exception during retry.
This is not wrong because it may gets the real error from Dbus instead
of convert_type().

Fix it by using try-except for both convert_type() and self.do_put() to
correctly report the error.

Resolves: openbmc/openbmc#3301

Tested: Setting host time when time config does not allow this, and
verify the correct error is reported.

Change-Id: Ic46cedb7ea20d91d94b45568af9acd55af9caf56
Signed-off-by: Lei YU <mine260309@gmail.com>

show more ...

Provide the infrastructure to whitelist given URL from REST server

Added a plug-in which runs on each request and checks if the requested
URL consists of whitelisted URL, if so, allows the access, o

Provide the infrastructure to whitelist given URL from REST server

Added a plug-in which runs on each request and checks if the requested
URL consists of whitelisted URL, if so, allows the access, otherwise
fails with an error message.

It gets whitelisted URL info from json file.

Resolves openbmc/openbmc#2378

Change-Id: I95e5fd080e03616a1cba2b86d951414669338b08
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>

show more ...

Avoid closing of web socket during the idle time

"/subscribe" route of web socket is getting closed if it remains
idle for more than 60 seconds. Once web socket get closed, it can't
handle further e

Avoid closing of web socket during the idle time

"/subscribe" route of web socket is getting closed if it remains
idle for more than 60 seconds. Once web socket get closed, it can't
handle further event notifications. To avoid this, send a ping to
wake it up during constant intervals.

Resolves: Part of openbmc/openbmc#3102

Tested: Running GUI locally and verified the command line and web gui
power on/off operations. Also could not see web socket getting closed
during idle time.

Change-Id: Ic3da0d30b99d1c3ac5ce4311204e6f6b09b8c1f0
Signed-off-by: Jayashankar Padath <jayashankar.padath@in.ibm.com>

show more ...

Prevent users from logging in while BMC is not yet ready.

Reject user logins while BMC_READY state has not been reached yet,
and report the reason in response.

Resolves: openbmc/openbmc#2974

This

Prevent users from logging in while BMC is not yet ready.

Reject user logins while BMC_READY state has not been reached yet,
and report the reason in response.

Resolves: openbmc/openbmc#2974

This behavior may be enabled by appending `--with-bmc-check` to
command line arguments.

When it is enabled it maybe temporary disabled by sending `force`
flag with the login request:
```
{
"data": [ "username", "password" ],
"force": true
}
```

Tested: When trying to login in REST receiving response with code 503
while BMC is booting.
Change-Id: I04fce09de2b7a3074b5253346a87773641fd57d0
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

Don't fail on missing Delete interfaces

On the DELETE HTTP request, don't immediately fail if
the specified bus does't provide the delete interface on
the specified path, just skip it instead.

Only

Don't fail on missing Delete interfaces

On the DELETE HTTP request, don't immediately fail if
the specified bus does't provide the delete interface on
the specified path, just skip it instead.

Only return the 403 error if nothing at all ended up being
deleted on the request.

This allows multiple services to host the same object path while
only requiring one to support the delete interface. The others
will just listen for the interfaces removed signal to remove
their objects.

Resolves openbmc/openbmc#3181

Tested:
* Issue a -X DELETE with curl on a path provided by multiple
services where only 1 provides the delete interface.
* Issue a -X POST .../action/delete with curl with the same
test setup.
* Issue a -X DELETE with curl on a path without a
delete interface and get a 403 back.

Change-Id: Ib76c80081361160e617ddfe8b48e3e4588abce67
Signed-off-by: Matt Spinler <spinler@us.ibm.com>

show more ...

Don't check for credentials on the login API

The web server should not be checking for credentials on the login
API. This allows the GUI to check the old password on a password
change.

Resolves ope

Don't check for credentials on the login API

The web server should not be checking for credentials on the login
API. This allows the GUI to check the old password on a password
change.

Resolves openbmc/openbmc#3190

Tested: Verfied login still works and tested changing the user
password from the GUI.
Change-Id: I7c3570d50c011a0327a34f09b447dec5ca42cb9f
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Expose host serial console over a websocket

Expose host serial console over a "/console" route, using a
websocket. An authenticated client can access the host serial console
via reads/writes to this

Expose host serial console over a websocket

Expose host serial console over a "/console" route, using a
websocket. An authenticated client can access the host serial console
via reads/writes to this websocket.

Change-Id: I0f63a3844e777d4f4c45194c85a63c9f10a91744
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>

show more ...

rest_dbus: upload: Add version id error code

If there was no D-Bus object created, it means that either the version
already existed, or there was a failure extracting the file. Ideally the
REST serv

rest_dbus: upload: Add version id error code

If there was no D-Bus object created, it means that either the version
already existed, or there was a failure extracting the file. Ideally the
REST server would query to see if the version already exists, but it
doesn't know the version id to look for, so adding a single error msg
for all error cases. It still makes sense to have a 400 (client) error
for tar errors since a failure to untar is most likely an invalid or
corrupted file that the user would need to address.

Tested:
Uploading a regular file (that triggers a tar failure) or a
version that already exists on the system:
Before:
{
"data": null,
"message": "200 OK",
"status": "ok"
}

After:
{
"data": {
"description": "Version already exists or failed to be extracted"
},
"message": "400 Bad Request",
"status": "error"
}

Fixes openbmc/openbmc#2939

Change-Id: Ia4be5fe1dac3c2c7ebb5eb2aa28e4d58f9222c7f
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

show more ...

rest_dbus: upload: Return version id

In the put/post upload handler, subscribe to the signal for InterfacesAdded to
the software path and return the version id which is the last item of the path,
wa

rest_dbus: upload: Return version id

In the put/post upload handler, subscribe to the signal for InterfacesAdded to
the software path and return the version id which is the last item of the path,
wait up to 10 seconds for the new software D-Bus object to be created.

Tested: https://${bmc}/upload/image method returns the version id:

Before:
{
"data": null,
"message": "200 OK",
"status": "ok"
}

After:
{
"data": "84fb16be",
"message": "200 OK",
"status": "ok"
}

Change-Id: I307079f9a3b8f05bc42bc77c89e7976920c668a5
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

show more ...

Spelling fixes

Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.

Change-Id: Ia286e

Spelling fixes

Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.

Change-Id: Ia286ebed549741e15a9661f5797d71e9f93ae83d
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...