Make LDAP arrays empty if not configured

These arrays should not be populated if there are no handlers for these
configured.

Fixes https://github.com/openbmc/bmcweb/issues/105

Change-Id: Idbd04eb9

Make LDAP arrays empty if not configured

These arrays should not be populated if there are no handlers for these
configured.

Fixes https://github.com/openbmc/bmcweb/issues/105

Change-Id: Idbd04eb97ced75e44de6ed98aa1f0d410f0aebc7
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

remove meta mtls parse mode

as we have successfully merged patches that enable UserPrincipalName
parse mode, we can start removing Meta only parse mode. This commit
is intended to remove MTLSCommonN

remove meta mtls parse mode

as we have successfully merged patches that enable UserPrincipalName
parse mode, we can start removing Meta only parse mode. This commit
is intended to remove MTLSCommonNameParseMode::Meta from the upstream
code

Tested:
- build bmcweb
- deploy to a device that already use UPN
- check if it works fine by sending curl request /AccountService

Change-Id: Idcf4340a2a9940f035aea41cd30ef4df7bd95530
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

Add async_method_call to utility

Adding async_method_call in dbus utility gives us a place where we can
intercept method call requests from dbus to potentially add
logging/caching.

An example of lo

Add async_method_call to utility

Adding async_method_call in dbus utility gives us a place where we can
intercept method call requests from dbus to potentially add
logging/caching.

An example of logging is in the later commit:
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/78265/

We already do this for setProperty, this moves the method calls to
follow a similar pattern.

Tested: Redfish service validator passes.

Change-Id: I6d2c96e2b6b6a023ed2138106a55faebca161592
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Make Request copy explicit

It is currently too easy to accidentally make copies of the Request
object. Ideally code would parse out the Request in the first handler,
then no longer require an async

Make Request copy explicit

It is currently too easy to accidentally make copies of the Request
object. Ideally code would parse out the Request in the first handler,
then no longer require an async copy. There is one case in the redfish
query things where we actually need a copy of the request object, so we
need these constructors, but we should make them explicit.

This commit moves the Request constructor to be private, and adds a new
method called copy() for explicitly making a copy. Ironcially, this
finds one place where we were actually making a copy of the request
object unintentionally, so fix that to only capture the value
required,the user session.

Tested:
- Compiles
- Run GET/PATCH related curl or If-Match like PATCH Account
- Redfish Service Validator runs and passes

Change-Id: I19255981f42757ed736112c003201e3f758735ac
Signed-off-by: Ed Tanous <ed@tanous.net>
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Add odata.type for ClientCertificate/Certificates

This Certificate URI does not give the odata.type.

```
curl -k -X GET https://${bmc}/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Ce

Add odata.type for ClientCertificate/Certificates

This Certificate URI does not give the odata.type.

```
curl -k -X GET https://${bmc}/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates
{
"Members": [],
"Members@odata.count": 0
}
```
As a result, Redfish Service Validator may fail if this URI is
triggered.

This adds the type like
```
curl -k -X GET https://${bmc}/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates

{
"@odata.id": "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates",
"@odata.type": "#CertificateCollection.CertificateCollection"
"Members": [],
"Members@odata.count": 0
"Name": "Certificates Collection"
}%
```

Change-Id: I9c453c6c5ba093a6a3a0530e99d2bf8766a98ed3
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <p

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix includes

Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is

Fix includes

Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is largely just
taking the clang-recommended fixes and checking them in. Subsequent
patches will fix the more unique issues.

Note, that a number of new ignores are added into the .clang-tidy file.
These can be cleaned up over time as they're understood. The majority
are places where boost includes a impl/x.hpp and x.hpp, but expects you
to use the later. include-cleaner opts for the impl, but it isn't clear
why.

Change-Id: Id3fdd7ee6df6c33b2fd35626898523048dd51bfb
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This pa

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.

[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects

Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Refactor large lambda

Similar to other patches, refactor this large lambda into a normal
function.

Tested: Redfish service validator passes

Change-Id: I45e0b421f04ad8351de367bfdc7b8512bf10ca45
Sig

Refactor large lambda

Similar to other patches, refactor this large lambda into a normal
function.

Tested: Redfish service validator passes

Change-Id: I45e0b421f04ad8351de367bfdc7b8512bf10ca45
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

account_service: Move to unpackproperty method

Change-Id: If677e2b4e9bd03b359913670d120f15d4a5f29b9
Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>

Move getProperty calls to utility

Having all dbus calls run through the same utility reduces the amount of
generated code, and more importantly, gives us a place where we can log
the requests and re

Move getProperty calls to utility

Having all dbus calls run through the same utility reduces the amount of
generated code, and more importantly, gives us a place where we can log
the requests and responses to help with debugging.

Tested: Redfish service validator passes.

Change-Id: Ic1bf45130b5069cd57f7af26e12c8d3159c87c67
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Format readjson

clang-format may potentially reformat the readJson calls if they may
have more keys or key names are longer. This makes formatting in a way
that's readable by forcing to break a line

Format readjson

clang-format may potentially reformat the readJson calls if they may
have more keys or key names are longer. This makes formatting in a way
that's readable by forcing to break a line for each key using an
empty-comment (`//`) each line.

It also allows trivially alphabetizing the list such that new additions
are less likely to have merge conflicts.

Tested:
- Check whitespace only.
- Code compiles.
- Redfish Service Validator with the same results before this

Change-Id: I3824a8c4faa9fa7c820d5d2fab6b565404926e2c
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Myung Bae <myungbae@us.ibm.com>

show more ...

Add unit test for trailing slashes

Common error #9 requires that most urls end in a trailing slash. Given
the redfish standard, we know that all redfish routes need to end in a
trailing slash, so w

Add unit test for trailing slashes

Common error #9 requires that most urls end in a trailing slash. Given
the redfish standard, we know that all redfish routes need to end in a
trailing slash, so write a unit test that verifies that is true.

Despite code review, this appears to have snuck into the codebase in 4
different handlers. Fix those at the same time so the tests pass.

Tested: Unit tests pass.

Change-Id: I0299a7231662725a7100d5308b3977a549b49253
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Remove duplicated block comments

Static analysis flags that these two comments are redundant[1], which
seem to be duplicated a lot in copyright headers. Although there is a
larger discussion that c

Remove duplicated block comments

Static analysis flags that these two comments are redundant[1], which
seem to be duplicated a lot in copyright headers. Although there is a
larger discussion that can likely be had.

[1] https://sonarcloud.io/project/issues?issueStatuses=OPEN%2CCONFIRMED&id=edtanous_bmcweb&open=AY9_HYjgKXKyw1ZFwgVP

Tested: Comment change only. Code compiles.

Change-Id: Ia960317761f558a87842347ca0b5f3da63f8e730
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

User creation: Add EC to Log

On an internal error, having the error code from D-Bus is really
helpful to debug. A trace before an internal error without the ec, is
pretty pointless so make this trac

User creation: Add EC to Log

On an internal error, having the error code from D-Bus is really
helpful to debug. A trace before an internal error without the ec, is
pretty pointless so make this trace useful.

Tested: None. Inspection only.

Change-Id: I953e5bcbbba197b158beabdb55f57b4fd3d73125
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: Iceec1dc95b6c908ec6c21fb40093de9dd18bf11a
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix RemoteRoleMap PATCH operation

RemoteRoleMap "LocalRole" property update fails since there was
conversion missing from redfish privilege to D-bus values

Looks like this commit dropped this chang

Fix RemoteRoleMap PATCH operation

RemoteRoleMap "LocalRole" property update fails since there was
conversion missing from redfish privilege to D-bus values

Looks like this commit dropped this change
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/64325/

This commit fixes this issue

Tested by:
Verified patch operation on RemoteRoleMap

Change-Id: Ic05aa3457a45e98ea5dc8e9dd83e0f1a42772070
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

Support RespondToUnauthenticatedClients PATCH

RespondToUnauthenticatedClients allows users to explicitly select mTLS
as their only authentication mechanism, thus significantly reducing
their code ex

Support RespondToUnauthenticatedClients PATCH

RespondToUnauthenticatedClients allows users to explicitly select mTLS
as their only authentication mechanism, thus significantly reducing
their code exposure to unauthenticated clients.

From the Redfish specification

```
The RespondToUnauthenticatedClients property within the
ClientCertificate property within the MFA property of the AccountService
resource controls the response behavior when an invalid certificate is
provided by the client.
• If the property contains true or is not
supported by the service, the service shall not fail the TLS handshake.
This is to allow the service to send error messages or unauthenticated
resources to the client.
• If the property contains false , the service
shall fail the TLS handshake.
```

This commit implements that behavior.

This also has some added benefits in that we no longer have to check the
filesystem for every connection, as TLS is controlled explicitly, and
not whether or not a root cert is in place.

Note, this also implements a TODO to disable cookie auth when using
mTLS. Clients can still use IsAuthenticated to determine if they are
authenticated on request.

Tested:
Run scripts/generate_auth_certs.py to set up a root certificate and
client certificate. This verifies that mTLS as optional has not been
broken. Script succeeds.

```
PATCH /redfish/v1/AccountService
{"MultiFactorAuth": {"ClientCertificate": {"RespondToUnauthenticatedClients": false}}}
```

GET /redfish/v1
without a client certificate now fails with an ssl verification error

GET /redfish/v1
with a client certificate returns the result

```
PATCH /redfish/v1/AccountService
{"MultiFactorAuth": {"ClientCertificate": {"RespondToUnauthenticatedClients": false}}}
With certificate returns non mTLS functionality.
```

Change-Id: I5a9d6d6b1698bff83ab62b1f760afed6555849c9
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Mutual TLS parsing change at runtime

Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user. These are intended to be a
patch parameter.

Th

Mutual TLS parsing change at runtime

Redfish AccountService[1] defines methods for selecting how to map a
certificate CommonName attribute to a user. These are intended to be a
patch parameter.

This commit implements the Redfish defined schemas; The parsing mode is
stored in the bmcweb persistent configuration file as an integer enum,
with Mapping to the Redfish schema.

To handle OEM specific parsing modes, an enum value of 100+ is defined
to allow the additional OEM parameters. Unfortunately, Redfish doesn't
have a way to represent these today, so those modes are currently not
selectable at runtime.

Now that things are runtime selectable, this obsoletes the option
mutual-tls-common-name-parsing, as it is not longer required at compile
time.

Tested:
GET /redfish/v1/AccountService

returns MultiFactorAuth/ClientCertificate/CertificateMappingAttribute

PATCH /redfish/v1/AccountService
```
{"MultiFactorAuth": {"ClientCertificate": {"CertificateMappingAttribute":"CommonName"}}}
```

Returns 200

[1] https://github.com/DMTF/Redfish-Publications/blob/5b217908b5378b24e4f390c063427d7a707cd308/csdl/AccountService_v1.xml#L1631

Change-Id: I67db0dfa5245a9da973320aab666d12dbd9229e4
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Pass redfishPropertyName earlier argument

It was pointed out that the setDbusProperty method should have an end
that approximately matches dbus-send and busctl set-property in its
arguments, to aid

Pass redfishPropertyName earlier argument

It was pointed out that the setDbusProperty method should have an end
that approximately matches dbus-send and busctl set-property in its
arguments, to aid with debug. This seems reasonable.

Tested: Redfish service validator passes.

Change-Id: Ic20295d93c71c957e3e76704e1eda9da187861b1
Signed-off-by: Ginu George <ginugeorge@ami.com>
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove the last instances of json pattern

In the past, we've tried to erradicate the use of
nlohmann::json(initiatlizer_list<...>) because it bloats binary sizes,
as every type is given a new nlohma

Remove the last instances of json pattern

In the past, we've tried to erradicate the use of
nlohmann::json(initiatlizer_list<...>) because it bloats binary sizes,
as every type is given a new nlohmann constructor.

This commit hunts down the last few places where we call this. There is
still 2 remaining in openbmc_dbus_rest after this, but those are variant
accesses that are difficult to triage, and considering it's a less used
api, they're left as is.

Tested: WIP

Change-Id: Iaac24584bb78bb238da69010b511c1d598bd38bc
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove openbmc-rest includes

These includes seem to have snuck in. In theory nothing in redfish
should be taking a #include in anything in openbmc-rest.

Tested: Code compiles

Change-Id: Ifec2a9b1

Remove openbmc-rest includes

These includes seem to have snuck in. In theory nothing in redfish
should be taking a #include in anything in openbmc-rest.

Tested: Code compiles

Change-Id: Ifec2a9b18f296870f67b15f98fc44c67050e9e28
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Remove sessions on user password update

When a user's password is changed, existing Redfish sessions for that
user, created with the old password, continue to work.

As per OWASP session management,

Remove sessions on user password update

When a user's password is changed, existing Redfish sessions for that
user, created with the old password, continue to work.

As per OWASP session management, "The session ID must be renewed or
regenerated by the web application after any privilege level change
within the associated user session... Common scenarios to consider
include; password changes, permission changes, or switching from a
regular user role to an administrator role within the web application."
[1] https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html

This commit removes existing user sessions when the user's password is
changed. This commit leaves the current session in place though a new
removeSessionsByUsernameExceptSession().

This commit doesn't completely get us fully to what owasp says but is a
start.

Tested:
Create some users:
```
curl -k -v -X POST -H "Content-Type: application/json" \
https://$bmc/redfish/v1/AccountService/Accounts/ -d \
'{"UserName":"testadminuser","Password":"<password>","RoleId":"Administrator","Enabled":true}'
```

Using basic auth was able to update own password and another user's
password.

Using token auth, verified the current session did not get deleted but
other sessions from that user did.

```
curl -k -H "Content-Type: application/json" -X POST -D headers.txt \
https://${bmc}/redfish/v1/SessionService/Sessions -d \
'{"UserName":"testadminuser", "Password":"<password>"}'
```

```
curl -k -v -X PATCH -H "X-Auth-Token: $token" \
-H "Content-Type:application/json" \
https://$bmc/redfish/v1/AccountService/Accounts/testadminuser \
-d '{"Password":"<password>"}'
```

Verified when changing another user's password all sessions were
dropped.

Change-Id: I4de60b84964a6b29c021dc3a2bece9ed4bc09eac
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

Implement client certificate schemas

The Redfish standard seems to have caught up with some of the OEM
schemas and features we already have, namely MutualTLS and Basic Auth
disablement.

This commit

Implement client certificate schemas

The Redfish standard seems to have caught up with some of the OEM
schemas and features we already have, namely MutualTLS and Basic Auth
disablement.

This commit implements most of the GET parameters for which we already
have backends. ClientCertificate is pointed to the same resources as
TrustStore.

Tested: generate_auth_certificates.py succeeds, and shows a certificate
in ClientCertificate collection

Get AccountService, and ClientAuthentication/Certificates returns
expected values.

Redfish service validator passes.

Change-Id: If18e34e9dfa8f38293fceff288596811afd16d4a
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Bring consistency to config options

The configuration options that exist in bmcweb are an amalgimation of
CROW options, CMAKE options using #define, pre-bmcweb ifdef mechanisms
and meson options usi

Bring consistency to config options

The configuration options that exist in bmcweb are an amalgimation of
CROW options, CMAKE options using #define, pre-bmcweb ifdef mechanisms
and meson options using a config file. This history has led to a lot of
different ways to configure code in the codebase itself, which has led
to problems, and issues in consistency.

ifdef options do no compile time checking of code not within the branch.
This is good when you have optional dependencies, but not great when
you're trying to ensure both options compile.

This commit moves all internal configuration options to:
1. A namespace called bmcweb
2. A naming scheme matching the meson option. hyphens are replaced with
underscores, and the option is uppercased. This consistent transform
allows matching up option keys with their code counterparts, without
naming changes.
3. All options are bool true = enabled, and any options with _ENABLED or
_DISABLED postfixes have those postfixes removed. (note, there are
still some options with disable in the name, those are left as-is)
4. All options are now constexpr booleans, without an explicit compare.

To accomplish this, unfortunately an option list in config/meson.build
is required, given that meson doesn't provide a way to dump all options,
as is a manual entry in bmcweb_config.h.in, in addition to the
meson_options. This obsoletes the map in the main meson.build, which
helps some of the complexity.

Now that we've done this, we have some rules that will be documented.
1. Runtime behavior changes should be added as a constexpr bool to
bmcweb_config.h
2. Options that require optionally pulling in a dependency shall use an
ifdef, defined in the primary meson.build. (note, there are no
options that currently meet this class, but it's included for
completeness.)

Note, that this consolidation means that at configure time, all options
are printed. This is a good thing and allows direct comparison of
configs in log files.

Tested: Code compiles
Server boots, and shows options configured in the default build. (HTTPS,
log level, etc)

Change-Id: I94e79a56bcdc01755036e4e7278c7e69e25809ce
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...