Break out sse into a compile unit

Verify similar to beb96b0 Break out websockets

Break out the SSE functions into a separate compile unit. This allows
the SSE sockets in beast to be compiled separ

Break out sse into a compile unit

Verify similar to beb96b0 Break out websockets

Break out the SSE functions into a separate compile unit. This allows
the SSE sockets in beast to be compiled separately, which significantly
reduces the overall compile time by a few seconds. Code is identical
with the exceptions of minor header definitions to convert header-only
to compile unit.

Change-Id: I5aae4f17cbd2badf75b3e0bb644a2309f6300663
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Implement http2 TODO

To support HTTP2 simultaneously on http and https connections, the HTTP
connection classes formerly took the socket as a template option,
allowing passing ssl::stream<tcp::socke

Implement http2 TODO

To support HTTP2 simultaneously on http and https connections, the HTTP
connection classes formerly took the socket as a template option,
allowing passing ssl::stream<tcp::socket> or simply tcp socket. With
the addition of the multiple-sockets option, this would cause two copies
of the template to be instantiated, increasing both compile times and
binary size.

This commit applies the same logic to http2connection as was applied to
HTTPConnection, adding an http type parameter to the constructor, which
allows switching between adapter and adapter.next_level() on each read
or write operation. In compiled code, this means that the connection
classes are only specialized once.

Tested:
When configured for one of each http and https socket and http2
curl --http2 http://<ip>/redfish/v1
succeeds
curl --http2 https://<ip>/redfish/v1 succeeds

Change-Id: I8f33796edd5874d5b93d10a3f253cfadd4f6d7a4
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Enable HTTP additional sockets

This commit attempts to add the concept of an SSL detector from beast,
and add the capability into bmcweb. This allows directing multiple
socket files to the bmcweb i

Enable HTTP additional sockets

This commit attempts to add the concept of an SSL detector from beast,
and add the capability into bmcweb. This allows directing multiple
socket files to the bmcweb instance, and bmcweb will automatically sort
out whether or not they're SSL, and give the correct response. This
allows users to plug in erroneous urls like "https://mybmc:80" and they
will forward and work correctly.

Some key design points:
The HTTP side of bmcweb implements the exact same http headers as the
HTTPS side, with the exception of HSTS, which is explicitly disallowed.
This is for consistency and security.

The above allows bmcweb builds to "select" the appropriate security
posture (http, https, or both) for a given channel using the
FileDescriptorName field within a socket file. Items ending in:
both: Will support both HTTPS and HTTP redirect to HTTPS
https: Will support HTTPS only
http: will support HTTP only

Given the flexibility in bind statements, this allows administrators to
support essentially any security posture they like. The openbmc
defaults are:
HTTPS + Redirect on both ports 443 and port 80 if http-redirect is
enabled

And HTTPS only if http-redirect is disabled.

This commit adds the following meson options that each take an array of
strings, indexex on the port.
additional-ports
Adds additional ports that bmcweb should listen to. This is always
required when adding new ports.

additional-protocol
Specifies 'http', 'https', or 'both' for whether or not tls is enfoced
on this socket. 'both' allows bmcweb to detect whether a user has
specified tls or not on a given connection and give the correct
response.

additional-bind-to-device
Accepts values that fill the SO_BINDTODEVICE flag in systemd/linux,
and allows binding to a specific device

additional-auth
Accepts values of 'auth' or 'noauth' that determines whether this
socket should apply the normal authentication routines, or treat the
socket as unauthenticated.

Tested:
Previous commits ran the below tests.
Ran the server with options enabled. Tried:
```
curl -vvvv --insecure --user root:0penBmc http://192.168.7.2/redfish/v1/Managers/bmc
* Trying 192.168.7.2:80...
* Connected to 192.168.7.2 (192.168.7.2) port 80 (#0)
* Server auth using Basic with user 'root'
> GET /redfish/v1/Managers/bmc HTTP/1.1
> Host: 192.168.7.2
> Authorization: Basic cm9vdDowcGVuQm1j
> User-Agent: curl/7.72.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.7.2
< X-Frame-Options: DENY
< Pragma: no-cache
< Cache-Control: no-Store,no-Cache
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src 'none'; img-src 'self' data:; font-src 'self'; style-src 'self'; script-src 'self'; connect-src 'self' wss:
< Date: Fri, 08 Jan 2021 01:43:49 GMT
< Connection: close
< Content-Length: 0
<
* Closing connection 0
```

Observe above:
webserver returned 301 redirect.
webserver returned the appropriate security headers
webserver immediately closed the connection.

The same test above over https:// returns the values as expected

Loaded the webui to test static file hosting. Webui logs in and works
as expected.

Used the scripts/websocket_test.py to verify that websockets work.
Sensors report as expected.

Change-Id: Ib5733bbe5473fed6e0e27c56cdead0bffedf2993
Signed-off-by: Ed Tanous <ed@tanous.net>

show more ...

Implement urlsafe base64 decode

base64 decoding comes in two flavors, "normal" which we already
implement, and "url safe" which modifies the alphabet to create base64
encodings that are safe to use

Implement urlsafe base64 decode

base64 decoding comes in two flavors, "normal" which we already
implement, and "url safe" which modifies the alphabet to create base64
encodings that are safe to use in filenames and urls. Functionally this
just involves swapping two characters with underscore and minus in the
encode/decode table. To avoid duplicating a lot of code, this commit
refactors the base64 tables to be generated at compile time.

Tested: Included unit tests pass. No usage until next commit.

Change-Id: I71724fd2e04000f115c22a40d382d411986d7b39
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Deduplicate event ids

Redfish specification states:
```
The value of the id field shall be the same as the Id property in the
event payload. The value of the Id property in the event payload should

Deduplicate event ids

Redfish specification states:
```
The value of the id field shall be the same as the Id property in the
event payload. The value of the Id property in the event payload should
be the same as the EventId property of the last event record in the
Events array. The value of the EventId property for an event record
should be a positive integer value and should be generated in a
sequential manner.
```

The event service code did not implement that correctly. So:
1. Add ID fields for all events.
2. Remove the per-sse connection id field and rely solely on
EventServiceManager.
3. Make sure all paths, (including metric report) are generating an
event id that's based on the eventservice event id

Tested: Redfish event listener now sees events populated.
LastEventId when sent to the SSE socket now sees a contiguous id.

```
uri=$(curl -s --user "root:0penBmc" -k "https://192.168.7.2/redfish/v1/EventService" | jq -r .ServerSentEventUri)
curl -u root:0penBmc -vvv -k -N -H "Accept: text/event-stream" -H "Last-Event-Id: 0" "https://192.168.7.2$uri"
```

Change-Id: Ic32e036f40a53a9b2715639ae384d7891c768260
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix Message arg error in JSON Patch

When array/vector object is expected in JSON patch the error info does
not contain the actual wrong property instead shows "null". Fix is to
correct the value in

Fix Message arg error in JSON Patch

When array/vector object is expected in JSON patch the error info does
not contain the actual wrong property instead shows "null". Fix is to
correct the value in the error info.

Tested
- add new test case to verify this
- unit tests are passing.

Change-Id: Ica26ac9e501b5a34a5b118769cc1917eeab30524
Signed-off-by: rohitpai <rohitpai77@gmail.com>

show more ...

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <p

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2f0b9d0fb6e01ed36a2f34c750ba52de3b6d15d1
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Move error code utils into new file

Error code utils can be used for aggregating error
responses from multiples responses including use case
for managing separate route handlers for OEM namespace

T

Move error code utils into new file

Error code utils can be used for aggregating error
responses from multiples responses including use case
for managing separate route handlers for OEM namespace

Tests
Units tests are passing.

Change-Id: I2223d41fb318c0276de1ca64dd3e841bb988d902
Signed-off-by: rohitpai <rohitpai77@gmail.com>

show more ...

Move io context to singleton

The way we pass around io contexts is somewhat odd. Boost maintainers
in slack recommended that we just have a method that returns an io
context, and from there we can

Move io context to singleton

The way we pass around io contexts is somewhat odd. Boost maintainers
in slack recommended that we just have a method that returns an io
context, and from there we can control this (context link lost years
ago).

The new version of clang claims the singleton pattern of passing in an
io_context pattern is a potential nullptr dereference. It's technically
correct, as calling the singleton without immediately initializing the
io context will lead to a crash.

This commit implements what the boost maintainers suggested, having a
single method that returns "the context" that should be used. This also
helps to maintain isolation, as some pieces are no longer tied directly
to dbus to get their reactor.

Tested: WIP

Change-Id: Ifaa11335ae00a3d092ecfdfb26a38380227e8576
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix includes

Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is

Fix includes

Clang-tidy misc-include-cleaner appears to now be enforcing
significantly more headers than previously. That is overall a good
thing, but forces us to fix some issues. This commit is largely just
taking the clang-recommended fixes and checking them in. Subsequent
patches will fix the more unique issues.

Note, that a number of new ignores are added into the .clang-tidy file.
These can be cleaned up over time as they're understood. The majority
are places where boost includes a impl/x.hpp and x.hpp, but expects you
to use the later. include-cleaner opts for the impl, but it isn't clear
why.

Change-Id: Id3fdd7ee6df6c33b2fd35626898523048dd51bfb
Signed-off-by: Ed Tanous <etanous@nvidia.com>
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

$filter Query parameter support for nested keys added

Implemented the code to identify the '/' character in the
key and perform the level by level search

Testing :

Tested query parameter with path

$filter Query parameter support for nested keys added

Implemented the code to identify the '/' character in the
key and perform the level by level search

Testing :

Tested query parameter with path separated by / example

curl -k -u root:0penBmc https://<IP>/redfish/v1/Systems/
Baseboard/LogServices/FaultLog/Entries?$filter=CPER/Oem/
OEM/IpSignature eq 'DRAM-CHANNELS'

Results having 'DRAM-CHANNELS' in nested path "CPER/Oem/
OEM/IpSignature" are listed.

Change-Id: Ie6cf796026a29ec7a3e8a0366bbfd0c658d0ac7e
Signed-off-by: Chandramohan Harkude <chandramohan.harkude@gmail.com>

show more ...

Roll out error message utils

This code should really be in a cpp/hpp file, not in a generated python
script. The python script housed this temporarily to allow us to
generate the registries. It's

Roll out error message utils

This code should really be in a cpp/hpp file, not in a generated python
script. The python script housed this temporarily to allow us to
generate the registries. It's time to roll it out.

Tested: Message registries generate successfully on GET. Redfish
service validator passes.

Change-Id: I7aca2d0a7fac6d530511421b667ff732617df61e
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This pa

Use SPDX identifiers

SPDX identifiers are simpler, and reduce the amount of cruft we have in
code files. They are recommended by linux foundation, and therefore we
should do as they allow.

This patchset does not intend to modify any intent on any existing
copyrights or licenses, only to standardize their inclusion.

[1] https://www.linuxfoundation.org/blog/blog/copyright-notices-in-open-source-software-projects

Change-Id: I935c7c0156caa78fc368c929cebd0f068031e830
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

dbus event subscriptions: test dbus_log_watcher

Currently that code is still unfinished,
but we can already define some trivial testcases.

The main result of this function is populating EventLogObj

dbus event subscriptions: test dbus_log_watcher

Currently that code is still unfinished,
but we can already define some trivial testcases.

The main result of this function is populating EventLogObjectsType.

Tested: Unit tests pass.

Change-Id: I2e23147190be33192d41176413c16cd98c7bfd81
Signed-off-by: Alexander Hansen <alexander.hansen@9elements.com>

show more ...

Move isJSONContentType to content-type parser

Previously this function was based on a basic string comparison. This
is fine, but found several inconsistencies, like not handling spaces in
the appro

Move isJSONContentType to content-type parser

Previously this function was based on a basic string comparison. This
is fine, but found several inconsistencies, like not handling spaces in
the appropriate places.

This commit creates a new function getContentType, using the new parsing
infrastructure. As doing this, it showed that the existing parser
functions were not handling case insensitive compares for the mime type.
While this is technically not required, it's something we unit test for,
and relatively easy to add.

Note, that because this parser ignores charset, this moves charset=ascii
from something that previously failed, to something that now succeeds.
This is expected.

Tested: Unit tests pass. Good coverage

Change-Id: I825a72862135b62112ee504ab0d9ead9d6796354
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix SSE firing order

When sending last-event-id, the previous events were being received
before the the header was completed. This is because the open handler is
being called before the connect call

Fix SSE firing order

When sending last-event-id, the previous events were being received
before the the header was completed. This is because the open handler is
being called before the connect call was in place, so you get:

Connection starts
open handler called
sendEvent() called from open handler
sendSSEHeader() called.

This results in a spec violation.

Tested:
curl --user root:0penBmc -vvv -s --no-buffer -k -N -H 'Accept:
text/event-stream' -H 'Last-Event-Id: 4' -X GET
https://localhost:8000/redfish/v1/EventService/SSE

Now succeeds, and wireshark dumps show the header is being sent
correctly. Note that previously this command would fail unless http0.9
header was set.

Unit test coverage for this path without last-event-id passes.

Change-Id: I44bb6eedbcbdc727b257646ec55e808157231f75
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Handle all possible subtypes

Accept header allows any possible parameter value, and expects
that unknown property subtypes are simply ignored.

We were previously enforcing that things either match

Handle all possible subtypes

Accept header allows any possible parameter value, and expects
that unknown property subtypes are simply ignored.

We were previously enforcing that things either match q=<number>
or have no params. bmcweb has no usage of the params, but allow
them to parse silently per the spec in case someone sends them.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/MIME_types#structure_of_a_mime_type

This more meets the intent. In theory we could parse only q and charset
values, but allowing any key/values here makes us more resilient against
new mime types being added.

Tested: Unit tests included and passing

Change-Id: I1500be0da4c0c72185ee5bda5dfc31885dc6102d
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Fix setting gateways

There's a number of conditions in setting gateways that don't work
properly. Specifically, one of the issues is setting a gateway on an
address that already exists. It returns

Fix setting gateways

There's a number of conditions in setting gateways that don't work
properly. Specifically, one of the issues is setting a gateway on an
address that already exists. It returns a PropertyValueConflict error
on Ipv4Addresses/1/Gateway with Ipv4Addresses/1/Gateway

Obviously an address can't conflict with itself, so this is wrong.

To address this, move the gateway setting and selection code into a
routine outside of the main loop, after all the gateways are accounted
for, and so we can treat them separately.

Tested;
PATCH to an existing ip address works, and no longer returns the error.

More test cases likely needed.

Change-Id: I0339e02fc27164337416637153d0b0f744b64ad8
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Update Submit Test event feature to send custom data

Changes Added : Updated the submit test event feature to send test
data as per spec

https://www.dmtf.org/sites/default/files/standards/documents

Update Submit Test event feature to send custom data

Changes Added : Updated the submit test event feature to send test
data as per spec

https://www.dmtf.org/sites/default/files/standards/documents/
DSP2046_2019.1.pdf


Testing :

Tested sending custom test data
and same data received at the event listener
Change-Id: I2c2363a676aafd39c121c9fe4e16402c0f5961e2
Signed-off-by: Chandramohan Harkude <chandramohan.harkude@gmail.com>

show more ...

Fix clang-tidy

Change-Id: Iefe1b695b86a640d8dfaafd1f77f374fa34246de
Signed-off-by: Ed Tanous <etanous@nvidia.com>

Fix clang-tidy for gcc-14

We use these pragmas, that we must've been getting transitively through
chrono in the past. Now we need to include them explicitly.

Change-Id: Iee4c0a8866981b91adaa17bee0

Fix clang-tidy for gcc-14

We use these pragmas, that we must've been getting transitively through
chrono in the past. Now we need to include them explicitly.

Change-Id: Iee4c0a8866981b91adaa17bee0678b2c10e65ea9
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Put simple update behind an option

4e338b2313f9f2a91aa1fb36693e36a328d58933 Removed tftp update support
from the codebase, but left SimpleUpdate in a non functional state.

Given that a number of fo

Put simple update behind an option

4e338b2313f9f2a91aa1fb36693e36a328d58933 Removed tftp update support
from the codebase, but left SimpleUpdate in a non functional state.

Given that a number of forks have implemented the HTTPS/SCP versions of
simple update, we don't want to fully delete the code at this time, so
for the moment put it behind an option flag.

Tested: WIP

Change-Id: Ibab1e3a48ff640787eabf8ed5f7a5c08e3381307
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Always fall back to ChassisType RackMount

https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75914 added support for
dynamic ChassisType. Before 75914, ChassisType was hardcoded to
RackMount. If you impl

Always fall back to ChassisType RackMount

https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75914 added support for
dynamic ChassisType. Before 75914, ChassisType was hardcoded to
RackMount. If you implement Inventory.Item.Chassis the default Chassis
Type is Unknown. Unknown in 75914 maps to Invalid and ChassisType is
left off the Redfish Chassis resource. The Redfish Validator flags this
as an error since ChassisType is a required property in the Chassis
schema.

The implementations should be setting the ChassisType but let's get
bmcweb bumps back on the rails and just set ChassisType = RackMount if
there is an error or if the Chassis Type is something we can't map (like
Unknown). This "your default ChassisType is RackMount" matches what we
had before.

Tested: Inspection and unit tests only.

Change-Id: Id577be522be7c2d3463da9c497d9063a284a4d54
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Make message registries use 2 digit versions

Redfish specification, section 9.5.11.2 says:

The MessageId property value shall be in the format:
<MessageRegistryPrefix>.<MajorVersion>.<MinorVersion>

Make message registries use 2 digit versions

Redfish specification, section 9.5.11.2 says:

The MessageId property value shall be in the format:
<MessageRegistryPrefix>.<MajorVersion>.<MinorVersion>.<MessageKey>

bmcweb in certain places has incorrectly used the 3 digit version
instead of the 2 digit version. This commit fixes that by modifying the
parse_registries script to generate 3 separate struct entries to
represent the registry version, and parse them where appropriate.

MessageRegistryFileCollection uses the 3 digit version. No behavior
changes.
Message/event log entries use the 2 digit version. This will cause a
MessageId change from:
Base.1.19.0.InternalError
to
Base.1.19.InternalError

This is a breaking change, so a new option to allow the old behavior is
provided.

Tested: Redfish Service validator passes.
Heartbeat events on EventService show 2 digit versions.

Change-Id: I4165e994f73e200f13bed8ea76cb58bee2b69faa
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...

Add content-encoding parser

Similar to content-type, add an http content-encoding parser.

Tested: Unit tests pass.

Change-Id: Ic62809934f84804c910458184de19ca9a4207ce5
Signed-off-by: Ed Tanous <et

Add content-encoding parser

Similar to content-type, add an http content-encoding parser.

Tested: Unit tests pass.

Change-Id: Ic62809934f84804c910458184de19ca9a4207ce5
Signed-off-by: Ed Tanous <etanous@nvidia.com>

show more ...