| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add MutualExclusiveProperties message registry entry
and error message.
As per redfish specification, "RegistryPrefixes" and
"MessageIds" are mutually exclusive. So add check for
same in EventService and return MutualExclusiveProperties
error message.
Tested:
- Create subscription failed with error(bad request)
when the request body contain both "RegistryPrefixes"
and "MessageIds".
Change-Id: I4c14f946977bce2ced8a7f96eb85855117fde9a8
Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
|
|
THis adds support for better error responses based on
the logs generated by phosphor-software-manager.
Tested: Got 400 error with different messages based
on failure type
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid archive.",
"MessageArgs": [
"/redfish/v1/UpdateService",
"invalid archive"
],
"MessageId": "OpenBMC.0.1.0.InvalidUpload",
"Resolution": "None.",
"Severity": "Warning"
}
],
"code": "OpenBMC.0.1.0.InvalidUpload",
"message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid archive."
}
}
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
"Message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid image format.",
"MessageArgs": [
"/redfish/v1/UpdateService",
"invalid image format"
],
"MessageId": "OpenBMC.0.1.0.InvalidUpload",
"Resolution": "None.",
"Severity": "Warning"
}
],
"code": "OpenBMC.0.1.0.InvalidUpload",
"message": "Invalid file uploaded to /redfish/v1/UpdateService: Invalid image format."
}
}
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_0_0.Message",
"Message": "The resource /redfish/v1/UpdateService was unable to satisfy the request due to unavailability of resources.",
"MessageArgs": [
"/redfish/v1/UpdateService"
],
"MessageId": "Base.1.4.0.ResourceExhaustion",
"Resolution": "Ensure that the resources are available and resubmit the request.",
"Severity": "Critical"
}
],
"code": "Base.1.4.0.ResourceExhaustion",
"message": "The resource /redfish/v1/UpdateService was unable to satisfy the request due to unavailability of resources."
}
}
Change-Id: Ida9a23c10aedbf9a48c96f4050a04e06bddff284
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
This implements the Redfish PasswordChangeRequired handling. See
section 13.3.7.1 "Password change required handling" in the 1.9.1 spec:
https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.9.1.pdf
These portions of the spec are implemented:
- Authenticatation with a correct but expired password creates a
session:
- The session is restricted to the ConfigureSelf privilege which
allows a user to change their own password (via GET and PATCH
Password for their own account). Support for the ConfigureSelf
privilege is already in BMCWeb.
- The session object has the PasswordChangeRequired message.
- All other operations respond with http status code 403 Forbidden
and include the PasswordChangeRequired message.
- The ManagerAccount (URI /redfish/v1/AccountService/Accounts/USER)
PasswordChangeRequired property is implemented for local accounts
but not present for remote accounts.
This has the following additional behavior:
The PasswordChangeRequired property is updated at the start of each new
REST operation, even within an existing session. This behavior
implements a "dynamic" PasswordChangeRequired handling that responds to
changes to the underlying "password expired" status. Specifically:
- Sessions restricted by the PasswordChangeRequired handling lose that
restriction when the underlying account password is changed.
- Sessions become subject to the PasswordChangeRequired handling
restrictions whenever the underlying account password expires.
- The mechanism is to check if the password is expired at the start of
every new REST API operation, effectively updating the ManagerAccount
PasswordChangeRequired property each time. This makes BMCWeb
responsive to changes in the underlying account due to other activity
on the BMC.
Notes:
1. Note that when an account password status is changed (for example,
the password becomes expired or is changed) and that account has
active sessions, those sessions remain. They are not deleted. Any
current operations are allowed to complete. Subsequent operations
with that session pick up the new password status.
2. This does not implement OWASP recommendations which call for sessions
to be dropped when there is a significant change to the underlying
account. For example, when the password is changed, the password
becomes expired, or when the account's Role changes. OWASP's
recommendation is due to the session fixation vulnerability. See the
OWASP Session Management Cheat Sheet section "Renew the Session ID
After Any Privilege Level Change":
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#renew-the-session-id-after-any-privilege-level-change
BMCWeb protects against session fixation vulnerabilities because it
always regenerates new session IDs when successful authentication
creates a new session.
3. Users authenticating via mTLS are not subject to the
PasswordChangeRequired behavior because mTLS takes precedence over
password-based authentication.
Tested:
0. Setup:
- The `passwd --expire USERNAME` command was used to expire
passwords. The `chage USER` command was also used.
- The following were used to change the password: Redfish API,
passwd command, and the SSH password change dialog.
- Tested the following via Basic Auth, /login, and Redfish login
(except where Basic Auth does not create a persistent session).
- Only local user account were tested.
- Did not test authentication via mTLS or with LDAP users.
1. When the password is not expired, authentication behaves as usual
for both correct and incorrect passwords.
2. When the password is incorrect and expired, authentication fails as
usual.
3. When the password is correct but expired:
A. A session is created and has the PasswordChangeRequired message.
B. That session cannot access resources that require Login privilege
and the 403 message contains the PasswordChangeRequired message.
C. That session can be used to GET the user's account, PATCH the
Password, and DELETE the session object.
D. The account PasswordChangeRequired reports true.
4. While a session is established, try expiring and changing
(unexpiring) the password using various mechanisms. Ensure both the
session object and the ManagerAccount PasswordChangeRequired property
report the correct condition, and ensure PasswordChangeRequired
handling (restricting operations to ConfigureSelf when
PasswordChangeRequired is true) is applied correctly.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: Iedc61dea8f949e4b182e14dc189de02d1f74d3e8
|
|
The type shouldn't have the path in it.
Tested: Validator passed in Task schema
Change-Id: Ic57c0450ee36799b0427e21038922f8a44c85c6e
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Right now all error messages requires a response object,
so they cannot be used directly in the json body. This
pulls the messages out into their own function so that
they can be used at any place in the response body.
Tested: It compiles and runs, verified return codes look
ok
Change-Id: I500b2164b2366086d610f0fdc8fa22985183e438
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Tested by:
Request: Creating session with wrong credential.
curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions
-d '{"UserName":"root", "Password":"penBmc"}'
Resonse Error code: HTTP/1.1 401 Unauthorized
Signed-off-by: Sunitha Harish <sunithaharish04@gmail.com>
Change-Id: I9c7b0af644f1e3d987b4f76e4206bbb276aba035
|
|
Whenever the Redfish response is that a service is temporarily
unavailable, the "Retry-After" header is added with the same
value, so just set the header automatically with the response.
Tested:
Confirmed that the "Retry-After" header is set correctly with
the Redfish temporarily unavailable message.
Change-Id: I9c940be94d9d284b9633c5caa2ce71ade76d22d5
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Recently, a number of people in the community have made the (admittedly
easy) mistake that we use a significant portion of crow.
Today, we use crow for the router, and the "app" structure, and even
those have been significantly modified to meet the bmc needs. All other
components have been replaced with Boost beast. This commit removes the
crow mentions from the Readme, and moves the crow folder to "http" to
camouflage it a little. No code content has changed.
Tested:
Code compiles. No functional change made to any executable code.
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: Iceb57b26306cc8bdcfc77f3874246338864fd118
|
|
Code was tabbed into the wrong spot as a result of shutting clang-format
off for a dubious reason. Turn it back on.
Tested: It builds. Only whitespace changes present
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Change-Id: I08b294ca5ea076f8cb5680b801b507127e091824
|
|
CI gives a warning for invalid case style in variable names. This
fixes the warnings that show up so far.
Change-Id: I2a8706d3283bdc685dc026391de715accea7b86e
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
res.success is the default, if one async call
sets failure, and another later sets success, we
don't want to overwrite the failure with sucess.
Tested-by: still got success on good patch
Change-Id: Iee76892f7517d508ed98929d9ecd127dd83b1329
Signed-off-by: James Feist <james.feist@linux.intel.com>
|
|
Per the Redfish API Specification, the MessageArgs array of
strings is required when using a MessageId for a
parameterized message.
This change adds the MessageArgs array for the Redfish messages
that we use from the Base message registry.
Tested: Manually set various error types and confirmed that the
MessageArg array was properly displayed.
Change-Id: I2248128f8290305ba3466ef2ce57447ce970a57d
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
The error message code used a json_pointer object which must
begin with a '/' character and had to be sent as an extra
parameter. This change simplifies the interface by using a
string so there doesn't have to be a '/'. This allowed the
same property argument passed for the message to be used
for the property field path.
Tested: Sent an error with a property and verified that it is
correctly displayed.
Change-Id: I0571e2eee627cedf29d751588a4f1bceee66f084
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Update the Redfish error_messages from Base.1.2.0 to Base.1.4.0
from the Redfish standard registries.
Change-Id: I771b119372fd995bd1dc4065830485b6a848f086
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
clang-format doesn't automatically merge multi-line string
literals, so this change updates the formatting to merge some
multi-line strings into fewer lines.
This change also corrects the <argx> numbering in the error message
descriptions to match the function parameter numbers.
Change-Id: Ibedcaf5793a607acacdb3bc83081599ba508c989
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
Makes the Redfish error reporting interface automatically handle
setting the http status and JSON content in the response object.
When using an AsyncResp object, this allows for simply calling
the Redfish error and returning.
Change-Id: Icfdce2de763225f070e8dd61e591f296703f46bb
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
|
|
The existing way of decoding json structures, while fast has some disadvantages.
1. it's very verbose to write.
2. It requires in depth knowlege of redfish error messages to get
correct.
3. It _can_ lead to undesired behavior, like half of a patch being
applied, if only some of the values have bad types.
This commit implements a new interface for decoding redfish json
named.... readJson. It is a templated function, that lets you decode
json values based on type easily, while still handling all the correct
error codes that were handled previously. Use is done similar to the
example below:
std::string required;
boost::optional<std::string> optional;
if (!json_util::readJson(req, res, "OptionalParam", optional,
"RequiredParam", required))
{
return;
}
if (optional){
// optional param was given, take action.
}
As part of this patchset, the systems schema is moved to the new
interface, which deletes some of the code involved and shows the
improvement in clarity.
Change-Id: I041a97c84d294df8cd4de4c2702e5ee22c0bc120
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit moves the codebase to the lastest clang-format file from
upstream, as well as clang-format-6.0.
Change-Id: Ice8313468097c0c42317fbb9e10ddf036e8cff4c
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This patchset moves bmcweb over to the upstream style naming
conventions for variables, classes, and functions, as well as imposes
the latest clang-format file.
This changeset was mostly built automatically by the included
.clang-tidy file, which has the ability to autoformat and auto rename
variables. At some point in the future I would like to see this in
greater use, but for now, we will impose it on bmcweb, and see how it
goes.
Tested: Code still compiles, and appears to run, although other issues
are possible and likely.
Change-Id: If422a2e36df924e897736b3feffa89f411d9dac1
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This should allow keeping closer to the upstream yocto recipes, and
avoid excess code in the repo
Change-Id: Ib66f7cf69b68bb23f9789580beadf8344cb68cfa
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
This commit is the beginings of attempting to transition away from
crow, and toward boost::beast. Unit tests are passing, and
implementation appears to be slightly faster than crow.
Change-Id: Ic8d946dc7a04f514c67b1098f181eee1ced69171
|
|
These functions are not yet used, but will be required by at least two upcoming
patchsets. This functionality has been cut out from Configuration patchset for
easier merge without having to wait for that commit.
Change-Id: Ibe5d5cefd874d4a2d896b42a2b7cfc17480f3c5a
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
|
|
Added a python script that should be use to generate error_messages.cpp na .hpp
files. These files as are not subject to change in a dynamic manner, should be
regenerated only when MessageRegistry changes.
Tested on x86 Ubuntu VM and Wolfpass platform:
a) No regression in BMCWeb interface
- Went through WebUI observed no changes in functionality
b) No regression in Redfish functionality
- Went through nodes and observed no changes in functionality
- Sessions now return error messages in addition to HTTP codes
Change-Id: I4aba9ee247b6cd2c46a9c158d14bdc7546e9b11b
Signed-off-by: Kowalski, Kamil <kamil.kowalski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
|
- privilege_registry.json has been removed
- PrivilegeProvider class has been removed
- default privileges for nodes are now hard-coded
- privilege overriding feature is not yet implemented
Change-Id: Ic9fdfa1c692c1abd26e339e2a8c702fc4aebd19f
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
|
|
Redfish privilege authorization subsystem controlled by the
privilege_registy.json configuration file.
PropertyOverrides, SubordinateOverrides and ResourceURIOverrides
are not yet implemented.
Change-Id: I4d5670d557f4da172460ada3512e015830dab667
Signed-off-by: Borawski.Lukasz <lukasz.borawski@intel.com>
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
|
