commit | 78158631aeab5b77ea9a5f566508285cb839fadf | [log] [tgz] |
---|---|---|
author | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | Tue Nov 05 12:57:37 2019 +0100 |
committer | Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> | Thu Nov 07 06:39:29 2019 +0000 |
tree | 71d49ec71414858c532c121df98c9b6b629e7987 | |
parent | 1f8c7b5d6a679a38b82261060310b876079d0f8b [diff] |
Auth methods configuration Added Oem extension for AccountService allowing user to configure which authentication methods should be enabled. User is now able to turn on and off authentication methods like BasicAuth, XToken, etc. User is not allowed to turn off all of the methods at once - at least one method has to be active to prevent lock-out. This configuration is persistent, will be saved on file-system and will be loaded on bmcweb's restart. Tested: No regression found in manual testing. By default everything works as before, and disabling auth method prevents user to authenticate by it. Tested that user is not allowed to disable all the methods - either in one PATCH or by disabling them one at a time. ServiceValidator run with success. This change is a fix for this request: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/23590/18 which was revert here: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/26869 Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com> Change-Id: I66b5ad423746f1992070a14f2983a07b1320190e
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/CMakeLists.txt
and then compiling. For example, cmake -DBMCWEB_ENABLE_KVM=NO ...
followed by make
. The option names become C++ preprocessor symbols that control which code is compiled into the program.
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the prime256v1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.