commit | 1b1b43f20a1f52d014f6435232c19c1d9c8fa337 | [log] [tgz] |
---|---|---|
author | jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | Sat Mar 28 22:56:06 2020 +0000 |
committer | jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> | Sun Mar 29 12:17:28 2020 +0000 |
tree | f7611a86d1e0b86706be51c42ae0d0f7690577c0 | |
parent | 12c7f4388b58a974265827ab62d3981ba98ed8f2 [diff] |
Sensor override allow only by Admin priv user Issue: As per https://redfish.dmtf.org/registries/ Redfish_1.0.4_PrivilegeRegistry.json patch method for Thermal & Power must be allowed for ConfigureManager only Fix: So restrict only Admin privilege user can override sensor values from Redfish. Tested: 1. Redfish validator - passed for this new change 2. Patch sensor values from Redfish for Thermal using Admin privilege user Redfish URI: PATCH https://<BMC-IP>/redfish/v1/Chassis/WC_Baseboard/Thermal Body: { "Temperatures": [ { "MemberId": "SSB_Temp", "ReadingCelsius":112 } ] } Response: { "@odata.id": "/redfish/v1/Chassis/WC_Baseboard/Thermal", "@odata.type": "#Thermal.v1_4_0.Thermal", "Fans": [], "Id": "Thermal", "Name": "Thermal", "Temperatures": [] } 3. Sensor value Overridden successfully when Authorized by admin privilege user 4. Verified by operator privilege user. Not successful. Response : Forbidden. 5. Verified for Power sensor values and allowed only by admin privilege user. 6. Verified for manufacturing mode, Validation unsecure mode and non-manufacturing mode. Signed-off-by: jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Change-Id: I9a089a9341d12beac9625f1877e1ab047f5d6f46
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/CMakeLists.txt
and then compiling. For example, cmake -DBMCWEB_ENABLE_KVM=NO ...
followed by make
. The option names become C++ preprocessor symbols that control which code is compiled into the program.
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.