Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 13548d8598b164684d40f62d6a875f164593f509
commit13548d8598b164684d40f62d6a875f164593f509[log] [tgz]
authorEd Tanous <edtanous@google.com>Fri Jul 22 09:50:44 2022 -0700
committerEd Tanous <ed@tanous.net>Thu Aug 04 15:45:37 2022 +0000
tree5631a9888882072b84abe5e4db531eaae3537cce
parentaefe3786057499a767c5627b0106f0248fa3762d [diff]
Preserve headers from the root object on expand

There is a bug where, when running an expand query, headers from the
response object get dropped.  These headers include OData.type, and the
newly minted Link header, as well as possible others.

This was actually noted in a TODO, although the author of the TODO,
didn't fully understand the consequences at the time, and thought there
was no functional impact.

To resolve this, this commit resolves the TODO, and allows the Response
object to be moved out, instead of having to create a new one, which
preserves all the response state.  To do this, it creates a move
constructor on the Response object for this use.  The move constructor
is relatively benign, with one caveat, that we might be moving while in
a completion handler (as is the most common use).  So both the existing
operator= and Response() move constructor are amended to handle this
case, and simply null out the response object in the copied object,
which would be correct behavior, given that each callback handler should
only be called once per Response object.

Tested:
curl --insecure --user root:0penBmc -vvvv
https://192.168.7.2/redfish/v1\?\$expand\=\*\(\$levels\=2\)

returns the same body as previously, now with the included:
OData-Version: 4.0
Allow: Get

headers in the response.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I221364dd4304903b37cacb1386f621b073a0a891
3 files changed
tree: 5631a9888882072b84abe5e4db531eaae3537cce
  1. .github/
  2. http/
  3. include/
  4. redfish-core/
  5. scripts/
  6. src/
  7. static/
  8. subprojects/
  9. .clang-format
  10. .clang-ignore
  11. .clang-tidy
  12. .dockerignore
  13. .gitignore
  14. .shellcheck
  15. bmcweb.service.in
  16. bmcweb.socket.in
  17. bmcweb_config.h.in
  18. build_x86.sh
  19. build_x86_docker.sh
  20. CLIENTS.md
  21. COMMON_ERRORS.md
  22. DEVELOPING.md
  23. Dockerfile
  24. Dockerfile.base
  25. HEADERS.md
  26. LICENSE
  27. meson.build
  28. meson_options.txt
  29. OEM_SCHEMAS.md
  30. OWNERS
  31. pam-webserver
  32. README.md
  33. Redfish.md
  34. run-ci
  35. setup.cfg
  36. TESTING.md
README.md

OpenBMC webserver

This component attempts to be a "do everything" embedded webserver for OpenBMC.

Features

The webserver implements a few distinct interfaces:

  • DBus event websocket. Allows registering on changes to specific dbus paths, properties, and will send an event from the websocket if those filters match.
  • OpenBMC DBus REST api. Allows direct, low interference, high fidelity access to dbus and the objects it represents.
  • Serial: A serial websocket for interacting with the host serial console through websockets.
  • Redfish: A protocol compliant, (Redfish.md)[DBus to Redfish translator].
  • KVM: A websocket based implementation of the RFB (VNC) frame buffer protocol intended to mate to webui-vue to provide a complete KVM implementation.

Protocols

bmcweb at a protocol level supports http and https. TLS is supported through OpenSSL.

AuthX

Authentication

Bmcweb supports multiple authentication protocols:

  • Basic authentication per RFC7617
  • Cookie based authentication for authenticating against webui-vue
  • Mutual TLS authentication based on OpenSSL
  • Session authentication through webui-vue
  • XToken based authentication conformant to Redfish DSP0266

Each of these types of authentication is able to be enabled or disabled both via runtime policy changes (through the relevant Redfish APIs) or via configure time options. All authentication mechanisms supporting username/password are routed to libpam, to allow for customization in authentication implementations.

Authorization

All authorization in bmcweb is determined at routing time, and per route, and conform to the Redfish PrivilegeRegistry.

*Note: Non-Redfish functions are mapped to the closest equivalent Redfish privilege level.

Configuration

bmcweb is configured per the meson build files. Available options are documented in meson_options.txt

Compile bmcweb with default options:

meson builddir
ninja -C builddir

If any of the dependencies are not found on the host system during configuration, meson will automatically download them via its wrap dependencies mentioned in bmcweb/subprojects.

Debug logging

bmcweb by default is compiled with runtime logging disabled, as a performance consideration. To enable it in a standalone build, add the

-Dlogging='enabled'

option to your configure flags. If building within Yocto, add the following to your local.conf.

EXTRA_OEMESON:pn-bmcweb:append = "-Dbmcweb-logging='enabled'"

Use of persistent data

bmcweb relies on some on-system data for storage of persistent data that is internal to the process. Details on the exact data stored and when it is read/written can seen from the persistent_data namespace.

TLS certificate generation

When SSL support is enabled and a usable certificate is not found, bmcweb will generate a self-signed a certificate before launching the server. Please see the bmcweb source code for details on the parameters this certificate is built with.