commit | 1ec43ee36d52f415261b27653b1ba6311ebb5bfe | [log] [tgz] |
---|---|---|
author | Gunnar Mills <gmills@us.ibm.com> | Tue Jan 04 15:39:52 2022 -0600 |
committer | Ed Tanous <ed@tanous.net> | Wed Jan 05 19:42:04 2022 +0000 |
tree | 13dd3a23d996819f22b63bf191721018a4906306 | |
parent | 5ac5a2f4881c83d453fa517f8f1ebe49593939a3 [diff] |
Fix AccountService patch privileges This got broke when moving to the Automate PrivilegeRegistry and was correct before. https://github.com/openbmc/bmcweb/commit/f5ffd8062e556cb3bdf5f441dd393e784b771e85 https://github.com/openbmc/bmcweb/blame/2c37b4b0f465344aeea311efd61fd9a217ad8e3e/redfish-core/lib/account_service.hpp#L569 This is moving AccountService patch privilege from Login to ConfigureUsers, moving to what it was before. Without this change a ReadOnly user could set the AccountUnlockTimeout and patch LDAP. Tested: None. WIP. Change-Id: I7fe3727e0909fe5c94b655bbb3bbc7ce7b3c842a Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Dbuildtype=debug ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.