commit 2ccce1f3a04ab72824820a6795878ce01f37a22c
author Ravi Teja <raviteja28031990@gmail.com> Sat Aug 10 04:05:36 2024 -0500
committer Ed Tanous <ed@tanous.net> Fri Aug 23 15:16:12 2024 +0000
tree ad25f6f905d85bae48d7637294541d8d5085f451
parent 05ecd3a9a2bb7d63470a183e23b3a158572003f4

Redfish Session: Implement MFA "Token" property

This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.

Tested by:

Verified redfish session and login redfish commands with or without
TOTP token for MFA enabled/disabled  users.

User authentication with MFA token:
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"root", "Password": "0penBmc","Token":"510760"}'

User authentication without MFA token:
POST https://${bmc}/login -d '{"username" : "newuser", "password"
:"0penBmc"}'

POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"newuser", "Password": "0penBmc"}'

In case of invalid MFA token or password then authentication fails and
returns "ResourceAtUriUnauthorized" error message.

Change-Id: I639163dd3d49ff8ed886f72c99ad264317d59c34
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

include/authentication.hpp

diff --git a/include/authentication.hpp b/include/authentication.hpp
index 1690550..1a05efd 100644
--- a/include/authentication.hpp
+++ b/include/authentication.hpp
@@ -54,7 +54,7 @@
     BMCWEB_LOG_DEBUG("[AuthMiddleware] User IPAddress: {}",
                      clientIp.to_string());
 
-    int pamrc = pamAuthenticateUser(user, pass);
+    int pamrc = pamAuthenticateUser(user, pass, std::nullopt);
     bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
     if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
     {