Redfish Session: Implement MFA "Token" property
This commit implements multi-factor authentication "Token" property to
create redfish sessions when multi-factor token authentication enabled.
Tested by:
Verified redfish session and login redfish commands with or without
TOTP token for MFA enabled/disabled users.
User authentication with MFA token:
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"root", "Password": "0penBmc","Token":"510760"}'
User authentication without MFA token:
POST https://${bmc}/login -d '{"username" : "newuser", "password"
:"0penBmc"}'
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName"
:"newuser", "Password": "0penBmc"}'
In case of invalid MFA token or password then authentication fails and
returns "ResourceAtUriUnauthorized" error message.
Change-Id: I639163dd3d49ff8ed886f72c99ad264317d59c34
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index 225e872..d449b59 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp
@@ -211,12 +211,13 @@
std::string username;
std::string password;
std::optional<std::string> clientId;
+ std::optional<std::string> token;
if (!json_util::readJsonPatch(req, asyncResp->res, "UserName", username,
- "Password", password, "Context", clientId))
+ "Password", password, "Token", token,
+ "Context", clientId))
{
return;
}
-
if (password.empty() || username.empty() ||
asyncResp->res.result() != boost::beast::http::status::ok)
{
@@ -233,7 +234,7 @@
return;
}
- int pamrc = pamAuthenticateUser(username, password);
+ int pamrc = pamAuthenticateUser(username, password, token);
bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
{