commit | 5e52870bbadc7e35ff47325ffa668a6b82bf9c4a | [log] [tgz] |
---|---|---|
author | Ed Tanous <edtanous@google.com> | Tue Apr 26 10:20:25 2022 -0700 |
committer | Ed Tanous <ed@tanous.net> | Thu Apr 28 17:55:32 2022 +0000 |
tree | 53f2050ca3c48ff1157c9f0f8d4cddda09926f8b | |
parent | 3d768a165183dd8cf7e485ac67ab7270845d5f87 [diff] |
Make insecure-enable-redfish-query more specific insecure-enable-redfish-query is really only intended to protect the user from things that might run the system out of resources, like expand, or complex filter queries (ie queries that might pop the stack). This commit message moves the location where the parameters are enabled/disabled into the parser itself, such that some parameters (like top and skip in the next commit) can be executed outside of this option flag. Because of moving the expand support deeper in the call stack, some unit tests now need to be aware of whether or not expand is supported in the configuration. Tested: Enabled query option through local.conf with EXTRA_OEMESON:pn-bmcweb:append = "-Dinsecure-enable-redfish-query='enabled'" Then did: curl --insecure --user root:0penBmc https://192.168.7.2/redfish/v1\?\$expand\=\* Query expanded as expected; set insecure-enable-redfish-query='disabled' and observed that the same curl query returned QueryParameterValueFormatError, which is expected. Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: I24fbc2c9f64628d6457dd117b61ff22b276b0682
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Dbuildtype=debug ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja -C builddir test ninja -C builddir coverage
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.