commit | 961c9d9cb05b8da1e4fa8f8e04872dad3b234879 | [log] [tgz] |
---|---|---|
author | Gunnar Mills <gmills@us.ibm.com> | Tue Jun 18 07:39:22 2019 -0500 |
committer | Ed Tanous <ed.tanous@intel.com> | Thu Jun 20 16:39:35 2019 +0000 |
tree | 8572de52133e66ed2363088c5592e83114b3e73c | |
parent | 00a5eddc7bb95cd5654988156dd61c0bd89c425f [diff] |
Response for insufficient privileges to 403 Currently, if the user does not have sufficient privileges a 401 (Unauthorized) is returned. A 403 (Forbidden) should be returned instead. This change does this. The Web Interface forces the user to reauthenticate on a 401. https://github.com/openbmc/phosphor-webui/blob/e364faa0314c8c98a31260bf69df78a104b106a1/app/common/services/apiInterceptor.js#L50 Maybe not the best policy but a 401 roughly means "Not or incorrectly authenticated, please reauthenticate". A 403 roughly means "As this user you don't have permission". See https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses and http://www.dirv.me/blog/2011/07/18/understanding-403-forbidden/index.html Tested: None. Change-Id: I07a89dc542002c6aeb66da96822fdb466528c383 Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/CMakeLists.txt
and then compiling. For example, cmake -DBMCWEB_ENABLE_KVM=NO ...
followed by make
. The option names become C++ preprocessor symbols that control which code is compiled into the program.
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the prime256v1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.The crow project has had a number of additions to make it more useful for use in the OpenBmc Project. A non-exhaustive list is below. At the time of this writing, the crow project is not accepting patches, so for the time being crow will simply be checked in as is.