commit | ba95fcc4f762f15c5fd8a20dcfa0cb38c06c86ab | [log] [tgz] |
---|---|---|
author | P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> | Mon Jul 12 21:47:59 2021 +0530 |
committer | Ed Tanous <ed@tanous.net> | Tue Jul 20 00:26:53 2021 +0000 |
tree | a2181882b587fdded70c269ed4264372aa10cd79 | |
parent | 4f9637fafd37b19c795367f79e4ea668de146553 [diff] |
Restructure pam conversation function Altered return values form the function. With the earlier implementation, the function returned PAM_AUTH_ERR on failure scenarios which is incorrect. Replaced PAM_AUTH_ERR with PAM_CONV_ERR and PAM_BUF_ERR at respetive places. Added a check for number of messages received by the conversation function capped at PAM_MAX_NUM_MSG. Added a check for password size, which is capped at PAM_MAX_RESP_SIZE as the bytes in the password greater than this limit would be discarded by PAM. Though pam_response structure and response, which are dynamically allocated by the pam conversation function are the responsibility of the caller to free them, with the current implemention, there is a possibility of memory leak when numMsg would be zero or if PAM_PROMPT_ECHO_OFF message never arrived. This commit fixes the possible memory leak by allocating only on receiving PAM_PROMPT_ECHO_OFF message. Tested: - Basic Authencation is functional. - POST on /redfish/v1/SessionService/Sessions was succesfull with the right credentials - POST on /redfish/v1/AccountService was successfull when the password was within the limit, and returned a failure when password length exceeded the limit. Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com> Change-Id: Idfa41d94d5a01b62aec119f88cbdaab1523ad936
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Dbuildtype=debug ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.