Redfish Session : Support ClientOriginIPAddress
This commit implements the ClientOriginIPAddress property on
the session resource. The IP address is persisted across the reboot
Tested by:
1. Create session
POST https://${bmc}/redfish/v1/SessionService/Sessions -d '{"UserName":<>, "Password":<>}'
2. Check the session gets updated with the ClientOriginIPAddress
GET https://${bmc}/redfish/v1/SessionService/Sessions/<id>
3. Redfish validator passed
4. Create session and reboot the BMC to ensure the IP address is persisted
5. Tested the basic auth populates the clientIp at req
Signed-off-by: Sunitha Harish <sunharis@in.ibm.com>
Change-Id: Iaa60d0657c991bde4bcf6c86819055c71c92e421
diff --git a/include/authorization.hpp b/include/authorization.hpp
index e965508..0f73e96 100644
--- a/include/authorization.hpp
+++ b/include/authorization.hpp
@@ -35,7 +35,8 @@
}
static std::shared_ptr<persistent_data::UserSession>
- performBasicAuth(std::string_view auth_header)
+ performBasicAuth(const boost::asio::ip::address& clientIp,
+ std::string_view auth_header)
{
BMCWEB_LOG_DEBUG << "[AuthMiddleware] Basic authentication";
@@ -60,6 +61,8 @@
std::string pass = authData.substr(separator);
BMCWEB_LOG_DEBUG << "[AuthMiddleware] Authenticating user: " << user;
+ BMCWEB_LOG_DEBUG << "[AuthMiddleware] User IPAddress: "
+ << clientIp.to_string();
int pamrc = pamAuthenticateUser(user, pass);
bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
@@ -76,7 +79,7 @@
// calling directly into pam for every request
return persistent_data::SessionStore::getInstance().generateUserSession(
user, persistent_data::PersistenceType::SINGLE_REQUEST,
- isConfigureSelfOnly);
+ isConfigureSelfOnly, clientIp.to_string());
}
static std::shared_ptr<persistent_data::UserSession>
@@ -269,7 +272,7 @@
else if (boost::starts_with(authHeader, "Basic ") &&
authMethodsConfig.basic)
{
- req.session = performBasicAuth(authHeader);
+ req.session = performBasicAuth(req.ipAddress, authHeader);
}
}
}
diff --git a/include/login_routes.hpp b/include/login_routes.hpp
index 1f7b35a..6879de0 100644
--- a/include/login_routes.hpp
+++ b/include/login_routes.hpp
@@ -141,7 +141,7 @@
.generateUserSession(
username,
persistent_data::PersistenceType::TIMEOUT,
- isConfigureSelfOnly);
+ isConfigureSelfOnly, req.ipAddress.to_string());
if (looksLikePhosphorRest)
{
diff --git a/include/persistent_data.hpp b/include/persistent_data.hpp
index 19c424a..0ff0c7e 100644
--- a/include/persistent_data.hpp
+++ b/include/persistent_data.hpp
@@ -193,6 +193,7 @@
{"session_token", p.second->sessionToken},
{"username", p.second->username},
{"csrf_token", p.second->csrfToken},
+ {"client_ip", p.second->clientIp},
#ifdef BMCWEB_ENABLE_IBM_MANAGEMENT_CONSOLE
{"client_id", p.second->clientId},
#endif