commit | d4b6c66034de374cf0b14e05b0d20e87a8cefaf3 | [log] [tgz] |
---|---|---|
author | Ed Tanous <edtanous@google.com> | Wed Mar 10 13:29:30 2021 -0800 |
committer | Ed Tanous <ed@tanous.net> | Mon Apr 26 19:11:36 2021 +0000 |
tree | 4c00cad1d77272925af143531b19d898ac2f84d5 | |
parent | 1a6258dc985cde406d9098130e4a2d683e82beb2 [diff] |
Fix infinite redirect when webui isn't installed In the begining, bmcweb had its own webui checked in as source. Largely conceived of clay, and built by someone that doesn't understand UI development (me), it was eventually superceeded by phosphor-webui. When we did that, we created a bug where bmcweb was expecting a UI to always be installed, and when it wasn't resolved into an infinite recursive redirect as it tried to find the login page. This patchset fixes that, by adding a connection between the authorization class, and the webassets class, for bmcweb to detect at runtime whether or not the UI is installed, and change behavior in that case. Along the way, we got a circular #include, so some includes needed to be rearranged slightly. This patchset will change no behavior when the UI is installed. Login failures will continue to redirect to /, to hit the login page. If the UI is not installed, and there is no / route, BMCWEB will return the plaintext UNAUTHORIZED if you attempt to open the webui from the browser without having a webui installed and without having credentials. Tested: Launched in a build without webui-vue, and observed "UNAUTHORIZED" when I connected through chrome. Also launched in a build with webui-vue installed with: IMAGE_INSTALL_append = "webui-vue" And loaded the webui in chrome, and logged in successfully. Signed-off-by: Ed Tanous <edtanous@google.com> Change-Id: Iac9b83ba9e80d434479685b082d547847cdfe309
This component attempts to be a "do everything" embedded webserver for openbmc.
At this time, the webserver implements a few interfaces:
BMCWeb is configured by setting -D
flags that correspond to options in bmcweb/meson_options.txt
and then compiling. For example, meson <builddir> -Dkvm=disabled ...
followed by ninja
in build directory. The option names become C++ preprocessor symbols that control which code is compiled into the program.
meson builddir ninja -C builddir
meson builddir -Dbuildtype=minsize -Db_lto=true -Dtests=disabled ninja -C buildir
If any of the dependencies are not found on the host system during configuration, meson automatically gets them via its wrap dependencies mentioned in bmcweb/subprojects
.
meson builddir -Dwrap_mode=nofallback ninja -C builddir
meson builddir -Db_coverage=true -Dtests=enabled ninja coverage -C builddir test
When BMCWeb starts running, it reads persistent configuration data (such as UUID and session data) from a local file. If this is not usable, it generates a new configuration.
When BMCWeb SSL support is enabled and a usable certificate is not found, it will generate a self-sign a certificate before launching the server. The keys are generated by the secp384r1
algorithm. The certificate
C=US, O=OpenBMC, CN=testhost
,SHA-256
algorithm.