Redfish: Allow disabling and enabling SSH
This patch adds support for disabling and enabling SSH using
Redfish API.
Tested:Validator passes
1.Disabled SSH from Redfish and verified cannot open a new SSH
connection to the machine, but the original SSH connection still
takes effect and verified ProtocolEnabled is false for SSH.
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
...
}
curl -k -H "X-Auth-Token: $token" -X PATCH '-d
{"SSH": {"ProtocolEnabled": false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
Open a new SSH connection:
sudo ssh username@<IP>
ssh: connect to host <IP> port 22: Connection refused
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": false
},
...
}
D-bus has changed to :
busctl introspect xyz.openbmc_project.Control.Service.Manager
/xyz/openbmc_project/control/service/dropbear
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
... ... ...
xyz.openbmc_project.Control.Service.Attributes interface
.Enabled property b false emits-change writable
.Masked property b false emits-change writable
.Running property b false emits-change writable
...
2.Abled SSH from Redfish, verified can open a new SSH
connection to the machine and ProtocolEnabled is true for SSH.
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": false
},
...
}
curl -k -H "X-Auth-Token: $token" -X PATCH '-d
{"SSH": {"ProtocolEnabled": false}}'
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
Open a new SSH connection:
sudo ssh username@<IP>
Successfully connected
curl -k -H "X-Auth-Token: $token" -X GET
https://${bmc}/redfish/v1/Managers/bmc/NetworkProtocol/
{
"@odata.id": "/redfish/v1/Managers/bmc/NetworkProtocol",
...
"SSH": {
"Port": 22,
"ProtocolEnabled": true
},
...
}
D-bus has changed to :
busctl introspect xyz.openbmc_project.Control.Service.Manager
/xyz/openbmc_project/control/service/dropbear
NAME TYPE SIGNATURE RESULT/VALUE FLAGS
... ... ...
xyz.openbmc_project.Control.Service.Attributes interface
.Enabled property b true emits-change writable
.Masked property b false emits-change writable
.Running property b true emits-change writable
...
Signed-off-by: Albert Zhang <zhanghaodi@inspur.com>
Change-Id: Ifd80db4d33934e83d4e5f337e5dfd02b4ba39018
diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp
index e0b5dac..d82c252 100644
--- a/redfish-core/lib/network_protocol.hpp
+++ b/redfish-core/lib/network_protocol.hpp
@@ -351,28 +351,23 @@
std::variant<std::vector<std::string>>{ntpServers});
}
-void handleIpmiProtocolEnabled(
- const bool ipmiProtocolEnabled,
- const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
+void handleProtocolEnabled(const bool protocolEnabled,
+ const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
+ const std::string_view netBasePath)
{
crow::connections::systemBus->async_method_call(
- [ipmiProtocolEnabled,
- asyncResp](const boost::system::error_code ec,
- const crow::openbmc_mapper::GetSubTreeType& subtree) {
+ [protocolEnabled, asyncResp,
+ netBasePath](const boost::system::error_code ec,
+ const crow::openbmc_mapper::GetSubTreeType& subtree) {
if (ec)
{
messages::internalError(asyncResp->res);
return;
}
- constexpr char const* netipmidBasePath =
- "/xyz/openbmc_project/control/service/"
- "phosphor_2dipmi_2dnet_40";
-
for (const auto& entry : subtree)
{
- if (boost::algorithm::starts_with(entry.first,
- netipmidBasePath))
+ if (boost::algorithm::starts_with(entry.first, netBasePath))
{
crow::connections::systemBus->async_method_call(
[asyncResp](const boost::system::error_code ec2) {
@@ -385,7 +380,7 @@
entry.second.begin()->first, entry.first,
"org.freedesktop.DBus.Properties", "Set",
"xyz.openbmc_project.Control.Service.Attributes",
- "Running", std::variant<bool>{ipmiProtocolEnabled});
+ "Running", std::variant<bool>{protocolEnabled});
crow::connections::systemBus->async_method_call(
[asyncResp](const boost::system::error_code ec2) {
@@ -398,7 +393,7 @@
entry.second.begin()->first, entry.first,
"org.freedesktop.DBus.Properties", "Set",
"xyz.openbmc_project.Control.Service.Attributes",
- "Enabled", std::variant<bool>{ipmiProtocolEnabled});
+ "Enabled", std::variant<bool>{protocolEnabled});
}
}
},
@@ -459,9 +454,11 @@
std::optional<std::string> newHostName;
std::optional<nlohmann::json> ntp;
std::optional<nlohmann::json> ipmi;
+ std::optional<nlohmann::json> ssh;
if (!json_util::readJson(req, asyncResp->res, "NTP", ntp,
- "HostName", newHostName, "IPMI", ipmi))
+ "HostName", newHostName, "IPMI", ipmi,
+ "SSH", ssh))
{
return;
}
@@ -515,8 +512,28 @@
if (ipmiProtocolEnabled)
{
- handleIpmiProtocolEnabled(*ipmiProtocolEnabled,
- asyncResp);
+ handleProtocolEnabled(
+ *ipmiProtocolEnabled, asyncResp,
+ "/xyz/openbmc_project/control/service/"
+ "phosphor_2dipmi_2dnet_40");
+ }
+ }
+
+ if (ssh)
+ {
+ std::optional<bool> sshProtocolEnabled;
+ if (!json_util::readJson(*ssh, asyncResp->res,
+ "ProtocolEnabled",
+ sshProtocolEnabled))
+ {
+ return;
+ }
+
+ if (sshProtocolEnabled)
+ {
+ handleProtocolEnabled(
+ *sshProtocolEnabled, asyncResp,
+ "/xyz/openbmc_project/control/service/dropbear");
}
}
});