Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / obmc-console / 533f9702a3ce08b38011045e07cb3c078788970f^! / .
commit533f9702a3ce08b38011045e07cb3c078788970f[log] [tgz]
authorNinad Palsule <ninadpalsule@us.ibm.com>Thu Mar 09 10:05:40 2023 -0600
committerAndrew Jeffery <andrew@aj.id.au>Fri Apr 21 01:36:28 2023 +0000
treea9d933b4fd6ec99171447f713fb350c3dfc8af36
parent59d29a9f6e86ebe7663555904be08adaf6ebc981 [diff]
Changes for new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group.

Note: The changes are spread across multiple repositories listed under
"Related commits:"

The obmc-console changes to incorporate new group are as follows:
- Remove dependency on dropbear.default file by adding new default file
  dropbear.env for obmc-console. This file is required for obmc
  services. This file is added in obmc-console-ssh@.service.in and
  use-socket.conf
- In future we can add file /etc/obmc-console/dropbear.%i.env for port
  specific configuration.

Tested:
  Loaded on system and qemu eumulator. Made sure that the new file
  contents are reflected on the system.

Related commits:
  docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
  phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
  openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
  obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
  bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580

Change-Id: Id080d0cf1c8dea7c383bc040c988dae2b4a09800
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>

diff --git a/conf/obmc-console-ssh@.service.d/use-socket.conf.in b/conf/obmc-console-ssh@.service.d/use-socket.conf.in
index bd27077..99fc9e3 100644
--- a/conf/obmc-console-ssh@.service.d/use-socket.conf.in
+++ b/conf/obmc-console-ssh@.service.d/use-socket.conf.in

@@ -1,4 +1,5 @@
 [Service]
+EnvironmentFile=-/etc/obmc-console/dropbear.env
 ExecStart=
 ExecStart=-/usr/sbin/dropbear -r ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key -c "/usr/bin/obmc-console-client" -i $DROPBEAR_EXTRA_ARGS
 StandardInput=socket

diff --git a/conf/obmc-console-ssh@.service.in b/conf/obmc-console-ssh@.service.in
index 4091924..098dd55 100644
--- a/conf/obmc-console-ssh@.service.in
+++ b/conf/obmc-console-ssh@.service.in

@@ -6,7 +6,8 @@
 [Service]
 # Unit defaults to a templated service
 Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"
-EnvironmentFile=/etc/default/dropbear
+EnvironmentFile=/etc/obmc-console/dropbear.env
+EnvironmentFile=-/etc/obmc-console/dropbear.%i.env
 EnvironmentFile=-/etc/default/obmc-console-client
 ExecStart=/usr/sbin/dropbear -K 5 -r ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key -c "/usr/bin/obmc-console-client -c /etc/obmc-console/client.%i.conf" -p %i -F $DROPBEAR_EXTRA_ARGS
 SyslogIdentifier=console-client-%i