Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supermicro no CSRF #364

Merged
merged 2 commits into from
Nov 13, 2023
Merged

Supermicro no CSRF #364

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ecc1fb3
supermicro: support SMC BMCs that don't implement CSRF tokens
joelrebel Nov 9, 2023
f0ee7ed
providers/smc: purge unused error
joelrebel Nov 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion providers/supermicro/firmware.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ var (
"X12STH-SYS",
}

errUnexpectedModel = errors.New("unexpected device model")
errUploadTaskIDExpected = errors.New("expected an firmware upload taskID")
)

Expand Down
13 changes: 9 additions & 4 deletions providers/supermicro/floppy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,18 +50,23 @@

var payloadBuffer bytes.Buffer

formParts := []struct {
type form struct {

Check warning on line 53 in providers/supermicro/floppy.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/floppy.go#L53 

Added line #L53 was not covered by tests
name string
data io.Reader
}{
}

formParts := []form{

Check warning on line 58 in providers/supermicro/floppy.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/floppy.go#L58 

Added line #L58 was not covered by tests
{
name: "img_file",
data: image,
},
{
}

if c.serviceClient.csrfToken != "" {
formParts = append(formParts, form{

Check warning on line 66 in providers/supermicro/floppy.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/floppy.go#L65-L66 

Added lines #L65 - L66 were not covered by tests
name: "csrf-token",
data: bytes.NewBufferString(c.serviceClient.csrfToken),
},
})

Check warning on line 69 in providers/supermicro/floppy.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/floppy.go#L69 

Added line #L69 was not covered by tests
}

payloadWriter := multipart.NewWriter(&payloadBuffer)
Expand Down
15 changes: 8 additions & 7 deletions providers/supermicro/supermicro.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ var (
providers.FeatureFirmwareUpload,
providers.FeatureFirmwareInstallUploaded,
providers.FeatureFirmwareTaskStatus,
providers.FeatureFirmwareInstallSteps,
}
)

Expand Down Expand Up @@ -168,12 +169,12 @@ func (c *Client) Open(ctx context.Context) (err error) {
return errors.Wrap(bmclibErrs.ErrLoginFailed, strconv.Itoa(status))
}

token := parseToken(contentsTopMenu)
if token == "" {
return errors.Wrap(bmclibErrs.ErrLoginFailed, "could not parse CSRF-TOKEN from page")
}

c.serviceClient.setCsrfToken(token)
// Note: older firmware version on the X11s don't use a CSRF token
// so here theres no explicit requirement for it to be found.
//
// X11DPH-T 01.71.11 10/25/2019
csrfToken := parseToken(contentsTopMenu)
c.serviceClient.setCsrfToken(csrfToken)

c.bmc, err = c.bmcQueryor(ctx)
if err != nil {
Expand Down Expand Up @@ -246,7 +247,7 @@ func parseToken(body []byte) string {
return ""
}

re, err := regexp.Compile(`"CSRF_TOKEN", "(?P<token>.*)"`)
re, err := regexp.Compile(fmt.Sprintf(`"%s", "(?P<token>.*)"`, key))
if err != nil {
return ""
}
Expand Down
5 changes: 5 additions & 0 deletions providers/supermicro/supermicro_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,11 @@ func TestParseToken(t *testing.T) {
[]byte(`<script>SmcCsrfInsert ("CSRF_TOKEN", "RYjdEjWIhU+PCRFMBP2ZRPPePcQ4n3dM3s+rCgTnBBU");</script></body>`),
"RYjdEjWIhU+PCRFMBP2ZRPPePcQ4n3dM3s+rCgTnBBU",
},
{
"token with key type 5 found",
[]byte(`<script>SmcCsrfInsert ("CSRF-TOKEN", "RYjdEjWIhU+PCRFMBP2ZRPPePcQ4n3dM3s+rCgTnBBU");</script></body>`),
"RYjdEjWIhU+PCRFMBP2ZRPPePcQ4n3dM3s+rCgTnBBU",
},
}

for _, tc := range testcases {
Expand Down
13 changes: 9 additions & 4 deletions providers/supermicro/x11_firmware_bios.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,18 +195,23 @@
var payloadBuffer bytes.Buffer
var err error

formParts := []struct {
type form struct {

Check warning on line 198 in providers/supermicro/x11_firmware_bios.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/x11_firmware_bios.go#L198 

Added line #L198 was not covered by tests
name string
data io.Reader
}{
}

formParts := []form{

Check warning on line 203 in providers/supermicro/x11_firmware_bios.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/x11_firmware_bios.go#L203 

Added line #L203 was not covered by tests
{
name: "bios_rom",
data: fwReader,
},
{
}

if c.csrfToken != "" {
formParts = append(formParts, form{

Check warning on line 211 in providers/supermicro/x11_firmware_bios.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/x11_firmware_bios.go#L210-L211 

Added lines #L210 - L211 were not covered by tests
name: "csrf-token",
data: bytes.NewBufferString(c.csrfToken),
},
})

Check warning on line 214 in providers/supermicro/x11_firmware_bios.go

View check run for this annotation

Codecov / codecov/patch

providers/supermicro/x11_firmware_bios.go#L214 

Added line #L214 was not covered by tests
}

payloadWriter := multipart.NewWriter(&payloadBuffer)
Expand Down
13 changes: 9 additions & 4 deletions providers/supermicro/x11_firmware_bmc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,18 +106,23 @@ func (c *x11) uploadBMCFirmware(ctx context.Context, fwReader io.Reader) error {
var payloadBuffer bytes.Buffer
var err error

formParts := []struct {
type form struct {
name string
data io.Reader
}{
}

formParts := []form{
{
name: "fw_image",
data: fwReader,
},
{
}

if c.csrfToken != "" {
formParts = append(formParts, form{
name: "csrf-token",
data: bytes.NewBufferString(c.csrfToken),
},
})
}

payloadWriter := multipart.NewWriter(&payloadBuffer)
Expand Down