search

DMTF / Redfishtool

A Python34 program that implements a command line tool for accessing the Redfish API.
Other
224 stars 68 forks source link

Question - Can a token be generated from redfishtool? #110

Closed zmance-ddn closed 10 months ago

zmance-ddn commented 10 months ago

Here is how I can generate token with curl command. How can I do the same with this tool? As a test, I tried using token from curl command with RFT, but was still not able to connect.

Is it because I need to use insecure method (like curl cmd?) Any help? Do I have set headers and use raw http commands?

user@host-1:~$ curl --insecure -H "Content-Type: application/json" -X POST -D headers.txt https://${bmc}/redfish/v1/SessionService/Sessions -d    '{"UserName":"root", "Password":"password"}'
{"@odata.context":"/redfish/v1/$metadata#Session.Session","@odata.etag":"\"1698550108\"","@odata.id":"/redfish/v1/SessionService/Sessions/2401af5cb65750c5359ecadd4d07bce0","@odata.type":"#Session.v1_2_1.Session","Description":"Session for user root","Id":"2401af5cb65750c

user@host-1:~$ redfishtool -r <ip address>/redfish -t 2401af5cb65750c5359ecadd4d07bce0 --Auth Session versions
   redfishtool: Transport: Can't connect to remote redfish service. Aborting command
   redfishtool: Transport Error. No response
mraineri commented 10 months ago

Yes, there's a SessionService subcommand that lets you both create and delete sessions.

You'd first make the session like this:

> redfishtool -u root -p password -r 192.168.1.50 SessionService login
{
    "SessionId": "2",
    "SessionLocation": "/redfish/v1/SessionService/Sessions/2",
    "X-Auth-Token": "MY_SESSION_TOKEN"
}

Copy the SessionId and X-Auth-Token; SessionId is used to log out, and X-Auth-Token is used in subsequent requests.

You then use the token with the -t argument, or use it in another tool you have.

> redfishtool -t MY_SESSION_TOKEN -r 192.168.1.50 --Auth Session Systems list
{
    "_Path": "/redfish/v1/Systems",
    "Name": "System Collection",
    "Members@odata.count": 1,
    "Members": [
        {
            "Id": "1",
            "@odata.id": "/redfish/v1/Systems/1",
            "AssetTag": ""
        }
    ]
}

When done, you delete the session like this:

> redfishtool -t MY_SESSION_TOKEN -r 192.168.1.50 --Auth Session SessionService logout -i 2
mraineri commented 10 months ago

Also take note that in your curl request, the Id property 2401af5cb65750c5359ecadd4d07bce0 is not the same as the token for subsequent request. If it turns out they are the same, that can lead to someone potentially hijacking another user's sessions if they have the ability to view the session list.

You'll need to view the X-Auth-Token response header from your curl request to see the actual token (which in your case is in your headers.txt file), and use that value with the -t argument in redfishtool.

zmance-ddn commented 10 months ago

@mraineri Thank you for the quick response. I appreciate the gentle reminder to RTFM =)