bmcweb: Handle ConfigureSelf privilege
Enhances BMCWeb to correctly handle the Redfish ConfigureSelf privilege.
Redfish document DSP2046 defines the ConfigureSelf privilege as
"Can change the password for the current user account and log out of
their own sessions." This notion is formalized in the Redfish DSP8011
PrivilegeRegistry where ConfigureSelf appears in three operations:
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) GET operation.
- ManagerAccount (/redfish/v1/AccountService/Accounts/{account}) PATCH
Password property override.
- Session (/redfish/v1/SessionService/Sessions/{sessionid}) DELETE operation.
Tested: Yes, tested the above operations using users with various Roles to
determine which operations are allowed.
ReadOnly users (privileges: Login, ConfigureSelf):
- Can GET their own account.
- Can change their password.
- Can log out.
- Cannot change any other properties of their own account.
- Cannot change anyone else's password.
- Cannot GET someone else's account.
- Cannot log out anyone else.
Operator users (privileges: Login, ConfigureComponents, ConfigureSelf):
- Same access as a ReadOnly user.
Administrator users (all privileges):
- Can do everything Operator can do.
- Can change one or more properties of their account
- Can GET and change properties of someone else's account.
- Can logoff any session.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Change-Id: If8efd71cb9743a59b7c5fe1565804d21e788ea29
diff --git a/redfish-core/include/privileges.hpp b/redfish-core/include/privileges.hpp
index 423f95b..1ca57fa 100644
--- a/redfish-core/include/privileges.hpp
+++ b/redfish-core/include/privileges.hpp
@@ -50,7 +50,8 @@
/**
* @brief Redfish privileges
*
- * Entity privileges and user privileges are represented by this class.
+ * This implements a set of Redfish privileges. These directly represent
+ * user privileges and help represent entity privileges.
*
* Each incoming Connection requires a comparison between privileges held
* by the user issuing a request and the target entity's privileges.
@@ -127,6 +128,28 @@
}
/**
+ * @brief Resets the given privilege in the bitset
+ *
+ * @param[in] privilege Privilege to be reset
+ *
+ * @return None
+ *
+ */
+ bool resetSinglePrivilege(const char* privilege)
+ {
+ for (size_t searchIndex = 0; searchIndex < privilegeNames.size();
+ searchIndex++)
+ {
+ if (privilege == privilegeNames[searchIndex])
+ {
+ privilegeBitset.reset(searchIndex);
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
* @brief Retrieves names of all active privileges for a given type
*
* @param[in] type Base or OEM
@@ -206,9 +229,49 @@
}
}
+/**
+ * @brief The OperationMap represents the privileges required for a
+ * single entity (URI). It maps from the allowable verbs to the
+ * privileges required to use that operation.
+ *
+ * This represents the Redfish "Privilege AND and OR syntax" as given
+ * in the spec and shown in the Privilege Registry. This does not
+ * implement any Redfish property overrides, subordinate overrides, or
+ * resource URI overrides. This does not implement the limitation of
+ * the ConfigureSelf privilege to operate only on your own account or
+ * session.
+ **/
using OperationMap = boost::container::flat_map<boost::beast::http::verb,
std::vector<Privileges>>;
+/* @brief Checks if user is allowed to call an operation
+ *
+ * @param[in] operationPrivilegesRequired Privileges required
+ * @param[in] userPrivileges Privileges the user has
+ *
+ * @return True if operation is allowed, false otherwise
+ */
+inline bool isOperationAllowedWithPrivileges(
+ const std::vector<Privileges>& operationPrivilegesRequired,
+ const Privileges& userPrivileges)
+{
+ // If there are no privileges assigned, there are no privileges required
+ if (operationPrivilegesRequired.empty())
+ {
+ return true;
+ }
+ for (auto& requiredPrivileges : operationPrivilegesRequired)
+ {
+ BMCWEB_LOG_ERROR << "Checking operation privileges...";
+ if (userPrivileges.isSupersetOf(requiredPrivileges))
+ {
+ BMCWEB_LOG_ERROR << "...success";
+ return true;
+ }
+ }
+ return false;
+}
+
/**
* @brief Checks if given privileges allow to call an HTTP method
*
@@ -228,20 +291,7 @@
return false;
}
- // If there are no privileges assigned, assume no privileges required
- if (it->second.empty())
- {
- return true;
- }
-
- for (auto& requiredPrivileges : it->second)
- {
- if (userPrivileges.isSupersetOf(requiredPrivileges))
- {
- return true;
- }
- }
- return false;
+ return isOperationAllowedWithPrivileges(it->second, userPrivileges);
}
/**