blob: 9dcb8731b67afc23efe2c9dcd322c39bdce736b3 [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Borawski.Lukasz43a095a2018-02-19 15:39:01 +010017
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080018#include "app.hpp"
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +010019#include "error_messages.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080020#include "http/utility.hpp"
Ed Tanous52cc1122020-07-18 13:51:21 -070021#include "persistent_data.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080022#include "query.hpp"
23#include "registries/privilege_registry.hpp"
24#include "utils/json_utils.hpp"
John Edward Broadbent7e860f12021-04-08 15:57:16 -070025
Ed Tanous1abe55e2018-09-05 08:30:59 -070026namespace redfish
27{
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010028
Ed Tanous4f48d5f2021-06-21 08:27:45 -070029inline void fillSessionObject(crow::Response& res,
30 const persistent_data::UserSession& session)
Ed Tanous1abe55e2018-09-05 08:30:59 -070031{
Ed Tanousfaa34cc2021-06-03 13:27:02 -070032 res.jsonValue["Id"] = session.uniqueId;
33 res.jsonValue["UserName"] = session.username;
Willy Tueddfc432022-09-26 16:46:38 +000034 res.jsonValue["@odata.id"] = crow::utility::urlFromPieces(
35 "redfish", "SessionService", "Sessions", session.uniqueId);
Ed Tanousbb759e32022-08-02 17:07:54 -070036 res.jsonValue["@odata.type"] = "#Session.v1_5_0.Session";
Ed Tanousfaa34cc2021-06-03 13:27:02 -070037 res.jsonValue["Name"] = "User Session";
38 res.jsonValue["Description"] = "Manager User Session";
39 res.jsonValue["ClientOriginIPAddress"] = session.clientIp;
Ed Tanousbb759e32022-08-02 17:07:54 -070040 if (session.clientId)
41 {
42 res.jsonValue["Context"] = *session.clientId;
43 }
Ed Tanousfaa34cc2021-06-03 13:27:02 -070044}
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010045
Ed Tanous724340d2022-03-14 09:10:07 -070046inline void
Ed Tanousa1e08712022-07-07 16:10:39 -070047 handleSessionHead(crow::App& app, const crow::Request& req,
48 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
49 const std::string& /*sessionId*/)
Ed Tanous724340d2022-03-14 09:10:07 -070050{
Ed Tanousa1e08712022-07-07 16:10:39 -070051
Carson Labrado3ba00072022-06-06 19:40:56 +000052 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -070053 {
54 return;
55 }
Ed Tanousa1e08712022-07-07 16:10:39 -070056 asyncResp->res.addHeader(
57 boost::beast::http::field::link,
58 "</redfish/v1/JsonSchemas/Session/Session.json>; rel=describedby");
59}
60
61inline void
62 handleSessionGet(crow::App& app, const crow::Request& req,
63 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
64 const std::string& sessionId)
65{
66 handleSessionHead(app, req, asyncResp, sessionId);
67
Ed Tanous724340d2022-03-14 09:10:07 -070068 // Note that control also reaches here via doPost and doDelete.
69 auto session =
70 persistent_data::SessionStore::getInstance().getSessionByUid(sessionId);
71
72 if (session == nullptr)
73 {
74 messages::resourceNotFound(asyncResp->res, "Session", sessionId);
75 return;
76 }
77
78 fillSessionObject(asyncResp->res, *session);
79}
80
81inline void
Ed Tanous45ca1b82022-03-25 13:07:27 -070082 handleSessionDelete(crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -070083 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
84 const std::string& sessionId)
85{
Carson Labrado3ba00072022-06-06 19:40:56 +000086 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -070087 {
88 return;
89 }
Ed Tanous724340d2022-03-14 09:10:07 -070090 auto session =
91 persistent_data::SessionStore::getInstance().getSessionByUid(sessionId);
92
93 if (session == nullptr)
94 {
95 messages::resourceNotFound(asyncResp->res, "Session", sessionId);
96 return;
97 }
98
99 // Perform a proper ConfigureSelf authority check. If a
100 // session is being used to DELETE some other user's session,
101 // then the ConfigureSelf privilege does not apply. In that
102 // case, perform the authority check again without the user's
103 // ConfigureSelf privilege.
wukaihua-fii-na0fd29862022-05-18 09:19:16 +0800104 if (req.session != nullptr && !session->username.empty() &&
105 session->username != req.session->username)
Ed Tanous724340d2022-03-14 09:10:07 -0700106 {
107 Privileges effectiveUserPrivileges =
108 redfish::getUserPrivileges(req.userRole);
109
110 if (!effectiveUserPrivileges.isSupersetOf({"ConfigureUsers"}))
111 {
112 messages::insufficientPrivilege(asyncResp->res);
113 return;
114 }
115 }
116
117 persistent_data::SessionStore::getInstance().removeSession(session);
118 messages::success(asyncResp->res);
119}
120
121inline nlohmann::json getSessionCollectionMembers()
122{
123 std::vector<const std::string*> sessionIds =
124 persistent_data::SessionStore::getInstance().getUniqueIds(
125 false, persistent_data::PersistenceType::TIMEOUT);
126 nlohmann::json ret = nlohmann::json::array();
127 for (const std::string* uid : sessionIds)
128 {
Ed Tanous14766872022-03-15 10:44:42 -0700129 nlohmann::json::object_t session;
Willy Tueddfc432022-09-26 16:46:38 +0000130 session["@odata.id"] = crow::utility::urlFromPieces(
131 "redfish", "SessionService", "Sessions", *uid);
Ed Tanous14766872022-03-15 10:44:42 -0700132 ret.push_back(std::move(session));
Ed Tanous724340d2022-03-14 09:10:07 -0700133 }
134 return ret;
135}
136
Ed Tanousa1e08712022-07-07 16:10:39 -0700137inline void handleSessionCollectionHead(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700138 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700139 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
140{
Ed Tanousa1e08712022-07-07 16:10:39 -0700141
Carson Labrado3ba00072022-06-06 19:40:56 +0000142 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700143 {
144 return;
145 }
Ed Tanousa1e08712022-07-07 16:10:39 -0700146 asyncResp->res.addHeader(
147 boost::beast::http::field::link,
148 "</redfish/v1/JsonSchemas/SessionCollection.json>; rel=describedby");
149}
150
151inline void handleSessionCollectionGet(
152 crow::App& app, const crow::Request& req,
153 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
154{
155 handleSessionCollectionHead(app, req, asyncResp);
Ed Tanous724340d2022-03-14 09:10:07 -0700156 asyncResp->res.jsonValue["Members"] = getSessionCollectionMembers();
157 asyncResp->res.jsonValue["Members@odata.count"] =
158 asyncResp->res.jsonValue["Members"].size();
159 asyncResp->res.jsonValue["@odata.type"] =
160 "#SessionCollection.SessionCollection";
161 asyncResp->res.jsonValue["@odata.id"] =
162 "/redfish/v1/SessionService/Sessions/";
163 asyncResp->res.jsonValue["Name"] = "Session Collection";
164 asyncResp->res.jsonValue["Description"] = "Session Collection";
165}
166
167inline void handleSessionCollectionMembersGet(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700168 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700169 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
170{
Carson Labrado3ba00072022-06-06 19:40:56 +0000171 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700172 {
173 return;
174 }
Ed Tanous724340d2022-03-14 09:10:07 -0700175 asyncResp->res.jsonValue = getSessionCollectionMembers();
176}
177
Ed Tanous4ee8e212022-05-28 09:42:51 -0700178inline void handleSessionCollectionPost(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700179 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700180 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
181{
Carson Labrado3ba00072022-06-06 19:40:56 +0000182 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700183 {
184 return;
185 }
Ed Tanous724340d2022-03-14 09:10:07 -0700186 std::string username;
187 std::string password;
Ed Tanousbb759e32022-08-02 17:07:54 -0700188 std::optional<std::string> clientId;
Ed Tanous724340d2022-03-14 09:10:07 -0700189 if (!json_util::readJsonPatch(req, asyncResp->res, "UserName", username,
Ed Tanousd678d4f2023-01-07 14:40:40 -0800190 "Password", password, "Context", clientId))
Ed Tanous724340d2022-03-14 09:10:07 -0700191 {
192 return;
193 }
194
195 if (password.empty() || username.empty() ||
196 asyncResp->res.result() != boost::beast::http::status::ok)
197 {
198 if (username.empty())
199 {
200 messages::propertyMissing(asyncResp->res, "UserName");
201 }
202
203 if (password.empty())
204 {
205 messages::propertyMissing(asyncResp->res, "Password");
206 }
207
208 return;
209 }
210
211 int pamrc = pamAuthenticateUser(username, password);
212 bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
213 if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
214 {
215 messages::resourceAtUriUnauthorized(asyncResp->res, req.urlView,
216 "Invalid username or password");
217 return;
218 }
Ed Tanous724340d2022-03-14 09:10:07 -0700219
220 // User is authenticated - create session
221 std::shared_ptr<persistent_data::UserSession> session =
222 persistent_data::SessionStore::getInstance().generateUserSession(
223 username, req.ipAddress, clientId,
224 persistent_data::PersistenceType::TIMEOUT, isConfigureSelfOnly);
Brad Bishop02e53ae2022-07-29 14:38:40 -0400225 if (session == nullptr)
226 {
227 messages::internalError(asyncResp->res);
228 return;
229 }
230
Ed Tanous724340d2022-03-14 09:10:07 -0700231 asyncResp->res.addHeader("X-Auth-Token", session->sessionToken);
232 asyncResp->res.addHeader(
233 "Location", "/redfish/v1/SessionService/Sessions/" + session->uniqueId);
234 asyncResp->res.result(boost::beast::http::status::created);
235 if (session->isConfigureSelfOnly)
236 {
237 messages::passwordChangeRequired(
238 asyncResp->res,
239 crow::utility::urlFromPieces("redfish", "v1", "AccountService",
Brad Bishop85e64712022-07-29 12:59:07 -0400240 "Accounts", session->username));
Ed Tanous724340d2022-03-14 09:10:07 -0700241 }
242
243 fillSessionObject(asyncResp->res, *session);
244}
Ed Tanousa1e08712022-07-07 16:10:39 -0700245inline void handleSessionServiceHead(
246 crow::App& app, const crow::Request& req,
247 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
248{
249
250 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
251 {
252 return;
253 }
254 asyncResp->res.addHeader(
255 boost::beast::http::field::link,
256 "</redfish/v1/JsonSchemas/SessionService/SessionService.json>; rel=describedby");
257}
Ed Tanous724340d2022-03-14 09:10:07 -0700258inline void
Ed Tanous45ca1b82022-03-25 13:07:27 -0700259 handleSessionServiceGet(crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700260 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
261
262{
Ed Tanousa1e08712022-07-07 16:10:39 -0700263 handleSessionServiceHead(app, req, asyncResp);
Ed Tanous724340d2022-03-14 09:10:07 -0700264 asyncResp->res.jsonValue["@odata.type"] =
265 "#SessionService.v1_0_2.SessionService";
266 asyncResp->res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/";
267 asyncResp->res.jsonValue["Name"] = "Session Service";
268 asyncResp->res.jsonValue["Id"] = "SessionService";
269 asyncResp->res.jsonValue["Description"] = "Session Service";
270 asyncResp->res.jsonValue["SessionTimeout"] =
271 persistent_data::SessionStore::getInstance().getTimeoutInSeconds();
272 asyncResp->res.jsonValue["ServiceEnabled"] = true;
273
Ed Tanous14766872022-03-15 10:44:42 -0700274 asyncResp->res.jsonValue["Sessions"]["@odata.id"] =
275 "/redfish/v1/SessionService/Sessions";
Ed Tanous724340d2022-03-14 09:10:07 -0700276}
277
278inline void handleSessionServicePatch(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700279 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700280 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
281{
Carson Labrado3ba00072022-06-06 19:40:56 +0000282 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700283 {
284 return;
285 }
Ed Tanous724340d2022-03-14 09:10:07 -0700286 std::optional<int64_t> sessionTimeout;
287 if (!json_util::readJsonPatch(req, asyncResp->res, "SessionTimeout",
288 sessionTimeout))
289 {
290 return;
291 }
292
293 if (sessionTimeout)
294 {
295 // The mininum & maximum allowed values for session timeout
296 // are 30 seconds and 86400 seconds respectively as per the
297 // session service schema mentioned at
298 // https://redfish.dmtf.org/schemas/v1/SessionService.v1_1_7.json
299
300 if (*sessionTimeout <= 86400 && *sessionTimeout >= 30)
301 {
302 std::chrono::seconds sessionTimeoutInseconds(*sessionTimeout);
303 persistent_data::SessionStore::getInstance().updateSessionTimeout(
304 sessionTimeoutInseconds);
305 messages::propertyValueModified(asyncResp->res, "SessionTimeOut",
306 std::to_string(*sessionTimeout));
307 }
308 else
309 {
310 messages::propertyValueNotInList(asyncResp->res,
311 std::to_string(*sessionTimeout),
312 "SessionTimeOut");
313 }
314 }
315}
316
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700317inline void requestRoutesSession(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700318{
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700319 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
Ed Tanousa1e08712022-07-07 16:10:39 -0700320 .privileges(redfish::privileges::headSession)
321 .methods(boost::beast::http::verb::head)(
322 std::bind_front(handleSessionHead, std::ref(app)));
323
324 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700325 .privileges(redfish::privileges::getSession)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700326 .methods(boost::beast::http::verb::get)(
327 std::bind_front(handleSessionGet, std::ref(app)));
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100328
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700329 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700330 .privileges(redfish::privileges::deleteSession)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700331 .methods(boost::beast::http::verb::delete_)(
332 std::bind_front(handleSessionDelete, std::ref(app)));
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700333
334 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
Ed Tanousa1e08712022-07-07 16:10:39 -0700335 .privileges(redfish::privileges::headSessionCollection)
336 .methods(boost::beast::http::verb::head)(
337 std::bind_front(handleSessionCollectionHead, std::ref(app)));
338
339 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
Ed Tanoused398212021-06-09 17:05:54 -0700340 .privileges(redfish::privileges::getSessionCollection)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700341 .methods(boost::beast::http::verb::get)(
342 std::bind_front(handleSessionCollectionGet, std::ref(app)));
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700343
Ed Tanouse76cd862022-03-14 09:12:00 -0700344 // Note, the next two routes technically don't match the privilege
Ed Tanous724340d2022-03-14 09:10:07 -0700345 // registry given the way login mechanisms work. The base privilege
346 // registry lists this endpoint as requiring login privilege, but because
347 // this is the endpoint responsible for giving the login privilege, and it
348 // is itself its own route, it needs to not require Login
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700349 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
350 .privileges({})
Ed Tanous45ca1b82022-03-25 13:07:27 -0700351 .methods(boost::beast::http::verb::post)(
352 std::bind_front(handleSessionCollectionPost, std::ref(app)));
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100353
Ed Tanouse76cd862022-03-14 09:12:00 -0700354 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/Members/")
355 .privileges({})
Ed Tanous45ca1b82022-03-25 13:07:27 -0700356 .methods(boost::beast::http::verb::post)(
357 std::bind_front(handleSessionCollectionPost, std::ref(app)));
Ed Tanouse76cd862022-03-14 09:12:00 -0700358
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700359 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
Ed Tanousa1e08712022-07-07 16:10:39 -0700360 .privileges(redfish::privileges::headSessionService)
361 .methods(boost::beast::http::verb::head)(
362 std::bind_front(handleSessionServiceHead, std::ref(app)));
363
364 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
Ed Tanoused398212021-06-09 17:05:54 -0700365 .privileges(redfish::privileges::getSessionService)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700366 .methods(boost::beast::http::verb::get)(
367 std::bind_front(handleSessionServiceGet, std::ref(app)));
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100368
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700369 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
Ed Tanoused398212021-06-09 17:05:54 -0700370 .privileges(redfish::privileges::patchSessionService)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700371 .methods(boost::beast::http::verb::patch)(
372 std::bind_front(handleSessionServicePatch, std::ref(app)));
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700373}
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100374
Ed Tanous1abe55e2018-09-05 08:30:59 -0700375} // namespace redfish