Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 52cc112d962920b035c870127784bcbd98948fad / . / redfish-core / lib / account_service.hpp
blob: 052214985de441b51845a8fe157bd3b558aacd60 [file] [log] [blame]
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]17#include "node.hpp"
18
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]19#include <dbus_utility.hpp>
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]20#include <error_messages.hpp>
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]21#include <openbmc_dbus_rest.hpp>
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]22#include <persistent_data.hpp>
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]23#include <utils/json_utils.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]24
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]25#include <variant>
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]26
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]27namespace redfish
28{
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]29
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]30constexpr const char* ldapConfigObject =
31 "/xyz/openbmc_project/user/ldap/openldap";
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]32constexpr const char* ADConfigObject =
33 "/xyz/openbmc_project/user/ldap/active_directory";
34
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]35constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap";
36constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config";
37constexpr const char* ldapConfigInterface =
38 "xyz.openbmc_project.User.Ldap.Config";
39constexpr const char* ldapCreateInterface =
40 "xyz.openbmc_project.User.Ldap.Create";
41constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable";
Ratan Gupta06785242019-07-26 22:30:16 +0530[diff] [blame]42constexpr const char* ldapPrivMapperInterface =
43 "xyz.openbmc_project.User.PrivilegeMapper";
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]44constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager";
45constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties";
46constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper";
47constexpr const char* mapperObjectPath = "/xyz/openbmc_project/object_mapper";
48constexpr const char* mapperIntf = "xyz.openbmc_project.ObjectMapper";
49
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]50struct LDAPRoleMapData
51{
52 std::string groupName;
53 std::string privilege;
54};
55
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]56struct LDAPConfigData
57{
58 std::string uri{};
59 std::string bindDN{};
60 std::string baseDN{};
61 std::string searchScope{};
62 std::string serverType{};
63 bool serviceEnabled = false;
64 std::string userNameAttribute{};
65 std::string groupAttribute{};
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]66 std::vector<std::pair<std::string, LDAPRoleMapData>> groupRoleList;
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]67};
68
Patrick Williams19bd78d2020-05-13 17:38:24 -0500[diff] [blame]69using DbusVariantType = std::variant<bool, int32_t, std::string>;
Przemyslaw Czarnowski107077d2019-07-11 10:16:43 +0200[diff] [blame]70
71using DbusInterfaceType = boost::container::flat_map<
72 std::string, boost::container::flat_map<std::string, DbusVariantType>>;
73
74using ManagedObjectType =
75 std::vector<std::pair<sdbusplus::message::object_path, DbusInterfaceType>>;
76
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]77using GetObjectType =
78 std::vector<std::pair<std::string, std::vector<std::string>>>;
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]79
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]80inline std::string getRoleIdFromPrivilege(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]81{
82 if (role == "priv-admin")
83 {
84 return "Administrator";
85 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]86 else if (role == "priv-user")
87 {
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]88 return "ReadOnly";
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]89 }
90 else if (role == "priv-operator")
91 {
92 return "Operator";
93 }
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +0000[diff] [blame]94 else if ((role == "") || (role == "priv-noaccess"))
95 {
96 return "NoAccess";
97 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]98 return "";
99}
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]100inline std::string getPrivilegeFromRoleId(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]101{
102 if (role == "Administrator")
103 {
104 return "priv-admin";
105 }
AppaRao Pulic80fee52019-10-16 14:49:36 +0530[diff] [blame]106 else if (role == "ReadOnly")
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]107 {
108 return "priv-user";
109 }
110 else if (role == "Operator")
111 {
112 return "priv-operator";
113 }
jayaprakash Mutyala96200602020-04-08 11:09:10 +0000[diff] [blame]114 else if ((role == "NoAccess") || (role == ""))
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +0000[diff] [blame]115 {
116 return "priv-noaccess";
117 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]118 return "";
119}
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]120
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]121void userErrorMessageHandler(const sd_bus_error* e,
122 std::shared_ptr<AsyncResp> asyncResp,
123 const std::string& newUser,
124 const std::string& username)
125{
126 const char* errorMessage = e->name;
127 if (e == nullptr)
128 {
129 messages::internalError(asyncResp->res);
130 return;
131 }
132
133 if (strcmp(errorMessage,
134 "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0)
135 {
136 messages::resourceAlreadyExists(asyncResp->res,
Gunnar Mills8114bd42020-06-11 20:55:21 -0500[diff] [blame]137 "#ManagerAccount.v1_4_0.ManagerAccount",
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]138 "UserName", newUser);
139 }
140 else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error."
141 "UserNameDoesNotExist") == 0)
142 {
143 messages::resourceNotFound(
Gunnar Mills8114bd42020-06-11 20:55:21 -0500[diff] [blame]144 asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", username);
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]145 }
146 else if (strcmp(errorMessage,
147 "xyz.openbmc_project.Common.Error.InvalidArgument") == 0)
148 {
149 messages::propertyValueFormatError(asyncResp->res, newUser, "UserName");
150 }
151 else if (strcmp(errorMessage,
152 "xyz.openbmc_project.User.Common.Error.NoResource") == 0)
153 {
154 messages::createLimitReachedForResource(asyncResp->res);
155 }
156 else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error."
157 "UserNameGroupFail") == 0)
158 {
159 messages::propertyValueFormatError(asyncResp->res, newUser, "UserName");
160 }
161 else
162 {
163 messages::internalError(asyncResp->res);
164 }
165
166 return;
167}
168
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]169void parseLDAPConfigData(nlohmann::json& json_response,
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]170 const LDAPConfigData& confData,
171 const std::string& ldapType)
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]172{
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]173 std::string service =
174 (ldapType == "LDAP") ? "LDAPService" : "ActiveDirectoryService";
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]175 nlohmann::json ldap = {
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]176 {"ServiceEnabled", confData.serviceEnabled},
177 {"ServiceAddresses", nlohmann::json::array({confData.uri})},
178 {"Authentication",
179 {{"AuthenticationType", "UsernameAndPassword"},
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]180 {"Username", confData.bindDN},
181 {"Password", nullptr}}},
182 {"LDAPService",
183 {{"SearchSettings",
184 {{"BaseDistinguishedNames",
185 nlohmann::json::array({confData.baseDN})},
186 {"UsernameAttribute", confData.userNameAttribute},
187 {"GroupsAttribute", confData.groupAttribute}}}}},
188 };
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]189
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]190 json_response[ldapType].update(std::move(ldap));
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]191
192 nlohmann::json& roleMapArray = json_response[ldapType]["RemoteRoleMapping"];
193 roleMapArray = nlohmann::json::array();
194 for (auto& obj : confData.groupRoleList)
195 {
196 BMCWEB_LOG_DEBUG << "Pushing the data groupName="
197 << obj.second.groupName << "\n";
198 roleMapArray.push_back(
199 {nlohmann::json::array({"RemoteGroup", obj.second.groupName}),
200 nlohmann::json::array(
201 {"LocalRole", getRoleIdFromPrivilege(obj.second.privilege)})});
202 }
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]203}
204
205/**
Ratan Gupta06785242019-07-26 22:30:16 +0530[diff] [blame]206 * @brief validates given JSON input and then calls appropriate method to
207 * create, to delete or to set Rolemapping object based on the given input.
208 *
209 */
210static void handleRoleMapPatch(
211 const std::shared_ptr<AsyncResp>& asyncResp,
212 const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData,
213 const std::string& serverType, std::vector<nlohmann::json>& input)
214{
215 for (size_t index = 0; index < input.size(); index++)
216 {
217 nlohmann::json& thisJson = input[index];
218
219 if (thisJson.is_null())
220 {
221 // delete the existing object
222 if (index < roleMapObjData.size())
223 {
224 crow::connections::systemBus->async_method_call(
225 [asyncResp, roleMapObjData, serverType,
226 index](const boost::system::error_code ec) {
227 if (ec)
228 {
229 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
230 messages::internalError(asyncResp->res);
231 return;
232 }
233 asyncResp->res
234 .jsonValue[serverType]["RemoteRoleMapping"][index] =
235 nullptr;
236 },
237 ldapDbusService, roleMapObjData[index].first,
238 "xyz.openbmc_project.Object.Delete", "Delete");
239 }
240 else
241 {
242 BMCWEB_LOG_ERROR << "Can't delete the object";
243 messages::propertyValueTypeError(
244 asyncResp->res, thisJson.dump(),
245 "RemoteRoleMapping/" + std::to_string(index));
246 return;
247 }
248 }
249 else if (thisJson.empty())
250 {
251 // Don't do anything for the empty objects,parse next json
252 // eg {"RemoteRoleMapping",[{}]}
253 }
254 else
255 {
256 // update/create the object
257 std::optional<std::string> remoteGroup;
258 std::optional<std::string> localRole;
259
260 if (!json_util::readJson(thisJson, asyncResp->res, "RemoteGroup",
261 remoteGroup, "LocalRole", localRole))
262 {
263 continue;
264 }
265
266 // Update existing RoleMapping Object
267 if (index < roleMapObjData.size())
268 {
269 BMCWEB_LOG_DEBUG << "Update Role Map Object";
270 // If "RemoteGroup" info is provided
271 if (remoteGroup)
272 {
273 crow::connections::systemBus->async_method_call(
274 [asyncResp, roleMapObjData, serverType, index,
275 remoteGroup](const boost::system::error_code ec) {
276 if (ec)
277 {
278 BMCWEB_LOG_ERROR << "DBUS response error: "
279 << ec;
280 messages::internalError(asyncResp->res);
281 return;
282 }
283 asyncResp->res
284 .jsonValue[serverType]["RemoteRoleMapping"]
285 [index]["RemoteGroup"] = *remoteGroup;
286 },
287 ldapDbusService, roleMapObjData[index].first,
288 propertyInterface, "Set",
289 "xyz.openbmc_project.User.PrivilegeMapperEntry",
290 "GroupName",
291 std::variant<std::string>(std::move(*remoteGroup)));
292 }
293
294 // If "LocalRole" info is provided
295 if (localRole)
296 {
297 crow::connections::systemBus->async_method_call(
298 [asyncResp, roleMapObjData, serverType, index,
299 localRole](const boost::system::error_code ec) {
300 if (ec)
301 {
302 BMCWEB_LOG_ERROR << "DBUS response error: "
303 << ec;
304 messages::internalError(asyncResp->res);
305 return;
306 }
307 asyncResp->res
308 .jsonValue[serverType]["RemoteRoleMapping"]
309 [index]["LocalRole"] = *localRole;
310 },
311 ldapDbusService, roleMapObjData[index].first,
312 propertyInterface, "Set",
313 "xyz.openbmc_project.User.PrivilegeMapperEntry",
314 "Privilege",
315 std::variant<std::string>(
316 getPrivilegeFromRoleId(std::move(*localRole))));
317 }
318 }
319 // Create a new RoleMapping Object.
320 else
321 {
322 BMCWEB_LOG_DEBUG
323 << "setRoleMappingProperties: Creating new Object";
324 std::string pathString =
325 "RemoteRoleMapping/" + std::to_string(index);
326
327 if (!localRole)
328 {
329 messages::propertyMissing(asyncResp->res,
330 pathString + "/LocalRole");
331 continue;
332 }
333 if (!remoteGroup)
334 {
335 messages::propertyMissing(asyncResp->res,
336 pathString + "/RemoteGroup");
337 continue;
338 }
339
340 std::string dbusObjectPath;
341 if (serverType == "ActiveDirectory")
342 {
343 dbusObjectPath = ADConfigObject;
344 }
345 else if (serverType == "LDAP")
346 {
347 dbusObjectPath = ldapConfigObject;
348 }
349
350 BMCWEB_LOG_DEBUG << "Remote Group=" << *remoteGroup
351 << ",LocalRole=" << *localRole;
352
353 crow::connections::systemBus->async_method_call(
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]354 [asyncResp, serverType, localRole,
Ratan Gupta06785242019-07-26 22:30:16 +0530[diff] [blame]355 remoteGroup](const boost::system::error_code ec) {
356 if (ec)
357 {
358 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
359 messages::internalError(asyncResp->res);
360 return;
361 }
362 nlohmann::json& remoteRoleJson =
363 asyncResp->res
364 .jsonValue[serverType]["RemoteRoleMapping"];
365 remoteRoleJson.push_back(
366 {{"LocalRole", *localRole},
367 {"RemoteGroup", *remoteGroup}});
368 },
369 ldapDbusService, dbusObjectPath, ldapPrivMapperInterface,
370 "Create", std::move(*remoteGroup),
371 getPrivilegeFromRoleId(std::move(*localRole)));
372 }
373 }
374 }
375}
376
377/**
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]378 * Function that retrieves all properties for LDAP config object
379 * into JSON
380 */
381template <typename CallbackFunc>
382inline void getLDAPConfigData(const std::string& ldapType,
383 CallbackFunc&& callback)
384{
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]385
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]386 const std::array<const char*, 2> interfaces = {ldapEnableInterface,
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]387 ldapConfigInterface};
388
389 crow::connections::systemBus->async_method_call(
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]390 [callback, ldapType](const boost::system::error_code ec,
391 const GetObjectType& resp) {
392 LDAPConfigData confData{};
393 if (ec || resp.empty())
394 {
395 BMCWEB_LOG_ERROR << "DBUS response error during getting of "
396 "service name: "
397 << ec;
398 callback(false, confData, ldapType);
399 return;
400 }
401 std::string service = resp.begin()->first;
402 crow::connections::systemBus->async_method_call(
403 [callback, ldapType](const boost::system::error_code error_code,
404 const ManagedObjectType& ldapObjects) {
405 LDAPConfigData confData{};
406 if (error_code)
407 {
408 callback(false, confData, ldapType);
409 BMCWEB_LOG_ERROR << "D-Bus responses error: "
410 << error_code;
411 return;
412 }
413
414 std::string ldapDbusType;
415 std::string searchString;
416
417 if (ldapType == "LDAP")
418 {
419 ldapDbusType = "xyz.openbmc_project.User.Ldap.Config."
420 "Type.OpenLdap";
421 searchString = "openldap";
422 }
423 else if (ldapType == "ActiveDirectory")
424 {
425 ldapDbusType =
426 "xyz.openbmc_project.User.Ldap.Config.Type."
427 "ActiveDirectory";
428 searchString = "active_directory";
429 }
430 else
431 {
432 BMCWEB_LOG_ERROR
433 << "Can't get the DbusType for the given type="
434 << ldapType;
435 callback(false, confData, ldapType);
436 return;
437 }
438
439 std::string ldapEnableInterfaceStr = ldapEnableInterface;
440 std::string ldapConfigInterfaceStr = ldapConfigInterface;
441
442 for (const auto& object : ldapObjects)
443 {
444 // let's find the object whose ldap type is equal to the
445 // given type
446 if (object.first.str.find(searchString) ==
447 std::string::npos)
448 {
449 continue;
450 }
451
452 for (const auto& interface : object.second)
453 {
454 if (interface.first == ldapEnableInterfaceStr)
455 {
456 // rest of the properties are string.
457 for (const auto& property : interface.second)
458 {
459 if (property.first == "Enabled")
460 {
461 const bool* value =
462 std::get_if<bool>(&property.second);
463 if (value == nullptr)
464 {
465 continue;
466 }
467 confData.serviceEnabled = *value;
468 break;
469 }
470 }
471 }
472 else if (interface.first == ldapConfigInterfaceStr)
473 {
474
475 for (const auto& property : interface.second)
476 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]477 const std::string* strValue =
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]478 std::get_if<std::string>(
479 &property.second);
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]480 if (strValue == nullptr)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]481 {
482 continue;
483 }
484 if (property.first == "LDAPServerURI")
485 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]486 confData.uri = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]487 }
488 else if (property.first == "LDAPBindDN")
489 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]490 confData.bindDN = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]491 }
492 else if (property.first == "LDAPBaseDN")
493 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]494 confData.baseDN = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]495 }
496 else if (property.first ==
497 "LDAPSearchScope")
498 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]499 confData.searchScope = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]500 }
501 else if (property.first ==
502 "GroupNameAttribute")
503 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]504 confData.groupAttribute = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]505 }
506 else if (property.first ==
507 "UserNameAttribute")
508 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]509 confData.userNameAttribute = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]510 }
511 else if (property.first == "LDAPType")
512 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]513 confData.serverType = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]514 }
515 }
516 }
517 else if (interface.first ==
518 "xyz.openbmc_project.User."
519 "PrivilegeMapperEntry")
520 {
521 LDAPRoleMapData roleMapData{};
522 for (const auto& property : interface.second)
523 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]524 const std::string* strValue =
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]525 std::get_if<std::string>(
526 &property.second);
527
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]528 if (strValue == nullptr)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]529 {
530 continue;
531 }
532
533 if (property.first == "GroupName")
534 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]535 roleMapData.groupName = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]536 }
537 else if (property.first == "Privilege")
538 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]539 roleMapData.privilege = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]540 }
541 }
542
Ed Tanous0f0353b2019-10-24 11:37:51 -0700[diff] [blame]543 confData.groupRoleList.emplace_back(
544 object.first.str, roleMapData);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]545 }
546 }
547 }
548 callback(true, confData, ldapType);
549 },
550 service, ldapRootObject, dbusObjManagerIntf,
551 "GetManagedObjects");
552 },
553 mapperBusName, mapperObjectPath, mapperIntf, "GetObject",
554 ldapConfigObject, interfaces);
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]555}
556
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]557class AccountService : public Node
558{
559 public:
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]560 AccountService(App& app) :
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]561 Node(app, "/redfish/v1/AccountService/"), app(app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]562 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]563 entityPrivileges = {
Gunnar Mills3c5a3762020-01-29 15:21:30 -0600[diff] [blame]564 {boost::beast::http::verb::get, {{"Login"}}},
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]565 {boost::beast::http::verb::head, {{"Login"}}},
566 {boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
567 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
568 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
569 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
570 }
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]571
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]572 private:
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]573 /**
574 * @brief parses the authentication section under the LDAP
575 * @param input JSON data
576 * @param asyncResp pointer to the JSON response
577 * @param userName userName to be filled from the given JSON.
578 * @param password password to be filled from the given JSON.
579 */
580 void
581 parseLDAPAuthenticationJson(nlohmann::json input,
582 const std::shared_ptr<AsyncResp>& asyncResp,
583 std::optional<std::string>& username,
584 std::optional<std::string>& password)
585 {
586 std::optional<std::string> authType;
587
588 if (!json_util::readJson(input, asyncResp->res, "AuthenticationType",
589 authType, "Username", username, "Password",
590 password))
591 {
592 return;
593 }
594 if (!authType)
595 {
596 return;
597 }
598 if (*authType != "UsernameAndPassword")
599 {
600 messages::propertyValueNotInList(asyncResp->res, *authType,
601 "AuthenticationType");
602 return;
603 }
604 }
605 /**
606 * @brief parses the LDAPService section under the LDAP
607 * @param input JSON data
608 * @param asyncResp pointer to the JSON response
609 * @param baseDNList baseDN to be filled from the given JSON.
610 * @param userNameAttribute userName to be filled from the given JSON.
611 * @param groupaAttribute password to be filled from the given JSON.
612 */
613
614 void parseLDAPServiceJson(
615 nlohmann::json input, const std::shared_ptr<AsyncResp>& asyncResp,
616 std::optional<std::vector<std::string>>& baseDNList,
617 std::optional<std::string>& userNameAttribute,
618 std::optional<std::string>& groupsAttribute)
619 {
620 std::optional<nlohmann::json> searchSettings;
621
622 if (!json_util::readJson(input, asyncResp->res, "SearchSettings",
623 searchSettings))
624 {
625 return;
626 }
627 if (!searchSettings)
628 {
629 return;
630 }
631 if (!json_util::readJson(*searchSettings, asyncResp->res,
632 "BaseDistinguishedNames", baseDNList,
633 "UsernameAttribute", userNameAttribute,
634 "GroupsAttribute", groupsAttribute))
635 {
636 return;
637 }
638 }
639 /**
640 * @brief updates the LDAP server address and updates the
641 json response with the new value.
642 * @param serviceAddressList address to be updated.
643 * @param asyncResp pointer to the JSON response
644 * @param ldapServerElementName Type of LDAP
645 server(openLDAP/ActiveDirectory)
646 */
647
648 void handleServiceAddressPatch(
649 const std::vector<std::string>& serviceAddressList,
650 const std::shared_ptr<AsyncResp>& asyncResp,
651 const std::string& ldapServerElementName,
652 const std::string& ldapConfigObject)
653 {
654 crow::connections::systemBus->async_method_call(
655 [asyncResp, ldapServerElementName,
656 serviceAddressList](const boost::system::error_code ec) {
657 if (ec)
658 {
659 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500[diff] [blame]660 << "Error Occurred in updating the service address";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]661 messages::internalError(asyncResp->res);
662 return;
663 }
664 std::vector<std::string> modifiedserviceAddressList = {
665 serviceAddressList.front()};
666 asyncResp->res
667 .jsonValue[ldapServerElementName]["ServiceAddresses"] =
668 modifiedserviceAddressList;
669 if ((serviceAddressList).size() > 1)
670 {
671 messages::propertyValueModified(asyncResp->res,
672 "ServiceAddresses",
673 serviceAddressList.front());
674 }
675 BMCWEB_LOG_DEBUG << "Updated the service address";
676 },
677 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
678 ldapConfigInterface, "LDAPServerURI",
679 std::variant<std::string>(serviceAddressList.front()));
680 }
681 /**
682 * @brief updates the LDAP Bind DN and updates the
683 json response with the new value.
684 * @param username name of the user which needs to be updated.
685 * @param asyncResp pointer to the JSON response
686 * @param ldapServerElementName Type of LDAP
687 server(openLDAP/ActiveDirectory)
688 */
689
690 void handleUserNamePatch(const std::string& username,
691 const std::shared_ptr<AsyncResp>& asyncResp,
692 const std::string& ldapServerElementName,
693 const std::string& ldapConfigObject)
694 {
695 crow::connections::systemBus->async_method_call(
696 [asyncResp, username,
697 ldapServerElementName](const boost::system::error_code ec) {
698 if (ec)
699 {
700 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500[diff] [blame]701 << "Error occurred in updating the username";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]702 messages::internalError(asyncResp->res);
703 return;
704 }
705 asyncResp->res.jsonValue[ldapServerElementName]
706 ["Authentication"]["Username"] =
707 username;
708 BMCWEB_LOG_DEBUG << "Updated the username";
709 },
710 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
711 ldapConfigInterface, "LDAPBindDN",
712 std::variant<std::string>(username));
713 }
714
715 /**
716 * @brief updates the LDAP password
717 * @param password : ldap password which needs to be updated.
718 * @param asyncResp pointer to the JSON response
719 * @param ldapServerElementName Type of LDAP
720 * server(openLDAP/ActiveDirectory)
721 */
722
723 void handlePasswordPatch(const std::string& password,
724 const std::shared_ptr<AsyncResp>& asyncResp,
725 const std::string& ldapServerElementName,
726 const std::string& ldapConfigObject)
727 {
728 crow::connections::systemBus->async_method_call(
729 [asyncResp, password,
730 ldapServerElementName](const boost::system::error_code ec) {
731 if (ec)
732 {
733 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500[diff] [blame]734 << "Error occurred in updating the password";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]735 messages::internalError(asyncResp->res);
736 return;
737 }
738 asyncResp->res.jsonValue[ldapServerElementName]
739 ["Authentication"]["Password"] = "";
740 BMCWEB_LOG_DEBUG << "Updated the password";
741 },
742 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
743 ldapConfigInterface, "LDAPBindDNPassword",
744 std::variant<std::string>(password));
745 }
746
747 /**
748 * @brief updates the LDAP BaseDN and updates the
749 json response with the new value.
750 * @param baseDNList baseDN list which needs to be updated.
751 * @param asyncResp pointer to the JSON response
752 * @param ldapServerElementName Type of LDAP
753 server(openLDAP/ActiveDirectory)
754 */
755
756 void handleBaseDNPatch(const std::vector<std::string>& baseDNList,
757 const std::shared_ptr<AsyncResp>& asyncResp,
758 const std::string& ldapServerElementName,
759 const std::string& ldapConfigObject)
760 {
761 crow::connections::systemBus->async_method_call(
762 [asyncResp, baseDNList,
763 ldapServerElementName](const boost::system::error_code ec) {
764 if (ec)
765 {
Gunnar Millsc61704a2020-07-08 13:47:06 -0500[diff] [blame]766 BMCWEB_LOG_DEBUG
767 << "Error Occurred in Updating the base DN";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]768 messages::internalError(asyncResp->res);
769 return;
770 }
771 auto& serverTypeJson =
772 asyncResp->res.jsonValue[ldapServerElementName];
773 auto& searchSettingsJson =
774 serverTypeJson["LDAPService"]["SearchSettings"];
775 std::vector<std::string> modifiedBaseDNList = {
776 baseDNList.front()};
777 searchSettingsJson["BaseDistinguishedNames"] =
778 modifiedBaseDNList;
779 if (baseDNList.size() > 1)
780 {
781 messages::propertyValueModified(asyncResp->res,
782 "BaseDistinguishedNames",
783 baseDNList.front());
784 }
785 BMCWEB_LOG_DEBUG << "Updated the base DN";
786 },
787 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
788 ldapConfigInterface, "LDAPBaseDN",
789 std::variant<std::string>(baseDNList.front()));
790 }
791 /**
792 * @brief updates the LDAP user name attribute and updates the
793 json response with the new value.
794 * @param userNameAttribute attribute to be updated.
795 * @param asyncResp pointer to the JSON response
796 * @param ldapServerElementName Type of LDAP
797 server(openLDAP/ActiveDirectory)
798 */
799
800 void handleUserNameAttrPatch(const std::string& userNameAttribute,
801 const std::shared_ptr<AsyncResp>& asyncResp,
802 const std::string& ldapServerElementName,
803 const std::string& ldapConfigObject)
804 {
805 crow::connections::systemBus->async_method_call(
806 [asyncResp, userNameAttribute,
807 ldapServerElementName](const boost::system::error_code ec) {
808 if (ec)
809 {
Gunnar Millsc61704a2020-07-08 13:47:06 -0500[diff] [blame]810 BMCWEB_LOG_DEBUG << "Error Occurred in Updating the "
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]811 "username attribute";
812 messages::internalError(asyncResp->res);
813 return;
814 }
815 auto& serverTypeJson =
816 asyncResp->res.jsonValue[ldapServerElementName];
817 auto& searchSettingsJson =
818 serverTypeJson["LDAPService"]["SearchSettings"];
819 searchSettingsJson["UsernameAttribute"] = userNameAttribute;
820 BMCWEB_LOG_DEBUG << "Updated the user name attr.";
821 },
822 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
823 ldapConfigInterface, "UserNameAttribute",
824 std::variant<std::string>(userNameAttribute));
825 }
826 /**
827 * @brief updates the LDAP group attribute and updates the
828 json response with the new value.
829 * @param groupsAttribute attribute to be updated.
830 * @param asyncResp pointer to the JSON response
831 * @param ldapServerElementName Type of LDAP
832 server(openLDAP/ActiveDirectory)
833 */
834
835 void handleGroupNameAttrPatch(const std::string& groupsAttribute,
836 const std::shared_ptr<AsyncResp>& asyncResp,
837 const std::string& ldapServerElementName,
838 const std::string& ldapConfigObject)
839 {
840 crow::connections::systemBus->async_method_call(
841 [asyncResp, groupsAttribute,
842 ldapServerElementName](const boost::system::error_code ec) {
843 if (ec)
844 {
Gunnar Millsc61704a2020-07-08 13:47:06 -0500[diff] [blame]845 BMCWEB_LOG_DEBUG << "Error Occurred in Updating the "
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]846 "groupname attribute";
847 messages::internalError(asyncResp->res);
848 return;
849 }
850 auto& serverTypeJson =
851 asyncResp->res.jsonValue[ldapServerElementName];
852 auto& searchSettingsJson =
853 serverTypeJson["LDAPService"]["SearchSettings"];
854 searchSettingsJson["GroupsAttribute"] = groupsAttribute;
855 BMCWEB_LOG_DEBUG << "Updated the groupname attr";
856 },
857 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
858 ldapConfigInterface, "GroupNameAttribute",
859 std::variant<std::string>(groupsAttribute));
860 }
861 /**
862 * @brief updates the LDAP service enable and updates the
863 json response with the new value.
864 * @param input JSON data.
865 * @param asyncResp pointer to the JSON response
866 * @param ldapServerElementName Type of LDAP
867 server(openLDAP/ActiveDirectory)
868 */
869
870 void handleServiceEnablePatch(bool serviceEnabled,
871 const std::shared_ptr<AsyncResp>& asyncResp,
872 const std::string& ldapServerElementName,
873 const std::string& ldapConfigObject)
874 {
875 crow::connections::systemBus->async_method_call(
876 [asyncResp, serviceEnabled,
877 ldapServerElementName](const boost::system::error_code ec) {
878 if (ec)
879 {
880 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500[diff] [blame]881 << "Error Occurred in Updating the service enable";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]882 messages::internalError(asyncResp->res);
883 return;
884 }
885 asyncResp->res
886 .jsonValue[ldapServerElementName]["ServiceEnabled"] =
887 serviceEnabled;
888 BMCWEB_LOG_DEBUG << "Updated Service enable = "
889 << serviceEnabled;
890 },
891 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
892 ldapEnableInterface, "Enabled", std::variant<bool>(serviceEnabled));
893 }
894
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]895 void handleAuthMethodsPatch(nlohmann::json& input,
896 const std::shared_ptr<AsyncResp>& asyncResp)
897 {
898 std::optional<bool> basicAuth;
899 std::optional<bool> cookie;
900 std::optional<bool> sessionToken;
901 std::optional<bool> xToken;
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200[diff] [blame]902 std::optional<bool> tls;
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]903
904 if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth,
905 "Cookie", cookie, "SessionToken", sessionToken,
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200[diff] [blame]906 "XToken", xToken, "TLS", tls))
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]907 {
908 BMCWEB_LOG_ERROR << "Cannot read values from AuthMethod tag";
909 return;
910 }
911
912 // Make a copy of methods configuration
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]913 persistent_data::AuthConfigMethods authMethodsConfig =
914 persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]915
916 if (basicAuth)
917 {
918 authMethodsConfig.basic = *basicAuth;
919 }
920
921 if (cookie)
922 {
923 authMethodsConfig.cookie = *cookie;
924 }
925
926 if (sessionToken)
927 {
928 authMethodsConfig.sessionToken = *sessionToken;
929 }
930
931 if (xToken)
932 {
933 authMethodsConfig.xtoken = *xToken;
934 }
935
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200[diff] [blame]936 if (tls)
937 {
938 authMethodsConfig.tls = *tls;
939 }
940
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]941 if (!authMethodsConfig.basic && !authMethodsConfig.cookie &&
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200[diff] [blame]942 !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken &&
943 !authMethodsConfig.tls)
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]944 {
945 // Do not allow user to disable everything
946 messages::actionNotSupported(asyncResp->res,
947 "of disabling all available methods");
948 return;
949 }
950
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]951 persistent_data::SessionStore::getInstance().updateAuthMethodsConfig(
952 authMethodsConfig);
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]953 // Save configuration immediately
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]954 persistent_data::getConfig().writeData();
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]955
956 messages::success(asyncResp->res);
957 }
958
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]959 /**
960 * @brief Get the required values from the given JSON, validates the
961 * value and create the LDAP config object.
962 * @param input JSON data
963 * @param asyncResp pointer to the JSON response
964 * @param serverType Type of LDAP server(openLDAP/ActiveDirectory)
965 */
966
967 void handleLDAPPatch(nlohmann::json& input,
968 const std::shared_ptr<AsyncResp>& asyncResp,
969 const crow::Request& req,
970 const std::vector<std::string>& params,
971 const std::string& serverType)
972 {
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]973 std::string dbusObjectPath;
974 if (serverType == "ActiveDirectory")
975 {
976 dbusObjectPath = ADConfigObject;
977 }
978 else if (serverType == "LDAP")
979 {
980 dbusObjectPath = ldapConfigObject;
981 }
982
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]983 std::optional<nlohmann::json> authentication;
984 std::optional<nlohmann::json> ldapService;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]985 std::optional<std::vector<std::string>> serviceAddressList;
986 std::optional<bool> serviceEnabled;
987 std::optional<std::vector<std::string>> baseDNList;
988 std::optional<std::string> userNameAttribute;
989 std::optional<std::string> groupsAttribute;
990 std::optional<std::string> userName;
991 std::optional<std::string> password;
Ratan Gupta06785242019-07-26 22:30:16 +0530[diff] [blame]992 std::optional<std::vector<nlohmann::json>> remoteRoleMapData;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]993
994 if (!json_util::readJson(input, asyncResp->res, "Authentication",
995 authentication, "LDAPService", ldapService,
996 "ServiceAddresses", serviceAddressList,
Ratan Gupta06785242019-07-26 22:30:16 +0530[diff] [blame]997 "ServiceEnabled", serviceEnabled,
998 "RemoteRoleMapping", remoteRoleMapData))
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]999 {
1000 return;
1001 }
1002
1003 if (authentication)
1004 {
1005 parseLDAPAuthenticationJson(*authentication, asyncResp, userName,
1006 password);
1007 }
1008 if (ldapService)
1009 {
1010 parseLDAPServiceJson(*ldapService, asyncResp, baseDNList,
1011 userNameAttribute, groupsAttribute);
1012 }
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1013 if (serviceAddressList)
1014 {
1015 if ((*serviceAddressList).size() == 0)
1016 {
1017 messages::propertyValueNotInList(asyncResp->res, "[]",
1018 "ServiceAddress");
1019 return;
1020 }
1021 }
1022 if (baseDNList)
1023 {
1024 if ((*baseDNList).size() == 0)
1025 {
1026 messages::propertyValueNotInList(asyncResp->res, "[]",
1027 "BaseDistinguishedNames");
1028 return;
1029 }
1030 }
1031
1032 // nothing to update, then return
1033 if (!userName && !password && !serviceAddressList && !baseDNList &&
Ratan Gupta06785242019-07-26 22:30:16 +0530[diff] [blame]1034 !userNameAttribute && !groupsAttribute && !serviceEnabled &&
1035 !remoteRoleMapData)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1036 {
1037 return;
1038 }
1039
1040 // Get the existing resource first then keep modifying
1041 // whenever any property gets updated.
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1042 getLDAPConfigData(serverType, [this, asyncResp, userName, password,
1043 baseDNList, userNameAttribute,
Gunnar Millsba9dd4a2020-02-20 10:40:18 -0600[diff] [blame]1044 groupsAttribute, serviceAddressList,
1045 serviceEnabled, dbusObjectPath,
1046 remoteRoleMapData](
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1047 bool success, LDAPConfigData confData,
1048 const std::string& serverType) {
1049 if (!success)
1050 {
1051 messages::internalError(asyncResp->res);
1052 return;
1053 }
1054 parseLDAPConfigData(asyncResp->res.jsonValue, confData, serverType);
1055 if (confData.serviceEnabled)
1056 {
1057 // Disable the service first and update the rest of
1058 // the properties.
1059 handleServiceEnablePatch(false, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1060 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1061 }
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1062
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1063 if (serviceAddressList)
1064 {
1065 handleServiceAddressPatch(*serviceAddressList, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1066 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1067 }
1068 if (userName)
1069 {
1070 handleUserNamePatch(*userName, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1071 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1072 }
1073 if (password)
1074 {
1075 handlePasswordPatch(*password, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1076 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1077 }
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1078
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1079 if (baseDNList)
1080 {
1081 handleBaseDNPatch(*baseDNList, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1082 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1083 }
1084 if (userNameAttribute)
1085 {
1086 handleUserNameAttrPatch(*userNameAttribute, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1087 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1088 }
1089 if (groupsAttribute)
1090 {
1091 handleGroupNameAttrPatch(*groupsAttribute, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1092 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1093 }
1094 if (serviceEnabled)
1095 {
1096 // if user has given the value as true then enable
1097 // the service. if user has given false then no-op
1098 // as service is already stopped.
1099 if (*serviceEnabled)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1100 {
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1101 handleServiceEnablePatch(*serviceEnabled, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1102 serverType, dbusObjectPath);
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1103 }
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1104 }
1105 else
1106 {
1107 // if user has not given the service enabled value
1108 // then revert it to the same state as it was
1109 // before.
1110 handleServiceEnablePatch(confData.serviceEnabled, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1111 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1112 }
Ratan Gupta06785242019-07-26 22:30:16 +0530[diff] [blame]1113
1114 if (remoteRoleMapData)
1115 {
1116 std::vector<nlohmann::json> remoteRoleMap =
1117 std::move(*remoteRoleMapData);
1118
1119 handleRoleMapPatch(asyncResp, confData.groupRoleList,
1120 serverType, remoteRoleMap);
1121 }
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1122 });
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1123 }
Ed Tanousd4b54432019-07-17 22:51:55 +0000[diff] [blame]1124
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]1125 void doGet(crow::Response& res, const crow::Request& req,
1126 const std::vector<std::string>& params) override
1127 {
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]1128 const persistent_data::AuthConfigMethods& authMethodsConfig =
1129 persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]1130
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1131 auto asyncResp = std::make_shared<AsyncResp>(res);
1132 res.jsonValue = {
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1133 {"@odata.id", "/redfish/v1/AccountService"},
1134 {"@odata.type", "#AccountService."
Gunnar Millsba9dd4a2020-02-20 10:40:18 -0600[diff] [blame]1135 "v1_5_0.AccountService"},
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1136 {"Id", "AccountService"},
1137 {"Name", "Account Service"},
1138 {"Description", "Account Service"},
1139 {"ServiceEnabled", true},
AppaRao Puli343ff2e2019-03-24 00:42:13 +0530[diff] [blame]1140 {"MaxPasswordLength", 20},
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1141 {"Accounts",
1142 {{"@odata.id", "/redfish/v1/AccountService/Accounts"}}},
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1143 {"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}},
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]1144 {"Oem",
1145 {{"OpenBMC",
1146 {{"@odata.type", "#OemAccountService.v1_0_0.AccountService"},
1147 {"AuthMethods",
1148 {
1149 {"BasicAuth", authMethodsConfig.basic},
1150 {"SessionToken", authMethodsConfig.sessionToken},
1151 {"XToken", authMethodsConfig.xtoken},
1152 {"Cookie", authMethodsConfig.cookie},
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200[diff] [blame]1153 {"TLS", authMethodsConfig.tls},
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]1154 }}}}}},
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]1155 {"LDAP",
1156 {{"Certificates",
1157 {{"@odata.id",
1158 "/redfish/v1/AccountService/LDAP/Certificates"}}}}}};
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1159 crow::connections::systemBus->async_method_call(
1160 [asyncResp](
1161 const boost::system::error_code ec,
1162 const std::vector<std::pair<
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1163 std::string, std::variant<uint32_t, uint16_t, uint8_t>>>&
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1164 propertiesList) {
1165 if (ec)
1166 {
1167 messages::internalError(asyncResp->res);
1168 return;
1169 }
1170 BMCWEB_LOG_DEBUG << "Got " << propertiesList.size()
1171 << "properties for AccountService";
1172 for (const std::pair<std::string,
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1173 std::variant<uint32_t, uint16_t, uint8_t>>&
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1174 property : propertiesList)
1175 {
1176 if (property.first == "MinPasswordLength")
1177 {
1178 const uint8_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1179 std::get_if<uint8_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1180 if (value != nullptr)
1181 {
1182 asyncResp->res.jsonValue["MinPasswordLength"] =
1183 *value;
1184 }
1185 }
1186 if (property.first == "AccountUnlockTimeout")
1187 {
1188 const uint32_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1189 std::get_if<uint32_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1190 if (value != nullptr)
1191 {
1192 asyncResp->res.jsonValue["AccountLockoutDuration"] =
1193 *value;
1194 }
1195 }
1196 if (property.first == "MaxLoginAttemptBeforeLockout")
1197 {
1198 const uint16_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1199 std::get_if<uint16_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1200 if (value != nullptr)
1201 {
1202 asyncResp->res
1203 .jsonValue["AccountLockoutThreshold"] = *value;
1204 }
1205 }
1206 }
1207 },
1208 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1209 "org.freedesktop.DBus.Properties", "GetAll",
1210 "xyz.openbmc_project.User.AccountPolicy");
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]1211
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]1212 auto callback = [asyncResp](bool success, LDAPConfigData& confData,
1213 const std::string& ldapType) {
1214 parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType);
1215 };
1216
1217 getLDAPConfigData("LDAP", callback);
1218 getLDAPConfigData("ActiveDirectory", callback);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1219 }
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]1220
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1221 void doPatch(crow::Response& res, const crow::Request& req,
1222 const std::vector<std::string>& params) override
1223 {
1224 auto asyncResp = std::make_shared<AsyncResp>(res);
1225
1226 std::optional<uint32_t> unlockTimeout;
1227 std::optional<uint16_t> lockoutThreshold;
Ratan Gupta19fb6e72019-03-04 13:30:50 +0530[diff] [blame]1228 std::optional<uint16_t> minPasswordLength;
1229 std::optional<uint16_t> maxPasswordLength;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1230 std::optional<nlohmann::json> ldapObject;
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1231 std::optional<nlohmann::json> activeDirectoryObject;
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]1232 std::optional<nlohmann::json> oemObject;
Ratan Gupta19fb6e72019-03-04 13:30:50 +0530[diff] [blame]1233
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]1234 if (!json_util::readJson(
1235 req, res, "AccountLockoutDuration", unlockTimeout,
1236 "AccountLockoutThreshold", lockoutThreshold,
1237 "MaxPasswordLength", maxPasswordLength, "MinPasswordLength",
1238 minPasswordLength, "LDAP", ldapObject, "ActiveDirectory",
1239 activeDirectoryObject, "Oem", oemObject))
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1240 {
1241 return;
1242 }
Ratan Gupta19fb6e72019-03-04 13:30:50 +0530[diff] [blame]1243
1244 if (minPasswordLength)
1245 {
1246 messages::propertyNotWritable(asyncResp->res, "MinPasswordLength");
1247 }
1248
1249 if (maxPasswordLength)
1250 {
1251 messages::propertyNotWritable(asyncResp->res, "MaxPasswordLength");
1252 }
1253
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]1254 if (ldapObject)
1255 {
1256 handleLDAPPatch(*ldapObject, asyncResp, req, params, "LDAP");
1257 }
1258
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]1259 if (std::optional<nlohmann::json> oemOpenBMCObject;
1260 oemObject &&
1261 json_util::readJson(*oemObject, res, "OpenBMC", oemOpenBMCObject))
1262 {
1263 if (std::optional<nlohmann::json> authMethodsObject;
1264 oemOpenBMCObject &&
1265 json_util::readJson(*oemOpenBMCObject, res, "AuthMethods",
1266 authMethodsObject))
1267 {
1268 if (authMethodsObject)
1269 {
1270 handleAuthMethodsPatch(*authMethodsObject, asyncResp);
1271 }
1272 }
1273 }
1274
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]1275 if (activeDirectoryObject)
1276 {
1277 handleLDAPPatch(*activeDirectoryObject, asyncResp, req, params,
1278 "ActiveDirectory");
1279 }
1280
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1281 if (unlockTimeout)
1282 {
1283 crow::connections::systemBus->async_method_call(
1284 [asyncResp](const boost::system::error_code ec) {
1285 if (ec)
1286 {
1287 messages::internalError(asyncResp->res);
1288 return;
1289 }
Ratan Guptaadd61332019-02-13 20:49:16 +0530[diff] [blame]1290 messages::success(asyncResp->res);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1291 },
1292 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1293 "org.freedesktop.DBus.Properties", "Set",
1294 "xyz.openbmc_project.User.AccountPolicy",
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1295 "AccountUnlockTimeout", std::variant<uint32_t>(*unlockTimeout));
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1296 }
1297 if (lockoutThreshold)
1298 {
1299 crow::connections::systemBus->async_method_call(
1300 [asyncResp](const boost::system::error_code ec) {
1301 if (ec)
1302 {
1303 messages::internalError(asyncResp->res);
1304 return;
1305 }
Ratan Guptaadd61332019-02-13 20:49:16 +0530[diff] [blame]1306 messages::success(asyncResp->res);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1307 },
1308 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1309 "org.freedesktop.DBus.Properties", "Set",
1310 "xyz.openbmc_project.User.AccountPolicy",
1311 "MaxLoginAttemptBeforeLockout",
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1312 std::variant<uint16_t>(*lockoutThreshold));
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]1313 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]1314 }
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100[diff] [blame]1315
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]1316 App& app;
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]1317};
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]1318
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1319class AccountsCollection : public Node
1320{
1321 public:
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]1322 AccountsCollection(App& app) :
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1323 Node(app, "/redfish/v1/AccountService/Accounts/")
1324 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1325 entityPrivileges = {
Gunnar Millsf3659102020-01-29 16:23:28 -0600[diff] [blame]1326 // According to the PrivilegeRegistry, GET should actually be
1327 // "Login". A "Login" only privilege would return an empty "Members"
1328 // list. Not going to worry about this since none of the defined
1329 // roles are just "Login". E.g. Readonly is {"Login",
1330 // "ConfigureSelf"}. In the rare event anyone defines a role that
1331 // has Login but not ConfigureSelf, implement this.
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1332 {boost::beast::http::verb::get,
Gunnar Millsf3659102020-01-29 16:23:28 -0600[diff] [blame]1333 {{"ConfigureUsers"}, {"ConfigureSelf"}}},
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1334 {boost::beast::http::verb::head, {{"Login"}}},
1335 {boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
1336 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
1337 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
1338 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
1339 }
1340
1341 private:
1342 void doGet(crow::Response& res, const crow::Request& req,
1343 const std::vector<std::string>& params) override
1344 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1345 auto asyncResp = std::make_shared<AsyncResp>(res);
Gunnar Mills94400962020-02-14 11:56:41 -0600[diff] [blame]1346 res.jsonValue = {{"@odata.id", "/redfish/v1/AccountService/Accounts"},
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]1347 {"@odata.type", "#ManagerAccountCollection."
1348 "ManagerAccountCollection"},
1349 {"Name", "Accounts Collection"},
1350 {"Description", "BMC User Accounts"}};
1351
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1352 crow::connections::systemBus->async_method_call(
Gunnar Millsf3659102020-01-29 16:23:28 -0600[diff] [blame]1353 [asyncResp, &req, this](const boost::system::error_code ec,
1354 const ManagedObjectType& users) {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1355 if (ec)
1356 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1357 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1358 return;
1359 }
1360
1361 nlohmann::json& memberArray =
1362 asyncResp->res.jsonValue["Members"];
1363 memberArray = nlohmann::json::array();
1364
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1365 for (auto& user : users)
1366 {
1367 const std::string& path =
1368 static_cast<const std::string&>(user.first);
1369 std::size_t lastIndex = path.rfind("/");
1370 if (lastIndex == std::string::npos)
1371 {
1372 lastIndex = 0;
1373 }
1374 else
1375 {
1376 lastIndex += 1;
1377 }
Gunnar Millsf3659102020-01-29 16:23:28 -0600[diff] [blame]1378
1379 // As clarified by Redfish here:
1380 // https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration
1381 // Users without ConfigureUsers, only see their own account.
1382 // Users with ConfigureUsers, see all accounts.
1383 if (req.session->username == path.substr(lastIndex) ||
1384 isAllowedWithoutConfigureSelf(req))
1385 {
1386 memberArray.push_back(
1387 {{"@odata.id",
1388 "/redfish/v1/AccountService/Accounts/" +
1389 path.substr(lastIndex)}});
1390 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1391 }
Gunnar Millsf3659102020-01-29 16:23:28 -0600[diff] [blame]1392 asyncResp->res.jsonValue["Members@odata.count"] =
1393 memberArray.size();
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1394 },
1395 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1396 "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
1397 }
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1398 void doPost(crow::Response& res, const crow::Request& req,
1399 const std::vector<std::string>& params) override
1400 {
1401 auto asyncResp = std::make_shared<AsyncResp>(res);
1402
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]1403 std::string username;
1404 std::string password;
Ed Tanousa24526d2018-12-10 15:17:59 -0800[diff] [blame]1405 std::optional<std::string> roleId("User");
1406 std::optional<bool> enabled = true;
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]1407 if (!json_util::readJson(req, res, "UserName", username, "Password",
1408 password, "RoleId", roleId, "Enabled",
1409 enabled))
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1410 {
1411 return;
1412 }
1413
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1414 std::string priv = getPrivilegeFromRoleId(*roleId);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1415 if (priv.empty())
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1416 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1417 messages::propertyValueNotInList(asyncResp->res, *roleId, "RoleId");
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1418 return;
1419 }
jayaprakash Mutyala96200602020-04-08 11:09:10 +0000[diff] [blame]1420 // TODO: Following override will be reverted once support in
1421 // phosphor-user-manager is added. In order to avoid dependency issues,
1422 // this is added in bmcweb, which will removed, once
1423 // phosphor-user-manager supports priv-noaccess.
1424 if (priv == "priv-noaccess")
1425 {
1426 roleId = "";
1427 }
1428 else
1429 {
1430 roleId = priv;
1431 }
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1432
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1433 // Reading AllGroups property
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1434 crow::connections::systemBus->async_method_call(
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1435 [asyncResp, username, password{std::move(password)}, roleId,
1436 enabled](const boost::system::error_code ec,
1437 const std::variant<std::vector<std::string>>& allGroups) {
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1438 if (ec)
1439 {
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1440 BMCWEB_LOG_DEBUG << "ERROR with async_method_call";
1441 messages::internalError(asyncResp->res);
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1442 return;
1443 }
1444
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1445 const std::vector<std::string>* allGroupsList =
1446 std::get_if<std::vector<std::string>>(&allGroups);
1447
1448 if (allGroupsList == nullptr || allGroupsList->empty())
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1449 {
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1450 messages::internalError(asyncResp->res);
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1451 return;
1452 }
1453
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1454 crow::connections::systemBus->async_method_call(
1455 [asyncResp, username, password{std::move(password)}](
anil kumar appana0d4197e2019-06-13 15:06:23 +0000[diff] [blame]1456 const boost::system::error_code ec,
1457 sdbusplus::message::message& m) {
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1458 if (ec)
1459 {
anil kumar appana0d4197e2019-06-13 15:06:23 +0000[diff] [blame]1460 userErrorMessageHandler(m.get_error(), asyncResp,
1461 username, "");
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1462 return;
1463 }
1464
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1465 if (pamUpdatePassword(username, password) !=
1466 PAM_SUCCESS)
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1467 {
1468 // At this point we have a user that's been created,
1469 // but the password set failed.Something is wrong,
1470 // so delete the user that we've already created
1471 crow::connections::systemBus->async_method_call(
anil kumar appana0d4197e2019-06-13 15:06:23 +0000[diff] [blame]1472 [asyncResp,
1473 password](const boost::system::error_code ec) {
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1474 if (ec)
1475 {
1476 messages::internalError(asyncResp->res);
1477 return;
1478 }
1479
anil kumar appana0d4197e2019-06-13 15:06:23 +0000[diff] [blame]1480 // If password is invalid
1481 messages::propertyValueFormatError(
1482 asyncResp->res, password, "Password");
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1483 },
1484 "xyz.openbmc_project.User.Manager",
1485 "/xyz/openbmc_project/user/" + username,
1486 "xyz.openbmc_project.Object.Delete", "Delete");
1487
1488 BMCWEB_LOG_ERROR << "pamUpdatePassword Failed";
1489 return;
1490 }
1491
1492 messages::created(asyncResp->res);
1493 asyncResp->res.addHeader(
1494 "Location",
1495 "/redfish/v1/AccountService/Accounts/" + username);
1496 },
1497 "xyz.openbmc_project.User.Manager",
1498 "/xyz/openbmc_project/user",
1499 "xyz.openbmc_project.User.Manager", "CreateUser", username,
1500 *allGroupsList, *roleId, *enabled);
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1501 },
1502 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1503 "org.freedesktop.DBus.Properties", "Get",
1504 "xyz.openbmc_project.User.Manager", "AllGroups");
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1505 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1506};
1507
1508class ManagerAccount : public Node
1509{
1510 public:
Ed Tanous52cc1122020-07-18 13:51:21 -0700[diff] [blame^]1511 ManagerAccount(App& app) :
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1512 Node(app, "/redfish/v1/AccountService/Accounts/<str>/", std::string())
1513 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1514 entityPrivileges = {
1515 {boost::beast::http::verb::get,
1516 {{"ConfigureUsers"}, {"ConfigureManager"}, {"ConfigureSelf"}}},
1517 {boost::beast::http::verb::head, {{"Login"}}},
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]1518 {boost::beast::http::verb::patch,
1519 {{"ConfigureUsers"}, {"ConfigureSelf"}}},
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1520 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
1521 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
1522 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
1523 }
1524
1525 private:
1526 void doGet(crow::Response& res, const crow::Request& req,
1527 const std::vector<std::string>& params) override
1528 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1529 auto asyncResp = std::make_shared<AsyncResp>(res);
1530
1531 if (params.size() != 1)
1532 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1533 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1534 return;
1535 }
1536
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]1537 // Perform a proper ConfigureSelf authority check. If the
1538 // user is operating on an account not their own, then their
1539 // ConfigureSelf privilege does not apply. In this case,
1540 // perform the authority check again without the user's
1541 // ConfigureSelf privilege.
1542 if (req.session->username != params[0])
1543 {
1544 if (!isAllowedWithoutConfigureSelf(req))
1545 {
1546 BMCWEB_LOG_DEBUG << "GET Account denied access";
1547 messages::insufficientPrivilege(asyncResp->res);
1548 return;
1549 }
1550 }
1551
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1552 crow::connections::systemBus->async_method_call(
1553 [asyncResp, accountName{std::string(params[0])}](
1554 const boost::system::error_code ec,
1555 const ManagedObjectType& users) {
1556 if (ec)
1557 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1558 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1559 return;
1560 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1561 auto userIt = users.begin();
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1562
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1563 for (; userIt != users.end(); userIt++)
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1564 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1565 if (boost::ends_with(userIt->first.str, "/" + accountName))
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1566 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1567 break;
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1568 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1569 }
1570 if (userIt == users.end())
1571 {
1572 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
1573 accountName);
1574 return;
1575 }
Ayushi Smriti4e68c452019-09-04 14:37:55 +0530[diff] [blame]1576
1577 asyncResp->res.jsonValue = {
Gunnar Mills8114bd42020-06-11 20:55:21 -0500[diff] [blame]1578 {"@odata.type", "#ManagerAccount.v1_4_0.ManagerAccount"},
Ayushi Smriti4e68c452019-09-04 14:37:55 +0530[diff] [blame]1579 {"Name", "User Account"},
1580 {"Description", "User Account"},
Gunnar Mills8114bd42020-06-11 20:55:21 -0500[diff] [blame]1581 {"Password", nullptr},
1582 {"AccountTypes", {"Redfish"}}};
Ayushi Smriti4e68c452019-09-04 14:37:55 +0530[diff] [blame]1583
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1584 for (const auto& interface : userIt->second)
1585 {
1586 if (interface.first ==
1587 "xyz.openbmc_project.User.Attributes")
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1588 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1589 for (const auto& property : interface.second)
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1590 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1591 if (property.first == "UserEnabled")
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1592 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1593 const bool* userEnabled =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1594 std::get_if<bool>(&property.second);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1595 if (userEnabled == nullptr)
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1596 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1597 BMCWEB_LOG_ERROR
1598 << "UserEnabled wasn't a bool";
1599 messages::internalError(asyncResp->res);
1600 return;
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1601 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1602 asyncResp->res.jsonValue["Enabled"] =
1603 *userEnabled;
1604 }
1605 else if (property.first ==
1606 "UserLockedForFailedAttempt")
1607 {
1608 const bool* userLocked =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1609 std::get_if<bool>(&property.second);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1610 if (userLocked == nullptr)
1611 {
1612 BMCWEB_LOG_ERROR << "UserLockedForF"
1613 "ailedAttempt "
1614 "wasn't a bool";
1615 messages::internalError(asyncResp->res);
1616 return;
1617 }
1618 asyncResp->res.jsonValue["Locked"] =
1619 *userLocked;
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1620 asyncResp->res.jsonValue
1621 ["Locked@Redfish.AllowableValues"] = {
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]1622 "false"}; // can only unlock accounts
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1623 }
1624 else if (property.first == "UserPrivilege")
1625 {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1626 const std::string* userPrivPtr =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1627 std::get_if<std::string>(&property.second);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1628 if (userPrivPtr == nullptr)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1629 {
1630 BMCWEB_LOG_ERROR
1631 << "UserPrivilege wasn't a "
1632 "string";
1633 messages::internalError(asyncResp->res);
1634 return;
1635 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1636 std::string role =
1637 getRoleIdFromPrivilege(*userPrivPtr);
1638 if (role.empty())
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1639 {
1640 BMCWEB_LOG_ERROR << "Invalid user role";
1641 messages::internalError(asyncResp->res);
1642 return;
1643 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1644 asyncResp->res.jsonValue["RoleId"] = role;
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1645
1646 asyncResp->res.jsonValue["Links"]["Role"] = {
1647 {"@odata.id", "/redfish/v1/AccountService/"
1648 "Roles/" +
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1649 role}};
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1650 }
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]1651 else if (property.first == "UserPasswordExpired")
1652 {
1653 const bool* userPasswordExpired =
1654 std::get_if<bool>(&property.second);
1655 if (userPasswordExpired == nullptr)
1656 {
1657 BMCWEB_LOG_ERROR << "UserPassword"
1658 "Expired "
1659 "wasn't a bool";
1660 messages::internalError(asyncResp->res);
1661 return;
1662 }
1663 asyncResp->res
1664 .jsonValue["PasswordChangeRequired"] =
1665 *userPasswordExpired;
1666 }
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1667 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1668 }
1669 }
1670
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1671 asyncResp->res.jsonValue["@odata.id"] =
1672 "/redfish/v1/AccountService/Accounts/" + accountName;
1673 asyncResp->res.jsonValue["Id"] = accountName;
1674 asyncResp->res.jsonValue["UserName"] = accountName;
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1675 },
1676 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1677 "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
1678 }
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1679
1680 void doPatch(crow::Response& res, const crow::Request& req,
1681 const std::vector<std::string>& params) override
1682 {
1683 auto asyncResp = std::make_shared<AsyncResp>(res);
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1684 if (params.size() != 1)
1685 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1686 messages::internalError(asyncResp->res);
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1687 return;
1688 }
1689
Ed Tanousa24526d2018-12-10 15:17:59 -0800[diff] [blame]1690 std::optional<std::string> newUserName;
1691 std::optional<std::string> password;
1692 std::optional<bool> enabled;
1693 std::optional<std::string> roleId;
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1694 std::optional<bool> locked;
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1695 if (!json_util::readJson(req, res, "UserName", newUserName, "Password",
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1696 password, "RoleId", roleId, "Enabled", enabled,
1697 "Locked", locked))
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1698 {
1699 return;
1700 }
1701
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1702 const std::string& username = params[0];
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1703
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]1704 // Perform a proper ConfigureSelf authority check. If the
1705 // session is being used to PATCH a property other than
1706 // Password, then the ConfigureSelf privilege does not apply.
1707 // If the user is operating on an account not their own, then
1708 // their ConfigureSelf privilege does not apply. In either
1709 // case, perform the authority check again without the user's
1710 // ConfigureSelf privilege.
1711 if ((username != req.session->username) ||
1712 (newUserName || enabled || roleId || locked))
1713 {
1714 if (!isAllowedWithoutConfigureSelf(req))
1715 {
1716 BMCWEB_LOG_WARNING << "PATCH Password denied access";
1717 asyncResp->res.clear();
1718 messages::insufficientPrivilege(asyncResp->res);
1719 return;
1720 }
1721 }
1722
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1723 // if user name is not provided in the patch method or if it
1724 // matches the user name in the URI, then we are treating it as updating
1725 // user properties other then username. If username provided doesn't
1726 // match the URI, then we are treating this as user rename request.
1727 if (!newUserName || (newUserName.value() == username))
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1728 {
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1729 updateUserProperties(asyncResp, username, password, enabled, roleId,
1730 locked);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1731 return;
1732 }
1733 else
1734 {
1735 crow::connections::systemBus->async_method_call(
1736 [this, asyncResp, username, password(std::move(password)),
1737 roleId(std::move(roleId)), enabled(std::move(enabled)),
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1738 newUser{std::string(*newUserName)},
1739 locked(std::move(locked))](const boost::system::error_code ec,
1740 sdbusplus::message::message& m) {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1741 if (ec)
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1742 {
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1743 userErrorMessageHandler(m.get_error(), asyncResp,
1744 newUser, username);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1745 return;
1746 }
1747
1748 updateUserProperties(asyncResp, newUser, password, enabled,
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1749 roleId, locked);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1750 },
1751 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1752 "xyz.openbmc_project.User.Manager", "RenameUser", username,
1753 *newUserName);
1754 }
1755 }
1756
1757 void updateUserProperties(std::shared_ptr<AsyncResp> asyncResp,
1758 const std::string& username,
Ed Tanousa24526d2018-12-10 15:17:59 -0800[diff] [blame]1759 std::optional<std::string> password,
1760 std::optional<bool> enabled,
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1761 std::optional<std::string> roleId,
1762 std::optional<bool> locked)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1763 {
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1764 std::string dbusObjectPath = "/xyz/openbmc_project/user/" + username;
1765 dbus::utility::escapePathForDbus(dbusObjectPath);
1766
Ratan Gupta22c33712019-05-03 21:50:28 +0530[diff] [blame]1767 dbus::utility::checkDbusPathExists(
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1768 dbusObjectPath,
1769 [dbusObjectPath(std::move(dbusObjectPath)), username,
1770 password(std::move(password)), roleId(std::move(roleId)),
1771 enabled(std::move(enabled)), locked(std::move(locked)),
1772 asyncResp{std::move(asyncResp)}](int rc) {
1773 if (!rc)
1774 {
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1775 messages::resourceNotFound(
Gunnar Mills8114bd42020-06-11 20:55:21 -0500[diff] [blame]1776 asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount",
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1777 username);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1778 return;
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1779 }
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1780
1781 if (password)
1782 {
1783 int retval = pamUpdatePassword(username, *password);
1784
1785 if (retval == PAM_USER_UNKNOWN)
1786 {
1787 messages::resourceNotFound(
1788 asyncResp->res,
Gunnar Mills8114bd42020-06-11 20:55:21 -0500[diff] [blame]1789 "#ManagerAccount.v1_4_0.ManagerAccount", username);
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000[diff] [blame]1790 }
1791 else if (retval == PAM_AUTHTOK_ERR)
1792 {
1793 // If password is invalid
1794 messages::propertyValueFormatError(
1795 asyncResp->res, *password, "Password");
1796 BMCWEB_LOG_ERROR << "pamUpdatePassword Failed";
1797 }
1798 else if (retval != PAM_SUCCESS)
1799 {
1800 messages::internalError(asyncResp->res);
1801 return;
1802 }
1803 }
1804
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1805 if (enabled)
1806 {
1807 crow::connections::systemBus->async_method_call(
1808 [asyncResp](const boost::system::error_code ec) {
1809 if (ec)
1810 {
1811 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1812 << ec;
1813 messages::internalError(asyncResp->res);
1814 return;
1815 }
1816 messages::success(asyncResp->res);
1817 return;
1818 },
1819 "xyz.openbmc_project.User.Manager",
1820 dbusObjectPath.c_str(),
1821 "org.freedesktop.DBus.Properties", "Set",
1822 "xyz.openbmc_project.User.Attributes", "UserEnabled",
1823 std::variant<bool>{*enabled});
1824 }
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]1825
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1826 if (roleId)
1827 {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1828 std::string priv = getPrivilegeFromRoleId(*roleId);
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1829 if (priv.empty())
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1830 {
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1831 messages::propertyValueNotInList(asyncResp->res,
1832 *roleId, "RoleId");
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1833 return;
1834 }
jayaprakash Mutyala96200602020-04-08 11:09:10 +0000[diff] [blame]1835 if (priv == "priv-noaccess")
1836 {
1837 priv = "";
1838 }
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1839
1840 crow::connections::systemBus->async_method_call(
1841 [asyncResp](const boost::system::error_code ec) {
1842 if (ec)
1843 {
1844 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1845 << ec;
1846 messages::internalError(asyncResp->res);
1847 return;
1848 }
1849 messages::success(asyncResp->res);
1850 },
1851 "xyz.openbmc_project.User.Manager",
1852 dbusObjectPath.c_str(),
1853 "org.freedesktop.DBus.Properties", "Set",
1854 "xyz.openbmc_project.User.Attributes", "UserPrivilege",
1855 std::variant<std::string>{priv});
1856 }
1857
1858 if (locked)
1859 {
1860 // admin can unlock the account which is locked by
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1861 // successive authentication failures but admin should
1862 // not be allowed to lock an account.
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1863 if (*locked)
1864 {
1865 messages::propertyValueNotInList(asyncResp->res, "true",
1866 "Locked");
1867 return;
1868 }
1869
1870 crow::connections::systemBus->async_method_call(
1871 [asyncResp](const boost::system::error_code ec) {
1872 if (ec)
1873 {
1874 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1875 << ec;
1876 messages::internalError(asyncResp->res);
1877 return;
1878 }
1879 messages::success(asyncResp->res);
1880 return;
1881 },
1882 "xyz.openbmc_project.User.Manager",
1883 dbusObjectPath.c_str(),
1884 "org.freedesktop.DBus.Properties", "Set",
1885 "xyz.openbmc_project.User.Attributes",
1886 "UserLockedForFailedAttempt",
Patrick Williams19bd78d2020-05-13 17:38:24 -0500[diff] [blame]1887 std::variant<bool>{*locked});
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1888 }
1889 });
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1890 }
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1891
1892 void doDelete(crow::Response& res, const crow::Request& req,
1893 const std::vector<std::string>& params) override
1894 {
1895 auto asyncResp = std::make_shared<AsyncResp>(res);
1896
1897 if (params.size() != 1)
1898 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1899 messages::internalError(asyncResp->res);
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1900 return;
1901 }
1902
1903 const std::string userPath = "/xyz/openbmc_project/user/" + params[0];
1904
1905 crow::connections::systemBus->async_method_call(
1906 [asyncResp, username{std::move(params[0])}](
1907 const boost::system::error_code ec) {
1908 if (ec)
1909 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1910 messages::resourceNotFound(
Gunnar Mills8114bd42020-06-11 20:55:21 -0500[diff] [blame]1911 asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount",
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1912 username);
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1913 return;
1914 }
1915
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1916 messages::accountRemoved(asyncResp->res);
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1917 },
1918 "xyz.openbmc_project.User.Manager", userPath,
1919 "xyz.openbmc_project.Object.Delete", "Delete");
1920 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1921};
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]1922
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]1923} // namespace redfish