Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 2405091dc5b2606ecd78a51516168d4f438cd8e0 / . / redfish-core / include / privileges.hpp
blob: 970946a60a4aa97f2548893ed141d72bc8c9e234 [file] [log] [blame]
Ed Tanous40e9b922024-09-10 13:50:16 -0700[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
2// SPDX-FileCopyrightText: Copyright OpenBMC Authors
3// SPDX-FileCopyrightText: Copyright 2018 Intel Corporation
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]4#pragma once
5
Nan Zhoud5c80ad2022-07-11 01:16:31 +0000[diff] [blame]6#include "logging.hpp"
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]7#include "sessions.hpp"
Nan Zhoud5c80ad2022-07-11 01:16:31 +0000[diff] [blame]8
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]9#include <boost/beast/http/verb.hpp>
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]10#include <boost/container/flat_map.hpp>
Nan Zhoud5c80ad2022-07-11 01:16:31 +0000[diff] [blame]11#include <boost/container/vector.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]12
13#include <array>
14#include <bitset>
Nan Zhoud5c80ad2022-07-11 01:16:31 +0000[diff] [blame]15#include <cstddef>
Nan Zhoud5c80ad2022-07-11 01:16:31 +0000[diff] [blame]16#include <initializer_list>
17#include <string>
18#include <string_view>
19#include <utility>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]20#include <vector>
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]21
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]22namespace redfish
23{
24
25enum class PrivilegeType
26{
27 BASE,
28 OEM
29};
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]30
Ed Tanousa6927792018-03-06 10:01:57 -0800[diff] [blame]31/** @brief A fixed array of compile time privileges */
Ed Tanousac25adb2024-04-13 11:57:35 -0700[diff] [blame]32constexpr std::array<std::string_view, 5> basePrivileges{
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]33 "Login", "ConfigureManager", "ConfigureComponents", "ConfigureSelf",
34 "ConfigureUsers"};
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]35
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]36constexpr const size_t basePrivilegeCount = basePrivileges.size();
Ed Tanousa6927792018-03-06 10:01:57 -0800[diff] [blame]37
38/** @brief Max number of privileges per type */
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]39constexpr const size_t maxPrivilegeCount = 32;
Ed Tanousa6927792018-03-06 10:01:57 -0800[diff] [blame]40
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]41/**
42 * @brief A vector of all privilege names and their indexes
43 * The privilege "OpenBMCHostConsole" is added to users who are members of the
44 * "hostconsole" user group. This privilege is required to access the host
45 * console.
46 */
Ed Tanousac25adb2024-04-13 11:57:35 -0700[diff] [blame]47constexpr std::array<std::string_view, maxPrivilegeCount> privilegeNames{
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]48 "Login", "ConfigureManager", "ConfigureComponents",
49 "ConfigureSelf", "ConfigureUsers", "OpenBMCHostConsole"};
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]50
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]51/**
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]52 * @brief Redfish privileges
53 *
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]54 * This implements a set of Redfish privileges. These directly represent
55 * user privileges and help represent entity privileges.
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]56 *
Ed Tanous55c7b7a2018-05-22 15:27:24 -0700[diff] [blame]57 * Each incoming Connection requires a comparison between privileges held
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]58 * by the user issuing a request and the target entity's privileges.
59 *
60 * To ensure best runtime performance of this comparison, privileges
61 * are represented as bitsets. Each bit in the bitset corresponds to a
62 * unique privilege name.
63 *
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]64 * A bit is set if the privilege is required (entity domain) or granted
65 * (user domain) and false otherwise.
66 *
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]67 */
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]68class Privileges
69{
70 public:
71 /**
72 * @brief Constructs object without any privileges active
73 *
74 */
75 Privileges() = default;
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]76
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]77 /**
78 * @brief Constructs object with given privileges active
79 *
80 * @param[in] privilegeList List of privileges to be activated
81 *
82 */
83 Privileges(std::initializer_list<const char*> privilegeList)
84 {
85 for (const char* privilege : privilegeList)
86 {
87 if (!setSinglePrivilege(privilege))
88 {
Ed Tanousac25adb2024-04-13 11:57:35 -0700[diff] [blame]89 BMCWEB_LOG_CRITICAL("Unable to set privilege {} in constructor",
Ed Tanous62598e32023-07-17 17:06:25 -0700[diff] [blame]90 privilege);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]91 }
92 }
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]93 }
94
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]95 /**
96 * @brief Sets given privilege in the bitset
97 *
98 * @param[in] privilege Privilege to be set
99 *
100 * @return None
101 *
102 */
Ed Tanous26ccae32023-02-16 10:28:44 -0800[diff] [blame]103 bool setSinglePrivilege(std::string_view privilege)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]104 {
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]105 for (size_t searchIndex = 0; searchIndex < privilegeNames.size();
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]106 searchIndex++)
107 {
108 if (privilege == privilegeNames[searchIndex])
109 {
110 privilegeBitset.set(searchIndex);
111 return true;
112 }
113 }
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]114
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]115 return false;
Ed Tanousa6927792018-03-06 10:01:57 -0800[diff] [blame]116 }
117
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]118 /**
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]119 * @brief Resets the given privilege in the bitset
120 *
121 * @param[in] privilege Privilege to be reset
122 *
123 * @return None
124 *
125 */
126 bool resetSinglePrivilege(const char* privilege)
127 {
128 for (size_t searchIndex = 0; searchIndex < privilegeNames.size();
129 searchIndex++)
130 {
131 if (privilege == privilegeNames[searchIndex])
132 {
133 privilegeBitset.reset(searchIndex);
134 return true;
135 }
136 }
137 return false;
138 }
139
140 /**
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]141 * @brief Retrieves names of all active privileges for a given type
142 *
143 * @param[in] type Base or OEM
144 *
145 * @return Vector of active privileges. Pointers are valid until
146 * the setSinglePrivilege is called, or the Privilege structure is destroyed
147 *
148 */
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]149 std::vector<std::string>
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]150 getActivePrivilegeNames(const PrivilegeType type) const
151 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]152 std::vector<std::string> activePrivileges;
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]153
Ed Tanous271584a2019-07-09 16:24:22 -0700[diff] [blame]154 size_t searchIndex = 0;
155 size_t endIndex = basePrivilegeCount;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]156 if (type == PrivilegeType::OEM)
157 {
Joseph Reynolds87704462021-08-24 14:42:39 -0500[diff] [blame]158 searchIndex = basePrivilegeCount;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]159 endIndex = privilegeNames.size();
160 }
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]161
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]162 for (; searchIndex < endIndex; searchIndex++)
163 {
164 if (privilegeBitset.test(searchIndex))
165 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000[diff] [blame]166 activePrivileges.emplace_back(privilegeNames[searchIndex]);
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]167 }
168 }
169
170 return activePrivileges;
171 }
172
173 /**
174 * @brief Determines if this Privilege set is a superset of the given
175 * privilege set
176 *
177 * @param[in] privilege Privilege to be checked
178 *
179 * @return None
180 *
181 */
182 bool isSupersetOf(const Privileges& p) const
183 {
184 return (privilegeBitset & p.privilegeBitset) == p.privilegeBitset;
185 }
186
Joseph Reynolds3bf4e632020-02-06 14:44:32 -0600[diff] [blame]187 /**
188 * @brief Returns the intersection of two Privilege sets.
189 *
190 * @param[in] privilege Privilege set to intersect with.
191 *
192 * @return The new Privilege set.
193 *
194 */
195 Privileges intersection(const Privileges& p) const
196 {
197 return Privileges{privilegeBitset & p.privilegeBitset};
198 }
199
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]200 private:
Ed Tanous4e23a442022-06-06 09:57:26 -0700[diff] [blame]201 explicit Privileges(const std::bitset<maxPrivilegeCount>& p) :
202 privilegeBitset{p}
Gunnar Mills1214b7e2020-06-04 10:11:30 -0500[diff] [blame]203 {}
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]204 std::bitset<maxPrivilegeCount> privilegeBitset = 0;
Borawski.Lukasz86e1b662018-01-19 14:22:14 +0100[diff] [blame]205};
206
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]207inline Privileges getUserPrivileges(const persistent_data::UserSession& session)
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]208{
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]209 // default to no access
210 Privileges privs;
211
212 // Check if user is member of hostconsole group
213 for (const auto& userGroup : session.userGroups)
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]214 {
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]215 if (userGroup == "hostconsole")
216 {
217 // Redfish privilege : host console access
218 privs.setSinglePrivilege("OpenBMCHostConsole");
219 break;
220 }
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]221 }
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]222
223 if (session.userRole == "priv-admin")
224 {
225 // Redfish privilege : Administrator
226 privs.setSinglePrivilege("Login");
227 privs.setSinglePrivilege("ConfigureManager");
228 privs.setSinglePrivilege("ConfigureSelf");
229 privs.setSinglePrivilege("ConfigureUsers");
230 privs.setSinglePrivilege("ConfigureComponents");
231 }
232 else if (session.userRole == "priv-operator")
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]233 {
234 // Redfish privilege : Operator
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]235 privs.setSinglePrivilege("Login");
236 privs.setSinglePrivilege("ConfigureSelf");
237 privs.setSinglePrivilege("ConfigureComponents");
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]238 }
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]239 else if (session.userRole == "priv-user")
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]240 {
241 // Redfish privilege : Readonly
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]242 privs.setSinglePrivilege("Login");
243 privs.setSinglePrivilege("ConfigureSelf");
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]244 }
Ninad Palsule3e72c202023-03-27 17:19:55 -0500[diff] [blame]245
246 return privs;
Ratan Gupta6f359562019-04-03 10:39:08 +0530[diff] [blame]247}
248
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]249/**
250 * @brief The OperationMap represents the privileges required for a
251 * single entity (URI). It maps from the allowable verbs to the
252 * privileges required to use that operation.
253 *
254 * This represents the Redfish "Privilege AND and OR syntax" as given
255 * in the spec and shown in the Privilege Registry. This does not
256 * implement any Redfish property overrides, subordinate overrides, or
257 * resource URI overrides. This does not implement the limitation of
258 * the ConfigureSelf privilege to operate only on your own account or
259 * session.
260 **/
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]261using OperationMap = boost::container::flat_map<boost::beast::http::verb,
262 std::vector<Privileges>>;
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]263
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]264/* @brief Checks if user is allowed to call an operation
265 *
266 * @param[in] operationPrivilegesRequired Privileges required
267 * @param[in] userPrivileges Privileges the user has
268 *
269 * @return True if operation is allowed, false otherwise
270 */
271inline bool isOperationAllowedWithPrivileges(
272 const std::vector<Privileges>& operationPrivilegesRequired,
273 const Privileges& userPrivileges)
274{
275 // If there are no privileges assigned, there are no privileges required
276 if (operationPrivilegesRequired.empty())
277 {
278 return true;
279 }
Ed Tanous9eb808c2022-01-25 10:19:23 -0800[diff] [blame]280 for (const auto& requiredPrivileges : operationPrivilegesRequired)
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]281 {
Ed Tanous62598e32023-07-17 17:06:25 -0700[diff] [blame]282 BMCWEB_LOG_DEBUG("Checking operation privileges...");
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]283 if (userPrivileges.isSupersetOf(requiredPrivileges))
284 {
Ed Tanous62598e32023-07-17 17:06:25 -0700[diff] [blame]285 BMCWEB_LOG_DEBUG("...success");
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]286 return true;
287 }
288 }
289 return false;
290}
291
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]292/**
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]293 * @brief Checks if given privileges allow to call an HTTP method
294 *
295 * @param[in] method HTTP method
296 * @param[in] user Privileges
297 *
298 * @return True if method allowed, false otherwise
Borawski.Lukasz43a095a2018-02-19 15:39:01 +0100[diff] [blame]299 *
300 */
Ed Tanouse0d918b2018-03-27 17:41:04 -0700[diff] [blame]301inline bool isMethodAllowedWithPrivileges(const boost::beast::http::verb method,
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]302 const OperationMap& operationMap,
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]303 const Privileges& userPrivileges)
304{
305 const auto& it = operationMap.find(method);
306 if (it == operationMap.end())
307 {
308 return false;
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]309 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]310
Joseph Reynolds900f9492019-11-25 15:37:29 -0600[diff] [blame]311 return isOperationAllowedWithPrivileges(it->second, userPrivileges);
Ed Tanous3ebd75f2018-03-05 18:20:01 -0800[diff] [blame]312}
Borawski.Lukaszaecb47a2018-01-25 12:14:14 +0100[diff] [blame]313
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]314} // namespace redfish