Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 4e68c45b5281615bccc49f71eaa5dfac6be8e490 / . / redfish-core / lib / account_service.hpp
blob: f1a83a97d0f6bdf687b445ba5b909fd3c2dc795c [file] [log] [blame]
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]17#include "node.hpp"
18
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]19#include <dbus_utility.hpp>
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]20#include <error_messages.hpp>
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]21#include <openbmc_dbus_rest.hpp>
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]22#include <utils/json_utils.hpp>
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]23#include <variant>
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]24
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]25namespace redfish
26{
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]27
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]28constexpr const char* ldapConfigObject =
29 "/xyz/openbmc_project/user/ldap/openldap";
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]30constexpr const char* ADConfigObject =
31 "/xyz/openbmc_project/user/ldap/active_directory";
32
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]33constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap";
34constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config";
35constexpr const char* ldapConfigInterface =
36 "xyz.openbmc_project.User.Ldap.Config";
37constexpr const char* ldapCreateInterface =
38 "xyz.openbmc_project.User.Ldap.Create";
39constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable";
40constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager";
41constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties";
42constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper";
43constexpr const char* mapperObjectPath = "/xyz/openbmc_project/object_mapper";
44constexpr const char* mapperIntf = "xyz.openbmc_project.ObjectMapper";
45
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]46struct LDAPRoleMapData
47{
48 std::string groupName;
49 std::string privilege;
50};
51
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]52struct LDAPConfigData
53{
54 std::string uri{};
55 std::string bindDN{};
56 std::string baseDN{};
57 std::string searchScope{};
58 std::string serverType{};
59 bool serviceEnabled = false;
60 std::string userNameAttribute{};
61 std::string groupAttribute{};
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]62 std::vector<std::pair<std::string, LDAPRoleMapData>> groupRoleList;
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]63};
64
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]65using ManagedObjectType = std::vector<std::pair<
66 sdbusplus::message::object_path,
67 boost::container::flat_map<
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]68 std::string, boost::container::flat_map<
69 std::string, std::variant<bool, std::string>>>>>;
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]70using GetObjectType =
71 std::vector<std::pair<std::string, std::vector<std::string>>>;
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]72
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]73inline std::string getRoleIdFromPrivilege(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]74{
75 if (role == "priv-admin")
76 {
77 return "Administrator";
78 }
79 else if (role == "priv-callback")
80 {
81 return "Callback";
82 }
83 else if (role == "priv-user")
84 {
85 return "User";
86 }
87 else if (role == "priv-operator")
88 {
89 return "Operator";
90 }
91 return "";
92}
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]93inline std::string getPrivilegeFromRoleId(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]94{
95 if (role == "Administrator")
96 {
97 return "priv-admin";
98 }
99 else if (role == "Callback")
100 {
101 return "priv-callback";
102 }
103 else if (role == "User")
104 {
105 return "priv-user";
106 }
107 else if (role == "Operator")
108 {
109 return "priv-operator";
110 }
111 return "";
112}
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]113
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]114void parseLDAPConfigData(nlohmann::json& json_response,
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]115 const LDAPConfigData& confData,
116 const std::string& ldapType)
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]117{
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]118 std::string service =
119 (ldapType == "LDAP") ? "LDAPService" : "ActiveDirectoryService";
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]120 nlohmann::json ldap = {
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]121 {"AccountProviderType", service},
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]122 {"ServiceEnabled", confData.serviceEnabled},
123 {"ServiceAddresses", nlohmann::json::array({confData.uri})},
124 {"Authentication",
125 {{"AuthenticationType", "UsernameAndPassword"},
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]126 {"Username", confData.bindDN},
127 {"Password", nullptr}}},
128 {"LDAPService",
129 {{"SearchSettings",
130 {{"BaseDistinguishedNames",
131 nlohmann::json::array({confData.baseDN})},
132 {"UsernameAttribute", confData.userNameAttribute},
133 {"GroupsAttribute", confData.groupAttribute}}}}},
134 };
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]135
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]136 json_response[ldapType].update(std::move(ldap));
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]137
138 nlohmann::json& roleMapArray = json_response[ldapType]["RemoteRoleMapping"];
139 roleMapArray = nlohmann::json::array();
140 for (auto& obj : confData.groupRoleList)
141 {
142 BMCWEB_LOG_DEBUG << "Pushing the data groupName="
143 << obj.second.groupName << "\n";
144 roleMapArray.push_back(
145 {nlohmann::json::array({"RemoteGroup", obj.second.groupName}),
146 nlohmann::json::array(
147 {"LocalRole", getRoleIdFromPrivilege(obj.second.privilege)})});
148 }
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]149}
150
151/**
152 * Function that retrieves all properties for LDAP config object
153 * into JSON
154 */
155template <typename CallbackFunc>
156inline void getLDAPConfigData(const std::string& ldapType,
157 CallbackFunc&& callback)
158{
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]159
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]160 const std::array<const char*, 2> interfaces = {ldapEnableInterface,
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]161 ldapConfigInterface};
162
163 crow::connections::systemBus->async_method_call(
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]164 [callback, ldapType](const boost::system::error_code ec,
165 const GetObjectType& resp) {
166 LDAPConfigData confData{};
167 if (ec || resp.empty())
168 {
169 BMCWEB_LOG_ERROR << "DBUS response error during getting of "
170 "service name: "
171 << ec;
172 callback(false, confData, ldapType);
173 return;
174 }
175 std::string service = resp.begin()->first;
176 crow::connections::systemBus->async_method_call(
177 [callback, ldapType](const boost::system::error_code error_code,
178 const ManagedObjectType& ldapObjects) {
179 LDAPConfigData confData{};
180 if (error_code)
181 {
182 callback(false, confData, ldapType);
183 BMCWEB_LOG_ERROR << "D-Bus responses error: "
184 << error_code;
185 return;
186 }
187
188 std::string ldapDbusType;
189 std::string searchString;
190
191 if (ldapType == "LDAP")
192 {
193 ldapDbusType = "xyz.openbmc_project.User.Ldap.Config."
194 "Type.OpenLdap";
195 searchString = "openldap";
196 }
197 else if (ldapType == "ActiveDirectory")
198 {
199 ldapDbusType =
200 "xyz.openbmc_project.User.Ldap.Config.Type."
201 "ActiveDirectory";
202 searchString = "active_directory";
203 }
204 else
205 {
206 BMCWEB_LOG_ERROR
207 << "Can't get the DbusType for the given type="
208 << ldapType;
209 callback(false, confData, ldapType);
210 return;
211 }
212
213 std::string ldapEnableInterfaceStr = ldapEnableInterface;
214 std::string ldapConfigInterfaceStr = ldapConfigInterface;
215
216 for (const auto& object : ldapObjects)
217 {
218 // let's find the object whose ldap type is equal to the
219 // given type
220 if (object.first.str.find(searchString) ==
221 std::string::npos)
222 {
223 continue;
224 }
225
226 for (const auto& interface : object.second)
227 {
228 if (interface.first == ldapEnableInterfaceStr)
229 {
230 // rest of the properties are string.
231 for (const auto& property : interface.second)
232 {
233 if (property.first == "Enabled")
234 {
235 const bool* value =
236 std::get_if<bool>(&property.second);
237 if (value == nullptr)
238 {
239 continue;
240 }
241 confData.serviceEnabled = *value;
242 break;
243 }
244 }
245 }
246 else if (interface.first == ldapConfigInterfaceStr)
247 {
248
249 for (const auto& property : interface.second)
250 {
251 const std::string* value =
252 std::get_if<std::string>(
253 &property.second);
254 if (value == nullptr)
255 {
256 continue;
257 }
258 if (property.first == "LDAPServerURI")
259 {
260 confData.uri = *value;
261 }
262 else if (property.first == "LDAPBindDN")
263 {
264 confData.bindDN = *value;
265 }
266 else if (property.first == "LDAPBaseDN")
267 {
268 confData.baseDN = *value;
269 }
270 else if (property.first ==
271 "LDAPSearchScope")
272 {
273 confData.searchScope = *value;
274 }
275 else if (property.first ==
276 "GroupNameAttribute")
277 {
278 confData.groupAttribute = *value;
279 }
280 else if (property.first ==
281 "UserNameAttribute")
282 {
283 confData.userNameAttribute = *value;
284 }
285 else if (property.first == "LDAPType")
286 {
287 confData.serverType = *value;
288 }
289 }
290 }
291 else if (interface.first ==
292 "xyz.openbmc_project.User."
293 "PrivilegeMapperEntry")
294 {
295 LDAPRoleMapData roleMapData{};
296 for (const auto& property : interface.second)
297 {
298 const std::string* value =
299 std::get_if<std::string>(
300 &property.second);
301
302 if (value == nullptr)
303 {
304 continue;
305 }
306
307 if (property.first == "GroupName")
308 {
309 roleMapData.groupName = *value;
310 }
311 else if (property.first == "Privilege")
312 {
313 roleMapData.privilege = *value;
314 }
315 }
316
317 confData.groupRoleList.push_back(std::make_pair(
318 object.first.str, roleMapData));
319 }
320 }
321 }
322 callback(true, confData, ldapType);
323 },
324 service, ldapRootObject, dbusObjManagerIntf,
325 "GetManagedObjects");
326 },
327 mapperBusName, mapperObjectPath, mapperIntf, "GetObject",
328 ldapConfigObject, interfaces);
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]329}
330
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]331class AccountService : public Node
332{
333 public:
334 AccountService(CrowApp& app) : Node(app, "/redfish/v1/AccountService/")
335 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]336 entityPrivileges = {
337 {boost::beast::http::verb::get,
338 {{"ConfigureUsers"}, {"ConfigureManager"}}},
339 {boost::beast::http::verb::head, {{"Login"}}},
340 {boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
341 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
342 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
343 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
344 }
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]345
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]346 private:
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]347 /**
348 * @brief parses the authentication section under the LDAP
349 * @param input JSON data
350 * @param asyncResp pointer to the JSON response
351 * @param userName userName to be filled from the given JSON.
352 * @param password password to be filled from the given JSON.
353 */
354 void
355 parseLDAPAuthenticationJson(nlohmann::json input,
356 const std::shared_ptr<AsyncResp>& asyncResp,
357 std::optional<std::string>& username,
358 std::optional<std::string>& password)
359 {
360 std::optional<std::string> authType;
361
362 if (!json_util::readJson(input, asyncResp->res, "AuthenticationType",
363 authType, "Username", username, "Password",
364 password))
365 {
366 return;
367 }
368 if (!authType)
369 {
370 return;
371 }
372 if (*authType != "UsernameAndPassword")
373 {
374 messages::propertyValueNotInList(asyncResp->res, *authType,
375 "AuthenticationType");
376 return;
377 }
378 }
379 /**
380 * @brief parses the LDAPService section under the LDAP
381 * @param input JSON data
382 * @param asyncResp pointer to the JSON response
383 * @param baseDNList baseDN to be filled from the given JSON.
384 * @param userNameAttribute userName to be filled from the given JSON.
385 * @param groupaAttribute password to be filled from the given JSON.
386 */
387
388 void parseLDAPServiceJson(
389 nlohmann::json input, const std::shared_ptr<AsyncResp>& asyncResp,
390 std::optional<std::vector<std::string>>& baseDNList,
391 std::optional<std::string>& userNameAttribute,
392 std::optional<std::string>& groupsAttribute)
393 {
394 std::optional<nlohmann::json> searchSettings;
395
396 if (!json_util::readJson(input, asyncResp->res, "SearchSettings",
397 searchSettings))
398 {
399 return;
400 }
401 if (!searchSettings)
402 {
403 return;
404 }
405 if (!json_util::readJson(*searchSettings, asyncResp->res,
406 "BaseDistinguishedNames", baseDNList,
407 "UsernameAttribute", userNameAttribute,
408 "GroupsAttribute", groupsAttribute))
409 {
410 return;
411 }
412 }
413 /**
414 * @brief updates the LDAP server address and updates the
415 json response with the new value.
416 * @param serviceAddressList address to be updated.
417 * @param asyncResp pointer to the JSON response
418 * @param ldapServerElementName Type of LDAP
419 server(openLDAP/ActiveDirectory)
420 */
421
422 void handleServiceAddressPatch(
423 const std::vector<std::string>& serviceAddressList,
424 const std::shared_ptr<AsyncResp>& asyncResp,
425 const std::string& ldapServerElementName,
426 const std::string& ldapConfigObject)
427 {
428 crow::connections::systemBus->async_method_call(
429 [asyncResp, ldapServerElementName,
430 serviceAddressList](const boost::system::error_code ec) {
431 if (ec)
432 {
433 BMCWEB_LOG_DEBUG
434 << "Error Occured in updating the service address";
435 messages::internalError(asyncResp->res);
436 return;
437 }
438 std::vector<std::string> modifiedserviceAddressList = {
439 serviceAddressList.front()};
440 asyncResp->res
441 .jsonValue[ldapServerElementName]["ServiceAddresses"] =
442 modifiedserviceAddressList;
443 if ((serviceAddressList).size() > 1)
444 {
445 messages::propertyValueModified(asyncResp->res,
446 "ServiceAddresses",
447 serviceAddressList.front());
448 }
449 BMCWEB_LOG_DEBUG << "Updated the service address";
450 },
451 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
452 ldapConfigInterface, "LDAPServerURI",
453 std::variant<std::string>(serviceAddressList.front()));
454 }
455 /**
456 * @brief updates the LDAP Bind DN and updates the
457 json response with the new value.
458 * @param username name of the user which needs to be updated.
459 * @param asyncResp pointer to the JSON response
460 * @param ldapServerElementName Type of LDAP
461 server(openLDAP/ActiveDirectory)
462 */
463
464 void handleUserNamePatch(const std::string& username,
465 const std::shared_ptr<AsyncResp>& asyncResp,
466 const std::string& ldapServerElementName,
467 const std::string& ldapConfigObject)
468 {
469 crow::connections::systemBus->async_method_call(
470 [asyncResp, username,
471 ldapServerElementName](const boost::system::error_code ec) {
472 if (ec)
473 {
474 BMCWEB_LOG_DEBUG
475 << "Error occured in updating the username";
476 messages::internalError(asyncResp->res);
477 return;
478 }
479 asyncResp->res.jsonValue[ldapServerElementName]
480 ["Authentication"]["Username"] =
481 username;
482 BMCWEB_LOG_DEBUG << "Updated the username";
483 },
484 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
485 ldapConfigInterface, "LDAPBindDN",
486 std::variant<std::string>(username));
487 }
488
489 /**
490 * @brief updates the LDAP password
491 * @param password : ldap password which needs to be updated.
492 * @param asyncResp pointer to the JSON response
493 * @param ldapServerElementName Type of LDAP
494 * server(openLDAP/ActiveDirectory)
495 */
496
497 void handlePasswordPatch(const std::string& password,
498 const std::shared_ptr<AsyncResp>& asyncResp,
499 const std::string& ldapServerElementName,
500 const std::string& ldapConfigObject)
501 {
502 crow::connections::systemBus->async_method_call(
503 [asyncResp, password,
504 ldapServerElementName](const boost::system::error_code ec) {
505 if (ec)
506 {
507 BMCWEB_LOG_DEBUG
508 << "Error occured in updating the password";
509 messages::internalError(asyncResp->res);
510 return;
511 }
512 asyncResp->res.jsonValue[ldapServerElementName]
513 ["Authentication"]["Password"] = "";
514 BMCWEB_LOG_DEBUG << "Updated the password";
515 },
516 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
517 ldapConfigInterface, "LDAPBindDNPassword",
518 std::variant<std::string>(password));
519 }
520
521 /**
522 * @brief updates the LDAP BaseDN and updates the
523 json response with the new value.
524 * @param baseDNList baseDN list which needs to be updated.
525 * @param asyncResp pointer to the JSON response
526 * @param ldapServerElementName Type of LDAP
527 server(openLDAP/ActiveDirectory)
528 */
529
530 void handleBaseDNPatch(const std::vector<std::string>& baseDNList,
531 const std::shared_ptr<AsyncResp>& asyncResp,
532 const std::string& ldapServerElementName,
533 const std::string& ldapConfigObject)
534 {
535 crow::connections::systemBus->async_method_call(
536 [asyncResp, baseDNList,
537 ldapServerElementName](const boost::system::error_code ec) {
538 if (ec)
539 {
540 BMCWEB_LOG_DEBUG << "Error Occured in Updating the base DN";
541 messages::internalError(asyncResp->res);
542 return;
543 }
544 auto& serverTypeJson =
545 asyncResp->res.jsonValue[ldapServerElementName];
546 auto& searchSettingsJson =
547 serverTypeJson["LDAPService"]["SearchSettings"];
548 std::vector<std::string> modifiedBaseDNList = {
549 baseDNList.front()};
550 searchSettingsJson["BaseDistinguishedNames"] =
551 modifiedBaseDNList;
552 if (baseDNList.size() > 1)
553 {
554 messages::propertyValueModified(asyncResp->res,
555 "BaseDistinguishedNames",
556 baseDNList.front());
557 }
558 BMCWEB_LOG_DEBUG << "Updated the base DN";
559 },
560 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
561 ldapConfigInterface, "LDAPBaseDN",
562 std::variant<std::string>(baseDNList.front()));
563 }
564 /**
565 * @brief updates the LDAP user name attribute and updates the
566 json response with the new value.
567 * @param userNameAttribute attribute to be updated.
568 * @param asyncResp pointer to the JSON response
569 * @param ldapServerElementName Type of LDAP
570 server(openLDAP/ActiveDirectory)
571 */
572
573 void handleUserNameAttrPatch(const std::string& userNameAttribute,
574 const std::shared_ptr<AsyncResp>& asyncResp,
575 const std::string& ldapServerElementName,
576 const std::string& ldapConfigObject)
577 {
578 crow::connections::systemBus->async_method_call(
579 [asyncResp, userNameAttribute,
580 ldapServerElementName](const boost::system::error_code ec) {
581 if (ec)
582 {
583 BMCWEB_LOG_DEBUG << "Error Occured in Updating the "
584 "username attribute";
585 messages::internalError(asyncResp->res);
586 return;
587 }
588 auto& serverTypeJson =
589 asyncResp->res.jsonValue[ldapServerElementName];
590 auto& searchSettingsJson =
591 serverTypeJson["LDAPService"]["SearchSettings"];
592 searchSettingsJson["UsernameAttribute"] = userNameAttribute;
593 BMCWEB_LOG_DEBUG << "Updated the user name attr.";
594 },
595 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
596 ldapConfigInterface, "UserNameAttribute",
597 std::variant<std::string>(userNameAttribute));
598 }
599 /**
600 * @brief updates the LDAP group attribute and updates the
601 json response with the new value.
602 * @param groupsAttribute attribute to be updated.
603 * @param asyncResp pointer to the JSON response
604 * @param ldapServerElementName Type of LDAP
605 server(openLDAP/ActiveDirectory)
606 */
607
608 void handleGroupNameAttrPatch(const std::string& groupsAttribute,
609 const std::shared_ptr<AsyncResp>& asyncResp,
610 const std::string& ldapServerElementName,
611 const std::string& ldapConfigObject)
612 {
613 crow::connections::systemBus->async_method_call(
614 [asyncResp, groupsAttribute,
615 ldapServerElementName](const boost::system::error_code ec) {
616 if (ec)
617 {
618 BMCWEB_LOG_DEBUG << "Error Occured in Updating the "
619 "groupname attribute";
620 messages::internalError(asyncResp->res);
621 return;
622 }
623 auto& serverTypeJson =
624 asyncResp->res.jsonValue[ldapServerElementName];
625 auto& searchSettingsJson =
626 serverTypeJson["LDAPService"]["SearchSettings"];
627 searchSettingsJson["GroupsAttribute"] = groupsAttribute;
628 BMCWEB_LOG_DEBUG << "Updated the groupname attr";
629 },
630 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
631 ldapConfigInterface, "GroupNameAttribute",
632 std::variant<std::string>(groupsAttribute));
633 }
634 /**
635 * @brief updates the LDAP service enable and updates the
636 json response with the new value.
637 * @param input JSON data.
638 * @param asyncResp pointer to the JSON response
639 * @param ldapServerElementName Type of LDAP
640 server(openLDAP/ActiveDirectory)
641 */
642
643 void handleServiceEnablePatch(bool serviceEnabled,
644 const std::shared_ptr<AsyncResp>& asyncResp,
645 const std::string& ldapServerElementName,
646 const std::string& ldapConfigObject)
647 {
648 crow::connections::systemBus->async_method_call(
649 [asyncResp, serviceEnabled,
650 ldapServerElementName](const boost::system::error_code ec) {
651 if (ec)
652 {
653 BMCWEB_LOG_DEBUG
654 << "Error Occured in Updating the service enable";
655 messages::internalError(asyncResp->res);
656 return;
657 }
658 asyncResp->res
659 .jsonValue[ldapServerElementName]["ServiceEnabled"] =
660 serviceEnabled;
661 BMCWEB_LOG_DEBUG << "Updated Service enable = "
662 << serviceEnabled;
663 },
664 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
665 ldapEnableInterface, "Enabled", std::variant<bool>(serviceEnabled));
666 }
667
668 /**
669 * @brief Get the required values from the given JSON, validates the
670 * value and create the LDAP config object.
671 * @param input JSON data
672 * @param asyncResp pointer to the JSON response
673 * @param serverType Type of LDAP server(openLDAP/ActiveDirectory)
674 */
675
676 void handleLDAPPatch(nlohmann::json& input,
677 const std::shared_ptr<AsyncResp>& asyncResp,
678 const crow::Request& req,
679 const std::vector<std::string>& params,
680 const std::string& serverType)
681 {
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]682 std::string dbusObjectPath;
683 if (serverType == "ActiveDirectory")
684 {
685 dbusObjectPath = ADConfigObject;
686 }
687 else if (serverType == "LDAP")
688 {
689 dbusObjectPath = ldapConfigObject;
690 }
691
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]692 std::optional<nlohmann::json> authentication;
693 std::optional<nlohmann::json> ldapService;
694 std::optional<std::string> accountProviderType;
695 std::optional<std::vector<std::string>> serviceAddressList;
696 std::optional<bool> serviceEnabled;
697 std::optional<std::vector<std::string>> baseDNList;
698 std::optional<std::string> userNameAttribute;
699 std::optional<std::string> groupsAttribute;
700 std::optional<std::string> userName;
701 std::optional<std::string> password;
702
703 if (!json_util::readJson(input, asyncResp->res, "Authentication",
704 authentication, "LDAPService", ldapService,
705 "ServiceAddresses", serviceAddressList,
706 "AccountProviderType", accountProviderType,
Ed Tanousd4b54432019-07-17 22:51:55 +0000[diff] [blame]707 "ServiceEnabled", serviceEnabled))
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]708 {
709 return;
710 }
711
712 if (authentication)
713 {
714 parseLDAPAuthenticationJson(*authentication, asyncResp, userName,
715 password);
716 }
717 if (ldapService)
718 {
719 parseLDAPServiceJson(*ldapService, asyncResp, baseDNList,
720 userNameAttribute, groupsAttribute);
721 }
722 if (accountProviderType)
723 {
724 messages::propertyNotWritable(asyncResp->res,
725 "AccountProviderType");
726 }
727 if (serviceAddressList)
728 {
729 if ((*serviceAddressList).size() == 0)
730 {
731 messages::propertyValueNotInList(asyncResp->res, "[]",
732 "ServiceAddress");
733 return;
734 }
735 }
736 if (baseDNList)
737 {
738 if ((*baseDNList).size() == 0)
739 {
740 messages::propertyValueNotInList(asyncResp->res, "[]",
741 "BaseDistinguishedNames");
742 return;
743 }
744 }
745
746 // nothing to update, then return
747 if (!userName && !password && !serviceAddressList && !baseDNList &&
Ed Tanousd4b54432019-07-17 22:51:55 +0000[diff] [blame]748 !userNameAttribute && !groupsAttribute && !serviceEnabled)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]749 {
750 return;
751 }
752
753 // Get the existing resource first then keep modifying
754 // whenever any property gets updated.
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]755 getLDAPConfigData(serverType, [this, asyncResp, userName, password,
756 baseDNList, userNameAttribute,
757 groupsAttribute, accountProviderType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]758 serviceAddressList, serviceEnabled,
Ed Tanousd4b54432019-07-17 22:51:55 +0000[diff] [blame]759 dbusObjectPath](
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]760 bool success, LDAPConfigData confData,
761 const std::string& serverType) {
762 if (!success)
763 {
764 messages::internalError(asyncResp->res);
765 return;
766 }
767 parseLDAPConfigData(asyncResp->res.jsonValue, confData, serverType);
768 if (confData.serviceEnabled)
769 {
770 // Disable the service first and update the rest of
771 // the properties.
772 handleServiceEnablePatch(false, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]773 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]774 }
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]775
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]776 if (serviceAddressList)
777 {
778 handleServiceAddressPatch(*serviceAddressList, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]779 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]780 }
781 if (userName)
782 {
783 handleUserNamePatch(*userName, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]784 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]785 }
786 if (password)
787 {
788 handlePasswordPatch(*password, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]789 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]790 }
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]791
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]792 if (baseDNList)
793 {
794 handleBaseDNPatch(*baseDNList, asyncResp, serverType,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]795 dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]796 }
797 if (userNameAttribute)
798 {
799 handleUserNameAttrPatch(*userNameAttribute, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]800 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]801 }
802 if (groupsAttribute)
803 {
804 handleGroupNameAttrPatch(*groupsAttribute, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]805 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]806 }
807 if (serviceEnabled)
808 {
809 // if user has given the value as true then enable
810 // the service. if user has given false then no-op
811 // as service is already stopped.
812 if (*serviceEnabled)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]813 {
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]814 handleServiceEnablePatch(*serviceEnabled, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]815 serverType, dbusObjectPath);
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]816 }
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]817 }
818 else
819 {
820 // if user has not given the service enabled value
821 // then revert it to the same state as it was
822 // before.
823 handleServiceEnablePatch(confData.serviceEnabled, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]824 serverType, dbusObjectPath);
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]825 }
826 });
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]827 }
Ed Tanousd4b54432019-07-17 22:51:55 +0000[diff] [blame]828
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]829 void doGet(crow::Response& res, const crow::Request& req,
830 const std::vector<std::string>& params) override
831 {
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]832 auto asyncResp = std::make_shared<AsyncResp>(res);
833 res.jsonValue = {
834 {"@odata.context", "/redfish/v1/"
835 "$metadata#AccountService.AccountService"},
836 {"@odata.id", "/redfish/v1/AccountService"},
837 {"@odata.type", "#AccountService."
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]838 "v1_4_0.AccountService"},
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]839 {"Id", "AccountService"},
840 {"Name", "Account Service"},
841 {"Description", "Account Service"},
842 {"ServiceEnabled", true},
AppaRao Puli343ff2e2019-03-24 00:42:13 +0530[diff] [blame]843 {"MaxPasswordLength", 20},
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]844 {"Accounts",
845 {{"@odata.id", "/redfish/v1/AccountService/Accounts"}}},
Marri Devender Rao37cce912019-02-20 01:05:22 -0600[diff] [blame]846 {"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}},
847 {"LDAP",
848 {{"Certificates",
849 {{"@odata.id",
850 "/redfish/v1/AccountService/LDAP/Certificates"}}}}}};
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]851 crow::connections::systemBus->async_method_call(
852 [asyncResp](
853 const boost::system::error_code ec,
854 const std::vector<std::pair<
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]855 std::string, std::variant<uint32_t, uint16_t, uint8_t>>>&
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]856 propertiesList) {
857 if (ec)
858 {
859 messages::internalError(asyncResp->res);
860 return;
861 }
862 BMCWEB_LOG_DEBUG << "Got " << propertiesList.size()
863 << "properties for AccountService";
864 for (const std::pair<std::string,
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]865 std::variant<uint32_t, uint16_t, uint8_t>>&
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]866 property : propertiesList)
867 {
868 if (property.first == "MinPasswordLength")
869 {
870 const uint8_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]871 std::get_if<uint8_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]872 if (value != nullptr)
873 {
874 asyncResp->res.jsonValue["MinPasswordLength"] =
875 *value;
876 }
877 }
878 if (property.first == "AccountUnlockTimeout")
879 {
880 const uint32_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]881 std::get_if<uint32_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]882 if (value != nullptr)
883 {
884 asyncResp->res.jsonValue["AccountLockoutDuration"] =
885 *value;
886 }
887 }
888 if (property.first == "MaxLoginAttemptBeforeLockout")
889 {
890 const uint16_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]891 std::get_if<uint16_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]892 if (value != nullptr)
893 {
894 asyncResp->res
895 .jsonValue["AccountLockoutThreshold"] = *value;
896 }
897 }
898 }
899 },
900 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
901 "org.freedesktop.DBus.Properties", "GetAll",
902 "xyz.openbmc_project.User.AccountPolicy");
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]903
Ratan Guptaab828d72019-04-22 14:18:33 +0530[diff] [blame]904 auto callback = [asyncResp](bool success, LDAPConfigData& confData,
905 const std::string& ldapType) {
906 parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType);
907 };
908
909 getLDAPConfigData("LDAP", callback);
910 getLDAPConfigData("ActiveDirectory", callback);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]911 }
Ratan Gupta6973a582018-12-13 18:25:44 +0530[diff] [blame]912
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]913 void doPatch(crow::Response& res, const crow::Request& req,
914 const std::vector<std::string>& params) override
915 {
916 auto asyncResp = std::make_shared<AsyncResp>(res);
917
918 std::optional<uint32_t> unlockTimeout;
919 std::optional<uint16_t> lockoutThreshold;
Ratan Gupta19fb6e72019-03-04 13:30:50 +0530[diff] [blame]920 std::optional<uint16_t> minPasswordLength;
921 std::optional<uint16_t> maxPasswordLength;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]922 std::optional<nlohmann::json> ldapObject;
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]923 std::optional<nlohmann::json> activeDirectoryObject;
Ratan Gupta19fb6e72019-03-04 13:30:50 +0530[diff] [blame]924
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]925 if (!json_util::readJson(req, res, "AccountLockoutDuration",
926 unlockTimeout, "AccountLockoutThreshold",
Ratan Gupta19fb6e72019-03-04 13:30:50 +0530[diff] [blame]927 lockoutThreshold, "MaxPasswordLength",
928 maxPasswordLength, "MinPasswordLength",
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]929 minPasswordLength, "LDAP", ldapObject,
930 "ActiveDirectory", activeDirectoryObject))
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]931 {
932 return;
933 }
Ratan Gupta19fb6e72019-03-04 13:30:50 +0530[diff] [blame]934
935 if (minPasswordLength)
936 {
937 messages::propertyNotWritable(asyncResp->res, "MinPasswordLength");
938 }
939
940 if (maxPasswordLength)
941 {
942 messages::propertyNotWritable(asyncResp->res, "MaxPasswordLength");
943 }
944
Ratan Gupta8a07d282019-03-16 08:33:47 +0530[diff] [blame]945 if (ldapObject)
946 {
947 handleLDAPPatch(*ldapObject, asyncResp, req, params, "LDAP");
948 }
949
Ratan Guptaeb2bbe52019-04-22 14:27:01 +0530[diff] [blame]950 if (activeDirectoryObject)
951 {
952 handleLDAPPatch(*activeDirectoryObject, asyncResp, req, params,
953 "ActiveDirectory");
954 }
955
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]956 if (unlockTimeout)
957 {
958 crow::connections::systemBus->async_method_call(
959 [asyncResp](const boost::system::error_code ec) {
960 if (ec)
961 {
962 messages::internalError(asyncResp->res);
963 return;
964 }
Ratan Guptaadd61332019-02-13 20:49:16 +0530[diff] [blame]965 messages::success(asyncResp->res);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]966 },
967 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
968 "org.freedesktop.DBus.Properties", "Set",
969 "xyz.openbmc_project.User.AccountPolicy",
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]970 "AccountUnlockTimeout", std::variant<uint32_t>(*unlockTimeout));
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]971 }
972 if (lockoutThreshold)
973 {
974 crow::connections::systemBus->async_method_call(
975 [asyncResp](const boost::system::error_code ec) {
976 if (ec)
977 {
978 messages::internalError(asyncResp->res);
979 return;
980 }
Ratan Guptaadd61332019-02-13 20:49:16 +0530[diff] [blame]981 messages::success(asyncResp->res);
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]982 },
983 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
984 "org.freedesktop.DBus.Properties", "Set",
985 "xyz.openbmc_project.User.AccountPolicy",
986 "MaxLoginAttemptBeforeLockout",
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]987 std::variant<uint16_t>(*lockoutThreshold));
AppaRao Puli3d958bb2018-12-25 12:45:54 +0530[diff] [blame]988 }
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]989 }
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]990};
Tanousf00032d2018-11-05 01:18:10 -0300[diff] [blame]991
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]992class AccountsCollection : public Node
993{
994 public:
995 AccountsCollection(CrowApp& app) :
996 Node(app, "/redfish/v1/AccountService/Accounts/")
997 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]998 entityPrivileges = {
999 {boost::beast::http::verb::get,
1000 {{"ConfigureUsers"}, {"ConfigureManager"}}},
1001 {boost::beast::http::verb::head, {{"Login"}}},
1002 {boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
1003 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
1004 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
1005 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
1006 }
1007
1008 private:
1009 void doGet(crow::Response& res, const crow::Request& req,
1010 const std::vector<std::string>& params) override
1011 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1012 auto asyncResp = std::make_shared<AsyncResp>(res);
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]1013 res.jsonValue = {{"@odata.context",
1014 "/redfish/v1/"
1015 "$metadata#ManagerAccountCollection."
1016 "ManagerAccountCollection"},
1017 {"@odata.id", "/redfish/v1/AccountService/Accounts"},
1018 {"@odata.type", "#ManagerAccountCollection."
1019 "ManagerAccountCollection"},
1020 {"Name", "Accounts Collection"},
1021 {"Description", "BMC User Accounts"}};
1022
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1023 crow::connections::systemBus->async_method_call(
1024 [asyncResp](const boost::system::error_code ec,
1025 const ManagedObjectType& users) {
1026 if (ec)
1027 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1028 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1029 return;
1030 }
1031
1032 nlohmann::json& memberArray =
1033 asyncResp->res.jsonValue["Members"];
1034 memberArray = nlohmann::json::array();
1035
1036 asyncResp->res.jsonValue["Members@odata.count"] = users.size();
1037 for (auto& user : users)
1038 {
1039 const std::string& path =
1040 static_cast<const std::string&>(user.first);
1041 std::size_t lastIndex = path.rfind("/");
1042 if (lastIndex == std::string::npos)
1043 {
1044 lastIndex = 0;
1045 }
1046 else
1047 {
1048 lastIndex += 1;
1049 }
1050 memberArray.push_back(
1051 {{"@odata.id", "/redfish/v1/AccountService/Accounts/" +
1052 path.substr(lastIndex)}});
1053 }
1054 },
1055 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1056 "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
1057 }
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1058 void doPost(crow::Response& res, const crow::Request& req,
1059 const std::vector<std::string>& params) override
1060 {
1061 auto asyncResp = std::make_shared<AsyncResp>(res);
1062
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]1063 std::string username;
1064 std::string password;
Ed Tanousa24526d2018-12-10 15:17:59 -0800[diff] [blame]1065 std::optional<std::string> roleId("User");
1066 std::optional<bool> enabled = true;
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]1067 if (!json_util::readJson(req, res, "UserName", username, "Password",
1068 password, "RoleId", roleId, "Enabled",
1069 enabled))
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1070 {
1071 return;
1072 }
1073
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1074 std::string priv = getPrivilegeFromRoleId(*roleId);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1075 if (priv.empty())
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1076 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1077 messages::propertyValueNotInList(asyncResp->res, *roleId, "RoleId");
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1078 return;
1079 }
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]1080 roleId = priv;
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1081
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1082 // Reading AllGroups property
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1083 crow::connections::systemBus->async_method_call(
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1084 [asyncResp, username, password{std::move(password)}, roleId,
1085 enabled](const boost::system::error_code ec,
1086 const std::variant<std::vector<std::string>>& allGroups) {
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1087 if (ec)
1088 {
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1089 BMCWEB_LOG_DEBUG << "ERROR with async_method_call";
1090 messages::internalError(asyncResp->res);
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1091 return;
1092 }
1093
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1094 const std::vector<std::string>* allGroupsList =
1095 std::get_if<std::vector<std::string>>(&allGroups);
1096
1097 if (allGroupsList == nullptr || allGroupsList->empty())
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1098 {
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1099 messages::internalError(asyncResp->res);
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1100 return;
1101 }
1102
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1103 crow::connections::systemBus->async_method_call(
1104 [asyncResp, username, password{std::move(password)}](
1105 const boost::system::error_code ec) {
1106 if (ec)
1107 {
1108 messages::resourceAlreadyExists(
1109 asyncResp->res,
1110 "#ManagerAccount.v1_0_3.ManagerAccount",
1111 "UserName", username);
1112 return;
1113 }
1114
1115 if (!pamUpdatePassword(username, password))
1116 {
1117 // At this point we have a user that's been created,
1118 // but the password set failed.Something is wrong,
1119 // so delete the user that we've already created
1120 crow::connections::systemBus->async_method_call(
1121 [asyncResp](
1122 const boost::system::error_code ec) {
1123 if (ec)
1124 {
1125 messages::internalError(asyncResp->res);
1126 return;
1127 }
1128
1129 messages::invalidObject(asyncResp->res,
1130 "Password");
1131 },
1132 "xyz.openbmc_project.User.Manager",
1133 "/xyz/openbmc_project/user/" + username,
1134 "xyz.openbmc_project.Object.Delete", "Delete");
1135
1136 BMCWEB_LOG_ERROR << "pamUpdatePassword Failed";
1137 return;
1138 }
1139
1140 messages::created(asyncResp->res);
1141 asyncResp->res.addHeader(
1142 "Location",
1143 "/redfish/v1/AccountService/Accounts/" + username);
1144 },
1145 "xyz.openbmc_project.User.Manager",
1146 "/xyz/openbmc_project/user",
1147 "xyz.openbmc_project.User.Manager", "CreateUser", username,
1148 *allGroupsList, *roleId, *enabled);
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1149 },
1150 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
Ayushi Smriti599c71d2019-08-23 17:43:18 +0000[diff] [blame]1151 "org.freedesktop.DBus.Properties", "Get",
1152 "xyz.openbmc_project.User.Manager", "AllGroups");
Ed Tanous04ae99e2018-09-20 15:54:36 -0700[diff] [blame]1153 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1154};
1155
1156class ManagerAccount : public Node
1157{
1158 public:
1159 ManagerAccount(CrowApp& app) :
1160 Node(app, "/redfish/v1/AccountService/Accounts/<str>/", std::string())
1161 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1162 entityPrivileges = {
1163 {boost::beast::http::verb::get,
1164 {{"ConfigureUsers"}, {"ConfigureManager"}, {"ConfigureSelf"}}},
1165 {boost::beast::http::verb::head, {{"Login"}}},
1166 {boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
1167 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
1168 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
1169 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
1170 }
1171
1172 private:
1173 void doGet(crow::Response& res, const crow::Request& req,
1174 const std::vector<std::string>& params) override
1175 {
Ed Tanous0f74e642018-11-12 15:17:05 -0800[diff] [blame]1176
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1177 auto asyncResp = std::make_shared<AsyncResp>(res);
1178
1179 if (params.size() != 1)
1180 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1181 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1182 return;
1183 }
1184
1185 crow::connections::systemBus->async_method_call(
1186 [asyncResp, accountName{std::string(params[0])}](
1187 const boost::system::error_code ec,
1188 const ManagedObjectType& users) {
1189 if (ec)
1190 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1191 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1192 return;
1193 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1194 auto userIt = users.begin();
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1195
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1196 for (; userIt != users.end(); userIt++)
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1197 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1198 if (boost::ends_with(userIt->first.str, "/" + accountName))
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1199 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1200 break;
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1201 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1202 }
1203 if (userIt == users.end())
1204 {
1205 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
1206 accountName);
1207 return;
1208 }
Ayushi Smriti4e68c452019-09-04 14:37:55 +0530[diff] [blame^]1209
1210 asyncResp->res.jsonValue = {
1211 {"@odata.context",
1212 "/redfish/v1/$metadata#ManagerAccount.ManagerAccount"},
1213 {"@odata.type", "#ManagerAccount.v1_0_3.ManagerAccount"},
1214 {"Name", "User Account"},
1215 {"Description", "User Account"},
1216 {"Password", nullptr}};
1217
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1218 for (const auto& interface : userIt->second)
1219 {
1220 if (interface.first ==
1221 "xyz.openbmc_project.User.Attributes")
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1222 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1223 for (const auto& property : interface.second)
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1224 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1225 if (property.first == "UserEnabled")
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1226 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1227 const bool* userEnabled =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1228 std::get_if<bool>(&property.second);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1229 if (userEnabled == nullptr)
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1230 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1231 BMCWEB_LOG_ERROR
1232 << "UserEnabled wasn't a bool";
1233 messages::internalError(asyncResp->res);
1234 return;
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1235 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1236 asyncResp->res.jsonValue["Enabled"] =
1237 *userEnabled;
1238 }
1239 else if (property.first ==
1240 "UserLockedForFailedAttempt")
1241 {
1242 const bool* userLocked =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1243 std::get_if<bool>(&property.second);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1244 if (userLocked == nullptr)
1245 {
1246 BMCWEB_LOG_ERROR << "UserLockedForF"
1247 "ailedAttempt "
1248 "wasn't a bool";
1249 messages::internalError(asyncResp->res);
1250 return;
1251 }
1252 asyncResp->res.jsonValue["Locked"] =
1253 *userLocked;
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1254 asyncResp->res.jsonValue
1255 ["Locked@Redfish.AllowableValues"] = {
Gunnar Mills4d64ce32019-03-29 16:34:56 -0500[diff] [blame]1256 "false"};
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1257 }
1258 else if (property.first == "UserPrivilege")
1259 {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1260 const std::string* userPrivPtr =
Ed Tanousabf2add2019-01-22 16:40:12 -0800[diff] [blame]1261 std::get_if<std::string>(&property.second);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1262 if (userPrivPtr == nullptr)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1263 {
1264 BMCWEB_LOG_ERROR
1265 << "UserPrivilege wasn't a "
1266 "string";
1267 messages::internalError(asyncResp->res);
1268 return;
1269 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1270 std::string role =
1271 getRoleIdFromPrivilege(*userPrivPtr);
1272 if (role.empty())
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1273 {
1274 BMCWEB_LOG_ERROR << "Invalid user role";
1275 messages::internalError(asyncResp->res);
1276 return;
1277 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1278 asyncResp->res.jsonValue["RoleId"] = role;
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1279
1280 asyncResp->res.jsonValue["Links"]["Role"] = {
1281 {"@odata.id", "/redfish/v1/AccountService/"
1282 "Roles/" +
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1283 role}};
Ed Tanous65b0dc32018-09-19 16:04:03 -0700[diff] [blame]1284 }
1285 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1286 }
1287 }
1288
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1289 asyncResp->res.jsonValue["@odata.id"] =
1290 "/redfish/v1/AccountService/Accounts/" + accountName;
1291 asyncResp->res.jsonValue["Id"] = accountName;
1292 asyncResp->res.jsonValue["UserName"] = accountName;
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700[diff] [blame]1293 },
1294 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1295 "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
1296 }
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1297
1298 void doPatch(crow::Response& res, const crow::Request& req,
1299 const std::vector<std::string>& params) override
1300 {
1301 auto asyncResp = std::make_shared<AsyncResp>(res);
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1302 if (params.size() != 1)
1303 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1304 messages::internalError(asyncResp->res);
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1305 return;
1306 }
1307
Ed Tanousa24526d2018-12-10 15:17:59 -0800[diff] [blame]1308 std::optional<std::string> newUserName;
1309 std::optional<std::string> password;
1310 std::optional<bool> enabled;
1311 std::optional<std::string> roleId;
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1312 std::optional<bool> locked;
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1313 if (!json_util::readJson(req, res, "UserName", newUserName, "Password",
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1314 password, "RoleId", roleId, "Enabled", enabled,
1315 "Locked", locked))
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1316 {
1317 return;
1318 }
1319
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1320 const std::string& username = params[0];
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1321
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1322 if (!newUserName)
1323 {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1324 // If the username isn't being updated, we can update the
1325 // properties directly
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1326 updateUserProperties(asyncResp, username, password, enabled, roleId,
1327 locked);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1328 return;
1329 }
1330 else
1331 {
1332 crow::connections::systemBus->async_method_call(
1333 [this, asyncResp, username, password(std::move(password)),
1334 roleId(std::move(roleId)), enabled(std::move(enabled)),
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1335 newUser{std::string(*newUserName)}, locked(std::move(locked))](
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1336 const boost::system::error_code ec) {
1337 if (ec)
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1338 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1339 BMCWEB_LOG_ERROR << "D-Bus responses error: " << ec;
1340 messages::resourceNotFound(
1341 asyncResp->res,
1342 "#ManagerAccount.v1_0_3.ManagerAccount", username);
1343 return;
1344 }
1345
1346 updateUserProperties(asyncResp, newUser, password, enabled,
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1347 roleId, locked);
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1348 },
1349 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1350 "xyz.openbmc_project.User.Manager", "RenameUser", username,
1351 *newUserName);
1352 }
1353 }
1354
1355 void updateUserProperties(std::shared_ptr<AsyncResp> asyncResp,
1356 const std::string& username,
Ed Tanousa24526d2018-12-10 15:17:59 -0800[diff] [blame]1357 std::optional<std::string> password,
1358 std::optional<bool> enabled,
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1359 std::optional<std::string> roleId,
1360 std::optional<bool> locked)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1361 {
1362 if (password)
1363 {
1364 if (!pamUpdatePassword(username, *password))
1365 {
1366 BMCWEB_LOG_ERROR << "pamUpdatePassword Failed";
1367 messages::internalError(asyncResp->res);
1368 return;
1369 }
1370 }
1371
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1372 std::string dbusObjectPath = "/xyz/openbmc_project/user/" + username;
1373 dbus::utility::escapePathForDbus(dbusObjectPath);
1374
Ratan Gupta22c33712019-05-03 21:50:28 +0530[diff] [blame]1375 dbus::utility::checkDbusPathExists(
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1376 dbusObjectPath,
1377 [dbusObjectPath(std::move(dbusObjectPath)), username,
1378 password(std::move(password)), roleId(std::move(roleId)),
1379 enabled(std::move(enabled)), locked(std::move(locked)),
1380 asyncResp{std::move(asyncResp)}](int rc) {
1381 if (!rc)
1382 {
1383 messages::invalidObject(asyncResp->res, username.c_str());
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1384 return;
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1385 }
1386 if (enabled)
1387 {
1388 crow::connections::systemBus->async_method_call(
1389 [asyncResp](const boost::system::error_code ec) {
1390 if (ec)
1391 {
1392 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1393 << ec;
1394 messages::internalError(asyncResp->res);
1395 return;
1396 }
1397 messages::success(asyncResp->res);
1398 return;
1399 },
1400 "xyz.openbmc_project.User.Manager",
1401 dbusObjectPath.c_str(),
1402 "org.freedesktop.DBus.Properties", "Set",
1403 "xyz.openbmc_project.User.Attributes", "UserEnabled",
1404 std::variant<bool>{*enabled});
1405 }
Ed Tanous9712f8a2018-09-21 13:38:49 -0700[diff] [blame]1406
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1407 if (roleId)
1408 {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1409 std::string priv = getPrivilegeFromRoleId(*roleId);
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1410 if (priv.empty())
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1411 {
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1412 messages::propertyValueNotInList(asyncResp->res,
1413 *roleId, "RoleId");
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1414 return;
1415 }
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1416
1417 crow::connections::systemBus->async_method_call(
1418 [asyncResp](const boost::system::error_code ec) {
1419 if (ec)
1420 {
1421 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1422 << ec;
1423 messages::internalError(asyncResp->res);
1424 return;
1425 }
1426 messages::success(asyncResp->res);
1427 },
1428 "xyz.openbmc_project.User.Manager",
1429 dbusObjectPath.c_str(),
1430 "org.freedesktop.DBus.Properties", "Set",
1431 "xyz.openbmc_project.User.Attributes", "UserPrivilege",
1432 std::variant<std::string>{priv});
1433 }
1434
1435 if (locked)
1436 {
1437 // admin can unlock the account which is locked by
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600[diff] [blame]1438 // successive authentication failures but admin should
1439 // not be allowed to lock an account.
Ratan Gupta24c85422019-01-30 19:41:24 +0530[diff] [blame]1440 if (*locked)
1441 {
1442 messages::propertyValueNotInList(asyncResp->res, "true",
1443 "Locked");
1444 return;
1445 }
1446
1447 crow::connections::systemBus->async_method_call(
1448 [asyncResp](const boost::system::error_code ec) {
1449 if (ec)
1450 {
1451 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1452 << ec;
1453 messages::internalError(asyncResp->res);
1454 return;
1455 }
1456 messages::success(asyncResp->res);
1457 return;
1458 },
1459 "xyz.openbmc_project.User.Manager",
1460 dbusObjectPath.c_str(),
1461 "org.freedesktop.DBus.Properties", "Set",
1462 "xyz.openbmc_project.User.Attributes",
1463 "UserLockedForFailedAttempt",
1464 sdbusplus::message::variant<bool>{*locked});
1465 }
1466 });
Ed Tanousa8408792018-09-05 16:08:38 -0700[diff] [blame]1467 }
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1468
1469 void doDelete(crow::Response& res, const crow::Request& req,
1470 const std::vector<std::string>& params) override
1471 {
1472 auto asyncResp = std::make_shared<AsyncResp>(res);
1473
1474 if (params.size() != 1)
1475 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1476 messages::internalError(asyncResp->res);
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1477 return;
1478 }
1479
1480 const std::string userPath = "/xyz/openbmc_project/user/" + params[0];
1481
1482 crow::connections::systemBus->async_method_call(
1483 [asyncResp, username{std::move(params[0])}](
1484 const boost::system::error_code ec) {
1485 if (ec)
1486 {
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1487 messages::resourceNotFound(
1488 asyncResp->res, "#ManagerAccount.v1_0_3.ManagerAccount",
1489 username);
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1490 return;
1491 }
1492
Jason M. Billsf12894f2018-10-09 12:45:45 -0700[diff] [blame]1493 messages::accountRemoved(asyncResp->res);
Ed Tanous06e086d2018-09-19 17:19:52 -0700[diff] [blame]1494 },
1495 "xyz.openbmc_project.User.Manager", userPath,
1496 "xyz.openbmc_project.Object.Delete", "Delete");
1497 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530[diff] [blame]1498};
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100[diff] [blame]1499
Ed Tanous1abe55e2018-09-05 08:30:59 -0700[diff] [blame]1500} // namespace redfish