blob: cedea22618c24cab48b9c8eabdfdd263a3962dce [file] [log] [blame]
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +010017#include "node.hpp"
18
Ratan Gupta24c85422019-01-30 19:41:24 +053019#include <dbus_utility.hpp>
Ed Tanous65b0dc32018-09-19 16:04:03 -070020#include <error_messages.hpp>
Ed Tanousb9b2e0b2018-09-13 13:47:50 -070021#include <openbmc_dbus_rest.hpp>
Ed Tanous52cc1122020-07-18 13:51:21 -070022#include <persistent_data.hpp>
Ed Tanousa8408792018-09-05 16:08:38 -070023#include <utils/json_utils.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -050024
Ed Tanousabf2add2019-01-22 16:40:12 -080025#include <variant>
Ed Tanousb9b2e0b2018-09-13 13:47:50 -070026
Ed Tanous1abe55e2018-09-05 08:30:59 -070027namespace redfish
28{
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +010029
Ed Tanous23a21a12020-07-25 04:45:05 +000030constexpr const char* ldapConfigObjectName =
Ratan Gupta6973a582018-12-13 18:25:44 +053031 "/xyz/openbmc_project/user/ldap/openldap";
Ed Tanous2c70f802020-09-28 14:29:23 -070032constexpr const char* adConfigObject =
Ratan Guptaab828d72019-04-22 14:18:33 +053033 "/xyz/openbmc_project/user/ldap/active_directory";
34
Ratan Gupta6973a582018-12-13 18:25:44 +053035constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap";
36constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config";
37constexpr const char* ldapConfigInterface =
38 "xyz.openbmc_project.User.Ldap.Config";
39constexpr const char* ldapCreateInterface =
40 "xyz.openbmc_project.User.Ldap.Create";
41constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable";
Ratan Gupta06785242019-07-26 22:30:16 +053042constexpr const char* ldapPrivMapperInterface =
43 "xyz.openbmc_project.User.PrivilegeMapper";
Ratan Gupta6973a582018-12-13 18:25:44 +053044constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager";
45constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties";
46constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper";
47constexpr const char* mapperObjectPath = "/xyz/openbmc_project/object_mapper";
48constexpr const char* mapperIntf = "xyz.openbmc_project.ObjectMapper";
49
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -060050struct LDAPRoleMapData
51{
52 std::string groupName;
53 std::string privilege;
54};
55
Ratan Gupta6973a582018-12-13 18:25:44 +053056struct LDAPConfigData
57{
58 std::string uri{};
59 std::string bindDN{};
60 std::string baseDN{};
61 std::string searchScope{};
62 std::string serverType{};
63 bool serviceEnabled = false;
64 std::string userNameAttribute{};
65 std::string groupAttribute{};
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -060066 std::vector<std::pair<std::string, LDAPRoleMapData>> groupRoleList;
Ratan Gupta6973a582018-12-13 18:25:44 +053067};
68
Patrick Williams19bd78d2020-05-13 17:38:24 -050069using DbusVariantType = std::variant<bool, int32_t, std::string>;
Przemyslaw Czarnowski107077d2019-07-11 10:16:43 +020070
71using DbusInterfaceType = boost::container::flat_map<
72 std::string, boost::container::flat_map<std::string, DbusVariantType>>;
73
74using ManagedObjectType =
75 std::vector<std::pair<sdbusplus::message::object_path, DbusInterfaceType>>;
76
Ratan Gupta6973a582018-12-13 18:25:44 +053077using GetObjectType =
78 std::vector<std::pair<std::string, std::vector<std::string>>>;
AppaRao Puli84e12cb2018-10-11 01:28:15 +053079
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -060080inline std::string getRoleIdFromPrivilege(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +053081{
82 if (role == "priv-admin")
83 {
84 return "Administrator";
85 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070086 if (role == "priv-user")
AppaRao Puli84e12cb2018-10-11 01:28:15 +053087 {
AppaRao Pulic80fee52019-10-16 14:49:36 +053088 return "ReadOnly";
AppaRao Puli84e12cb2018-10-11 01:28:15 +053089 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070090 if (role == "priv-operator")
AppaRao Puli84e12cb2018-10-11 01:28:15 +053091 {
92 return "Operator";
93 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070094 if ((role == "") || (role == "priv-noaccess"))
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +000095 {
96 return "NoAccess";
97 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +053098 return "";
99}
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600100inline std::string getPrivilegeFromRoleId(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530101{
102 if (role == "Administrator")
103 {
104 return "priv-admin";
105 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700106 if (role == "ReadOnly")
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530107 {
108 return "priv-user";
109 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700110 if (role == "Operator")
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530111 {
112 return "priv-operator";
113 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700114 if ((role == "NoAccess") || (role == ""))
jayaprakash Mutyalae9e6d242019-07-29 11:59:08 +0000115 {
116 return "priv-noaccess";
117 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530118 return "";
119}
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700120
zhanghch058d1b46d2021-04-01 11:18:24 +0800121inline void userErrorMessageHandler(
122 const sd_bus_error* e, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
123 const std::string& newUser, const std::string& username)
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000124{
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000125 if (e == nullptr)
126 {
127 messages::internalError(asyncResp->res);
128 return;
129 }
130
Manojkiran Eda055806b2020-11-03 09:36:28 +0530131 const char* errorMessage = e->name;
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000132 if (strcmp(errorMessage,
133 "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0)
134 {
135 messages::resourceAlreadyExists(asyncResp->res,
Gunnar Mills8114bd42020-06-11 20:55:21 -0500136 "#ManagerAccount.v1_4_0.ManagerAccount",
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000137 "UserName", newUser);
138 }
139 else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error."
140 "UserNameDoesNotExist") == 0)
141 {
142 messages::resourceNotFound(
Gunnar Mills8114bd42020-06-11 20:55:21 -0500143 asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", username);
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000144 }
Ed Tanousd4d25792020-09-29 15:15:03 -0700145 else if ((strcmp(errorMessage,
146 "xyz.openbmc_project.Common.Error.InvalidArgument") ==
147 0) ||
148 (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error."
149 "UserNameGroupFail") == 0))
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000150 {
151 messages::propertyValueFormatError(asyncResp->res, newUser, "UserName");
152 }
153 else if (strcmp(errorMessage,
154 "xyz.openbmc_project.User.Common.Error.NoResource") == 0)
155 {
156 messages::createLimitReachedForResource(asyncResp->res);
157 }
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000158 else
159 {
160 messages::internalError(asyncResp->res);
161 }
162
163 return;
164}
165
Ed Tanous81ce6092020-12-17 16:54:55 +0000166inline void parseLDAPConfigData(nlohmann::json& jsonResponse,
Ed Tanous23a21a12020-07-25 04:45:05 +0000167 const LDAPConfigData& confData,
168 const std::string& ldapType)
Ratan Gupta6973a582018-12-13 18:25:44 +0530169{
Ratan Guptaab828d72019-04-22 14:18:33 +0530170 std::string service =
171 (ldapType == "LDAP") ? "LDAPService" : "ActiveDirectoryService";
Marri Devender Rao37cce912019-02-20 01:05:22 -0600172 nlohmann::json ldap = {
Ratan Gupta6973a582018-12-13 18:25:44 +0530173 {"ServiceEnabled", confData.serviceEnabled},
174 {"ServiceAddresses", nlohmann::json::array({confData.uri})},
175 {"Authentication",
176 {{"AuthenticationType", "UsernameAndPassword"},
Ratan Gupta6973a582018-12-13 18:25:44 +0530177 {"Username", confData.bindDN},
178 {"Password", nullptr}}},
179 {"LDAPService",
180 {{"SearchSettings",
181 {{"BaseDistinguishedNames",
182 nlohmann::json::array({confData.baseDN})},
183 {"UsernameAttribute", confData.userNameAttribute},
184 {"GroupsAttribute", confData.groupAttribute}}}}},
185 };
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600186
Ed Tanous81ce6092020-12-17 16:54:55 +0000187 jsonResponse[ldapType].update(ldap);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600188
Ed Tanous81ce6092020-12-17 16:54:55 +0000189 nlohmann::json& roleMapArray = jsonResponse[ldapType]["RemoteRoleMapping"];
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600190 roleMapArray = nlohmann::json::array();
191 for (auto& obj : confData.groupRoleList)
192 {
193 BMCWEB_LOG_DEBUG << "Pushing the data groupName="
194 << obj.second.groupName << "\n";
195 roleMapArray.push_back(
196 {nlohmann::json::array({"RemoteGroup", obj.second.groupName}),
197 nlohmann::json::array(
198 {"LocalRole", getRoleIdFromPrivilege(obj.second.privilege)})});
199 }
Ratan Gupta6973a582018-12-13 18:25:44 +0530200}
201
202/**
Ratan Gupta06785242019-07-26 22:30:16 +0530203 * @brief validates given JSON input and then calls appropriate method to
204 * create, to delete or to set Rolemapping object based on the given input.
205 *
206 */
Ed Tanous23a21a12020-07-25 04:45:05 +0000207inline void handleRoleMapPatch(
zhanghch058d1b46d2021-04-01 11:18:24 +0800208 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ratan Gupta06785242019-07-26 22:30:16 +0530209 const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData,
Ed Tanousf23b7292020-10-15 09:41:17 -0700210 const std::string& serverType, const std::vector<nlohmann::json>& input)
Ratan Gupta06785242019-07-26 22:30:16 +0530211{
212 for (size_t index = 0; index < input.size(); index++)
213 {
Ed Tanousf23b7292020-10-15 09:41:17 -0700214 const nlohmann::json& thisJson = input[index];
Ratan Gupta06785242019-07-26 22:30:16 +0530215
216 if (thisJson.is_null())
217 {
218 // delete the existing object
219 if (index < roleMapObjData.size())
220 {
221 crow::connections::systemBus->async_method_call(
222 [asyncResp, roleMapObjData, serverType,
223 index](const boost::system::error_code ec) {
224 if (ec)
225 {
226 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
227 messages::internalError(asyncResp->res);
228 return;
229 }
230 asyncResp->res
231 .jsonValue[serverType]["RemoteRoleMapping"][index] =
232 nullptr;
233 },
234 ldapDbusService, roleMapObjData[index].first,
235 "xyz.openbmc_project.Object.Delete", "Delete");
236 }
237 else
238 {
239 BMCWEB_LOG_ERROR << "Can't delete the object";
240 messages::propertyValueTypeError(
Ed Tanous71f52d92021-02-19 08:51:17 -0800241 asyncResp->res,
242 thisJson.dump(2, ' ', true,
243 nlohmann::json::error_handler_t::replace),
Ratan Gupta06785242019-07-26 22:30:16 +0530244 "RemoteRoleMapping/" + std::to_string(index));
245 return;
246 }
247 }
248 else if (thisJson.empty())
249 {
250 // Don't do anything for the empty objects,parse next json
251 // eg {"RemoteRoleMapping",[{}]}
252 }
253 else
254 {
255 // update/create the object
256 std::optional<std::string> remoteGroup;
257 std::optional<std::string> localRole;
258
Ed Tanousf23b7292020-10-15 09:41:17 -0700259 // This is a copy, but it's required in this case because of how
260 // readJson is structured
261 nlohmann::json thisJsonCopy = thisJson;
262 if (!json_util::readJson(thisJsonCopy, asyncResp->res,
263 "RemoteGroup", remoteGroup, "LocalRole",
264 localRole))
Ratan Gupta06785242019-07-26 22:30:16 +0530265 {
266 continue;
267 }
268
269 // Update existing RoleMapping Object
270 if (index < roleMapObjData.size())
271 {
272 BMCWEB_LOG_DEBUG << "Update Role Map Object";
273 // If "RemoteGroup" info is provided
274 if (remoteGroup)
275 {
276 crow::connections::systemBus->async_method_call(
277 [asyncResp, roleMapObjData, serverType, index,
278 remoteGroup](const boost::system::error_code ec) {
279 if (ec)
280 {
281 BMCWEB_LOG_ERROR << "DBUS response error: "
282 << ec;
283 messages::internalError(asyncResp->res);
284 return;
285 }
286 asyncResp->res
287 .jsonValue[serverType]["RemoteRoleMapping"]
288 [index]["RemoteGroup"] = *remoteGroup;
289 },
290 ldapDbusService, roleMapObjData[index].first,
291 propertyInterface, "Set",
292 "xyz.openbmc_project.User.PrivilegeMapperEntry",
293 "GroupName",
294 std::variant<std::string>(std::move(*remoteGroup)));
295 }
296
297 // If "LocalRole" info is provided
298 if (localRole)
299 {
300 crow::connections::systemBus->async_method_call(
301 [asyncResp, roleMapObjData, serverType, index,
302 localRole](const boost::system::error_code ec) {
303 if (ec)
304 {
305 BMCWEB_LOG_ERROR << "DBUS response error: "
306 << ec;
307 messages::internalError(asyncResp->res);
308 return;
309 }
310 asyncResp->res
311 .jsonValue[serverType]["RemoteRoleMapping"]
312 [index]["LocalRole"] = *localRole;
313 },
314 ldapDbusService, roleMapObjData[index].first,
315 propertyInterface, "Set",
316 "xyz.openbmc_project.User.PrivilegeMapperEntry",
317 "Privilege",
318 std::variant<std::string>(
319 getPrivilegeFromRoleId(std::move(*localRole))));
320 }
321 }
322 // Create a new RoleMapping Object.
323 else
324 {
325 BMCWEB_LOG_DEBUG
326 << "setRoleMappingProperties: Creating new Object";
327 std::string pathString =
328 "RemoteRoleMapping/" + std::to_string(index);
329
330 if (!localRole)
331 {
332 messages::propertyMissing(asyncResp->res,
333 pathString + "/LocalRole");
334 continue;
335 }
336 if (!remoteGroup)
337 {
338 messages::propertyMissing(asyncResp->res,
339 pathString + "/RemoteGroup");
340 continue;
341 }
342
343 std::string dbusObjectPath;
344 if (serverType == "ActiveDirectory")
345 {
Ed Tanous2c70f802020-09-28 14:29:23 -0700346 dbusObjectPath = adConfigObject;
Ratan Gupta06785242019-07-26 22:30:16 +0530347 }
348 else if (serverType == "LDAP")
349 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000350 dbusObjectPath = ldapConfigObjectName;
Ratan Gupta06785242019-07-26 22:30:16 +0530351 }
352
353 BMCWEB_LOG_DEBUG << "Remote Group=" << *remoteGroup
354 << ",LocalRole=" << *localRole;
355
356 crow::connections::systemBus->async_method_call(
Ed Tanous271584a2019-07-09 16:24:22 -0700357 [asyncResp, serverType, localRole,
Ratan Gupta06785242019-07-26 22:30:16 +0530358 remoteGroup](const boost::system::error_code ec) {
359 if (ec)
360 {
361 BMCWEB_LOG_ERROR << "DBUS response error: " << ec;
362 messages::internalError(asyncResp->res);
363 return;
364 }
365 nlohmann::json& remoteRoleJson =
366 asyncResp->res
367 .jsonValue[serverType]["RemoteRoleMapping"];
368 remoteRoleJson.push_back(
369 {{"LocalRole", *localRole},
370 {"RemoteGroup", *remoteGroup}});
371 },
372 ldapDbusService, dbusObjectPath, ldapPrivMapperInterface,
Ed Tanous3174e4d2020-10-07 11:41:22 -0700373 "Create", *remoteGroup,
Ratan Gupta06785242019-07-26 22:30:16 +0530374 getPrivilegeFromRoleId(std::move(*localRole)));
375 }
376 }
377 }
378}
379
380/**
Ratan Gupta6973a582018-12-13 18:25:44 +0530381 * Function that retrieves all properties for LDAP config object
382 * into JSON
383 */
384template <typename CallbackFunc>
385inline void getLDAPConfigData(const std::string& ldapType,
386 CallbackFunc&& callback)
387{
Ratan Guptaab828d72019-04-22 14:18:33 +0530388
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600389 const std::array<const char*, 2> interfaces = {ldapEnableInterface,
Ratan Gupta6973a582018-12-13 18:25:44 +0530390 ldapConfigInterface};
391
392 crow::connections::systemBus->async_method_call(
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600393 [callback, ldapType](const boost::system::error_code ec,
394 const GetObjectType& resp) {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600395 if (ec || resp.empty())
396 {
397 BMCWEB_LOG_ERROR << "DBUS response error during getting of "
398 "service name: "
399 << ec;
Ed Tanous23a21a12020-07-25 04:45:05 +0000400 LDAPConfigData empty{};
401 callback(false, empty, ldapType);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600402 return;
403 }
404 std::string service = resp.begin()->first;
405 crow::connections::systemBus->async_method_call(
Ed Tanous81ce6092020-12-17 16:54:55 +0000406 [callback, ldapType](const boost::system::error_code errorCode,
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600407 const ManagedObjectType& ldapObjects) {
408 LDAPConfigData confData{};
Ed Tanous81ce6092020-12-17 16:54:55 +0000409 if (errorCode)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600410 {
411 callback(false, confData, ldapType);
412 BMCWEB_LOG_ERROR << "D-Bus responses error: "
Ed Tanous81ce6092020-12-17 16:54:55 +0000413 << errorCode;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600414 return;
415 }
416
417 std::string ldapDbusType;
418 std::string searchString;
419
420 if (ldapType == "LDAP")
421 {
422 ldapDbusType = "xyz.openbmc_project.User.Ldap.Config."
423 "Type.OpenLdap";
424 searchString = "openldap";
425 }
426 else if (ldapType == "ActiveDirectory")
427 {
428 ldapDbusType =
429 "xyz.openbmc_project.User.Ldap.Config.Type."
430 "ActiveDirectory";
431 searchString = "active_directory";
432 }
433 else
434 {
435 BMCWEB_LOG_ERROR
436 << "Can't get the DbusType for the given type="
437 << ldapType;
438 callback(false, confData, ldapType);
439 return;
440 }
441
442 std::string ldapEnableInterfaceStr = ldapEnableInterface;
443 std::string ldapConfigInterfaceStr = ldapConfigInterface;
444
445 for (const auto& object : ldapObjects)
446 {
447 // let's find the object whose ldap type is equal to the
448 // given type
449 if (object.first.str.find(searchString) ==
450 std::string::npos)
451 {
452 continue;
453 }
454
455 for (const auto& interface : object.second)
456 {
457 if (interface.first == ldapEnableInterfaceStr)
458 {
459 // rest of the properties are string.
460 for (const auto& property : interface.second)
461 {
462 if (property.first == "Enabled")
463 {
464 const bool* value =
465 std::get_if<bool>(&property.second);
466 if (value == nullptr)
467 {
468 continue;
469 }
470 confData.serviceEnabled = *value;
471 break;
472 }
473 }
474 }
475 else if (interface.first == ldapConfigInterfaceStr)
476 {
477
478 for (const auto& property : interface.second)
479 {
Ed Tanous271584a2019-07-09 16:24:22 -0700480 const std::string* strValue =
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600481 std::get_if<std::string>(
482 &property.second);
Ed Tanous271584a2019-07-09 16:24:22 -0700483 if (strValue == nullptr)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600484 {
485 continue;
486 }
487 if (property.first == "LDAPServerURI")
488 {
Ed Tanous271584a2019-07-09 16:24:22 -0700489 confData.uri = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600490 }
491 else if (property.first == "LDAPBindDN")
492 {
Ed Tanous271584a2019-07-09 16:24:22 -0700493 confData.bindDN = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600494 }
495 else if (property.first == "LDAPBaseDN")
496 {
Ed Tanous271584a2019-07-09 16:24:22 -0700497 confData.baseDN = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600498 }
499 else if (property.first ==
500 "LDAPSearchScope")
501 {
Ed Tanous271584a2019-07-09 16:24:22 -0700502 confData.searchScope = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600503 }
504 else if (property.first ==
505 "GroupNameAttribute")
506 {
Ed Tanous271584a2019-07-09 16:24:22 -0700507 confData.groupAttribute = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600508 }
509 else if (property.first ==
510 "UserNameAttribute")
511 {
Ed Tanous271584a2019-07-09 16:24:22 -0700512 confData.userNameAttribute = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600513 }
514 else if (property.first == "LDAPType")
515 {
Ed Tanous271584a2019-07-09 16:24:22 -0700516 confData.serverType = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600517 }
518 }
519 }
520 else if (interface.first ==
521 "xyz.openbmc_project.User."
522 "PrivilegeMapperEntry")
523 {
524 LDAPRoleMapData roleMapData{};
525 for (const auto& property : interface.second)
526 {
Ed Tanous271584a2019-07-09 16:24:22 -0700527 const std::string* strValue =
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600528 std::get_if<std::string>(
529 &property.second);
530
Ed Tanous271584a2019-07-09 16:24:22 -0700531 if (strValue == nullptr)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600532 {
533 continue;
534 }
535
536 if (property.first == "GroupName")
537 {
Ed Tanous271584a2019-07-09 16:24:22 -0700538 roleMapData.groupName = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600539 }
540 else if (property.first == "Privilege")
541 {
Ed Tanous271584a2019-07-09 16:24:22 -0700542 roleMapData.privilege = *strValue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600543 }
544 }
545
Ed Tanous0f0353b2019-10-24 11:37:51 -0700546 confData.groupRoleList.emplace_back(
547 object.first.str, roleMapData);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600548 }
549 }
550 }
551 callback(true, confData, ldapType);
552 },
553 service, ldapRootObject, dbusObjManagerIntf,
554 "GetManagedObjects");
555 },
556 mapperBusName, mapperObjectPath, mapperIntf, "GetObject",
Ed Tanous23a21a12020-07-25 04:45:05 +0000557 ldapConfigObjectName, interfaces);
Ratan Gupta6973a582018-12-13 18:25:44 +0530558}
559
Ed Tanous1abe55e2018-09-05 08:30:59 -0700560class AccountService : public Node
561{
562 public:
Ed Tanous23a21a12020-07-25 04:45:05 +0000563 AccountService(App& app) : Node(app, "/redfish/v1/AccountService/")
Ed Tanous1abe55e2018-09-05 08:30:59 -0700564 {
Ed Tanous1abe55e2018-09-05 08:30:59 -0700565 entityPrivileges = {
Gunnar Mills3c5a3762020-01-29 15:21:30 -0600566 {boost::beast::http::verb::get, {{"Login"}}},
Ed Tanous1abe55e2018-09-05 08:30:59 -0700567 {boost::beast::http::verb::head, {{"Login"}}},
568 {boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
569 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
570 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
571 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
572 }
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +0100573
Ed Tanous1abe55e2018-09-05 08:30:59 -0700574 private:
Ratan Gupta8a07d282019-03-16 08:33:47 +0530575 /**
576 * @brief parses the authentication section under the LDAP
577 * @param input JSON data
578 * @param asyncResp pointer to the JSON response
579 * @param userName userName to be filled from the given JSON.
580 * @param password password to be filled from the given JSON.
581 */
zhanghch058d1b46d2021-04-01 11:18:24 +0800582 void parseLDAPAuthenticationJson(
583 nlohmann::json input,
584 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
585 std::optional<std::string>& username,
586 std::optional<std::string>& password)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530587 {
588 std::optional<std::string> authType;
589
590 if (!json_util::readJson(input, asyncResp->res, "AuthenticationType",
591 authType, "Username", username, "Password",
592 password))
593 {
594 return;
595 }
596 if (!authType)
597 {
598 return;
599 }
600 if (*authType != "UsernameAndPassword")
601 {
602 messages::propertyValueNotInList(asyncResp->res, *authType,
603 "AuthenticationType");
604 return;
605 }
606 }
607 /**
608 * @brief parses the LDAPService section under the LDAP
609 * @param input JSON data
610 * @param asyncResp pointer to the JSON response
611 * @param baseDNList baseDN to be filled from the given JSON.
612 * @param userNameAttribute userName to be filled from the given JSON.
613 * @param groupaAttribute password to be filled from the given JSON.
614 */
615
616 void parseLDAPServiceJson(
zhanghch058d1b46d2021-04-01 11:18:24 +0800617 nlohmann::json input,
618 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ratan Gupta8a07d282019-03-16 08:33:47 +0530619 std::optional<std::vector<std::string>>& baseDNList,
620 std::optional<std::string>& userNameAttribute,
621 std::optional<std::string>& groupsAttribute)
622 {
623 std::optional<nlohmann::json> searchSettings;
624
625 if (!json_util::readJson(input, asyncResp->res, "SearchSettings",
626 searchSettings))
627 {
628 return;
629 }
630 if (!searchSettings)
631 {
632 return;
633 }
634 if (!json_util::readJson(*searchSettings, asyncResp->res,
635 "BaseDistinguishedNames", baseDNList,
636 "UsernameAttribute", userNameAttribute,
637 "GroupsAttribute", groupsAttribute))
638 {
639 return;
640 }
641 }
642 /**
643 * @brief updates the LDAP server address and updates the
644 json response with the new value.
645 * @param serviceAddressList address to be updated.
646 * @param asyncResp pointer to the JSON response
647 * @param ldapServerElementName Type of LDAP
648 server(openLDAP/ActiveDirectory)
649 */
650
651 void handleServiceAddressPatch(
652 const std::vector<std::string>& serviceAddressList,
zhanghch058d1b46d2021-04-01 11:18:24 +0800653 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ratan Gupta8a07d282019-03-16 08:33:47 +0530654 const std::string& ldapServerElementName,
655 const std::string& ldapConfigObject)
656 {
657 crow::connections::systemBus->async_method_call(
658 [asyncResp, ldapServerElementName,
659 serviceAddressList](const boost::system::error_code ec) {
660 if (ec)
661 {
662 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500663 << "Error Occurred in updating the service address";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530664 messages::internalError(asyncResp->res);
665 return;
666 }
667 std::vector<std::string> modifiedserviceAddressList = {
668 serviceAddressList.front()};
669 asyncResp->res
670 .jsonValue[ldapServerElementName]["ServiceAddresses"] =
671 modifiedserviceAddressList;
672 if ((serviceAddressList).size() > 1)
673 {
674 messages::propertyValueModified(asyncResp->res,
675 "ServiceAddresses",
676 serviceAddressList.front());
677 }
678 BMCWEB_LOG_DEBUG << "Updated the service address";
679 },
680 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
681 ldapConfigInterface, "LDAPServerURI",
682 std::variant<std::string>(serviceAddressList.front()));
683 }
684 /**
685 * @brief updates the LDAP Bind DN and updates the
686 json response with the new value.
687 * @param username name of the user which needs to be updated.
688 * @param asyncResp pointer to the JSON response
689 * @param ldapServerElementName Type of LDAP
690 server(openLDAP/ActiveDirectory)
691 */
692
zhanghch058d1b46d2021-04-01 11:18:24 +0800693 void
694 handleUserNamePatch(const std::string& username,
695 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
696 const std::string& ldapServerElementName,
697 const std::string& ldapConfigObject)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530698 {
699 crow::connections::systemBus->async_method_call(
700 [asyncResp, username,
701 ldapServerElementName](const boost::system::error_code ec) {
702 if (ec)
703 {
704 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500705 << "Error occurred in updating the username";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530706 messages::internalError(asyncResp->res);
707 return;
708 }
709 asyncResp->res.jsonValue[ldapServerElementName]
710 ["Authentication"]["Username"] =
711 username;
712 BMCWEB_LOG_DEBUG << "Updated the username";
713 },
714 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
715 ldapConfigInterface, "LDAPBindDN",
716 std::variant<std::string>(username));
717 }
718
719 /**
720 * @brief updates the LDAP password
721 * @param password : ldap password which needs to be updated.
722 * @param asyncResp pointer to the JSON response
723 * @param ldapServerElementName Type of LDAP
724 * server(openLDAP/ActiveDirectory)
725 */
726
zhanghch058d1b46d2021-04-01 11:18:24 +0800727 void
728 handlePasswordPatch(const std::string& password,
729 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
730 const std::string& ldapServerElementName,
731 const std::string& ldapConfigObject)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530732 {
733 crow::connections::systemBus->async_method_call(
734 [asyncResp, password,
735 ldapServerElementName](const boost::system::error_code ec) {
736 if (ec)
737 {
738 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500739 << "Error occurred in updating the password";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530740 messages::internalError(asyncResp->res);
741 return;
742 }
743 asyncResp->res.jsonValue[ldapServerElementName]
744 ["Authentication"]["Password"] = "";
745 BMCWEB_LOG_DEBUG << "Updated the password";
746 },
747 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
748 ldapConfigInterface, "LDAPBindDNPassword",
749 std::variant<std::string>(password));
750 }
751
752 /**
753 * @brief updates the LDAP BaseDN and updates the
754 json response with the new value.
755 * @param baseDNList baseDN list which needs to be updated.
756 * @param asyncResp pointer to the JSON response
757 * @param ldapServerElementName Type of LDAP
758 server(openLDAP/ActiveDirectory)
759 */
760
761 void handleBaseDNPatch(const std::vector<std::string>& baseDNList,
zhanghch058d1b46d2021-04-01 11:18:24 +0800762 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ratan Gupta8a07d282019-03-16 08:33:47 +0530763 const std::string& ldapServerElementName,
764 const std::string& ldapConfigObject)
765 {
766 crow::connections::systemBus->async_method_call(
767 [asyncResp, baseDNList,
768 ldapServerElementName](const boost::system::error_code ec) {
769 if (ec)
770 {
Gunnar Millsc61704a2020-07-08 13:47:06 -0500771 BMCWEB_LOG_DEBUG
772 << "Error Occurred in Updating the base DN";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530773 messages::internalError(asyncResp->res);
774 return;
775 }
776 auto& serverTypeJson =
777 asyncResp->res.jsonValue[ldapServerElementName];
778 auto& searchSettingsJson =
779 serverTypeJson["LDAPService"]["SearchSettings"];
780 std::vector<std::string> modifiedBaseDNList = {
781 baseDNList.front()};
782 searchSettingsJson["BaseDistinguishedNames"] =
783 modifiedBaseDNList;
784 if (baseDNList.size() > 1)
785 {
786 messages::propertyValueModified(asyncResp->res,
787 "BaseDistinguishedNames",
788 baseDNList.front());
789 }
790 BMCWEB_LOG_DEBUG << "Updated the base DN";
791 },
792 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
793 ldapConfigInterface, "LDAPBaseDN",
794 std::variant<std::string>(baseDNList.front()));
795 }
796 /**
797 * @brief updates the LDAP user name attribute and updates the
798 json response with the new value.
799 * @param userNameAttribute attribute to be updated.
800 * @param asyncResp pointer to the JSON response
801 * @param ldapServerElementName Type of LDAP
802 server(openLDAP/ActiveDirectory)
803 */
804
zhanghch058d1b46d2021-04-01 11:18:24 +0800805 void handleUserNameAttrPatch(
806 const std::string& userNameAttribute,
807 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
808 const std::string& ldapServerElementName,
809 const std::string& ldapConfigObject)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530810 {
811 crow::connections::systemBus->async_method_call(
812 [asyncResp, userNameAttribute,
813 ldapServerElementName](const boost::system::error_code ec) {
814 if (ec)
815 {
Gunnar Millsc61704a2020-07-08 13:47:06 -0500816 BMCWEB_LOG_DEBUG << "Error Occurred in Updating the "
Ratan Gupta8a07d282019-03-16 08:33:47 +0530817 "username attribute";
818 messages::internalError(asyncResp->res);
819 return;
820 }
821 auto& serverTypeJson =
822 asyncResp->res.jsonValue[ldapServerElementName];
823 auto& searchSettingsJson =
824 serverTypeJson["LDAPService"]["SearchSettings"];
825 searchSettingsJson["UsernameAttribute"] = userNameAttribute;
826 BMCWEB_LOG_DEBUG << "Updated the user name attr.";
827 },
828 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
829 ldapConfigInterface, "UserNameAttribute",
830 std::variant<std::string>(userNameAttribute));
831 }
832 /**
833 * @brief updates the LDAP group attribute and updates the
834 json response with the new value.
835 * @param groupsAttribute attribute to be updated.
836 * @param asyncResp pointer to the JSON response
837 * @param ldapServerElementName Type of LDAP
838 server(openLDAP/ActiveDirectory)
839 */
840
zhanghch058d1b46d2021-04-01 11:18:24 +0800841 void handleGroupNameAttrPatch(
842 const std::string& groupsAttribute,
843 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
844 const std::string& ldapServerElementName,
845 const std::string& ldapConfigObject)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530846 {
847 crow::connections::systemBus->async_method_call(
848 [asyncResp, groupsAttribute,
849 ldapServerElementName](const boost::system::error_code ec) {
850 if (ec)
851 {
Gunnar Millsc61704a2020-07-08 13:47:06 -0500852 BMCWEB_LOG_DEBUG << "Error Occurred in Updating the "
Ratan Gupta8a07d282019-03-16 08:33:47 +0530853 "groupname attribute";
854 messages::internalError(asyncResp->res);
855 return;
856 }
857 auto& serverTypeJson =
858 asyncResp->res.jsonValue[ldapServerElementName];
859 auto& searchSettingsJson =
860 serverTypeJson["LDAPService"]["SearchSettings"];
861 searchSettingsJson["GroupsAttribute"] = groupsAttribute;
862 BMCWEB_LOG_DEBUG << "Updated the groupname attr";
863 },
864 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
865 ldapConfigInterface, "GroupNameAttribute",
866 std::variant<std::string>(groupsAttribute));
867 }
868 /**
869 * @brief updates the LDAP service enable and updates the
870 json response with the new value.
871 * @param input JSON data.
872 * @param asyncResp pointer to the JSON response
873 * @param ldapServerElementName Type of LDAP
874 server(openLDAP/ActiveDirectory)
875 */
876
zhanghch058d1b46d2021-04-01 11:18:24 +0800877 void handleServiceEnablePatch(
878 bool serviceEnabled,
879 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
880 const std::string& ldapServerElementName,
881 const std::string& ldapConfigObject)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530882 {
883 crow::connections::systemBus->async_method_call(
884 [asyncResp, serviceEnabled,
885 ldapServerElementName](const boost::system::error_code ec) {
886 if (ec)
887 {
888 BMCWEB_LOG_DEBUG
Gunnar Millsc61704a2020-07-08 13:47:06 -0500889 << "Error Occurred in Updating the service enable";
Ratan Gupta8a07d282019-03-16 08:33:47 +0530890 messages::internalError(asyncResp->res);
891 return;
892 }
893 asyncResp->res
894 .jsonValue[ldapServerElementName]["ServiceEnabled"] =
895 serviceEnabled;
896 BMCWEB_LOG_DEBUG << "Updated Service enable = "
897 << serviceEnabled;
898 },
899 ldapDbusService, ldapConfigObject, propertyInterface, "Set",
900 ldapEnableInterface, "Enabled", std::variant<bool>(serviceEnabled));
901 }
902
zhanghch058d1b46d2021-04-01 11:18:24 +0800903 void handleAuthMethodsPatch(
904 nlohmann::json& input,
905 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100906 {
907 std::optional<bool> basicAuth;
908 std::optional<bool> cookie;
909 std::optional<bool> sessionToken;
910 std::optional<bool> xToken;
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200911 std::optional<bool> tls;
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100912
913 if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth,
914 "Cookie", cookie, "SessionToken", sessionToken,
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200915 "XToken", xToken, "TLS", tls))
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100916 {
917 BMCWEB_LOG_ERROR << "Cannot read values from AuthMethod tag";
918 return;
919 }
920
921 // Make a copy of methods configuration
Ed Tanous52cc1122020-07-18 13:51:21 -0700922 persistent_data::AuthConfigMethods authMethodsConfig =
923 persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100924
925 if (basicAuth)
926 {
Alan Kuof16f6262020-12-08 19:29:59 +0800927#ifndef BMCWEB_ENABLE_BASIC_AUTHENTICATION
928 messages::actionNotSupported(
929 asyncResp->res, "Setting BasicAuth when basic-auth feature "
930 "is disabled");
931 return;
932#endif
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100933 authMethodsConfig.basic = *basicAuth;
934 }
935
936 if (cookie)
937 {
Alan Kuof16f6262020-12-08 19:29:59 +0800938#ifndef BMCWEB_ENABLE_COOKIE_AUTHENTICATION
939 messages::actionNotSupported(
940 asyncResp->res, "Setting Cookie when cookie-auth feature "
941 "is disabled");
942 return;
943#endif
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100944 authMethodsConfig.cookie = *cookie;
945 }
946
947 if (sessionToken)
948 {
Alan Kuof16f6262020-12-08 19:29:59 +0800949#ifndef BMCWEB_ENABLE_SESSION_AUTHENTICATION
950 messages::actionNotSupported(
951 asyncResp->res,
952 "Setting SessionToken when session-auth feature "
953 "is disabled");
954 return;
955#endif
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100956 authMethodsConfig.sessionToken = *sessionToken;
957 }
958
959 if (xToken)
960 {
Alan Kuof16f6262020-12-08 19:29:59 +0800961#ifndef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION
962 messages::actionNotSupported(
963 asyncResp->res, "Setting XToken when xtoken-auth feature "
964 "is disabled");
965 return;
966#endif
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100967 authMethodsConfig.xtoken = *xToken;
968 }
969
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200970 if (tls)
971 {
Alan Kuof16f6262020-12-08 19:29:59 +0800972#ifndef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
973 messages::actionNotSupported(
974 asyncResp->res, "Setting TLS when mutual-tls-auth feature "
975 "is disabled");
976 return;
977#endif
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200978 authMethodsConfig.tls = *tls;
979 }
980
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100981 if (!authMethodsConfig.basic && !authMethodsConfig.cookie &&
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +0200982 !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken &&
983 !authMethodsConfig.tls)
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100984 {
985 // Do not allow user to disable everything
986 messages::actionNotSupported(asyncResp->res,
987 "of disabling all available methods");
988 return;
989 }
990
Ed Tanous52cc1122020-07-18 13:51:21 -0700991 persistent_data::SessionStore::getInstance().updateAuthMethodsConfig(
992 authMethodsConfig);
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100993 // Save configuration immediately
Ed Tanous52cc1122020-07-18 13:51:21 -0700994 persistent_data::getConfig().writeData();
Zbigniew Kurzynski78158632019-11-05 12:57:37 +0100995
996 messages::success(asyncResp->res);
997 }
998
Ratan Gupta8a07d282019-03-16 08:33:47 +0530999 /**
1000 * @brief Get the required values from the given JSON, validates the
1001 * value and create the LDAP config object.
1002 * @param input JSON data
1003 * @param asyncResp pointer to the JSON response
1004 * @param serverType Type of LDAP server(openLDAP/ActiveDirectory)
1005 */
1006
1007 void handleLDAPPatch(nlohmann::json& input,
zhanghch058d1b46d2021-04-01 11:18:24 +08001008 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ratan Gupta8a07d282019-03-16 08:33:47 +05301009 const std::string& serverType)
1010 {
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301011 std::string dbusObjectPath;
1012 if (serverType == "ActiveDirectory")
1013 {
Ed Tanous2c70f802020-09-28 14:29:23 -07001014 dbusObjectPath = adConfigObject;
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301015 }
1016 else if (serverType == "LDAP")
1017 {
Ed Tanous23a21a12020-07-25 04:45:05 +00001018 dbusObjectPath = ldapConfigObjectName;
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301019 }
Ed Tanouscb13a392020-07-25 19:02:03 +00001020 else
1021 {
1022 return;
1023 }
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301024
Ratan Gupta8a07d282019-03-16 08:33:47 +05301025 std::optional<nlohmann::json> authentication;
1026 std::optional<nlohmann::json> ldapService;
Ratan Gupta8a07d282019-03-16 08:33:47 +05301027 std::optional<std::vector<std::string>> serviceAddressList;
1028 std::optional<bool> serviceEnabled;
1029 std::optional<std::vector<std::string>> baseDNList;
1030 std::optional<std::string> userNameAttribute;
1031 std::optional<std::string> groupsAttribute;
1032 std::optional<std::string> userName;
1033 std::optional<std::string> password;
Ratan Gupta06785242019-07-26 22:30:16 +05301034 std::optional<std::vector<nlohmann::json>> remoteRoleMapData;
Ratan Gupta8a07d282019-03-16 08:33:47 +05301035
1036 if (!json_util::readJson(input, asyncResp->res, "Authentication",
1037 authentication, "LDAPService", ldapService,
1038 "ServiceAddresses", serviceAddressList,
Ratan Gupta06785242019-07-26 22:30:16 +05301039 "ServiceEnabled", serviceEnabled,
1040 "RemoteRoleMapping", remoteRoleMapData))
Ratan Gupta8a07d282019-03-16 08:33:47 +05301041 {
1042 return;
1043 }
1044
1045 if (authentication)
1046 {
1047 parseLDAPAuthenticationJson(*authentication, asyncResp, userName,
1048 password);
1049 }
1050 if (ldapService)
1051 {
1052 parseLDAPServiceJson(*ldapService, asyncResp, baseDNList,
1053 userNameAttribute, groupsAttribute);
1054 }
Ratan Gupta8a07d282019-03-16 08:33:47 +05301055 if (serviceAddressList)
1056 {
1057 if ((*serviceAddressList).size() == 0)
1058 {
1059 messages::propertyValueNotInList(asyncResp->res, "[]",
1060 "ServiceAddress");
1061 return;
1062 }
1063 }
1064 if (baseDNList)
1065 {
1066 if ((*baseDNList).size() == 0)
1067 {
1068 messages::propertyValueNotInList(asyncResp->res, "[]",
1069 "BaseDistinguishedNames");
1070 return;
1071 }
1072 }
1073
1074 // nothing to update, then return
1075 if (!userName && !password && !serviceAddressList && !baseDNList &&
Ratan Gupta06785242019-07-26 22:30:16 +05301076 !userNameAttribute && !groupsAttribute && !serviceEnabled &&
1077 !remoteRoleMapData)
Ratan Gupta8a07d282019-03-16 08:33:47 +05301078 {
1079 return;
1080 }
1081
1082 // Get the existing resource first then keep modifying
1083 // whenever any property gets updated.
Ed Tanousb5a76932020-09-29 16:16:58 -07001084 getLDAPConfigData(
1085 serverType, [this, asyncResp, userName, password, baseDNList,
1086 userNameAttribute, groupsAttribute, serviceAddressList,
1087 serviceEnabled, dbusObjectPath, remoteRoleMapData](
1088 bool success, const LDAPConfigData& confData,
1089 const std::string& serverT) {
1090 if (!success)
Ratan Gupta8a07d282019-03-16 08:33:47 +05301091 {
Ed Tanousb5a76932020-09-29 16:16:58 -07001092 messages::internalError(asyncResp->res);
1093 return;
1094 }
1095 parseLDAPConfigData(asyncResp->res.jsonValue, confData,
1096 serverT);
1097 if (confData.serviceEnabled)
1098 {
1099 // Disable the service first and update the rest of
1100 // the properties.
1101 handleServiceEnablePatch(false, asyncResp, serverT,
1102 dbusObjectPath);
1103 }
1104
1105 if (serviceAddressList)
1106 {
1107 handleServiceAddressPatch(*serviceAddressList, asyncResp,
1108 serverT, dbusObjectPath);
1109 }
1110 if (userName)
1111 {
1112 handleUserNamePatch(*userName, asyncResp, serverT,
1113 dbusObjectPath);
1114 }
1115 if (password)
1116 {
1117 handlePasswordPatch(*password, asyncResp, serverT,
1118 dbusObjectPath);
1119 }
1120
1121 if (baseDNList)
1122 {
1123 handleBaseDNPatch(*baseDNList, asyncResp, serverT,
1124 dbusObjectPath);
1125 }
1126 if (userNameAttribute)
1127 {
1128 handleUserNameAttrPatch(*userNameAttribute, asyncResp,
1129 serverT, dbusObjectPath);
1130 }
1131 if (groupsAttribute)
1132 {
1133 handleGroupNameAttrPatch(*groupsAttribute, asyncResp,
Ed Tanous23a21a12020-07-25 04:45:05 +00001134 serverT, dbusObjectPath);
Ratan Gupta8a07d282019-03-16 08:33:47 +05301135 }
Ed Tanousb5a76932020-09-29 16:16:58 -07001136 if (serviceEnabled)
1137 {
1138 // if user has given the value as true then enable
1139 // the service. if user has given false then no-op
1140 // as service is already stopped.
1141 if (*serviceEnabled)
1142 {
1143 handleServiceEnablePatch(*serviceEnabled, asyncResp,
1144 serverT, dbusObjectPath);
1145 }
1146 }
1147 else
1148 {
1149 // if user has not given the service enabled value
1150 // then revert it to the same state as it was
1151 // before.
1152 handleServiceEnablePatch(confData.serviceEnabled, asyncResp,
1153 serverT, dbusObjectPath);
1154 }
Ratan Gupta06785242019-07-26 22:30:16 +05301155
Ed Tanousb5a76932020-09-29 16:16:58 -07001156 if (remoteRoleMapData)
1157 {
Ed Tanousb5a76932020-09-29 16:16:58 -07001158 handleRoleMapPatch(asyncResp, confData.groupRoleList,
Ed Tanousf23b7292020-10-15 09:41:17 -07001159 serverT, *remoteRoleMapData);
Ed Tanousb5a76932020-09-29 16:16:58 -07001160 }
1161 });
Ratan Gupta8a07d282019-03-16 08:33:47 +05301162 }
Ed Tanousd4b54432019-07-17 22:51:55 +00001163
zhanghch058d1b46d2021-04-01 11:18:24 +08001164 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1165 const crow::Request&, const std::vector<std::string>&) override
Ed Tanous1abe55e2018-09-05 08:30:59 -07001166 {
Ed Tanous52cc1122020-07-18 13:51:21 -07001167 const persistent_data::AuthConfigMethods& authMethodsConfig =
1168 persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001169
zhanghch058d1b46d2021-04-01 11:18:24 +08001170 asyncResp->res.jsonValue = {
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301171 {"@odata.id", "/redfish/v1/AccountService"},
1172 {"@odata.type", "#AccountService."
Gunnar Millsba9dd4a2020-02-20 10:40:18 -06001173 "v1_5_0.AccountService"},
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301174 {"Id", "AccountService"},
1175 {"Name", "Account Service"},
1176 {"Description", "Account Service"},
1177 {"ServiceEnabled", true},
AppaRao Puli343ff2e2019-03-24 00:42:13 +05301178 {"MaxPasswordLength", 20},
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301179 {"Accounts",
1180 {{"@odata.id", "/redfish/v1/AccountService/Accounts"}}},
Marri Devender Rao37cce912019-02-20 01:05:22 -06001181 {"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}},
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001182 {"Oem",
1183 {{"OpenBMC",
1184 {{"@odata.type", "#OemAccountService.v1_0_0.AccountService"},
1185 {"AuthMethods",
1186 {
1187 {"BasicAuth", authMethodsConfig.basic},
1188 {"SessionToken", authMethodsConfig.sessionToken},
1189 {"XToken", authMethodsConfig.xtoken},
1190 {"Cookie", authMethodsConfig.cookie},
Zbigniew Kurzynski501f1e52019-10-02 11:22:11 +02001191 {"TLS", authMethodsConfig.tls},
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001192 }}}}}},
Marri Devender Rao37cce912019-02-20 01:05:22 -06001193 {"LDAP",
1194 {{"Certificates",
1195 {{"@odata.id",
1196 "/redfish/v1/AccountService/LDAP/Certificates"}}}}}};
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301197 crow::connections::systemBus->async_method_call(
1198 [asyncResp](
1199 const boost::system::error_code ec,
1200 const std::vector<std::pair<
Ed Tanousabf2add2019-01-22 16:40:12 -08001201 std::string, std::variant<uint32_t, uint16_t, uint8_t>>>&
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301202 propertiesList) {
1203 if (ec)
1204 {
1205 messages::internalError(asyncResp->res);
1206 return;
1207 }
1208 BMCWEB_LOG_DEBUG << "Got " << propertiesList.size()
1209 << "properties for AccountService";
1210 for (const std::pair<std::string,
Ed Tanousabf2add2019-01-22 16:40:12 -08001211 std::variant<uint32_t, uint16_t, uint8_t>>&
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301212 property : propertiesList)
1213 {
1214 if (property.first == "MinPasswordLength")
1215 {
1216 const uint8_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -08001217 std::get_if<uint8_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301218 if (value != nullptr)
1219 {
1220 asyncResp->res.jsonValue["MinPasswordLength"] =
1221 *value;
1222 }
1223 }
1224 if (property.first == "AccountUnlockTimeout")
1225 {
1226 const uint32_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -08001227 std::get_if<uint32_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301228 if (value != nullptr)
1229 {
1230 asyncResp->res.jsonValue["AccountLockoutDuration"] =
1231 *value;
1232 }
1233 }
1234 if (property.first == "MaxLoginAttemptBeforeLockout")
1235 {
1236 const uint16_t* value =
Ed Tanousabf2add2019-01-22 16:40:12 -08001237 std::get_if<uint16_t>(&property.second);
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301238 if (value != nullptr)
1239 {
1240 asyncResp->res
1241 .jsonValue["AccountLockoutThreshold"] = *value;
1242 }
1243 }
1244 }
1245 },
1246 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1247 "org.freedesktop.DBus.Properties", "GetAll",
1248 "xyz.openbmc_project.User.AccountPolicy");
Ratan Gupta6973a582018-12-13 18:25:44 +05301249
Ratan Guptaab828d72019-04-22 14:18:33 +05301250 auto callback = [asyncResp](bool success, LDAPConfigData& confData,
1251 const std::string& ldapType) {
Ed Tanouscb13a392020-07-25 19:02:03 +00001252 if (!success)
1253 {
1254 return;
1255 }
Ratan Guptaab828d72019-04-22 14:18:33 +05301256 parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType);
1257 };
1258
1259 getLDAPConfigData("LDAP", callback);
1260 getLDAPConfigData("ActiveDirectory", callback);
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301261 }
Ratan Gupta6973a582018-12-13 18:25:44 +05301262
zhanghch058d1b46d2021-04-01 11:18:24 +08001263 void doPatch(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1264 const crow::Request& req,
Ed Tanouscb13a392020-07-25 19:02:03 +00001265 const std::vector<std::string>&) override
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301266 {
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301267 std::optional<uint32_t> unlockTimeout;
1268 std::optional<uint16_t> lockoutThreshold;
Ratan Gupta19fb6e72019-03-04 13:30:50 +05301269 std::optional<uint16_t> minPasswordLength;
1270 std::optional<uint16_t> maxPasswordLength;
Ratan Gupta8a07d282019-03-16 08:33:47 +05301271 std::optional<nlohmann::json> ldapObject;
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301272 std::optional<nlohmann::json> activeDirectoryObject;
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001273 std::optional<nlohmann::json> oemObject;
Ratan Gupta19fb6e72019-03-04 13:30:50 +05301274
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001275 if (!json_util::readJson(
zhanghch058d1b46d2021-04-01 11:18:24 +08001276 req, asyncResp->res, "AccountLockoutDuration", unlockTimeout,
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001277 "AccountLockoutThreshold", lockoutThreshold,
1278 "MaxPasswordLength", maxPasswordLength, "MinPasswordLength",
1279 minPasswordLength, "LDAP", ldapObject, "ActiveDirectory",
1280 activeDirectoryObject, "Oem", oemObject))
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301281 {
1282 return;
1283 }
Ratan Gupta19fb6e72019-03-04 13:30:50 +05301284
1285 if (minPasswordLength)
1286 {
1287 messages::propertyNotWritable(asyncResp->res, "MinPasswordLength");
1288 }
1289
1290 if (maxPasswordLength)
1291 {
1292 messages::propertyNotWritable(asyncResp->res, "MaxPasswordLength");
1293 }
1294
Ratan Gupta8a07d282019-03-16 08:33:47 +05301295 if (ldapObject)
1296 {
Ed Tanouscb13a392020-07-25 19:02:03 +00001297 handleLDAPPatch(*ldapObject, asyncResp, "LDAP");
Ratan Gupta8a07d282019-03-16 08:33:47 +05301298 }
1299
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001300 if (std::optional<nlohmann::json> oemOpenBMCObject;
zhanghch058d1b46d2021-04-01 11:18:24 +08001301 oemObject && json_util::readJson(*oemObject, asyncResp->res,
1302 "OpenBMC", oemOpenBMCObject))
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001303 {
1304 if (std::optional<nlohmann::json> authMethodsObject;
1305 oemOpenBMCObject &&
zhanghch058d1b46d2021-04-01 11:18:24 +08001306 json_util::readJson(*oemOpenBMCObject, asyncResp->res,
1307 "AuthMethods", authMethodsObject))
Zbigniew Kurzynski78158632019-11-05 12:57:37 +01001308 {
1309 if (authMethodsObject)
1310 {
1311 handleAuthMethodsPatch(*authMethodsObject, asyncResp);
1312 }
1313 }
1314 }
1315
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301316 if (activeDirectoryObject)
1317 {
Ed Tanouscb13a392020-07-25 19:02:03 +00001318 handleLDAPPatch(*activeDirectoryObject, asyncResp,
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301319 "ActiveDirectory");
1320 }
1321
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301322 if (unlockTimeout)
1323 {
1324 crow::connections::systemBus->async_method_call(
1325 [asyncResp](const boost::system::error_code ec) {
1326 if (ec)
1327 {
1328 messages::internalError(asyncResp->res);
1329 return;
1330 }
Ratan Guptaadd61332019-02-13 20:49:16 +05301331 messages::success(asyncResp->res);
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301332 },
1333 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1334 "org.freedesktop.DBus.Properties", "Set",
1335 "xyz.openbmc_project.User.AccountPolicy",
Ed Tanousabf2add2019-01-22 16:40:12 -08001336 "AccountUnlockTimeout", std::variant<uint32_t>(*unlockTimeout));
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301337 }
1338 if (lockoutThreshold)
1339 {
1340 crow::connections::systemBus->async_method_call(
1341 [asyncResp](const boost::system::error_code ec) {
1342 if (ec)
1343 {
1344 messages::internalError(asyncResp->res);
1345 return;
1346 }
Ratan Guptaadd61332019-02-13 20:49:16 +05301347 messages::success(asyncResp->res);
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301348 },
1349 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1350 "org.freedesktop.DBus.Properties", "Set",
1351 "xyz.openbmc_project.User.AccountPolicy",
1352 "MaxLoginAttemptBeforeLockout",
Ed Tanousabf2add2019-01-22 16:40:12 -08001353 std::variant<uint16_t>(*lockoutThreshold));
AppaRao Puli3d958bb2018-12-25 12:45:54 +05301354 }
Ed Tanous1abe55e2018-09-05 08:30:59 -07001355 }
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +01001356};
Tanousf00032d2018-11-05 01:18:10 -03001357
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001358class AccountsCollection : public Node
1359{
1360 public:
Ed Tanous52cc1122020-07-18 13:51:21 -07001361 AccountsCollection(App& app) :
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001362 Node(app, "/redfish/v1/AccountService/Accounts/")
1363 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001364 entityPrivileges = {
Gunnar Millsf3659102020-01-29 16:23:28 -06001365 // According to the PrivilegeRegistry, GET should actually be
1366 // "Login". A "Login" only privilege would return an empty "Members"
1367 // list. Not going to worry about this since none of the defined
1368 // roles are just "Login". E.g. Readonly is {"Login",
1369 // "ConfigureSelf"}. In the rare event anyone defines a role that
1370 // has Login but not ConfigureSelf, implement this.
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001371 {boost::beast::http::verb::get,
Gunnar Millsf3659102020-01-29 16:23:28 -06001372 {{"ConfigureUsers"}, {"ConfigureSelf"}}},
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001373 {boost::beast::http::verb::head, {{"Login"}}},
1374 {boost::beast::http::verb::patch, {{"ConfigureUsers"}}},
1375 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
1376 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
1377 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
1378 }
1379
1380 private:
zhanghch058d1b46d2021-04-01 11:18:24 +08001381 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1382 const crow::Request& req,
Ed Tanouscb13a392020-07-25 19:02:03 +00001383 const std::vector<std::string>&) override
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001384 {
zhanghch058d1b46d2021-04-01 11:18:24 +08001385 asyncResp->res.jsonValue = {
1386 {"@odata.id", "/redfish/v1/AccountService/Accounts"},
1387 {"@odata.type", "#ManagerAccountCollection."
1388 "ManagerAccountCollection"},
1389 {"Name", "Accounts Collection"},
1390 {"Description", "BMC User Accounts"}};
Ed Tanous0f74e642018-11-12 15:17:05 -08001391
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001392 crow::connections::systemBus->async_method_call(
Gunnar Millsf3659102020-01-29 16:23:28 -06001393 [asyncResp, &req, this](const boost::system::error_code ec,
1394 const ManagedObjectType& users) {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001395 if (ec)
1396 {
Jason M. Billsf12894f2018-10-09 12:45:45 -07001397 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001398 return;
1399 }
1400
1401 nlohmann::json& memberArray =
1402 asyncResp->res.jsonValue["Members"];
1403 memberArray = nlohmann::json::array();
1404
Ed Tanous2dfd18e2020-12-18 00:41:31 +00001405 for (auto& userpath : users)
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001406 {
Ed Tanous2dfd18e2020-12-18 00:41:31 +00001407 std::string user = userpath.first.filename();
1408 if (user.empty())
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001409 {
Ed Tanous2dfd18e2020-12-18 00:41:31 +00001410 messages::internalError(asyncResp->res);
1411 BMCWEB_LOG_ERROR << "Invalid firmware ID";
1412
1413 return;
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001414 }
Gunnar Millsf3659102020-01-29 16:23:28 -06001415
1416 // As clarified by Redfish here:
1417 // https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration
1418 // Users without ConfigureUsers, only see their own account.
1419 // Users with ConfigureUsers, see all accounts.
Ed Tanous2dfd18e2020-12-18 00:41:31 +00001420 if (req.session->username == user ||
Gunnar Millsf3659102020-01-29 16:23:28 -06001421 isAllowedWithoutConfigureSelf(req))
1422 {
1423 memberArray.push_back(
1424 {{"@odata.id",
Ed Tanous2dfd18e2020-12-18 00:41:31 +00001425 "/redfish/v1/AccountService/Accounts/" + user}});
Gunnar Millsf3659102020-01-29 16:23:28 -06001426 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001427 }
Gunnar Millsf3659102020-01-29 16:23:28 -06001428 asyncResp->res.jsonValue["Members@odata.count"] =
1429 memberArray.size();
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001430 },
1431 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1432 "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
1433 }
zhanghch058d1b46d2021-04-01 11:18:24 +08001434 void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1435 const crow::Request& req,
Ed Tanouscb13a392020-07-25 19:02:03 +00001436 const std::vector<std::string>&) override
Ed Tanous04ae99e2018-09-20 15:54:36 -07001437 {
Ed Tanous9712f8a2018-09-21 13:38:49 -07001438 std::string username;
1439 std::string password;
Ed Tanousa24526d2018-12-10 15:17:59 -08001440 std::optional<std::string> roleId("User");
1441 std::optional<bool> enabled = true;
zhanghch058d1b46d2021-04-01 11:18:24 +08001442 if (!json_util::readJson(req, asyncResp->res, "UserName", username,
1443 "Password", password, "RoleId", roleId,
1444 "Enabled", enabled))
Ed Tanous04ae99e2018-09-20 15:54:36 -07001445 {
1446 return;
1447 }
1448
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001449 std::string priv = getPrivilegeFromRoleId(*roleId);
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301450 if (priv.empty())
Ed Tanous04ae99e2018-09-20 15:54:36 -07001451 {
Jason M. Billsf12894f2018-10-09 12:45:45 -07001452 messages::propertyValueNotInList(asyncResp->res, *roleId, "RoleId");
Ed Tanous04ae99e2018-09-20 15:54:36 -07001453 return;
1454 }
jayaprakash Mutyala96200602020-04-08 11:09:10 +00001455 // TODO: Following override will be reverted once support in
1456 // phosphor-user-manager is added. In order to avoid dependency issues,
1457 // this is added in bmcweb, which will removed, once
1458 // phosphor-user-manager supports priv-noaccess.
1459 if (priv == "priv-noaccess")
1460 {
1461 roleId = "";
1462 }
1463 else
1464 {
1465 roleId = priv;
1466 }
Ed Tanous04ae99e2018-09-20 15:54:36 -07001467
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001468 // Reading AllGroups property
Ed Tanous04ae99e2018-09-20 15:54:36 -07001469 crow::connections::systemBus->async_method_call(
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001470 [asyncResp, username, password{std::move(password)}, roleId,
1471 enabled](const boost::system::error_code ec,
1472 const std::variant<std::vector<std::string>>& allGroups) {
Ed Tanous04ae99e2018-09-20 15:54:36 -07001473 if (ec)
1474 {
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001475 BMCWEB_LOG_DEBUG << "ERROR with async_method_call";
1476 messages::internalError(asyncResp->res);
Ed Tanous04ae99e2018-09-20 15:54:36 -07001477 return;
1478 }
1479
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001480 const std::vector<std::string>* allGroupsList =
1481 std::get_if<std::vector<std::string>>(&allGroups);
1482
1483 if (allGroupsList == nullptr || allGroupsList->empty())
Ed Tanous04ae99e2018-09-20 15:54:36 -07001484 {
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001485 messages::internalError(asyncResp->res);
Ed Tanous04ae99e2018-09-20 15:54:36 -07001486 return;
1487 }
1488
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001489 crow::connections::systemBus->async_method_call(
Ed Tanousf23b7292020-10-15 09:41:17 -07001490 [asyncResp, username,
1491 password](const boost::system::error_code ec2,
1492 sdbusplus::message::message& m) {
Ed Tanous23a21a12020-07-25 04:45:05 +00001493 if (ec2)
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001494 {
anil kumar appana0d4197e2019-06-13 15:06:23 +00001495 userErrorMessageHandler(m.get_error(), asyncResp,
1496 username, "");
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001497 return;
1498 }
1499
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +00001500 if (pamUpdatePassword(username, password) !=
1501 PAM_SUCCESS)
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001502 {
1503 // At this point we have a user that's been created,
1504 // but the password set failed.Something is wrong,
1505 // so delete the user that we've already created
1506 crow::connections::systemBus->async_method_call(
Ed Tanous23a21a12020-07-25 04:45:05 +00001507 [asyncResp, password](
1508 const boost::system::error_code ec3) {
1509 if (ec3)
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001510 {
1511 messages::internalError(asyncResp->res);
1512 return;
1513 }
1514
anil kumar appana0d4197e2019-06-13 15:06:23 +00001515 // If password is invalid
1516 messages::propertyValueFormatError(
1517 asyncResp->res, password, "Password");
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001518 },
1519 "xyz.openbmc_project.User.Manager",
1520 "/xyz/openbmc_project/user/" + username,
1521 "xyz.openbmc_project.Object.Delete", "Delete");
1522
1523 BMCWEB_LOG_ERROR << "pamUpdatePassword Failed";
1524 return;
1525 }
1526
1527 messages::created(asyncResp->res);
1528 asyncResp->res.addHeader(
1529 "Location",
1530 "/redfish/v1/AccountService/Accounts/" + username);
1531 },
1532 "xyz.openbmc_project.User.Manager",
1533 "/xyz/openbmc_project/user",
1534 "xyz.openbmc_project.User.Manager", "CreateUser", username,
1535 *allGroupsList, *roleId, *enabled);
Ed Tanous04ae99e2018-09-20 15:54:36 -07001536 },
1537 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
Ayushi Smriti599c71d2019-08-23 17:43:18 +00001538 "org.freedesktop.DBus.Properties", "Get",
1539 "xyz.openbmc_project.User.Manager", "AllGroups");
Ed Tanous04ae99e2018-09-20 15:54:36 -07001540 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001541};
1542
1543class ManagerAccount : public Node
1544{
1545 public:
Ed Tanous52cc1122020-07-18 13:51:21 -07001546 ManagerAccount(App& app) :
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001547 Node(app, "/redfish/v1/AccountService/Accounts/<str>/", std::string())
1548 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001549 entityPrivileges = {
1550 {boost::beast::http::verb::get,
1551 {{"ConfigureUsers"}, {"ConfigureManager"}, {"ConfigureSelf"}}},
1552 {boost::beast::http::verb::head, {{"Login"}}},
Joseph Reynolds900f9492019-11-25 15:37:29 -06001553 {boost::beast::http::verb::patch,
1554 {{"ConfigureUsers"}, {"ConfigureSelf"}}},
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001555 {boost::beast::http::verb::put, {{"ConfigureUsers"}}},
1556 {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}},
1557 {boost::beast::http::verb::post, {{"ConfigureUsers"}}}};
1558 }
1559
1560 private:
zhanghch058d1b46d2021-04-01 11:18:24 +08001561 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1562 const crow::Request& req,
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001563 const std::vector<std::string>& params) override
1564 {
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001565 if (params.size() != 1)
1566 {
Jason M. Billsf12894f2018-10-09 12:45:45 -07001567 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001568 return;
1569 }
1570
Joseph Reynolds900f9492019-11-25 15:37:29 -06001571 // Perform a proper ConfigureSelf authority check. If the
1572 // user is operating on an account not their own, then their
1573 // ConfigureSelf privilege does not apply. In this case,
1574 // perform the authority check again without the user's
1575 // ConfigureSelf privilege.
1576 if (req.session->username != params[0])
1577 {
1578 if (!isAllowedWithoutConfigureSelf(req))
1579 {
1580 BMCWEB_LOG_DEBUG << "GET Account denied access";
1581 messages::insufficientPrivilege(asyncResp->res);
1582 return;
1583 }
1584 }
1585
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001586 crow::connections::systemBus->async_method_call(
1587 [asyncResp, accountName{std::string(params[0])}](
1588 const boost::system::error_code ec,
1589 const ManagedObjectType& users) {
1590 if (ec)
1591 {
Jason M. Billsf12894f2018-10-09 12:45:45 -07001592 messages::internalError(asyncResp->res);
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001593 return;
1594 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301595 auto userIt = users.begin();
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001596
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301597 for (; userIt != users.end(); userIt++)
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001598 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301599 if (boost::ends_with(userIt->first.str, "/" + accountName))
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001600 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301601 break;
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001602 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301603 }
1604 if (userIt == users.end())
1605 {
1606 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
1607 accountName);
1608 return;
1609 }
Ayushi Smriti4e68c452019-09-04 14:37:55 +05301610
1611 asyncResp->res.jsonValue = {
Gunnar Mills8114bd42020-06-11 20:55:21 -05001612 {"@odata.type", "#ManagerAccount.v1_4_0.ManagerAccount"},
Ayushi Smriti4e68c452019-09-04 14:37:55 +05301613 {"Name", "User Account"},
1614 {"Description", "User Account"},
Gunnar Mills8114bd42020-06-11 20:55:21 -05001615 {"Password", nullptr},
1616 {"AccountTypes", {"Redfish"}}};
Ayushi Smriti4e68c452019-09-04 14:37:55 +05301617
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301618 for (const auto& interface : userIt->second)
1619 {
1620 if (interface.first ==
1621 "xyz.openbmc_project.User.Attributes")
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001622 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301623 for (const auto& property : interface.second)
Ed Tanous65b0dc32018-09-19 16:04:03 -07001624 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301625 if (property.first == "UserEnabled")
Ed Tanous65b0dc32018-09-19 16:04:03 -07001626 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301627 const bool* userEnabled =
Ed Tanousabf2add2019-01-22 16:40:12 -08001628 std::get_if<bool>(&property.second);
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301629 if (userEnabled == nullptr)
Ed Tanous65b0dc32018-09-19 16:04:03 -07001630 {
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301631 BMCWEB_LOG_ERROR
1632 << "UserEnabled wasn't a bool";
1633 messages::internalError(asyncResp->res);
1634 return;
Ed Tanous65b0dc32018-09-19 16:04:03 -07001635 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301636 asyncResp->res.jsonValue["Enabled"] =
1637 *userEnabled;
1638 }
1639 else if (property.first ==
1640 "UserLockedForFailedAttempt")
1641 {
1642 const bool* userLocked =
Ed Tanousabf2add2019-01-22 16:40:12 -08001643 std::get_if<bool>(&property.second);
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301644 if (userLocked == nullptr)
1645 {
1646 BMCWEB_LOG_ERROR << "UserLockedForF"
1647 "ailedAttempt "
1648 "wasn't a bool";
1649 messages::internalError(asyncResp->res);
1650 return;
1651 }
1652 asyncResp->res.jsonValue["Locked"] =
1653 *userLocked;
Ratan Gupta24c85422019-01-30 19:41:24 +05301654 asyncResp->res.jsonValue
1655 ["Locked@Redfish.AllowableValues"] = {
Joseph Reynolds3bf4e632020-02-06 14:44:32 -06001656 "false"}; // can only unlock accounts
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301657 }
1658 else if (property.first == "UserPrivilege")
1659 {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001660 const std::string* userPrivPtr =
Ed Tanousabf2add2019-01-22 16:40:12 -08001661 std::get_if<std::string>(&property.second);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001662 if (userPrivPtr == nullptr)
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301663 {
1664 BMCWEB_LOG_ERROR
1665 << "UserPrivilege wasn't a "
1666 "string";
1667 messages::internalError(asyncResp->res);
1668 return;
1669 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001670 std::string role =
1671 getRoleIdFromPrivilege(*userPrivPtr);
1672 if (role.empty())
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301673 {
1674 BMCWEB_LOG_ERROR << "Invalid user role";
1675 messages::internalError(asyncResp->res);
1676 return;
1677 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001678 asyncResp->res.jsonValue["RoleId"] = role;
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301679
1680 asyncResp->res.jsonValue["Links"]["Role"] = {
1681 {"@odata.id", "/redfish/v1/AccountService/"
1682 "Roles/" +
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001683 role}};
Ed Tanous65b0dc32018-09-19 16:04:03 -07001684 }
Joseph Reynolds3bf4e632020-02-06 14:44:32 -06001685 else if (property.first == "UserPasswordExpired")
1686 {
1687 const bool* userPasswordExpired =
1688 std::get_if<bool>(&property.second);
1689 if (userPasswordExpired == nullptr)
1690 {
1691 BMCWEB_LOG_ERROR << "UserPassword"
1692 "Expired "
1693 "wasn't a bool";
1694 messages::internalError(asyncResp->res);
1695 return;
1696 }
1697 asyncResp->res
1698 .jsonValue["PasswordChangeRequired"] =
1699 *userPasswordExpired;
1700 }
Ed Tanous65b0dc32018-09-19 16:04:03 -07001701 }
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001702 }
1703 }
1704
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301705 asyncResp->res.jsonValue["@odata.id"] =
1706 "/redfish/v1/AccountService/Accounts/" + accountName;
1707 asyncResp->res.jsonValue["Id"] = accountName;
1708 asyncResp->res.jsonValue["UserName"] = accountName;
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001709 },
1710 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1711 "org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
1712 }
Ed Tanousa8408792018-09-05 16:08:38 -07001713
zhanghch058d1b46d2021-04-01 11:18:24 +08001714 void doPatch(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1715 const crow::Request& req,
Ed Tanousa8408792018-09-05 16:08:38 -07001716 const std::vector<std::string>& params) override
1717 {
zhanghch058d1b46d2021-04-01 11:18:24 +08001718
Ed Tanousa8408792018-09-05 16:08:38 -07001719 if (params.size() != 1)
1720 {
Jason M. Billsf12894f2018-10-09 12:45:45 -07001721 messages::internalError(asyncResp->res);
Ed Tanousa8408792018-09-05 16:08:38 -07001722 return;
1723 }
1724
Ed Tanousa24526d2018-12-10 15:17:59 -08001725 std::optional<std::string> newUserName;
1726 std::optional<std::string> password;
1727 std::optional<bool> enabled;
1728 std::optional<std::string> roleId;
Ratan Gupta24c85422019-01-30 19:41:24 +05301729 std::optional<bool> locked;
zhanghch058d1b46d2021-04-01 11:18:24 +08001730 if (!json_util::readJson(req, asyncResp->res, "UserName", newUserName,
1731 "Password", password, "RoleId", roleId,
1732 "Enabled", enabled, "Locked", locked))
Ed Tanousa8408792018-09-05 16:08:38 -07001733 {
1734 return;
1735 }
1736
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301737 const std::string& username = params[0];
Ed Tanousa8408792018-09-05 16:08:38 -07001738
Joseph Reynolds900f9492019-11-25 15:37:29 -06001739 // Perform a proper ConfigureSelf authority check. If the
1740 // session is being used to PATCH a property other than
1741 // Password, then the ConfigureSelf privilege does not apply.
1742 // If the user is operating on an account not their own, then
1743 // their ConfigureSelf privilege does not apply. In either
1744 // case, perform the authority check again without the user's
1745 // ConfigureSelf privilege.
1746 if ((username != req.session->username) ||
1747 (newUserName || enabled || roleId || locked))
1748 {
1749 if (!isAllowedWithoutConfigureSelf(req))
1750 {
1751 BMCWEB_LOG_WARNING << "PATCH Password denied access";
1752 asyncResp->res.clear();
1753 messages::insufficientPrivilege(asyncResp->res);
1754 return;
1755 }
1756 }
1757
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +00001758 // if user name is not provided in the patch method or if it
1759 // matches the user name in the URI, then we are treating it as updating
1760 // user properties other then username. If username provided doesn't
1761 // match the URI, then we are treating this as user rename request.
1762 if (!newUserName || (newUserName.value() == username))
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301763 {
Ratan Gupta24c85422019-01-30 19:41:24 +05301764 updateUserProperties(asyncResp, username, password, enabled, roleId,
1765 locked);
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301766 return;
1767 }
Ed Tanous3174e4d2020-10-07 11:41:22 -07001768 crow::connections::systemBus->async_method_call(
1769 [this, asyncResp, username, password(std::move(password)),
Ed Tanousf23b7292020-10-15 09:41:17 -07001770 roleId(std::move(roleId)), enabled,
Ed Tanous3174e4d2020-10-07 11:41:22 -07001771 newUser{std::string(*newUserName)},
Ed Tanousf23b7292020-10-15 09:41:17 -07001772 locked](const boost::system::error_code ec,
1773 sdbusplus::message::message& m) {
Ed Tanous3174e4d2020-10-07 11:41:22 -07001774 if (ec)
1775 {
1776 userErrorMessageHandler(m.get_error(), asyncResp, newUser,
1777 username);
1778 return;
1779 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301780
Ed Tanous3174e4d2020-10-07 11:41:22 -07001781 updateUserProperties(asyncResp, newUser, password, enabled,
1782 roleId, locked);
1783 },
1784 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
1785 "xyz.openbmc_project.User.Manager", "RenameUser", username,
1786 *newUserName);
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301787 }
1788
zhanghch058d1b46d2021-04-01 11:18:24 +08001789 void updateUserProperties(std::shared_ptr<bmcweb::AsyncResp> asyncResp,
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301790 const std::string& username,
Ed Tanousa24526d2018-12-10 15:17:59 -08001791 std::optional<std::string> password,
1792 std::optional<bool> enabled,
Ratan Gupta24c85422019-01-30 19:41:24 +05301793 std::optional<std::string> roleId,
1794 std::optional<bool> locked)
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301795 {
Ratan Gupta24c85422019-01-30 19:41:24 +05301796 std::string dbusObjectPath = "/xyz/openbmc_project/user/" + username;
1797 dbus::utility::escapePathForDbus(dbusObjectPath);
1798
Ratan Gupta22c33712019-05-03 21:50:28 +05301799 dbus::utility::checkDbusPathExists(
Ratan Gupta24c85422019-01-30 19:41:24 +05301800 dbusObjectPath,
1801 [dbusObjectPath(std::move(dbusObjectPath)), username,
Ed Tanousf23b7292020-10-15 09:41:17 -07001802 password(std::move(password)), roleId(std::move(roleId)), enabled,
1803 locked, asyncResp{std::move(asyncResp)}](int rc) {
Ratan Gupta24c85422019-01-30 19:41:24 +05301804 if (!rc)
1805 {
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +00001806 messages::resourceNotFound(
Gunnar Mills8114bd42020-06-11 20:55:21 -05001807 asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount",
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +00001808 username);
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301809 return;
Ratan Gupta24c85422019-01-30 19:41:24 +05301810 }
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +00001811
1812 if (password)
1813 {
1814 int retval = pamUpdatePassword(username, *password);
1815
1816 if (retval == PAM_USER_UNKNOWN)
1817 {
1818 messages::resourceNotFound(
1819 asyncResp->res,
Gunnar Mills8114bd42020-06-11 20:55:21 -05001820 "#ManagerAccount.v1_4_0.ManagerAccount", username);
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +00001821 }
1822 else if (retval == PAM_AUTHTOK_ERR)
1823 {
1824 // If password is invalid
1825 messages::propertyValueFormatError(
1826 asyncResp->res, *password, "Password");
1827 BMCWEB_LOG_ERROR << "pamUpdatePassword Failed";
1828 }
1829 else if (retval != PAM_SUCCESS)
1830 {
1831 messages::internalError(asyncResp->res);
1832 return;
1833 }
1834 }
1835
Ratan Gupta24c85422019-01-30 19:41:24 +05301836 if (enabled)
1837 {
1838 crow::connections::systemBus->async_method_call(
1839 [asyncResp](const boost::system::error_code ec) {
1840 if (ec)
1841 {
1842 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1843 << ec;
1844 messages::internalError(asyncResp->res);
1845 return;
1846 }
1847 messages::success(asyncResp->res);
1848 return;
1849 },
1850 "xyz.openbmc_project.User.Manager",
1851 dbusObjectPath.c_str(),
1852 "org.freedesktop.DBus.Properties", "Set",
1853 "xyz.openbmc_project.User.Attributes", "UserEnabled",
1854 std::variant<bool>{*enabled});
1855 }
Ed Tanous9712f8a2018-09-21 13:38:49 -07001856
Ratan Gupta24c85422019-01-30 19:41:24 +05301857 if (roleId)
1858 {
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001859 std::string priv = getPrivilegeFromRoleId(*roleId);
Ratan Gupta24c85422019-01-30 19:41:24 +05301860 if (priv.empty())
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301861 {
Ratan Gupta24c85422019-01-30 19:41:24 +05301862 messages::propertyValueNotInList(asyncResp->res,
1863 *roleId, "RoleId");
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301864 return;
1865 }
jayaprakash Mutyala96200602020-04-08 11:09:10 +00001866 if (priv == "priv-noaccess")
1867 {
1868 priv = "";
1869 }
Ratan Gupta24c85422019-01-30 19:41:24 +05301870
1871 crow::connections::systemBus->async_method_call(
1872 [asyncResp](const boost::system::error_code ec) {
1873 if (ec)
1874 {
1875 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1876 << ec;
1877 messages::internalError(asyncResp->res);
1878 return;
1879 }
1880 messages::success(asyncResp->res);
1881 },
1882 "xyz.openbmc_project.User.Manager",
1883 dbusObjectPath.c_str(),
1884 "org.freedesktop.DBus.Properties", "Set",
1885 "xyz.openbmc_project.User.Attributes", "UserPrivilege",
1886 std::variant<std::string>{priv});
1887 }
1888
1889 if (locked)
1890 {
1891 // admin can unlock the account which is locked by
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -06001892 // successive authentication failures but admin should
1893 // not be allowed to lock an account.
Ratan Gupta24c85422019-01-30 19:41:24 +05301894 if (*locked)
1895 {
1896 messages::propertyValueNotInList(asyncResp->res, "true",
1897 "Locked");
1898 return;
1899 }
1900
1901 crow::connections::systemBus->async_method_call(
1902 [asyncResp](const boost::system::error_code ec) {
1903 if (ec)
1904 {
1905 BMCWEB_LOG_ERROR << "D-Bus responses error: "
1906 << ec;
1907 messages::internalError(asyncResp->res);
1908 return;
1909 }
1910 messages::success(asyncResp->res);
1911 return;
1912 },
1913 "xyz.openbmc_project.User.Manager",
1914 dbusObjectPath.c_str(),
1915 "org.freedesktop.DBus.Properties", "Set",
1916 "xyz.openbmc_project.User.Attributes",
1917 "UserLockedForFailedAttempt",
Patrick Williams19bd78d2020-05-13 17:38:24 -05001918 std::variant<bool>{*locked});
Ratan Gupta24c85422019-01-30 19:41:24 +05301919 }
1920 });
Ed Tanousa8408792018-09-05 16:08:38 -07001921 }
Ed Tanous06e086d2018-09-19 17:19:52 -07001922
zhanghch058d1b46d2021-04-01 11:18:24 +08001923 void doDelete(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1924 const crow::Request&,
Ed Tanous06e086d2018-09-19 17:19:52 -07001925 const std::vector<std::string>& params) override
1926 {
Ed Tanous06e086d2018-09-19 17:19:52 -07001927
1928 if (params.size() != 1)
1929 {
Jason M. Billsf12894f2018-10-09 12:45:45 -07001930 messages::internalError(asyncResp->res);
Ed Tanous06e086d2018-09-19 17:19:52 -07001931 return;
1932 }
1933
1934 const std::string userPath = "/xyz/openbmc_project/user/" + params[0];
1935
1936 crow::connections::systemBus->async_method_call(
Ed Tanousf23b7292020-10-15 09:41:17 -07001937 [asyncResp,
1938 username{params[0]}](const boost::system::error_code ec) {
Ed Tanous06e086d2018-09-19 17:19:52 -07001939 if (ec)
1940 {
Jason M. Billsf12894f2018-10-09 12:45:45 -07001941 messages::resourceNotFound(
Gunnar Mills8114bd42020-06-11 20:55:21 -05001942 asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount",
Jason M. Billsf12894f2018-10-09 12:45:45 -07001943 username);
Ed Tanous06e086d2018-09-19 17:19:52 -07001944 return;
1945 }
1946
Jason M. Billsf12894f2018-10-09 12:45:45 -07001947 messages::accountRemoved(asyncResp->res);
Ed Tanous06e086d2018-09-19 17:19:52 -07001948 },
1949 "xyz.openbmc_project.User.Manager", userPath,
1950 "xyz.openbmc_project.Object.Delete", "Delete");
1951 }
AppaRao Puli84e12cb2018-10-11 01:28:15 +05301952};
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +01001953
Ed Tanous1abe55e2018-09-05 08:30:59 -07001954} // namespace redfish