blob: 7061c9aa70d19abf446aa30dd1902d8fe06dfbf8 [file] [log] [blame]
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Borawski.Lukasz43a095a2018-02-19 15:39:01 +010017
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080018#include "app.hpp"
Kowalski, Kamilf4c4dcf2018-01-29 14:55:35 +010019#include "error_messages.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080020#include "http/utility.hpp"
Ed Tanous52cc1122020-07-18 13:51:21 -070021#include "persistent_data.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080022#include "query.hpp"
23#include "registries/privilege_registry.hpp"
24#include "utils/json_utils.hpp"
John Edward Broadbent7e860f12021-04-08 15:57:16 -070025
Ed Tanousef4c65b2023-04-24 15:28:50 -070026#include <boost/url/format.hpp>
27
Ed Tanous1abe55e2018-09-05 08:30:59 -070028namespace redfish
29{
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010030
Ed Tanous4f48d5f2021-06-21 08:27:45 -070031inline void fillSessionObject(crow::Response& res,
32 const persistent_data::UserSession& session)
Ed Tanous1abe55e2018-09-05 08:30:59 -070033{
Ed Tanousfaa34cc2021-06-03 13:27:02 -070034 res.jsonValue["Id"] = session.uniqueId;
35 res.jsonValue["UserName"] = session.username;
Ed Tanousef4c65b2023-04-24 15:28:50 -070036 res.jsonValue["@odata.id"] = boost::urls::format(
37 "/redfish/v1/SessionService/Sessions/{}", session.uniqueId);
Ed Tanousbb759e32022-08-02 17:07:54 -070038 res.jsonValue["@odata.type"] = "#Session.v1_5_0.Session";
Ed Tanousfaa34cc2021-06-03 13:27:02 -070039 res.jsonValue["Name"] = "User Session";
40 res.jsonValue["Description"] = "Manager User Session";
41 res.jsonValue["ClientOriginIPAddress"] = session.clientIp;
Ed Tanousbb759e32022-08-02 17:07:54 -070042 if (session.clientId)
43 {
44 res.jsonValue["Context"] = *session.clientId;
45 }
Ed Tanousfaa34cc2021-06-03 13:27:02 -070046}
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +010047
Ed Tanous724340d2022-03-14 09:10:07 -070048inline void
Ed Tanousa1e08712022-07-07 16:10:39 -070049 handleSessionHead(crow::App& app, const crow::Request& req,
50 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
51 const std::string& /*sessionId*/)
Ed Tanous724340d2022-03-14 09:10:07 -070052{
Carson Labrado3ba00072022-06-06 19:40:56 +000053 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -070054 {
55 return;
56 }
Ed Tanousa1e08712022-07-07 16:10:39 -070057 asyncResp->res.addHeader(
58 boost::beast::http::field::link,
59 "</redfish/v1/JsonSchemas/Session/Session.json>; rel=describedby");
60}
61
62inline void
63 handleSessionGet(crow::App& app, const crow::Request& req,
64 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
65 const std::string& sessionId)
66{
Ed Tanous65ffbcb2023-05-16 08:54:11 -070067 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
68 {
69 return;
70 }
71 asyncResp->res.addHeader(
72 boost::beast::http::field::link,
73 "</redfish/v1/JsonSchemas/Session/Session.json>; rel=describedby");
Ed Tanousa1e08712022-07-07 16:10:39 -070074
Ed Tanous724340d2022-03-14 09:10:07 -070075 // Note that control also reaches here via doPost and doDelete.
76 auto session =
77 persistent_data::SessionStore::getInstance().getSessionByUid(sessionId);
78
79 if (session == nullptr)
80 {
81 messages::resourceNotFound(asyncResp->res, "Session", sessionId);
82 return;
83 }
84
85 fillSessionObject(asyncResp->res, *session);
86}
87
88inline void
Ed Tanous45ca1b82022-03-25 13:07:27 -070089 handleSessionDelete(crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -070090 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
91 const std::string& sessionId)
92{
Carson Labrado3ba00072022-06-06 19:40:56 +000093 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -070094 {
95 return;
96 }
Ed Tanous724340d2022-03-14 09:10:07 -070097 auto session =
98 persistent_data::SessionStore::getInstance().getSessionByUid(sessionId);
99
100 if (session == nullptr)
101 {
102 messages::resourceNotFound(asyncResp->res, "Session", sessionId);
103 return;
104 }
105
106 // Perform a proper ConfigureSelf authority check. If a
107 // session is being used to DELETE some other user's session,
108 // then the ConfigureSelf privilege does not apply. In that
109 // case, perform the authority check again without the user's
110 // ConfigureSelf privilege.
wukaihua-fii-na0fd29862022-05-18 09:19:16 +0800111 if (req.session != nullptr && !session->username.empty() &&
112 session->username != req.session->username)
Ed Tanous724340d2022-03-14 09:10:07 -0700113 {
114 Privileges effectiveUserPrivileges =
Ninad Palsule3e72c202023-03-27 17:19:55 -0500115 redfish::getUserPrivileges(*req.session);
Ed Tanous724340d2022-03-14 09:10:07 -0700116
117 if (!effectiveUserPrivileges.isSupersetOf({"ConfigureUsers"}))
118 {
119 messages::insufficientPrivilege(asyncResp->res);
120 return;
121 }
122 }
123
124 persistent_data::SessionStore::getInstance().removeSession(session);
125 messages::success(asyncResp->res);
126}
127
128inline nlohmann::json getSessionCollectionMembers()
129{
130 std::vector<const std::string*> sessionIds =
131 persistent_data::SessionStore::getInstance().getUniqueIds(
132 false, persistent_data::PersistenceType::TIMEOUT);
133 nlohmann::json ret = nlohmann::json::array();
134 for (const std::string* uid : sessionIds)
135 {
Ed Tanous14766872022-03-15 10:44:42 -0700136 nlohmann::json::object_t session;
Ed Tanousef4c65b2023-04-24 15:28:50 -0700137 session["@odata.id"] =
138 boost::urls::format("/redfish/v1/SessionService/Sessions/{}", *uid);
Patrick Williamsb2ba3072023-05-12 10:27:39 -0500139 ret.emplace_back(std::move(session));
Ed Tanous724340d2022-03-14 09:10:07 -0700140 }
141 return ret;
142}
143
Ed Tanousa1e08712022-07-07 16:10:39 -0700144inline void handleSessionCollectionHead(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700145 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700146 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
147{
Carson Labrado3ba00072022-06-06 19:40:56 +0000148 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700149 {
150 return;
151 }
Ed Tanousa1e08712022-07-07 16:10:39 -0700152 asyncResp->res.addHeader(
153 boost::beast::http::field::link,
154 "</redfish/v1/JsonSchemas/SessionCollection.json>; rel=describedby");
155}
156
157inline void handleSessionCollectionGet(
158 crow::App& app, const crow::Request& req,
159 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
160{
Ed Tanous01a89a12022-08-05 09:18:54 -0700161 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
162 {
163 return;
164 }
165 asyncResp->res.addHeader(
166 boost::beast::http::field::link,
167 "</redfish/v1/JsonSchemas/SessionCollection.json>; rel=describedby");
168
Ed Tanous724340d2022-03-14 09:10:07 -0700169 asyncResp->res.jsonValue["Members"] = getSessionCollectionMembers();
170 asyncResp->res.jsonValue["Members@odata.count"] =
171 asyncResp->res.jsonValue["Members"].size();
172 asyncResp->res.jsonValue["@odata.type"] =
173 "#SessionCollection.SessionCollection";
174 asyncResp->res.jsonValue["@odata.id"] =
175 "/redfish/v1/SessionService/Sessions/";
176 asyncResp->res.jsonValue["Name"] = "Session Collection";
177 asyncResp->res.jsonValue["Description"] = "Session Collection";
178}
179
180inline void handleSessionCollectionMembersGet(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700181 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700182 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
183{
Carson Labrado3ba00072022-06-06 19:40:56 +0000184 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700185 {
186 return;
187 }
Ed Tanous724340d2022-03-14 09:10:07 -0700188 asyncResp->res.jsonValue = getSessionCollectionMembers();
189}
190
Ed Tanous4ee8e212022-05-28 09:42:51 -0700191inline void handleSessionCollectionPost(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700192 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700193 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
194{
Carson Labrado3ba00072022-06-06 19:40:56 +0000195 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700196 {
197 return;
198 }
Ed Tanous724340d2022-03-14 09:10:07 -0700199 std::string username;
200 std::string password;
Ed Tanousbb759e32022-08-02 17:07:54 -0700201 std::optional<std::string> clientId;
Ed Tanous724340d2022-03-14 09:10:07 -0700202 if (!json_util::readJsonPatch(req, asyncResp->res, "UserName", username,
Ed Tanousd678d4f2023-01-07 14:40:40 -0800203 "Password", password, "Context", clientId))
Ed Tanous724340d2022-03-14 09:10:07 -0700204 {
205 return;
206 }
207
208 if (password.empty() || username.empty() ||
209 asyncResp->res.result() != boost::beast::http::status::ok)
210 {
211 if (username.empty())
212 {
213 messages::propertyMissing(asyncResp->res, "UserName");
214 }
215
216 if (password.empty())
217 {
218 messages::propertyMissing(asyncResp->res, "Password");
219 }
220
221 return;
222 }
223
224 int pamrc = pamAuthenticateUser(username, password);
225 bool isConfigureSelfOnly = pamrc == PAM_NEW_AUTHTOK_REQD;
226 if ((pamrc != PAM_SUCCESS) && !isConfigureSelfOnly)
227 {
Ed Tanous39662a32023-02-06 15:09:46 -0800228 messages::resourceAtUriUnauthorized(asyncResp->res, req.url(),
Ed Tanous724340d2022-03-14 09:10:07 -0700229 "Invalid username or password");
230 return;
231 }
Ed Tanous724340d2022-03-14 09:10:07 -0700232
233 // User is authenticated - create session
234 std::shared_ptr<persistent_data::UserSession> session =
235 persistent_data::SessionStore::getInstance().generateUserSession(
236 username, req.ipAddress, clientId,
237 persistent_data::PersistenceType::TIMEOUT, isConfigureSelfOnly);
Brad Bishop02e53ae2022-07-29 14:38:40 -0400238 if (session == nullptr)
239 {
240 messages::internalError(asyncResp->res);
241 return;
242 }
243
Ed Tanous724340d2022-03-14 09:10:07 -0700244 asyncResp->res.addHeader("X-Auth-Token", session->sessionToken);
245 asyncResp->res.addHeader(
246 "Location", "/redfish/v1/SessionService/Sessions/" + session->uniqueId);
247 asyncResp->res.result(boost::beast::http::status::created);
248 if (session->isConfigureSelfOnly)
249 {
250 messages::passwordChangeRequired(
251 asyncResp->res,
Ed Tanousef4c65b2023-04-24 15:28:50 -0700252 boost::urls::format("/redfish/v1/AccountService/Accounts/{}",
253 session->username));
Ed Tanous724340d2022-03-14 09:10:07 -0700254 }
255
256 fillSessionObject(asyncResp->res, *session);
257}
Ed Tanousa1e08712022-07-07 16:10:39 -0700258inline void handleSessionServiceHead(
259 crow::App& app, const crow::Request& req,
260 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
261{
Ed Tanousa1e08712022-07-07 16:10:39 -0700262 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
263 {
264 return;
265 }
266 asyncResp->res.addHeader(
267 boost::beast::http::field::link,
268 "</redfish/v1/JsonSchemas/SessionService/SessionService.json>; rel=describedby");
269}
Ed Tanous724340d2022-03-14 09:10:07 -0700270inline void
Ed Tanous45ca1b82022-03-25 13:07:27 -0700271 handleSessionServiceGet(crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700272 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
273
274{
Gunnar Mills78e39002023-05-17 11:52:44 -0500275 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
276 {
277 return;
278 }
279 asyncResp->res.addHeader(
280 boost::beast::http::field::link,
281 "</redfish/v1/JsonSchemas/SessionService/SessionService.json>; rel=describedby");
282
Ed Tanous724340d2022-03-14 09:10:07 -0700283 asyncResp->res.jsonValue["@odata.type"] =
284 "#SessionService.v1_0_2.SessionService";
285 asyncResp->res.jsonValue["@odata.id"] = "/redfish/v1/SessionService/";
286 asyncResp->res.jsonValue["Name"] = "Session Service";
287 asyncResp->res.jsonValue["Id"] = "SessionService";
288 asyncResp->res.jsonValue["Description"] = "Session Service";
289 asyncResp->res.jsonValue["SessionTimeout"] =
290 persistent_data::SessionStore::getInstance().getTimeoutInSeconds();
291 asyncResp->res.jsonValue["ServiceEnabled"] = true;
292
Ed Tanous14766872022-03-15 10:44:42 -0700293 asyncResp->res.jsonValue["Sessions"]["@odata.id"] =
294 "/redfish/v1/SessionService/Sessions";
Ed Tanous724340d2022-03-14 09:10:07 -0700295}
296
297inline void handleSessionServicePatch(
Ed Tanous45ca1b82022-03-25 13:07:27 -0700298 crow::App& app, const crow::Request& req,
Ed Tanous724340d2022-03-14 09:10:07 -0700299 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
300{
Carson Labrado3ba00072022-06-06 19:40:56 +0000301 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
Ed Tanous45ca1b82022-03-25 13:07:27 -0700302 {
303 return;
304 }
Ed Tanous724340d2022-03-14 09:10:07 -0700305 std::optional<int64_t> sessionTimeout;
306 if (!json_util::readJsonPatch(req, asyncResp->res, "SessionTimeout",
307 sessionTimeout))
308 {
309 return;
310 }
311
312 if (sessionTimeout)
313 {
Ed Tanous8ece0e42024-01-02 13:16:50 -0800314 // The minimum & maximum allowed values for session timeout
Ed Tanous724340d2022-03-14 09:10:07 -0700315 // are 30 seconds and 86400 seconds respectively as per the
316 // session service schema mentioned at
317 // https://redfish.dmtf.org/schemas/v1/SessionService.v1_1_7.json
318
319 if (*sessionTimeout <= 86400 && *sessionTimeout >= 30)
320 {
321 std::chrono::seconds sessionTimeoutInseconds(*sessionTimeout);
322 persistent_data::SessionStore::getInstance().updateSessionTimeout(
323 sessionTimeoutInseconds);
324 messages::propertyValueModified(asyncResp->res, "SessionTimeOut",
325 std::to_string(*sessionTimeout));
326 }
327 else
328 {
Ed Tanouse2616cc2022-06-27 12:45:55 -0700329 messages::propertyValueNotInList(asyncResp->res, *sessionTimeout,
Ed Tanous724340d2022-03-14 09:10:07 -0700330 "SessionTimeOut");
331 }
332 }
333}
334
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700335inline void requestRoutesSession(App& app)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700336{
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700337 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
Ed Tanousa1e08712022-07-07 16:10:39 -0700338 .privileges(redfish::privileges::headSession)
339 .methods(boost::beast::http::verb::head)(
340 std::bind_front(handleSessionHead, std::ref(app)));
341
342 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700343 .privileges(redfish::privileges::getSession)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700344 .methods(boost::beast::http::verb::get)(
345 std::bind_front(handleSessionGet, std::ref(app)));
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100346
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700347 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -0700348 .privileges(redfish::privileges::deleteSession)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700349 .methods(boost::beast::http::verb::delete_)(
350 std::bind_front(handleSessionDelete, std::ref(app)));
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700351
352 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
Ed Tanousa1e08712022-07-07 16:10:39 -0700353 .privileges(redfish::privileges::headSessionCollection)
354 .methods(boost::beast::http::verb::head)(
355 std::bind_front(handleSessionCollectionHead, std::ref(app)));
356
357 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
Ed Tanoused398212021-06-09 17:05:54 -0700358 .privileges(redfish::privileges::getSessionCollection)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700359 .methods(boost::beast::http::verb::get)(
360 std::bind_front(handleSessionCollectionGet, std::ref(app)));
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700361
Ed Tanouse76cd862022-03-14 09:12:00 -0700362 // Note, the next two routes technically don't match the privilege
Ed Tanous724340d2022-03-14 09:10:07 -0700363 // registry given the way login mechanisms work. The base privilege
364 // registry lists this endpoint as requiring login privilege, but because
365 // this is the endpoint responsible for giving the login privilege, and it
366 // is itself its own route, it needs to not require Login
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700367 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/")
368 .privileges({})
Ed Tanous45ca1b82022-03-25 13:07:27 -0700369 .methods(boost::beast::http::verb::post)(
370 std::bind_front(handleSessionCollectionPost, std::ref(app)));
Kowalski, Kamil2b7981f2018-01-31 13:24:59 +0100371
Ed Tanouse76cd862022-03-14 09:12:00 -0700372 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/Sessions/Members/")
373 .privileges({})
Ed Tanous45ca1b82022-03-25 13:07:27 -0700374 .methods(boost::beast::http::verb::post)(
375 std::bind_front(handleSessionCollectionPost, std::ref(app)));
Ed Tanouse76cd862022-03-14 09:12:00 -0700376
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700377 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
Ed Tanousa1e08712022-07-07 16:10:39 -0700378 .privileges(redfish::privileges::headSessionService)
379 .methods(boost::beast::http::verb::head)(
380 std::bind_front(handleSessionServiceHead, std::ref(app)));
381
382 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
Ed Tanoused398212021-06-09 17:05:54 -0700383 .privileges(redfish::privileges::getSessionService)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700384 .methods(boost::beast::http::verb::get)(
385 std::bind_front(handleSessionServiceGet, std::ref(app)));
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100386
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700387 BMCWEB_ROUTE(app, "/redfish/v1/SessionService/")
Ed Tanoused398212021-06-09 17:05:54 -0700388 .privileges(redfish::privileges::patchSessionService)
Ed Tanous45ca1b82022-03-25 13:07:27 -0700389 .methods(boost::beast::http::verb::patch)(
390 std::bind_front(handleSessionServicePatch, std::ref(app)));
Ed Tanousfaa34cc2021-06-03 13:27:02 -0700391}
Borawski.Lukasz5d27b852018-02-08 13:24:24 +0100392
Ed Tanous1abe55e2018-09-05 08:30:59 -0700393} // namespace redfish