blob: 70a1506806e660a137a00ab30d8979fb05464fc5 [file] [log] [blame]
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +01001/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +010017
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080018#include "app.hpp"
19#include "dbus_utility.hpp"
20#include "error_messages.hpp"
Ed Tanous0ec8b832022-03-14 14:56:47 -070021#include "generated/enums/account_service.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080022#include "openbmc_dbus_rest.hpp"
23#include "persistent_data.hpp"
24#include "query.hpp"
Ed Tanous0ec8b832022-03-14 14:56:47 -070025#include "registries/privilege_registry.hpp"
Ed Tanous3ccb3ad2023-01-13 17:40:03 -080026#include "utils/dbus_utils.hpp"
27#include "utils/json_utils.hpp"
Ed Tanous0ec8b832022-03-14 14:56:47 -070028
Jonathan Doman1e1e5982021-06-11 09:36:17 -070029#include <sdbusplus/asio/property.hpp>
Krzysztof Grobelnyd1bde9e2022-09-07 10:40:51 +020030#include <sdbusplus/unpack_properties.hpp>
Gunnar Mills1214b7e2020-06-04 10:11:30 -050031
George Liu2b731192023-01-11 16:27:13 +080032#include <array>
Abhishek Patelc7229812022-02-01 10:07:15 -060033#include <optional>
Ed Tanous3544d2a2023-08-06 18:12:20 -070034#include <ranges>
Abhishek Patelc7229812022-02-01 10:07:15 -060035#include <string>
George Liu2b731192023-01-11 16:27:13 +080036#include <string_view>
Abhishek Patelc7229812022-02-01 10:07:15 -060037#include <vector>
38
Ed Tanous1abe55e2018-09-05 08:30:59 -070039namespace redfish
40{
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +010041
Ed Tanous23a21a12020-07-25 04:45:05 +000042constexpr const char* ldapConfigObjectName =
Ratan Gupta6973a582018-12-13 18:25:44 +053043 "/xyz/openbmc_project/user/ldap/openldap";
Ed Tanous2c70f802020-09-28 14:29:23 -070044constexpr const char* adConfigObject =
Ratan Guptaab828d72019-04-22 14:18:33 +053045 "/xyz/openbmc_project/user/ldap/active_directory";
46
P Dheeraj Srujan Kumarb477fd42021-12-16 07:17:51 +053047constexpr const char* rootUserDbusPath = "/xyz/openbmc_project/user/";
Ratan Gupta6973a582018-12-13 18:25:44 +053048constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap";
49constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config";
50constexpr const char* ldapConfigInterface =
51 "xyz.openbmc_project.User.Ldap.Config";
52constexpr const char* ldapCreateInterface =
53 "xyz.openbmc_project.User.Ldap.Create";
54constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable";
Ratan Gupta06785242019-07-26 22:30:16 +053055constexpr const char* ldapPrivMapperInterface =
56 "xyz.openbmc_project.User.PrivilegeMapper";
Ratan Gupta6973a582018-12-13 18:25:44 +053057
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -060058struct LDAPRoleMapData
59{
60 std::string groupName;
61 std::string privilege;
62};
63
Ratan Gupta6973a582018-12-13 18:25:44 +053064struct LDAPConfigData
65{
66 std::string uri{};
67 std::string bindDN{};
68 std::string baseDN{};
69 std::string searchScope{};
70 std::string serverType{};
71 bool serviceEnabled = false;
72 std::string userNameAttribute{};
73 std::string groupAttribute{};
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -060074 std::vector<std::pair<std::string, LDAPRoleMapData>> groupRoleList;
Ratan Gupta6973a582018-12-13 18:25:44 +053075};
76
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -060077inline std::string getRoleIdFromPrivilege(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +053078{
79 if (role == "priv-admin")
80 {
81 return "Administrator";
82 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070083 if (role == "priv-user")
AppaRao Puli84e12cb2018-10-11 01:28:15 +053084 {
AppaRao Pulic80fee52019-10-16 14:49:36 +053085 return "ReadOnly";
AppaRao Puli84e12cb2018-10-11 01:28:15 +053086 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070087 if (role == "priv-operator")
AppaRao Puli84e12cb2018-10-11 01:28:15 +053088 {
89 return "Operator";
90 }
91 return "";
92}
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -060093inline std::string getPrivilegeFromRoleId(std::string_view role)
AppaRao Puli84e12cb2018-10-11 01:28:15 +053094{
95 if (role == "Administrator")
96 {
97 return "priv-admin";
98 }
Ed Tanous3174e4d2020-10-07 11:41:22 -070099 if (role == "ReadOnly")
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530100 {
101 return "priv-user";
102 }
Ed Tanous3174e4d2020-10-07 11:41:22 -0700103 if (role == "Operator")
AppaRao Puli84e12cb2018-10-11 01:28:15 +0530104 {
105 return "priv-operator";
106 }
107 return "";
108}
Ed Tanousb9b2e0b2018-09-13 13:47:50 -0700109
Abhishek Patelc7229812022-02-01 10:07:15 -0600110/**
111 * @brief Maps user group names retrieved from D-Bus object to
112 * Account Types.
113 *
114 * @param[in] userGroups List of User groups
115 * @param[out] res AccountTypes populated
116 *
117 * @return true in case of success, false if UserGroups contains
118 * invalid group name(s).
119 */
120inline bool translateUserGroup(const std::vector<std::string>& userGroups,
121 crow::Response& res)
122{
123 std::vector<std::string> accountTypes;
124 for (const auto& userGroup : userGroups)
125 {
126 if (userGroup == "redfish")
127 {
128 accountTypes.emplace_back("Redfish");
129 accountTypes.emplace_back("WebUI");
130 }
131 else if (userGroup == "ipmi")
132 {
133 accountTypes.emplace_back("IPMI");
134 }
135 else if (userGroup == "ssh")
136 {
Abhishek Patelc7229812022-02-01 10:07:15 -0600137 accountTypes.emplace_back("ManagerConsole");
138 }
Ninad Palsule3e72c202023-03-27 17:19:55 -0500139 else if (userGroup == "hostconsole")
140 {
141 // The hostconsole group controls who can access the host console
142 // port via ssh and websocket.
143 accountTypes.emplace_back("HostConsole");
144 }
Abhishek Patelc7229812022-02-01 10:07:15 -0600145 else if (userGroup == "web")
146 {
147 // 'web' is one of the valid groups in the UserGroups property of
148 // the user account in the D-Bus object. This group is currently not
149 // doing anything, and is considered to be equivalent to 'redfish'.
150 // 'redfish' user group is mapped to 'Redfish'and 'WebUI'
151 // AccountTypes, so do nothing here...
152 }
153 else
154 {
155 // Invalid user group name. Caller throws an excption.
156 return false;
157 }
158 }
159
160 res.jsonValue["AccountTypes"] = std::move(accountTypes);
161 return true;
162}
163
Abhishek Patel58345852022-02-02 08:54:25 -0600164/**
165 * @brief Builds User Groups from the Account Types
166 *
167 * @param[in] asyncResp Async Response
168 * @param[in] accountTypes List of Account Types
169 * @param[out] userGroups List of User Groups mapped from Account Types
170 *
171 * @return true if Account Types mapped to User Groups, false otherwise.
172 */
173inline bool
174 getUserGroupFromAccountType(crow::Response& res,
175 const std::vector<std::string>& accountTypes,
176 std::vector<std::string>& userGroups)
177{
178 // Need both Redfish and WebUI Account Types to map to 'redfish' User Group
179 bool redfishType = false;
180 bool webUIType = false;
181
182 for (const auto& accountType : accountTypes)
183 {
184 if (accountType == "Redfish")
185 {
186 redfishType = true;
187 }
188 else if (accountType == "WebUI")
189 {
190 webUIType = true;
191 }
192 else if (accountType == "IPMI")
193 {
194 userGroups.emplace_back("ipmi");
195 }
196 else if (accountType == "HostConsole")
197 {
198 userGroups.emplace_back("hostconsole");
199 }
200 else if (accountType == "ManagerConsole")
201 {
202 userGroups.emplace_back("ssh");
203 }
204 else
205 {
206 // Invalid Account Type
207 messages::propertyValueNotInList(res, "AccountTypes", accountType);
208 return false;
209 }
210 }
211
212 // Both Redfish and WebUI Account Types are needed to PATCH
213 if (redfishType ^ webUIType)
214 {
Ed Tanous62598e32023-07-17 17:06:25 -0700215 BMCWEB_LOG_ERROR(
216 "Missing Redfish or WebUI Account Type to set redfish User Group");
Abhishek Patel58345852022-02-02 08:54:25 -0600217 messages::strictAccountTypes(res, "AccountTypes");
218 return false;
219 }
220
221 if (redfishType && webUIType)
222 {
223 userGroups.emplace_back("redfish");
224 }
225
226 return true;
227}
228
229/**
230 * @brief Sets UserGroups property of the user based on the Account Types
231 *
232 * @param[in] accountTypes List of User Account Types
233 * @param[in] asyncResp Async Response
234 * @param[in] dbusObjectPath D-Bus Object Path
235 * @param[in] userSelf true if User is updating OWN Account Types
236 */
237inline void
238 patchAccountTypes(const std::vector<std::string>& accountTypes,
239 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
240 const std::string& dbusObjectPath, bool userSelf)
241{
242 // Check if User is disabling own Redfish Account Type
243 if (userSelf &&
244 (accountTypes.cend() ==
245 std::find(accountTypes.cbegin(), accountTypes.cend(), "Redfish")))
246 {
Ed Tanous62598e32023-07-17 17:06:25 -0700247 BMCWEB_LOG_ERROR(
248 "User disabling OWN Redfish Account Type is not allowed");
Abhishek Patel58345852022-02-02 08:54:25 -0600249 messages::strictAccountTypes(asyncResp->res, "AccountTypes");
250 return;
251 }
252
253 std::vector<std::string> updatedUserGroups;
254 if (!getUserGroupFromAccountType(asyncResp->res, accountTypes,
255 updatedUserGroups))
256 {
257 // Problem in mapping Account Types to User Groups, Error already
258 // logged.
259 return;
260 }
261
George Liu9ae226f2023-06-21 17:56:46 +0800262 sdbusplus::asio::setProperty(
263 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
264 dbusObjectPath, "xyz.openbmc_project.User.Attributes", "UserGroups",
265 updatedUserGroups, [asyncResp](const boost::system::error_code& ec) {
266 if (ec)
267 {
Ed Tanous62598e32023-07-17 17:06:25 -0700268 BMCWEB_LOG_ERROR("D-Bus responses error: {}", ec);
George Liu9ae226f2023-06-21 17:56:46 +0800269 messages::internalError(asyncResp->res);
270 return;
271 }
272 messages::success(asyncResp->res);
273 });
Abhishek Patel58345852022-02-02 08:54:25 -0600274}
275
zhanghch058d1b46d2021-04-01 11:18:24 +0800276inline void userErrorMessageHandler(
277 const sd_bus_error* e, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
278 const std::string& newUser, const std::string& username)
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000279{
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000280 if (e == nullptr)
281 {
282 messages::internalError(asyncResp->res);
283 return;
284 }
285
Manojkiran Eda055806b2020-11-03 09:36:28 +0530286 const char* errorMessage = e->name;
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000287 if (strcmp(errorMessage,
288 "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0)
289 {
Jiaqing Zhaod8a5d5d2022-08-05 16:21:51 +0800290 messages::resourceAlreadyExists(asyncResp->res, "ManagerAccount",
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000291 "UserName", newUser);
292 }
293 else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error."
294 "UserNameDoesNotExist") == 0)
295 {
Jiaqing Zhaod8a5d5d2022-08-05 16:21:51 +0800296 messages::resourceNotFound(asyncResp->res, "ManagerAccount", username);
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000297 }
Ed Tanousd4d25792020-09-29 15:15:03 -0700298 else if ((strcmp(errorMessage,
299 "xyz.openbmc_project.Common.Error.InvalidArgument") ==
300 0) ||
George Liu0fda0f12021-11-16 10:06:17 +0800301 (strcmp(
302 errorMessage,
303 "xyz.openbmc_project.User.Common.Error.UserNameGroupFail") ==
304 0))
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000305 {
306 messages::propertyValueFormatError(asyncResp->res, newUser, "UserName");
307 }
308 else if (strcmp(errorMessage,
309 "xyz.openbmc_project.User.Common.Error.NoResource") == 0)
310 {
311 messages::createLimitReachedForResource(asyncResp->res);
312 }
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000313 else
314 {
Gunnar Millsb8ad5832023-10-02 16:26:07 -0500315 BMCWEB_LOG_ERROR("DBUS response error {}", errorMessage);
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000316 messages::internalError(asyncResp->res);
317 }
jayaprakash Mutyala66b5ca72019-08-07 20:26:37 +0000318}
319
Ed Tanous81ce6092020-12-17 16:54:55 +0000320inline void parseLDAPConfigData(nlohmann::json& jsonResponse,
Ed Tanous23a21a12020-07-25 04:45:05 +0000321 const LDAPConfigData& confData,
322 const std::string& ldapType)
Ratan Gupta6973a582018-12-13 18:25:44 +0530323{
Patrick Williams89492a12023-05-10 07:51:34 -0500324 std::string service = (ldapType == "LDAP") ? "LDAPService"
325 : "ActiveDirectoryService";
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600326
Ed Tanous14766872022-03-15 10:44:42 -0700327 nlohmann::json& ldap = jsonResponse[ldapType];
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600328
Ed Tanous14766872022-03-15 10:44:42 -0700329 ldap["ServiceEnabled"] = confData.serviceEnabled;
330 ldap["ServiceAddresses"] = nlohmann::json::array({confData.uri});
Ed Tanous0ec8b832022-03-14 14:56:47 -0700331 ldap["Authentication"]["AuthenticationType"] =
332 account_service::AuthenticationTypes::UsernameAndPassword;
Ed Tanous14766872022-03-15 10:44:42 -0700333 ldap["Authentication"]["Username"] = confData.bindDN;
334 ldap["Authentication"]["Password"] = nullptr;
335
336 ldap["LDAPService"]["SearchSettings"]["BaseDistinguishedNames"] =
337 nlohmann::json::array({confData.baseDN});
338 ldap["LDAPService"]["SearchSettings"]["UsernameAttribute"] =
339 confData.userNameAttribute;
340 ldap["LDAPService"]["SearchSettings"]["GroupsAttribute"] =
341 confData.groupAttribute;
342
343 nlohmann::json& roleMapArray = ldap["RemoteRoleMapping"];
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600344 roleMapArray = nlohmann::json::array();
Ed Tanous9eb808c2022-01-25 10:19:23 -0800345 for (const auto& obj : confData.groupRoleList)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600346 {
Ed Tanous62598e32023-07-17 17:06:25 -0700347 BMCWEB_LOG_DEBUG("Pushing the data groupName={}", obj.second.groupName);
Ed Tanous613dabe2022-07-09 11:17:36 -0700348
Ed Tanous613dabe2022-07-09 11:17:36 -0700349 nlohmann::json::object_t remoteGroup;
350 remoteGroup["RemoteGroup"] = obj.second.groupName;
Jorge Cisneros329f0342022-11-04 16:26:25 +0000351 remoteGroup["LocalRole"] = getRoleIdFromPrivilege(obj.second.privilege);
352 roleMapArray.emplace_back(std::move(remoteGroup));
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600353 }
Ratan Gupta6973a582018-12-13 18:25:44 +0530354}
355
356/**
Ratan Gupta06785242019-07-26 22:30:16 +0530357 * @brief validates given JSON input and then calls appropriate method to
358 * create, to delete or to set Rolemapping object based on the given input.
359 *
360 */
Ed Tanous23a21a12020-07-25 04:45:05 +0000361inline void handleRoleMapPatch(
zhanghch058d1b46d2021-04-01 11:18:24 +0800362 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
Ratan Gupta06785242019-07-26 22:30:16 +0530363 const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData,
Ed Tanousf23b7292020-10-15 09:41:17 -0700364 const std::string& serverType, const std::vector<nlohmann::json>& input)
Ratan Gupta06785242019-07-26 22:30:16 +0530365{
366 for (size_t index = 0; index < input.size(); index++)
367 {
Ed Tanousf23b7292020-10-15 09:41:17 -0700368 const nlohmann::json& thisJson = input[index];
Ratan Gupta06785242019-07-26 22:30:16 +0530369
370 if (thisJson.is_null())
371 {
372 // delete the existing object
373 if (index < roleMapObjData.size())
374 {
375 crow::connections::systemBus->async_method_call(
376 [asyncResp, roleMapObjData, serverType,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -0800377 index](const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700378 if (ec)
379 {
Ed Tanous62598e32023-07-17 17:06:25 -0700380 BMCWEB_LOG_ERROR("DBUS response error: {}", ec);
Ed Tanous002d39b2022-05-31 08:59:27 -0700381 messages::internalError(asyncResp->res);
382 return;
383 }
Patrick Williams89492a12023-05-10 07:51:34 -0500384 asyncResp->res.jsonValue[serverType]["RemoteRoleMapping"]
385 [index] = nullptr;
Ratan Gupta06785242019-07-26 22:30:16 +0530386 },
387 ldapDbusService, roleMapObjData[index].first,
388 "xyz.openbmc_project.Object.Delete", "Delete");
389 }
390 else
391 {
Ed Tanous62598e32023-07-17 17:06:25 -0700392 BMCWEB_LOG_ERROR("Can't delete the object");
Ed Tanous2e8c4bd2022-06-27 12:59:12 -0700393 messages::propertyValueTypeError(asyncResp->res, thisJson,
394 "RemoteRoleMapping/" +
395 std::to_string(index));
Ratan Gupta06785242019-07-26 22:30:16 +0530396 return;
397 }
398 }
399 else if (thisJson.empty())
400 {
401 // Don't do anything for the empty objects,parse next json
402 // eg {"RemoteRoleMapping",[{}]}
403 }
404 else
405 {
406 // update/create the object
407 std::optional<std::string> remoteGroup;
408 std::optional<std::string> localRole;
409
Ed Tanousf23b7292020-10-15 09:41:17 -0700410 // This is a copy, but it's required in this case because of how
411 // readJson is structured
412 nlohmann::json thisJsonCopy = thisJson;
413 if (!json_util::readJson(thisJsonCopy, asyncResp->res,
414 "RemoteGroup", remoteGroup, "LocalRole",
415 localRole))
Ratan Gupta06785242019-07-26 22:30:16 +0530416 {
417 continue;
418 }
419
420 // Update existing RoleMapping Object
421 if (index < roleMapObjData.size())
422 {
Ed Tanous62598e32023-07-17 17:06:25 -0700423 BMCWEB_LOG_DEBUG("Update Role Map Object");
Ratan Gupta06785242019-07-26 22:30:16 +0530424 // If "RemoteGroup" info is provided
425 if (remoteGroup)
426 {
George Liu9ae226f2023-06-21 17:56:46 +0800427 sdbusplus::asio::setProperty(
428 *crow::connections::systemBus, ldapDbusService,
429 roleMapObjData[index].first,
430 "xyz.openbmc_project.User.PrivilegeMapperEntry",
431 "GroupName", *remoteGroup,
Ratan Gupta06785242019-07-26 22:30:16 +0530432 [asyncResp, roleMapObjData, serverType, index,
Ravi Teja25e055a2022-08-09 03:18:38 -0500433 remoteGroup](const boost::system::error_code& ec,
Patrick Williams7a543892023-06-24 03:07:55 -0500434 const sdbusplus::message_t& msg) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700435 if (ec)
436 {
Ravi Teja25e055a2022-08-09 03:18:38 -0500437 const sd_bus_error* dbusError = msg.get_error();
438 if ((dbusError != nullptr) &&
439 (dbusError->name ==
440 std::string_view(
441 "xyz.openbmc_project.Common.Error.InvalidArgument")))
442 {
Ed Tanous62598e32023-07-17 17:06:25 -0700443 BMCWEB_LOG_WARNING("DBUS response error: {}",
444 ec);
Ravi Teja25e055a2022-08-09 03:18:38 -0500445 messages::propertyValueIncorrect(asyncResp->res,
446 "RemoteGroup",
447 *remoteGroup);
448 return;
449 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700450 messages::internalError(asyncResp->res);
451 return;
452 }
453 asyncResp->res
454 .jsonValue[serverType]["RemoteRoleMapping"][index]
455 ["RemoteGroup"] = *remoteGroup;
George Liu9ae226f2023-06-21 17:56:46 +0800456 });
Ratan Gupta06785242019-07-26 22:30:16 +0530457 }
458
459 // If "LocalRole" info is provided
460 if (localRole)
461 {
George Liu9ae226f2023-06-21 17:56:46 +0800462 sdbusplus::asio::setProperty(
463 *crow::connections::systemBus, ldapDbusService,
464 roleMapObjData[index].first,
465 "xyz.openbmc_project.User.PrivilegeMapperEntry",
466 "Privilege", *localRole,
Ratan Gupta06785242019-07-26 22:30:16 +0530467 [asyncResp, roleMapObjData, serverType, index,
Ravi Teja25e055a2022-08-09 03:18:38 -0500468 localRole](const boost::system::error_code& ec,
Patrick Williams7a543892023-06-24 03:07:55 -0500469 const sdbusplus::message_t& msg) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700470 if (ec)
471 {
Ravi Teja25e055a2022-08-09 03:18:38 -0500472 const sd_bus_error* dbusError = msg.get_error();
473 if ((dbusError != nullptr) &&
474 (dbusError->name ==
475 std::string_view(
476 "xyz.openbmc_project.Common.Error.InvalidArgument")))
477 {
Ed Tanous62598e32023-07-17 17:06:25 -0700478 BMCWEB_LOG_WARNING("DBUS response error: {}",
479 ec);
Ravi Teja25e055a2022-08-09 03:18:38 -0500480 messages::propertyValueIncorrect(
481 asyncResp->res, "LocalRole", *localRole);
482 return;
483 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700484 messages::internalError(asyncResp->res);
485 return;
486 }
487 asyncResp->res
488 .jsonValue[serverType]["RemoteRoleMapping"][index]
489 ["LocalRole"] = *localRole;
George Liu9ae226f2023-06-21 17:56:46 +0800490 });
Ratan Gupta06785242019-07-26 22:30:16 +0530491 }
492 }
493 // Create a new RoleMapping Object.
494 else
495 {
Ed Tanous62598e32023-07-17 17:06:25 -0700496 BMCWEB_LOG_DEBUG(
497 "setRoleMappingProperties: Creating new Object");
Patrick Williams89492a12023-05-10 07:51:34 -0500498 std::string pathString = "RemoteRoleMapping/" +
499 std::to_string(index);
Ratan Gupta06785242019-07-26 22:30:16 +0530500
501 if (!localRole)
502 {
503 messages::propertyMissing(asyncResp->res,
504 pathString + "/LocalRole");
505 continue;
506 }
507 if (!remoteGroup)
508 {
509 messages::propertyMissing(asyncResp->res,
510 pathString + "/RemoteGroup");
511 continue;
512 }
513
514 std::string dbusObjectPath;
515 if (serverType == "ActiveDirectory")
516 {
Ed Tanous2c70f802020-09-28 14:29:23 -0700517 dbusObjectPath = adConfigObject;
Ratan Gupta06785242019-07-26 22:30:16 +0530518 }
519 else if (serverType == "LDAP")
520 {
Ed Tanous23a21a12020-07-25 04:45:05 +0000521 dbusObjectPath = ldapConfigObjectName;
Ratan Gupta06785242019-07-26 22:30:16 +0530522 }
523
Ed Tanous62598e32023-07-17 17:06:25 -0700524 BMCWEB_LOG_DEBUG("Remote Group={},LocalRole={}", *remoteGroup,
525 *localRole);
Ratan Gupta06785242019-07-26 22:30:16 +0530526
527 crow::connections::systemBus->async_method_call(
Ed Tanous271584a2019-07-09 16:24:22 -0700528 [asyncResp, serverType, localRole,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -0800529 remoteGroup](const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700530 if (ec)
531 {
Ed Tanous62598e32023-07-17 17:06:25 -0700532 BMCWEB_LOG_ERROR("DBUS response error: {}", ec);
Ed Tanous002d39b2022-05-31 08:59:27 -0700533 messages::internalError(asyncResp->res);
534 return;
535 }
536 nlohmann::json& remoteRoleJson =
537 asyncResp->res
538 .jsonValue[serverType]["RemoteRoleMapping"];
539 nlohmann::json::object_t roleMapEntry;
540 roleMapEntry["LocalRole"] = *localRole;
541 roleMapEntry["RemoteGroup"] = *remoteGroup;
Patrick Williamsb2ba3072023-05-12 10:27:39 -0500542 remoteRoleJson.emplace_back(std::move(roleMapEntry));
Ratan Gupta06785242019-07-26 22:30:16 +0530543 },
544 ldapDbusService, dbusObjectPath, ldapPrivMapperInterface,
Ed Tanous3174e4d2020-10-07 11:41:22 -0700545 "Create", *remoteGroup,
Ratan Gupta06785242019-07-26 22:30:16 +0530546 getPrivilegeFromRoleId(std::move(*localRole)));
547 }
548 }
549 }
550}
551
552/**
Ratan Gupta6973a582018-12-13 18:25:44 +0530553 * Function that retrieves all properties for LDAP config object
554 * into JSON
555 */
556template <typename CallbackFunc>
557inline void getLDAPConfigData(const std::string& ldapType,
558 CallbackFunc&& callback)
559{
George Liu2b731192023-01-11 16:27:13 +0800560 constexpr std::array<std::string_view, 2> interfaces = {
561 ldapEnableInterface, ldapConfigInterface};
Ratan Gupta6973a582018-12-13 18:25:44 +0530562
George Liu2b731192023-01-11 16:27:13 +0800563 dbus::utility::getDbusObject(
564 ldapConfigObjectName, interfaces,
565 [callback, ldapType](const boost::system::error_code& ec,
Ed Tanousb9d36b42022-02-26 21:42:46 -0800566 const dbus::utility::MapperGetObject& resp) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700567 if (ec || resp.empty())
568 {
Carson Labradobf2dded2023-08-10 00:37:06 +0000569 BMCWEB_LOG_WARNING(
Ed Tanous62598e32023-07-17 17:06:25 -0700570 "DBUS response error during getting of service name: {}", ec);
Ed Tanous002d39b2022-05-31 08:59:27 -0700571 LDAPConfigData empty{};
572 callback(false, empty, ldapType);
573 return;
574 }
575 std::string service = resp.begin()->first;
George Liu5eb468d2023-06-20 17:03:24 +0800576 sdbusplus::message::object_path path(ldapRootObject);
577 dbus::utility::getManagedObjects(
578 service, path,
Ed Tanous002d39b2022-05-31 08:59:27 -0700579 [callback,
Ed Tanous8b242752023-06-27 17:17:13 -0700580 ldapType](const boost::system::error_code& ec2,
Ed Tanous002d39b2022-05-31 08:59:27 -0700581 const dbus::utility::ManagedObjectType& ldapObjects) {
582 LDAPConfigData confData{};
Ed Tanous8b242752023-06-27 17:17:13 -0700583 if (ec2)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600584 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700585 callback(false, confData, ldapType);
Carson Labradobf2dded2023-08-10 00:37:06 +0000586 BMCWEB_LOG_WARNING("D-Bus responses error: {}", ec2);
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600587 return;
588 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600589
Ed Tanous002d39b2022-05-31 08:59:27 -0700590 std::string ldapDbusType;
591 std::string searchString;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600592
Ed Tanous002d39b2022-05-31 08:59:27 -0700593 if (ldapType == "LDAP")
594 {
595 ldapDbusType =
596 "xyz.openbmc_project.User.Ldap.Config.Type.OpenLdap";
597 searchString = "openldap";
598 }
599 else if (ldapType == "ActiveDirectory")
600 {
601 ldapDbusType =
602 "xyz.openbmc_project.User.Ldap.Config.Type.ActiveDirectory";
603 searchString = "active_directory";
604 }
605 else
606 {
Ed Tanous62598e32023-07-17 17:06:25 -0700607 BMCWEB_LOG_ERROR("Can't get the DbusType for the given type={}",
608 ldapType);
Ed Tanous002d39b2022-05-31 08:59:27 -0700609 callback(false, confData, ldapType);
610 return;
611 }
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600612
Ed Tanous002d39b2022-05-31 08:59:27 -0700613 std::string ldapEnableInterfaceStr = ldapEnableInterface;
614 std::string ldapConfigInterfaceStr = ldapConfigInterface;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600615
Ed Tanous002d39b2022-05-31 08:59:27 -0700616 for (const auto& object : ldapObjects)
617 {
618 // let's find the object whose ldap type is equal to the
619 // given type
620 if (object.first.str.find(searchString) == std::string::npos)
621 {
622 continue;
623 }
624
625 for (const auto& interface : object.second)
626 {
627 if (interface.first == ldapEnableInterfaceStr)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600628 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700629 // rest of the properties are string.
630 for (const auto& property : interface.second)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600631 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700632 if (property.first == "Enabled")
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600633 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700634 const bool* value =
635 std::get_if<bool>(&property.second);
636 if (value == nullptr)
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600637 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700638 continue;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600639 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700640 confData.serviceEnabled = *value;
641 break;
Nagaraju Goruganti54fc5872019-01-30 05:11:00 -0600642 }
643 }
644 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700645 else if (interface.first == ldapConfigInterfaceStr)
646 {
Ed Tanous002d39b2022-05-31 08:59:27 -0700647 for (const auto& property : interface.second)
648 {
649 const std::string* strValue =
650 std::get_if<std::string>(&property.second);
651 if (strValue == nullptr)
652 {
653 continue;
654 }
655 if (property.first == "LDAPServerURI")
656 {
657 confData.uri = *strValue;
658 }
659 else if (property.first == "LDAPBindDN")
660 {
661 confData.bindDN = *strValue;
662 }
663 else if (property.first == "LDAPBaseDN")
664 {
665 confData.baseDN = *strValue;
666 }
667 else if (property.first == "LDAPSearchScope")
668 {
669 confData.searchScope = *strValue;
670 }
671 else if (property.first == "GroupNameAttribute")
672 {
673 confData.groupAttribute = *strValue;
674 }
675 else if (property.first == "UserNameAttribute")
676 {
677 confData.userNameAttribute = *strValue;
678 }
679 else if (property.first == "LDAPType")
680 {
681 confData.serverType = *strValue;
682 }
683 }
684 }
685 else if (interface.first ==
686 "xyz.openbmc_project.User.PrivilegeMapperEntry")
687 {
688 LDAPRoleMapData roleMapData{};
689 for (const auto& property : interface.second)
690 {
691 const std::string* strValue =
692 std::get_if<std::string>(&property.second);
693
694 if (strValue == nullptr)
695 {
696 continue;
697 }
698
699 if (property.first == "GroupName")
700 {
701 roleMapData.groupName = *strValue;
702 }
703 else if (property.first == "Privilege")
704 {
705 roleMapData.privilege = *strValue;
706 }
707 }
708
709 confData.groupRoleList.emplace_back(object.first.str,
710 roleMapData);
711 }
712 }
713 }
714 callback(true, confData, ldapType);
George Liu5eb468d2023-06-20 17:03:24 +0800715 });
George Liu2b731192023-01-11 16:27:13 +0800716 });
Ratan Gupta6973a582018-12-13 18:25:44 +0530717}
718
Ed Tanous6c51eab2021-06-03 12:30:29 -0700719/**
720 * @brief parses the authentication section under the LDAP
721 * @param input JSON data
722 * @param asyncResp pointer to the JSON response
723 * @param userName userName to be filled from the given JSON.
724 * @param password password to be filled from the given JSON.
725 */
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700726inline void parseLDAPAuthenticationJson(
Ed Tanous6c51eab2021-06-03 12:30:29 -0700727 nlohmann::json input, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
728 std::optional<std::string>& username, std::optional<std::string>& password)
Ed Tanous1abe55e2018-09-05 08:30:59 -0700729{
Ed Tanous6c51eab2021-06-03 12:30:29 -0700730 std::optional<std::string> authType;
731
732 if (!json_util::readJson(input, asyncResp->res, "AuthenticationType",
733 authType, "Username", username, "Password",
734 password))
Ed Tanous1abe55e2018-09-05 08:30:59 -0700735 {
Ed Tanous6c51eab2021-06-03 12:30:29 -0700736 return;
Ed Tanous1abe55e2018-09-05 08:30:59 -0700737 }
Ed Tanous6c51eab2021-06-03 12:30:29 -0700738 if (!authType)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530739 {
Ed Tanous6c51eab2021-06-03 12:30:29 -0700740 return;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530741 }
Ed Tanous6c51eab2021-06-03 12:30:29 -0700742 if (*authType != "UsernameAndPassword")
Ratan Gupta8a07d282019-03-16 08:33:47 +0530743 {
Ed Tanous6c51eab2021-06-03 12:30:29 -0700744 messages::propertyValueNotInList(asyncResp->res, *authType,
745 "AuthenticationType");
746 return;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530747 }
Ed Tanous6c51eab2021-06-03 12:30:29 -0700748}
749/**
750 * @brief parses the LDAPService section under the LDAP
751 * @param input JSON data
752 * @param asyncResp pointer to the JSON response
753 * @param baseDNList baseDN to be filled from the given JSON.
754 * @param userNameAttribute userName to be filled from the given JSON.
755 * @param groupaAttribute password to be filled from the given JSON.
756 */
Ratan Gupta8a07d282019-03-16 08:33:47 +0530757
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700758inline void
759 parseLDAPServiceJson(nlohmann::json input,
760 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
761 std::optional<std::vector<std::string>>& baseDNList,
762 std::optional<std::string>& userNameAttribute,
763 std::optional<std::string>& groupsAttribute)
Ed Tanous6c51eab2021-06-03 12:30:29 -0700764{
765 std::optional<nlohmann::json> searchSettings;
766
767 if (!json_util::readJson(input, asyncResp->res, "SearchSettings",
768 searchSettings))
Ratan Gupta8a07d282019-03-16 08:33:47 +0530769 {
Ed Tanous6c51eab2021-06-03 12:30:29 -0700770 return;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530771 }
Ed Tanous6c51eab2021-06-03 12:30:29 -0700772 if (!searchSettings)
Ratan Gupta8a07d282019-03-16 08:33:47 +0530773 {
Ed Tanous6c51eab2021-06-03 12:30:29 -0700774 return;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530775 }
Ed Tanous6c51eab2021-06-03 12:30:29 -0700776 if (!json_util::readJson(*searchSettings, asyncResp->res,
777 "BaseDistinguishedNames", baseDNList,
778 "UsernameAttribute", userNameAttribute,
779 "GroupsAttribute", groupsAttribute))
Ratan Gupta8a07d282019-03-16 08:33:47 +0530780 {
Ed Tanous6c51eab2021-06-03 12:30:29 -0700781 return;
Ratan Gupta8a07d282019-03-16 08:33:47 +0530782 }
Ed Tanous6c51eab2021-06-03 12:30:29 -0700783}
784/**
785 * @brief updates the LDAP server address and updates the
786 json response with the new value.
787 * @param serviceAddressList address to be updated.
788 * @param asyncResp pointer to the JSON response
789 * @param ldapServerElementName Type of LDAP
790 server(openLDAP/ActiveDirectory)
791 */
Ratan Gupta8a07d282019-03-16 08:33:47 +0530792
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700793inline void handleServiceAddressPatch(
Ed Tanous6c51eab2021-06-03 12:30:29 -0700794 const std::vector<std::string>& serviceAddressList,
795 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
796 const std::string& ldapServerElementName,
797 const std::string& ldapConfigObject)
798{
George Liu9ae226f2023-06-21 17:56:46 +0800799 sdbusplus::asio::setProperty(
800 *crow::connections::systemBus, ldapDbusService, ldapConfigObject,
801 ldapConfigInterface, "LDAPServerURI", serviceAddressList.front(),
Patrick Williams7a543892023-06-24 03:07:55 -0500802 [asyncResp, ldapServerElementName, serviceAddressList](
803 const boost::system::error_code& ec, sdbusplus::message_t& msg) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700804 if (ec)
805 {
Ravi Teja25e055a2022-08-09 03:18:38 -0500806 const sd_bus_error* dbusError = msg.get_error();
807 if ((dbusError != nullptr) &&
808 (dbusError->name ==
809 std::string_view(
810 "xyz.openbmc_project.Common.Error.InvalidArgument")))
811 {
Ed Tanous62598e32023-07-17 17:06:25 -0700812 BMCWEB_LOG_WARNING(
813 "Error Occurred in updating the service address");
Ravi Teja25e055a2022-08-09 03:18:38 -0500814 messages::propertyValueIncorrect(asyncResp->res,
815 "ServiceAddresses",
816 serviceAddressList.front());
817 return;
818 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700819 messages::internalError(asyncResp->res);
820 return;
821 }
822 std::vector<std::string> modifiedserviceAddressList = {
823 serviceAddressList.front()};
824 asyncResp->res.jsonValue[ldapServerElementName]["ServiceAddresses"] =
825 modifiedserviceAddressList;
826 if ((serviceAddressList).size() > 1)
827 {
828 messages::propertyValueModified(asyncResp->res, "ServiceAddresses",
829 serviceAddressList.front());
830 }
Ed Tanous62598e32023-07-17 17:06:25 -0700831 BMCWEB_LOG_DEBUG("Updated the service address");
George Liu9ae226f2023-06-21 17:56:46 +0800832 });
Ed Tanous6c51eab2021-06-03 12:30:29 -0700833}
834/**
835 * @brief updates the LDAP Bind DN and updates the
836 json response with the new value.
837 * @param username name of the user which needs to be updated.
838 * @param asyncResp pointer to the JSON response
839 * @param ldapServerElementName Type of LDAP
840 server(openLDAP/ActiveDirectory)
841 */
Ratan Gupta8a07d282019-03-16 08:33:47 +0530842
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700843inline void
844 handleUserNamePatch(const std::string& username,
845 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
846 const std::string& ldapServerElementName,
847 const std::string& ldapConfigObject)
Ed Tanous6c51eab2021-06-03 12:30:29 -0700848{
George Liu9ae226f2023-06-21 17:56:46 +0800849 sdbusplus::asio::setProperty(*crow::connections::systemBus, ldapDbusService,
850 ldapConfigObject, ldapConfigInterface,
851 "LDAPBindDN", username,
852 [asyncResp, username, ldapServerElementName](
853 const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700854 if (ec)
855 {
Ed Tanous62598e32023-07-17 17:06:25 -0700856 BMCWEB_LOG_DEBUG("Error occurred in updating the username");
Ed Tanous002d39b2022-05-31 08:59:27 -0700857 messages::internalError(asyncResp->res);
858 return;
859 }
Patrick Williams89492a12023-05-10 07:51:34 -0500860 asyncResp->res.jsonValue[ldapServerElementName]["Authentication"]
861 ["Username"] = username;
Ed Tanous62598e32023-07-17 17:06:25 -0700862 BMCWEB_LOG_DEBUG("Updated the username");
George Liu9ae226f2023-06-21 17:56:46 +0800863 });
Ed Tanous6c51eab2021-06-03 12:30:29 -0700864}
865
866/**
867 * @brief updates the LDAP password
868 * @param password : ldap password which needs to be updated.
869 * @param asyncResp pointer to the JSON response
870 * @param ldapServerElementName Type of LDAP
871 * server(openLDAP/ActiveDirectory)
872 */
873
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700874inline void
875 handlePasswordPatch(const std::string& password,
876 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
877 const std::string& ldapServerElementName,
878 const std::string& ldapConfigObject)
Ed Tanous6c51eab2021-06-03 12:30:29 -0700879{
George Liu9ae226f2023-06-21 17:56:46 +0800880 sdbusplus::asio::setProperty(*crow::connections::systemBus, ldapDbusService,
881 ldapConfigObject, ldapConfigInterface,
882 "LDAPBindDNPassword", password,
883 [asyncResp, password, ldapServerElementName](
884 const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700885 if (ec)
886 {
Ed Tanous62598e32023-07-17 17:06:25 -0700887 BMCWEB_LOG_DEBUG("Error occurred in updating the password");
Ed Tanous002d39b2022-05-31 08:59:27 -0700888 messages::internalError(asyncResp->res);
889 return;
890 }
Patrick Williams89492a12023-05-10 07:51:34 -0500891 asyncResp->res.jsonValue[ldapServerElementName]["Authentication"]
892 ["Password"] = "";
Ed Tanous62598e32023-07-17 17:06:25 -0700893 BMCWEB_LOG_DEBUG("Updated the password");
George Liu9ae226f2023-06-21 17:56:46 +0800894 });
Ed Tanous6c51eab2021-06-03 12:30:29 -0700895}
896
897/**
898 * @brief updates the LDAP BaseDN and updates the
899 json response with the new value.
900 * @param baseDNList baseDN list which needs to be updated.
901 * @param asyncResp pointer to the JSON response
902 * @param ldapServerElementName Type of LDAP
903 server(openLDAP/ActiveDirectory)
904 */
905
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700906inline void
907 handleBaseDNPatch(const std::vector<std::string>& baseDNList,
908 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
909 const std::string& ldapServerElementName,
910 const std::string& ldapConfigObject)
Ed Tanous6c51eab2021-06-03 12:30:29 -0700911{
George Liu9ae226f2023-06-21 17:56:46 +0800912 sdbusplus::asio::setProperty(*crow::connections::systemBus, ldapDbusService,
913 ldapConfigObject, ldapConfigInterface,
914 "LDAPBaseDN", baseDNList.front(),
915 [asyncResp, baseDNList, ldapServerElementName](
916 const boost::system::error_code& ec,
917 const sdbusplus::message_t& msg) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700918 if (ec)
919 {
Ed Tanous62598e32023-07-17 17:06:25 -0700920 BMCWEB_LOG_DEBUG("Error Occurred in Updating the base DN");
Ravi Teja25e055a2022-08-09 03:18:38 -0500921 const sd_bus_error* dbusError = msg.get_error();
922 if ((dbusError != nullptr) &&
923 (dbusError->name ==
924 std::string_view(
925 "xyz.openbmc_project.Common.Error.InvalidArgument")))
926 {
927 messages::propertyValueIncorrect(asyncResp->res,
928 "BaseDistinguishedNames",
929 baseDNList.front());
930 return;
931 }
Ed Tanous002d39b2022-05-31 08:59:27 -0700932 messages::internalError(asyncResp->res);
933 return;
934 }
935 auto& serverTypeJson = asyncResp->res.jsonValue[ldapServerElementName];
936 auto& searchSettingsJson =
937 serverTypeJson["LDAPService"]["SearchSettings"];
938 std::vector<std::string> modifiedBaseDNList = {baseDNList.front()};
939 searchSettingsJson["BaseDistinguishedNames"] = modifiedBaseDNList;
940 if (baseDNList.size() > 1)
941 {
942 messages::propertyValueModified(
943 asyncResp->res, "BaseDistinguishedNames", baseDNList.front());
944 }
Ed Tanous62598e32023-07-17 17:06:25 -0700945 BMCWEB_LOG_DEBUG("Updated the base DN");
George Liu9ae226f2023-06-21 17:56:46 +0800946 });
Ed Tanous6c51eab2021-06-03 12:30:29 -0700947}
948/**
949 * @brief updates the LDAP user name attribute and updates the
950 json response with the new value.
951 * @param userNameAttribute attribute to be updated.
952 * @param asyncResp pointer to the JSON response
953 * @param ldapServerElementName Type of LDAP
954 server(openLDAP/ActiveDirectory)
955 */
956
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700957inline void
958 handleUserNameAttrPatch(const std::string& userNameAttribute,
959 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
960 const std::string& ldapServerElementName,
961 const std::string& ldapConfigObject)
Ed Tanous6c51eab2021-06-03 12:30:29 -0700962{
George Liu9ae226f2023-06-21 17:56:46 +0800963 sdbusplus::asio::setProperty(
964 *crow::connections::systemBus, ldapDbusService, ldapConfigObject,
965 ldapConfigInterface, "UserNameAttribute", userNameAttribute,
Ed Tanous6c51eab2021-06-03 12:30:29 -0700966 [asyncResp, userNameAttribute,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -0800967 ldapServerElementName](const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -0700968 if (ec)
969 {
Ed Tanous62598e32023-07-17 17:06:25 -0700970 BMCWEB_LOG_DEBUG("Error Occurred in Updating the "
971 "username attribute");
Ed Tanous002d39b2022-05-31 08:59:27 -0700972 messages::internalError(asyncResp->res);
973 return;
974 }
975 auto& serverTypeJson = asyncResp->res.jsonValue[ldapServerElementName];
976 auto& searchSettingsJson =
977 serverTypeJson["LDAPService"]["SearchSettings"];
978 searchSettingsJson["UsernameAttribute"] = userNameAttribute;
Ed Tanous62598e32023-07-17 17:06:25 -0700979 BMCWEB_LOG_DEBUG("Updated the user name attr.");
George Liu9ae226f2023-06-21 17:56:46 +0800980 });
Ed Tanous6c51eab2021-06-03 12:30:29 -0700981}
982/**
983 * @brief updates the LDAP group attribute and updates the
984 json response with the new value.
985 * @param groupsAttribute attribute to be updated.
986 * @param asyncResp pointer to the JSON response
987 * @param ldapServerElementName Type of LDAP
988 server(openLDAP/ActiveDirectory)
989 */
990
Ed Tanous4f48d5f2021-06-21 08:27:45 -0700991inline void handleGroupNameAttrPatch(
Ed Tanous6c51eab2021-06-03 12:30:29 -0700992 const std::string& groupsAttribute,
993 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
994 const std::string& ldapServerElementName,
995 const std::string& ldapConfigObject)
996{
George Liu9ae226f2023-06-21 17:56:46 +0800997 sdbusplus::asio::setProperty(
998 *crow::connections::systemBus, ldapDbusService, ldapConfigObject,
999 ldapConfigInterface, "GroupNameAttribute", groupsAttribute,
Ed Tanous6c51eab2021-06-03 12:30:29 -07001000 [asyncResp, groupsAttribute,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08001001 ldapServerElementName](const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -07001002 if (ec)
1003 {
Ed Tanous62598e32023-07-17 17:06:25 -07001004 BMCWEB_LOG_DEBUG("Error Occurred in Updating the "
1005 "groupname attribute");
Ed Tanous002d39b2022-05-31 08:59:27 -07001006 messages::internalError(asyncResp->res);
1007 return;
1008 }
1009 auto& serverTypeJson = asyncResp->res.jsonValue[ldapServerElementName];
1010 auto& searchSettingsJson =
1011 serverTypeJson["LDAPService"]["SearchSettings"];
1012 searchSettingsJson["GroupsAttribute"] = groupsAttribute;
Ed Tanous62598e32023-07-17 17:06:25 -07001013 BMCWEB_LOG_DEBUG("Updated the groupname attr");
George Liu9ae226f2023-06-21 17:56:46 +08001014 });
Ed Tanous6c51eab2021-06-03 12:30:29 -07001015}
1016/**
1017 * @brief updates the LDAP service enable and updates the
1018 json response with the new value.
1019 * @param input JSON data.
1020 * @param asyncResp pointer to the JSON response
1021 * @param ldapServerElementName Type of LDAP
1022 server(openLDAP/ActiveDirectory)
1023 */
1024
Ed Tanous4f48d5f2021-06-21 08:27:45 -07001025inline void handleServiceEnablePatch(
Ed Tanous6c51eab2021-06-03 12:30:29 -07001026 bool serviceEnabled, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1027 const std::string& ldapServerElementName,
1028 const std::string& ldapConfigObject)
1029{
George Liu9ae226f2023-06-21 17:56:46 +08001030 sdbusplus::asio::setProperty(
1031 *crow::connections::systemBus, ldapDbusService, ldapConfigObject,
1032 ldapEnableInterface, "Enabled", serviceEnabled,
Ed Tanous6c51eab2021-06-03 12:30:29 -07001033 [asyncResp, serviceEnabled,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08001034 ldapServerElementName](const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -07001035 if (ec)
1036 {
Ed Tanous62598e32023-07-17 17:06:25 -07001037 BMCWEB_LOG_DEBUG("Error Occurred in Updating the service enable");
Ed Tanous002d39b2022-05-31 08:59:27 -07001038 messages::internalError(asyncResp->res);
1039 return;
1040 }
1041 asyncResp->res.jsonValue[ldapServerElementName]["ServiceEnabled"] =
1042 serviceEnabled;
Ed Tanous62598e32023-07-17 17:06:25 -07001043 BMCWEB_LOG_DEBUG("Updated Service enable = {}", serviceEnabled);
George Liu9ae226f2023-06-21 17:56:46 +08001044 });
Ed Tanous6c51eab2021-06-03 12:30:29 -07001045}
1046
Ed Tanous4f48d5f2021-06-21 08:27:45 -07001047inline void
1048 handleAuthMethodsPatch(nlohmann::json& input,
1049 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
Ed Tanous6c51eab2021-06-03 12:30:29 -07001050{
1051 std::optional<bool> basicAuth;
1052 std::optional<bool> cookie;
1053 std::optional<bool> sessionToken;
1054 std::optional<bool> xToken;
1055 std::optional<bool> tls;
1056
1057 if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth,
1058 "Cookie", cookie, "SessionToken", sessionToken,
1059 "XToken", xToken, "TLS", tls))
Ratan Gupta8a07d282019-03-16 08:33:47 +05301060 {
Ed Tanous62598e32023-07-17 17:06:25 -07001061 BMCWEB_LOG_ERROR("Cannot read values from AuthMethod tag");
Ed Tanous6c51eab2021-06-03 12:30:29 -07001062 return;
1063 }
1064
1065 // Make a copy of methods configuration
1066 persistent_data::AuthConfigMethods authMethodsConfig =
1067 persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
1068
1069 if (basicAuth)
1070 {
1071#ifndef BMCWEB_ENABLE_BASIC_AUTHENTICATION
1072 messages::actionNotSupported(
George Liu0fda0f12021-11-16 10:06:17 +08001073 asyncResp->res,
1074 "Setting BasicAuth when basic-auth feature is disabled");
Ed Tanous6c51eab2021-06-03 12:30:29 -07001075 return;
1076#endif
1077 authMethodsConfig.basic = *basicAuth;
1078 }
1079
1080 if (cookie)
1081 {
1082#ifndef BMCWEB_ENABLE_COOKIE_AUTHENTICATION
George Liu0fda0f12021-11-16 10:06:17 +08001083 messages::actionNotSupported(
1084 asyncResp->res,
1085 "Setting Cookie when cookie-auth feature is disabled");
Ed Tanous6c51eab2021-06-03 12:30:29 -07001086 return;
1087#endif
1088 authMethodsConfig.cookie = *cookie;
1089 }
1090
1091 if (sessionToken)
1092 {
1093#ifndef BMCWEB_ENABLE_SESSION_AUTHENTICATION
1094 messages::actionNotSupported(
George Liu0fda0f12021-11-16 10:06:17 +08001095 asyncResp->res,
1096 "Setting SessionToken when session-auth feature is disabled");
Ed Tanous6c51eab2021-06-03 12:30:29 -07001097 return;
1098#endif
1099 authMethodsConfig.sessionToken = *sessionToken;
1100 }
1101
1102 if (xToken)
1103 {
1104#ifndef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION
George Liu0fda0f12021-11-16 10:06:17 +08001105 messages::actionNotSupported(
1106 asyncResp->res,
1107 "Setting XToken when xtoken-auth feature is disabled");
Ed Tanous6c51eab2021-06-03 12:30:29 -07001108 return;
1109#endif
1110 authMethodsConfig.xtoken = *xToken;
1111 }
1112
1113 if (tls)
1114 {
1115#ifndef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION
George Liu0fda0f12021-11-16 10:06:17 +08001116 messages::actionNotSupported(
1117 asyncResp->res,
1118 "Setting TLS when mutual-tls-auth feature is disabled");
Ed Tanous6c51eab2021-06-03 12:30:29 -07001119 return;
1120#endif
1121 authMethodsConfig.tls = *tls;
1122 }
1123
1124 if (!authMethodsConfig.basic && !authMethodsConfig.cookie &&
1125 !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken &&
1126 !authMethodsConfig.tls)
1127 {
1128 // Do not allow user to disable everything
1129 messages::actionNotSupported(asyncResp->res,
1130 "of disabling all available methods");
1131 return;
1132 }
1133
1134 persistent_data::SessionStore::getInstance().updateAuthMethodsConfig(
1135 authMethodsConfig);
1136 // Save configuration immediately
1137 persistent_data::getConfig().writeData();
1138
1139 messages::success(asyncResp->res);
1140}
1141
1142/**
1143 * @brief Get the required values from the given JSON, validates the
1144 * value and create the LDAP config object.
1145 * @param input JSON data
1146 * @param asyncResp pointer to the JSON response
1147 * @param serverType Type of LDAP server(openLDAP/ActiveDirectory)
1148 */
1149
1150inline void handleLDAPPatch(nlohmann::json& input,
1151 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1152 const std::string& serverType)
1153{
1154 std::string dbusObjectPath;
1155 if (serverType == "ActiveDirectory")
1156 {
1157 dbusObjectPath = adConfigObject;
1158 }
1159 else if (serverType == "LDAP")
1160 {
1161 dbusObjectPath = ldapConfigObjectName;
1162 }
1163 else
1164 {
1165 return;
1166 }
1167
1168 std::optional<nlohmann::json> authentication;
1169 std::optional<nlohmann::json> ldapService;
1170 std::optional<std::vector<std::string>> serviceAddressList;
1171 std::optional<bool> serviceEnabled;
1172 std::optional<std::vector<std::string>> baseDNList;
1173 std::optional<std::string> userNameAttribute;
1174 std::optional<std::string> groupsAttribute;
1175 std::optional<std::string> userName;
1176 std::optional<std::string> password;
1177 std::optional<std::vector<nlohmann::json>> remoteRoleMapData;
1178
1179 if (!json_util::readJson(input, asyncResp->res, "Authentication",
1180 authentication, "LDAPService", ldapService,
1181 "ServiceAddresses", serviceAddressList,
1182 "ServiceEnabled", serviceEnabled,
1183 "RemoteRoleMapping", remoteRoleMapData))
1184 {
1185 return;
1186 }
1187
1188 if (authentication)
1189 {
1190 parseLDAPAuthenticationJson(*authentication, asyncResp, userName,
1191 password);
1192 }
1193 if (ldapService)
1194 {
1195 parseLDAPServiceJson(*ldapService, asyncResp, baseDNList,
1196 userNameAttribute, groupsAttribute);
1197 }
1198 if (serviceAddressList)
1199 {
Ed Tanous26f69762022-01-25 09:49:11 -08001200 if (serviceAddressList->empty())
Ratan Guptaeb2bbe52019-04-22 14:27:01 +05301201 {
Ed Tanouse2616cc2022-06-27 12:45:55 -07001202 messages::propertyValueNotInList(
1203 asyncResp->res, *serviceAddressList, "ServiceAddress");
Ed Tanouscb13a392020-07-25 19:02:03 +00001204 return;
1205 }
Ed Tanous6c51eab2021-06-03 12:30:29 -07001206 }
1207 if (baseDNList)
1208 {
Ed Tanous26f69762022-01-25 09:49:11 -08001209 if (baseDNList->empty())
Ratan Gupta8a07d282019-03-16 08:33:47 +05301210 {
Ed Tanouse2616cc2022-06-27 12:45:55 -07001211 messages::propertyValueNotInList(asyncResp->res, *baseDNList,
Ed Tanous6c51eab2021-06-03 12:30:29 -07001212 "BaseDistinguishedNames");
Ratan Gupta8a07d282019-03-16 08:33:47 +05301213 return;
1214 }
Ed Tanous6c51eab2021-06-03 12:30:29 -07001215 }
Ratan Gupta8a07d282019-03-16 08:33:47 +05301216
Ed Tanous6c51eab2021-06-03 12:30:29 -07001217 // nothing to update, then return
1218 if (!userName && !password && !serviceAddressList && !baseDNList &&
1219 !userNameAttribute && !groupsAttribute && !serviceEnabled &&
1220 !remoteRoleMapData)
1221 {
1222 return;
1223 }
1224
1225 // Get the existing resource first then keep modifying
1226 // whenever any property gets updated.
Ed Tanous002d39b2022-05-31 08:59:27 -07001227 getLDAPConfigData(
1228 serverType,
1229 [asyncResp, userName, password, baseDNList, userNameAttribute,
1230 groupsAttribute, serviceAddressList, serviceEnabled, dbusObjectPath,
1231 remoteRoleMapData](bool success, const LDAPConfigData& confData,
1232 const std::string& serverT) {
Ed Tanous6c51eab2021-06-03 12:30:29 -07001233 if (!success)
Ratan Gupta8a07d282019-03-16 08:33:47 +05301234 {
Ed Tanous6c51eab2021-06-03 12:30:29 -07001235 messages::internalError(asyncResp->res);
1236 return;
Ratan Gupta8a07d282019-03-16 08:33:47 +05301237 }
Ed Tanous6c51eab2021-06-03 12:30:29 -07001238 parseLDAPConfigData(asyncResp->res.jsonValue, confData, serverT);
1239 if (confData.serviceEnabled)
Ratan Gupta8a07d282019-03-16 08:33:47 +05301240 {
Ed Tanous6c51eab2021-06-03 12:30:29 -07001241 // Disable the service first and update the rest of
1242 // the properties.
1243 handleServiceEnablePatch(false, asyncResp, serverT, dbusObjectPath);
Ratan Gupta8a07d282019-03-16 08:33:47 +05301244 }
Ed Tanous6c51eab2021-06-03 12:30:29 -07001245
Ratan Gupta8a07d282019-03-16 08:33:47 +05301246 if (serviceAddressList)
1247 {
Ed Tanous6c51eab2021-06-03 12:30:29 -07001248 handleServiceAddressPatch(*serviceAddressList, asyncResp, serverT,
1249 dbusObjectPath);
Ratan Gupta8a07d282019-03-16 08:33:47 +05301250 }
Ed Tanous6c51eab2021-06-03 12:30:29 -07001251 if (userName)
1252 {
1253 handleUserNamePatch(*userName, asyncResp, serverT, dbusObjectPath);
1254 }
1255 if (password)
1256 {
1257 handlePasswordPatch(*password, asyncResp, serverT, dbusObjectPath);
1258 }
1259
Ratan Gupta8a07d282019-03-16 08:33:47 +05301260 if (baseDNList)
1261 {
Ed Tanous6c51eab2021-06-03 12:30:29 -07001262 handleBaseDNPatch(*baseDNList, asyncResp, serverT, dbusObjectPath);
1263 }
1264 if (userNameAttribute)
1265 {
1266 handleUserNameAttrPatch(*userNameAttribute, asyncResp, serverT,
1267 dbusObjectPath);
1268 }
1269 if (groupsAttribute)
1270 {
1271 handleGroupNameAttrPatch(*groupsAttribute, asyncResp, serverT,
1272 dbusObjectPath);
1273 }
1274 if (serviceEnabled)
1275 {
1276 // if user has given the value as true then enable
1277 // the service. if user has given false then no-op
1278 // as service is already stopped.
1279 if (*serviceEnabled)
Ratan Gupta8a07d282019-03-16 08:33:47 +05301280 {
Ed Tanous6c51eab2021-06-03 12:30:29 -07001281 handleServiceEnablePatch(*serviceEnabled, asyncResp, serverT,
1282 dbusObjectPath);
Ratan Gupta8a07d282019-03-16 08:33:47 +05301283 }
1284 }
jayaprakash Mutyala96200602020-04-08 11:09:10 +00001285 else
1286 {
Ed Tanous6c51eab2021-06-03 12:30:29 -07001287 // if user has not given the service enabled value
1288 // then revert it to the same state as it was
1289 // before.
1290 handleServiceEnablePatch(confData.serviceEnabled, asyncResp,
1291 serverT, dbusObjectPath);
jayaprakash Mutyala96200602020-04-08 11:09:10 +00001292 }
Ed Tanous04ae99e2018-09-20 15:54:36 -07001293
Ed Tanous6c51eab2021-06-03 12:30:29 -07001294 if (remoteRoleMapData)
1295 {
1296 handleRoleMapPatch(asyncResp, confData.groupRoleList, serverT,
1297 *remoteRoleMapData);
1298 }
Ed Tanous002d39b2022-05-31 08:59:27 -07001299 });
Ed Tanous6c51eab2021-06-03 12:30:29 -07001300}
1301
Abhishek Patel58345852022-02-02 08:54:25 -06001302inline void updateUserProperties(
1303 std::shared_ptr<bmcweb::AsyncResp> asyncResp, const std::string& username,
1304 const std::optional<std::string>& password,
1305 const std::optional<bool>& enabled,
1306 const std::optional<std::string>& roleId, const std::optional<bool>& locked,
1307 std::optional<std::vector<std::string>> accountTypes, bool userSelf)
Ed Tanous6c51eab2021-06-03 12:30:29 -07001308{
P Dheeraj Srujan Kumarb477fd42021-12-16 07:17:51 +05301309 sdbusplus::message::object_path tempObjPath(rootUserDbusPath);
1310 tempObjPath /= username;
1311 std::string dbusObjectPath(tempObjPath);
Ed Tanous6c51eab2021-06-03 12:30:29 -07001312
1313 dbus::utility::checkDbusPathExists(
Ed Tanous618c14b2022-06-30 17:44:25 -07001314 dbusObjectPath, [dbusObjectPath, username, password, roleId, enabled,
Abhishek Patel58345852022-02-02 08:54:25 -06001315 locked, accountTypes(std::move(accountTypes)),
1316 userSelf, asyncResp{std::move(asyncResp)}](int rc) {
Ed Tanous618c14b2022-06-30 17:44:25 -07001317 if (rc <= 0)
Ed Tanous6c51eab2021-06-03 12:30:29 -07001318 {
Jiaqing Zhaod8a5d5d2022-08-05 16:21:51 +08001319 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
1320 username);
Ed Tanous6c51eab2021-06-03 12:30:29 -07001321 return;
1322 }
Ed Tanous6c51eab2021-06-03 12:30:29 -07001323
Ed Tanous618c14b2022-06-30 17:44:25 -07001324 if (password)
1325 {
1326 int retval = pamUpdatePassword(username, *password);
1327
1328 if (retval == PAM_USER_UNKNOWN)
1329 {
1330 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
1331 username);
1332 }
1333 else if (retval == PAM_AUTHTOK_ERR)
1334 {
1335 // If password is invalid
Jason M. Bills9bd80832023-08-30 15:19:41 -07001336 messages::propertyValueFormatError(asyncResp->res, nullptr,
1337 "Password");
Ed Tanous62598e32023-07-17 17:06:25 -07001338 BMCWEB_LOG_ERROR("pamUpdatePassword Failed");
Ed Tanous618c14b2022-06-30 17:44:25 -07001339 }
1340 else if (retval != PAM_SUCCESS)
1341 {
1342 messages::internalError(asyncResp->res);
1343 return;
1344 }
1345 else
1346 {
1347 messages::success(asyncResp->res);
1348 }
1349 }
1350
1351 if (enabled)
1352 {
George Liu9ae226f2023-06-21 17:56:46 +08001353 sdbusplus::asio::setProperty(
1354 *crow::connections::systemBus,
Ed Tanous618c14b2022-06-30 17:44:25 -07001355 "xyz.openbmc_project.User.Manager", dbusObjectPath,
Ed Tanous618c14b2022-06-30 17:44:25 -07001356 "xyz.openbmc_project.User.Attributes", "UserEnabled",
George Liu9ae226f2023-06-21 17:56:46 +08001357 *enabled, [asyncResp](const boost::system::error_code& ec) {
1358 if (ec)
1359 {
Ed Tanous62598e32023-07-17 17:06:25 -07001360 BMCWEB_LOG_ERROR("D-Bus responses error: {}", ec);
George Liu9ae226f2023-06-21 17:56:46 +08001361 messages::internalError(asyncResp->res);
1362 return;
1363 }
1364 messages::success(asyncResp->res);
1365 });
Ed Tanous002d39b2022-05-31 08:59:27 -07001366 }
Ed Tanous04ae99e2018-09-20 15:54:36 -07001367
Ed Tanous618c14b2022-06-30 17:44:25 -07001368 if (roleId)
1369 {
1370 std::string priv = getPrivilegeFromRoleId(*roleId);
1371 if (priv.empty())
1372 {
Ed Tanouse2616cc2022-06-27 12:45:55 -07001373 messages::propertyValueNotInList(asyncResp->res, true,
1374 "Locked");
Ed Tanous618c14b2022-06-30 17:44:25 -07001375 return;
1376 }
1377
George Liu9ae226f2023-06-21 17:56:46 +08001378 sdbusplus::asio::setProperty(
1379 *crow::connections::systemBus,
Ed Tanous618c14b2022-06-30 17:44:25 -07001380 "xyz.openbmc_project.User.Manager", dbusObjectPath,
Ed Tanous618c14b2022-06-30 17:44:25 -07001381 "xyz.openbmc_project.User.Attributes", "UserPrivilege",
George Liu9ae226f2023-06-21 17:56:46 +08001382 priv, [asyncResp](const boost::system::error_code& ec) {
1383 if (ec)
1384 {
Ed Tanous62598e32023-07-17 17:06:25 -07001385 BMCWEB_LOG_ERROR("D-Bus responses error: {}", ec);
George Liu9ae226f2023-06-21 17:56:46 +08001386 messages::internalError(asyncResp->res);
1387 return;
1388 }
1389 messages::success(asyncResp->res);
1390 });
Ed Tanous6c51eab2021-06-03 12:30:29 -07001391 }
1392
Ed Tanous618c14b2022-06-30 17:44:25 -07001393 if (locked)
1394 {
1395 // admin can unlock the account which is locked by
1396 // successive authentication failures but admin should
1397 // not be allowed to lock an account.
1398 if (*locked)
1399 {
1400 messages::propertyValueNotInList(asyncResp->res, "true",
1401 "Locked");
1402 return;
1403 }
1404
George Liu9ae226f2023-06-21 17:56:46 +08001405 sdbusplus::asio::setProperty(
1406 *crow::connections::systemBus,
1407 "xyz.openbmc_project.User.Manager", dbusObjectPath,
1408 "xyz.openbmc_project.User.Attributes",
1409 "UserLockedForFailedAttempt", *locked,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08001410 [asyncResp](const boost::system::error_code& ec) {
Ed Tanous002d39b2022-05-31 08:59:27 -07001411 if (ec)
Ed Tanous6c51eab2021-06-03 12:30:29 -07001412 {
Ed Tanous62598e32023-07-17 17:06:25 -07001413 BMCWEB_LOG_ERROR("D-Bus responses error: {}", ec);
Ed Tanous002d39b2022-05-31 08:59:27 -07001414 messages::internalError(asyncResp->res);
Ed Tanous04ae99e2018-09-20 15:54:36 -07001415 return;
1416 }
Ed Tanous002d39b2022-05-31 08:59:27 -07001417 messages::success(asyncResp->res);
George Liu9ae226f2023-06-21 17:56:46 +08001418 });
Ed Tanous618c14b2022-06-30 17:44:25 -07001419 }
Abhishek Patel58345852022-02-02 08:54:25 -06001420
1421 if (accountTypes)
1422 {
1423 patchAccountTypes(*accountTypes, asyncResp, dbusObjectPath,
1424 userSelf);
1425 }
Ed Tanous6c51eab2021-06-03 12:30:29 -07001426 });
1427}
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07001428
Ed Tanous4c7d4d32022-07-07 15:29:35 -07001429inline void handleAccountServiceHead(
1430 App& app, const crow::Request& req,
1431 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
Ed Tanous1ef4c342022-05-12 16:12:36 -07001432{
1433 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1434 {
1435 return;
1436 }
Ed Tanous4c7d4d32022-07-07 15:29:35 -07001437 asyncResp->res.addHeader(
1438 boost::beast::http::field::link,
1439 "</redfish/v1/JsonSchemas/AccountService/AccountService.json>; rel=describedby");
1440}
1441
1442inline void
1443 handleAccountServiceGet(App& app, const crow::Request& req,
1444 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
1445{
Jiaqing Zhaoafd369c2023-03-07 15:12:22 +08001446 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1447 {
1448 return;
1449 }
Ninad Palsule3e72c202023-03-27 17:19:55 -05001450
1451 if (req.session == nullptr)
1452 {
1453 messages::internalError(asyncResp->res);
1454 return;
1455 }
1456
Jiaqing Zhaoafd369c2023-03-07 15:12:22 +08001457 asyncResp->res.addHeader(
1458 boost::beast::http::field::link,
1459 "</redfish/v1/JsonSchemas/AccountService/AccountService.json>; rel=describedby");
1460
Ed Tanous1ef4c342022-05-12 16:12:36 -07001461 const persistent_data::AuthConfigMethods& authMethodsConfig =
1462 persistent_data::SessionStore::getInstance().getAuthMethodsConfig();
1463
1464 nlohmann::json& json = asyncResp->res.jsonValue;
1465 json["@odata.id"] = "/redfish/v1/AccountService";
1466 json["@odata.type"] = "#AccountService."
1467 "v1_10_0.AccountService";
1468 json["Id"] = "AccountService";
1469 json["Name"] = "Account Service";
1470 json["Description"] = "Account Service";
1471 json["ServiceEnabled"] = true;
1472 json["MaxPasswordLength"] = 20;
1473 json["Accounts"]["@odata.id"] = "/redfish/v1/AccountService/Accounts";
1474 json["Roles"]["@odata.id"] = "/redfish/v1/AccountService/Roles";
1475 json["Oem"]["OpenBMC"]["@odata.type"] =
Ed Tanous5b5574a2022-09-26 19:53:36 -07001476 "#OpenBMCAccountService.v1_0_0.AccountService";
Ed Tanous1ef4c342022-05-12 16:12:36 -07001477 json["Oem"]["OpenBMC"]["@odata.id"] =
1478 "/redfish/v1/AccountService#/Oem/OpenBMC";
1479 json["Oem"]["OpenBMC"]["AuthMethods"]["BasicAuth"] =
1480 authMethodsConfig.basic;
1481 json["Oem"]["OpenBMC"]["AuthMethods"]["SessionToken"] =
1482 authMethodsConfig.sessionToken;
1483 json["Oem"]["OpenBMC"]["AuthMethods"]["XToken"] = authMethodsConfig.xtoken;
1484 json["Oem"]["OpenBMC"]["AuthMethods"]["Cookie"] = authMethodsConfig.cookie;
1485 json["Oem"]["OpenBMC"]["AuthMethods"]["TLS"] = authMethodsConfig.tls;
1486
1487 // /redfish/v1/AccountService/LDAP/Certificates is something only
1488 // ConfigureManager can access then only display when the user has
1489 // permissions ConfigureManager
1490 Privileges effectiveUserPrivileges =
Ninad Palsule3e72c202023-03-27 17:19:55 -05001491 redfish::getUserPrivileges(*req.session);
Ed Tanous1ef4c342022-05-12 16:12:36 -07001492
1493 if (isOperationAllowedWithPrivileges({{"ConfigureManager"}},
1494 effectiveUserPrivileges))
1495 {
1496 asyncResp->res.jsonValue["LDAP"]["Certificates"]["@odata.id"] =
1497 "/redfish/v1/AccountService/LDAP/Certificates";
1498 }
Krzysztof Grobelnyd1bde9e2022-09-07 10:40:51 +02001499 sdbusplus::asio::getAllProperties(
1500 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
1501 "/xyz/openbmc_project/user", "xyz.openbmc_project.User.AccountPolicy",
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08001502 [asyncResp](const boost::system::error_code& ec,
Ed Tanous1ef4c342022-05-12 16:12:36 -07001503 const dbus::utility::DBusPropertiesMap& propertiesList) {
1504 if (ec)
1505 {
1506 messages::internalError(asyncResp->res);
1507 return;
1508 }
Krzysztof Grobelnyd1bde9e2022-09-07 10:40:51 +02001509
Ed Tanous62598e32023-07-17 17:06:25 -07001510 BMCWEB_LOG_DEBUG("Got {}properties for AccountService",
1511 propertiesList.size());
Krzysztof Grobelnyd1bde9e2022-09-07 10:40:51 +02001512
1513 const uint8_t* minPasswordLength = nullptr;
1514 const uint32_t* accountUnlockTimeout = nullptr;
1515 const uint16_t* maxLoginAttemptBeforeLockout = nullptr;
1516
1517 const bool success = sdbusplus::unpackPropertiesNoThrow(
1518 dbus_utils::UnpackErrorPrinter(), propertiesList,
1519 "MinPasswordLength", minPasswordLength, "AccountUnlockTimeout",
1520 accountUnlockTimeout, "MaxLoginAttemptBeforeLockout",
1521 maxLoginAttemptBeforeLockout);
1522
1523 if (!success)
Ed Tanous1ef4c342022-05-12 16:12:36 -07001524 {
Krzysztof Grobelnyd1bde9e2022-09-07 10:40:51 +02001525 messages::internalError(asyncResp->res);
1526 return;
Ed Tanous1ef4c342022-05-12 16:12:36 -07001527 }
Krzysztof Grobelnyd1bde9e2022-09-07 10:40:51 +02001528
1529 if (minPasswordLength != nullptr)
1530 {
1531 asyncResp->res.jsonValue["MinPasswordLength"] = *minPasswordLength;
1532 }
1533
1534 if (accountUnlockTimeout != nullptr)
1535 {
1536 asyncResp->res.jsonValue["AccountLockoutDuration"] =
1537 *accountUnlockTimeout;
1538 }
1539
1540 if (maxLoginAttemptBeforeLockout != nullptr)
1541 {
1542 asyncResp->res.jsonValue["AccountLockoutThreshold"] =
1543 *maxLoginAttemptBeforeLockout;
1544 }
1545 });
Ed Tanous1ef4c342022-05-12 16:12:36 -07001546
Ed Tanous02cad962022-06-30 16:50:15 -07001547 auto callback = [asyncResp](bool success, const LDAPConfigData& confData,
Ed Tanous1ef4c342022-05-12 16:12:36 -07001548 const std::string& ldapType) {
1549 if (!success)
1550 {
1551 return;
1552 }
1553 parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType);
1554 };
1555
1556 getLDAPConfigData("LDAP", callback);
1557 getLDAPConfigData("ActiveDirectory", callback);
1558}
1559
1560inline void handleAccountServicePatch(
1561 App& app, const crow::Request& req,
1562 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
1563{
1564 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1565 {
1566 return;
1567 }
1568 std::optional<uint32_t> unlockTimeout;
1569 std::optional<uint16_t> lockoutThreshold;
1570 std::optional<uint8_t> minPasswordLength;
1571 std::optional<uint16_t> maxPasswordLength;
1572 std::optional<nlohmann::json> ldapObject;
1573 std::optional<nlohmann::json> activeDirectoryObject;
1574 std::optional<nlohmann::json> oemObject;
1575
1576 if (!json_util::readJsonPatch(
1577 req, asyncResp->res, "AccountLockoutDuration", unlockTimeout,
1578 "AccountLockoutThreshold", lockoutThreshold, "MaxPasswordLength",
1579 maxPasswordLength, "MinPasswordLength", minPasswordLength, "LDAP",
1580 ldapObject, "ActiveDirectory", activeDirectoryObject, "Oem",
1581 oemObject))
1582 {
1583 return;
1584 }
1585
1586 if (minPasswordLength)
1587 {
George Liu9ae226f2023-06-21 17:56:46 +08001588 sdbusplus::asio::setProperty(
1589 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
1590 "/xyz/openbmc_project/user",
1591 "xyz.openbmc_project.User.AccountPolicy", "MinPasswordLength",
1592 *minPasswordLength,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08001593 [asyncResp](const boost::system::error_code& ec) {
Ed Tanous1ef4c342022-05-12 16:12:36 -07001594 if (ec)
1595 {
1596 messages::internalError(asyncResp->res);
1597 return;
1598 }
1599 messages::success(asyncResp->res);
George Liu9ae226f2023-06-21 17:56:46 +08001600 });
Ed Tanous1ef4c342022-05-12 16:12:36 -07001601 }
1602
1603 if (maxPasswordLength)
1604 {
1605 messages::propertyNotWritable(asyncResp->res, "MaxPasswordLength");
1606 }
1607
1608 if (ldapObject)
1609 {
1610 handleLDAPPatch(*ldapObject, asyncResp, "LDAP");
1611 }
1612
1613 if (std::optional<nlohmann::json> oemOpenBMCObject;
1614 oemObject && json_util::readJson(*oemObject, asyncResp->res, "OpenBMC",
1615 oemOpenBMCObject))
1616 {
1617 if (std::optional<nlohmann::json> authMethodsObject;
1618 oemOpenBMCObject &&
1619 json_util::readJson(*oemOpenBMCObject, asyncResp->res,
1620 "AuthMethods", authMethodsObject))
1621 {
1622 if (authMethodsObject)
1623 {
1624 handleAuthMethodsPatch(*authMethodsObject, asyncResp);
1625 }
1626 }
1627 }
1628
1629 if (activeDirectoryObject)
1630 {
1631 handleLDAPPatch(*activeDirectoryObject, asyncResp, "ActiveDirectory");
1632 }
1633
1634 if (unlockTimeout)
1635 {
George Liu9ae226f2023-06-21 17:56:46 +08001636 sdbusplus::asio::setProperty(
1637 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
1638 "/xyz/openbmc_project/user",
Ed Tanous1ef4c342022-05-12 16:12:36 -07001639 "xyz.openbmc_project.User.AccountPolicy", "AccountUnlockTimeout",
George Liu9ae226f2023-06-21 17:56:46 +08001640 *unlockTimeout, [asyncResp](const boost::system::error_code& ec) {
1641 if (ec)
1642 {
1643 messages::internalError(asyncResp->res);
1644 return;
1645 }
1646 messages::success(asyncResp->res);
1647 });
Ed Tanous1ef4c342022-05-12 16:12:36 -07001648 }
1649 if (lockoutThreshold)
1650 {
George Liu9ae226f2023-06-21 17:56:46 +08001651 sdbusplus::asio::setProperty(
1652 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
1653 "/xyz/openbmc_project/user",
1654 "xyz.openbmc_project.User.AccountPolicy",
1655 "MaxLoginAttemptBeforeLockout", *lockoutThreshold,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08001656 [asyncResp](const boost::system::error_code& ec) {
Ed Tanous1ef4c342022-05-12 16:12:36 -07001657 if (ec)
1658 {
1659 messages::internalError(asyncResp->res);
1660 return;
1661 }
1662 messages::success(asyncResp->res);
George Liu9ae226f2023-06-21 17:56:46 +08001663 });
Ed Tanous1ef4c342022-05-12 16:12:36 -07001664 }
1665}
1666
Ed Tanous4c7d4d32022-07-07 15:29:35 -07001667inline void handleAccountCollectionHead(
Ed Tanous1ef4c342022-05-12 16:12:36 -07001668 App& app, const crow::Request& req,
1669 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
1670{
1671 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1672 {
1673 return;
1674 }
Ed Tanous4c7d4d32022-07-07 15:29:35 -07001675 asyncResp->res.addHeader(
1676 boost::beast::http::field::link,
1677 "</redfish/v1/JsonSchemas/ManagerAccountCollection.json>; rel=describedby");
1678}
1679
1680inline void handleAccountCollectionGet(
1681 App& app, const crow::Request& req,
1682 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
1683{
Jiaqing Zhaoafd369c2023-03-07 15:12:22 +08001684 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1685 {
1686 return;
1687 }
Ninad Palsule3e72c202023-03-27 17:19:55 -05001688
1689 if (req.session == nullptr)
1690 {
1691 messages::internalError(asyncResp->res);
1692 return;
1693 }
1694
Jiaqing Zhaoafd369c2023-03-07 15:12:22 +08001695 asyncResp->res.addHeader(
1696 boost::beast::http::field::link,
1697 "</redfish/v1/JsonSchemas/ManagerAccountCollection.json>; rel=describedby");
Ed Tanous1ef4c342022-05-12 16:12:36 -07001698
1699 asyncResp->res.jsonValue["@odata.id"] =
1700 "/redfish/v1/AccountService/Accounts";
1701 asyncResp->res.jsonValue["@odata.type"] = "#ManagerAccountCollection."
1702 "ManagerAccountCollection";
1703 asyncResp->res.jsonValue["Name"] = "Accounts Collection";
1704 asyncResp->res.jsonValue["Description"] = "BMC User Accounts";
1705
1706 Privileges effectiveUserPrivileges =
Ninad Palsule3e72c202023-03-27 17:19:55 -05001707 redfish::getUserPrivileges(*req.session);
Ed Tanous1ef4c342022-05-12 16:12:36 -07001708
1709 std::string thisUser;
1710 if (req.session)
1711 {
1712 thisUser = req.session->username;
1713 }
George Liu5eb468d2023-06-20 17:03:24 +08001714 sdbusplus::message::object_path path("/xyz/openbmc_project/user");
1715 dbus::utility::getManagedObjects(
1716 "xyz.openbmc_project.User.Manager", path,
Ed Tanous1ef4c342022-05-12 16:12:36 -07001717 [asyncResp, thisUser, effectiveUserPrivileges](
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08001718 const boost::system::error_code& ec,
Ed Tanous1ef4c342022-05-12 16:12:36 -07001719 const dbus::utility::ManagedObjectType& users) {
1720 if (ec)
1721 {
1722 messages::internalError(asyncResp->res);
1723 return;
1724 }
1725
1726 bool userCanSeeAllAccounts =
1727 effectiveUserPrivileges.isSupersetOf({"ConfigureUsers"});
1728
1729 bool userCanSeeSelf =
1730 effectiveUserPrivileges.isSupersetOf({"ConfigureSelf"});
1731
1732 nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
1733 memberArray = nlohmann::json::array();
1734
1735 for (const auto& userpath : users)
1736 {
1737 std::string user = userpath.first.filename();
1738 if (user.empty())
1739 {
1740 messages::internalError(asyncResp->res);
Ed Tanous62598e32023-07-17 17:06:25 -07001741 BMCWEB_LOG_ERROR("Invalid firmware ID");
Ed Tanous1ef4c342022-05-12 16:12:36 -07001742
1743 return;
1744 }
1745
1746 // As clarified by Redfish here:
1747 // https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration
1748 // Users without ConfigureUsers, only see their own
1749 // account. Users with ConfigureUsers, see all
1750 // accounts.
1751 if (userCanSeeAllAccounts || (thisUser == user && userCanSeeSelf))
1752 {
1753 nlohmann::json::object_t member;
Ed Tanous3b327802023-08-14 09:23:43 -07001754 member["@odata.id"] = boost::urls::format(
1755 "/redfish/v1/AccountService/Accounts/{}", user);
Patrick Williamsb2ba3072023-05-12 10:27:39 -05001756 memberArray.emplace_back(std::move(member));
Ed Tanous1ef4c342022-05-12 16:12:36 -07001757 }
1758 }
1759 asyncResp->res.jsonValue["Members@odata.count"] = memberArray.size();
George Liu5eb468d2023-06-20 17:03:24 +08001760 });
Ed Tanous1ef4c342022-05-12 16:12:36 -07001761}
1762
Ninad Palsule97e90da2023-05-17 14:04:52 -05001763inline void processAfterCreateUser(
1764 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1765 const std::string& username, const std::string& password,
1766 const boost::system::error_code& ec, sdbusplus::message_t& m)
1767{
1768 if (ec)
1769 {
1770 userErrorMessageHandler(m.get_error(), asyncResp, username, "");
1771 return;
1772 }
1773
1774 if (pamUpdatePassword(username, password) != PAM_SUCCESS)
1775 {
1776 // At this point we have a user that's been
1777 // created, but the password set
1778 // failed.Something is wrong, so delete the user
1779 // that we've already created
1780 sdbusplus::message::object_path tempObjPath(rootUserDbusPath);
1781 tempObjPath /= username;
1782 const std::string userPath(tempObjPath);
1783
1784 crow::connections::systemBus->async_method_call(
1785 [asyncResp, password](const boost::system::error_code& ec3) {
1786 if (ec3)
1787 {
1788 messages::internalError(asyncResp->res);
1789 return;
1790 }
1791
1792 // If password is invalid
Jason M. Bills9bd80832023-08-30 15:19:41 -07001793 messages::propertyValueFormatError(asyncResp->res, nullptr,
Ninad Palsule97e90da2023-05-17 14:04:52 -05001794 "Password");
1795 },
1796 "xyz.openbmc_project.User.Manager", userPath,
1797 "xyz.openbmc_project.Object.Delete", "Delete");
1798
Ed Tanous62598e32023-07-17 17:06:25 -07001799 BMCWEB_LOG_ERROR("pamUpdatePassword Failed");
Ninad Palsule97e90da2023-05-17 14:04:52 -05001800 return;
1801 }
1802
1803 messages::created(asyncResp->res);
1804 asyncResp->res.addHeader("Location",
1805 "/redfish/v1/AccountService/Accounts/" + username);
1806}
1807
1808inline void processAfterGetAllGroups(
1809 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1810 const std::string& username, const std::string& password,
Ed Tanouse01d0c32023-06-30 13:21:32 -07001811 const std::string& roleId, bool enabled,
Ninad Palsule9ba73932023-06-01 16:38:57 -05001812 std::optional<std::vector<std::string>> accountTypes,
Ninad Palsule97e90da2023-05-17 14:04:52 -05001813 const std::vector<std::string>& allGroupsList)
Ninad Palsule97e90da2023-05-17 14:04:52 -05001814{
Ninad Palsule3e72c202023-03-27 17:19:55 -05001815 std::vector<std::string> userGroups;
Ninad Palsule9ba73932023-06-01 16:38:57 -05001816 std::vector<std::string> accountTypeUserGroups;
1817
1818 // If user specified account types then convert them to unix user groups
1819 if (accountTypes)
1820 {
1821 if (!getUserGroupFromAccountType(asyncResp->res, *accountTypes,
1822 accountTypeUserGroups))
1823 {
1824 // Problem in mapping Account Types to User Groups, Error already
1825 // logged.
1826 return;
1827 }
1828 }
1829
Ninad Palsule3e72c202023-03-27 17:19:55 -05001830 for (const auto& grp : allGroupsList)
1831 {
Ninad Palsule9ba73932023-06-01 16:38:57 -05001832 // If user specified the account type then only accept groups which are
1833 // in the account types group list.
1834 if (!accountTypeUserGroups.empty())
1835 {
1836 bool found = false;
1837 for (const auto& grp1 : accountTypeUserGroups)
1838 {
1839 if (grp == grp1)
1840 {
1841 found = true;
1842 break;
1843 }
1844 }
1845 if (!found)
1846 {
1847 continue;
1848 }
1849 }
1850
Ninad Palsule3e72c202023-03-27 17:19:55 -05001851 // Console access is provided to the user who is a member of
1852 // hostconsole group and has a administrator role. So, set
1853 // hostconsole group only for the administrator.
Ninad Palsule9ba73932023-06-01 16:38:57 -05001854 if ((grp == "hostconsole") && (roleId != "priv-admin"))
Ninad Palsule3e72c202023-03-27 17:19:55 -05001855 {
Ninad Palsule9ba73932023-06-01 16:38:57 -05001856 if (!accountTypeUserGroups.empty())
1857 {
Ed Tanous62598e32023-07-17 17:06:25 -07001858 BMCWEB_LOG_ERROR(
1859 "Only administrator can get HostConsole access");
Ninad Palsule9ba73932023-06-01 16:38:57 -05001860 asyncResp->res.result(boost::beast::http::status::bad_request);
1861 return;
1862 }
1863 continue;
Ninad Palsule3e72c202023-03-27 17:19:55 -05001864 }
Ninad Palsule9ba73932023-06-01 16:38:57 -05001865 userGroups.emplace_back(grp);
1866 }
1867
1868 // Make sure user specified groups are valid. This is internal error because
1869 // it some inconsistencies between user manager and bmcweb.
1870 if (!accountTypeUserGroups.empty() &&
1871 accountTypeUserGroups.size() != userGroups.size())
1872 {
1873 messages::internalError(asyncResp->res);
1874 return;
Ninad Palsule3e72c202023-03-27 17:19:55 -05001875 }
Ninad Palsule97e90da2023-05-17 14:04:52 -05001876 crow::connections::systemBus->async_method_call(
1877 [asyncResp, username, password](const boost::system::error_code& ec2,
1878 sdbusplus::message_t& m) {
1879 processAfterCreateUser(asyncResp, username, password, ec2, m);
1880 },
1881 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
Ninad Palsule3e72c202023-03-27 17:19:55 -05001882 "xyz.openbmc_project.User.Manager", "CreateUser", username, userGroups,
Ed Tanouse01d0c32023-06-30 13:21:32 -07001883 roleId, enabled);
Ninad Palsule97e90da2023-05-17 14:04:52 -05001884}
1885
Ed Tanous1ef4c342022-05-12 16:12:36 -07001886inline void handleAccountCollectionPost(
1887 App& app, const crow::Request& req,
1888 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp)
1889{
1890 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1891 {
1892 return;
1893 }
1894 std::string username;
1895 std::string password;
Ed Tanouse01d0c32023-06-30 13:21:32 -07001896 std::optional<std::string> roleIdJson;
1897 std::optional<bool> enabledJson;
Ninad Palsule9ba73932023-06-01 16:38:57 -05001898 std::optional<std::vector<std::string>> accountTypes;
Ed Tanouse01d0c32023-06-30 13:21:32 -07001899 if (!json_util::readJsonPatch(req, asyncResp->res, "UserName", username,
1900 "Password", password, "RoleId", roleIdJson,
1901 "Enabled", enabledJson, "AccountTypes",
1902 accountTypes))
Ed Tanous1ef4c342022-05-12 16:12:36 -07001903 {
1904 return;
1905 }
1906
Ed Tanouse01d0c32023-06-30 13:21:32 -07001907 std::string roleId = roleIdJson.value_or("User");
1908 std::string priv = getPrivilegeFromRoleId(roleId);
Ed Tanous1ef4c342022-05-12 16:12:36 -07001909 if (priv.empty())
1910 {
Ed Tanouse01d0c32023-06-30 13:21:32 -07001911 messages::propertyValueNotInList(asyncResp->res, roleId, "RoleId");
Ed Tanous1ef4c342022-05-12 16:12:36 -07001912 return;
1913 }
Asmitha Karunanithi239adf82022-03-25 02:59:03 -05001914 roleId = priv;
Ed Tanous1ef4c342022-05-12 16:12:36 -07001915
Ed Tanouse01d0c32023-06-30 13:21:32 -07001916 bool enabled = enabledJson.value_or(true);
1917
Ed Tanous1ef4c342022-05-12 16:12:36 -07001918 // Reading AllGroups property
1919 sdbusplus::asio::getProperty<std::vector<std::string>>(
1920 *crow::connections::systemBus, "xyz.openbmc_project.User.Manager",
1921 "/xyz/openbmc_project/user", "xyz.openbmc_project.User.Manager",
1922 "AllGroups",
Ninad Palsule9ba73932023-06-01 16:38:57 -05001923 [asyncResp, username, password{std::move(password)}, roleId, enabled,
1924 accountTypes](const boost::system::error_code& ec,
1925 const std::vector<std::string>& allGroupsList) {
Ed Tanous1ef4c342022-05-12 16:12:36 -07001926 if (ec)
1927 {
Ed Tanous62598e32023-07-17 17:06:25 -07001928 BMCWEB_LOG_DEBUG("ERROR with async_method_call");
Ed Tanous1ef4c342022-05-12 16:12:36 -07001929 messages::internalError(asyncResp->res);
1930 return;
1931 }
1932
1933 if (allGroupsList.empty())
1934 {
1935 messages::internalError(asyncResp->res);
1936 return;
1937 }
1938
Ninad Palsule97e90da2023-05-17 14:04:52 -05001939 processAfterGetAllGroups(asyncResp, username, password, roleId, enabled,
Ninad Palsule9ba73932023-06-01 16:38:57 -05001940 accountTypes, allGroupsList);
Ed Tanous1ef4c342022-05-12 16:12:36 -07001941 });
1942}
1943
1944inline void
Ed Tanous4c7d4d32022-07-07 15:29:35 -07001945 handleAccountHead(App& app, const crow::Request& req,
1946 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1947 const std::string& /*accountName*/)
Ed Tanous1ef4c342022-05-12 16:12:36 -07001948{
1949 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1950 {
1951 return;
1952 }
Ed Tanous4c7d4d32022-07-07 15:29:35 -07001953 asyncResp->res.addHeader(
1954 boost::beast::http::field::link,
1955 "</redfish/v1/JsonSchemas/ManagerAccount/ManagerAccount.json>; rel=describedby");
1956}
Jiaqing Zhaoafd369c2023-03-07 15:12:22 +08001957
Ed Tanous4c7d4d32022-07-07 15:29:35 -07001958inline void
1959 handleAccountGet(App& app, const crow::Request& req,
1960 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
1961 const std::string& accountName)
1962{
Jiaqing Zhaoafd369c2023-03-07 15:12:22 +08001963 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1964 {
1965 return;
1966 }
1967 asyncResp->res.addHeader(
1968 boost::beast::http::field::link,
1969 "</redfish/v1/JsonSchemas/ManagerAccount/ManagerAccount.json>; rel=describedby");
1970
Ed Tanous1ef4c342022-05-12 16:12:36 -07001971#ifdef BMCWEB_INSECURE_DISABLE_AUTHENTICATION
1972 // If authentication is disabled, there are no user accounts
Jiaqing Zhaod8a5d5d2022-08-05 16:21:51 +08001973 messages::resourceNotFound(asyncResp->res, "ManagerAccount", accountName);
Ed Tanous1ef4c342022-05-12 16:12:36 -07001974 return;
Ed Tanous1ef4c342022-05-12 16:12:36 -07001975#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION
Jiaqing Zhaoafd369c2023-03-07 15:12:22 +08001976
Ed Tanous1ef4c342022-05-12 16:12:36 -07001977 if (req.session == nullptr)
1978 {
1979 messages::internalError(asyncResp->res);
1980 return;
1981 }
1982 if (req.session->username != accountName)
1983 {
1984 // At this point we've determined that the user is trying to
1985 // modify a user that isn't them. We need to verify that they
1986 // have permissions to modify other users, so re-run the auth
1987 // check with the same permissions, minus ConfigureSelf.
1988 Privileges effectiveUserPrivileges =
Ninad Palsule3e72c202023-03-27 17:19:55 -05001989 redfish::getUserPrivileges(*req.session);
Ed Tanous1ef4c342022-05-12 16:12:36 -07001990 Privileges requiredPermissionsToChangeNonSelf = {"ConfigureUsers",
1991 "ConfigureManager"};
1992 if (!effectiveUserPrivileges.isSupersetOf(
1993 requiredPermissionsToChangeNonSelf))
1994 {
Ed Tanous62598e32023-07-17 17:06:25 -07001995 BMCWEB_LOG_DEBUG("GET Account denied access");
Ed Tanous1ef4c342022-05-12 16:12:36 -07001996 messages::insufficientPrivilege(asyncResp->res);
1997 return;
1998 }
1999 }
2000
George Liu5eb468d2023-06-20 17:03:24 +08002001 sdbusplus::message::object_path path("/xyz/openbmc_project/user");
2002 dbus::utility::getManagedObjects(
2003 "xyz.openbmc_project.User.Manager", path,
Ed Tanous1ef4c342022-05-12 16:12:36 -07002004 [asyncResp,
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08002005 accountName](const boost::system::error_code& ec,
Ed Tanous1ef4c342022-05-12 16:12:36 -07002006 const dbus::utility::ManagedObjectType& users) {
2007 if (ec)
2008 {
2009 messages::internalError(asyncResp->res);
2010 return;
2011 }
Ed Tanous3544d2a2023-08-06 18:12:20 -07002012 const auto userIt = std::ranges::find_if(
Michael Shen80f79a42023-08-24 13:41:53 +00002013 users,
2014 [accountName](
2015 const std::pair<sdbusplus::message::object_path,
2016 dbus::utility::DBusInterfacesMap>& user) {
2017 return accountName == user.first.filename();
Ed Tanous1ef4c342022-05-12 16:12:36 -07002018 });
2019
2020 if (userIt == users.end())
2021 {
2022 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
2023 accountName);
2024 return;
2025 }
2026
2027 asyncResp->res.jsonValue["@odata.type"] =
Abhishek Patel58345852022-02-02 08:54:25 -06002028 "#ManagerAccount.v1_7_0.ManagerAccount";
Ed Tanous1ef4c342022-05-12 16:12:36 -07002029 asyncResp->res.jsonValue["Name"] = "User Account";
2030 asyncResp->res.jsonValue["Description"] = "User Account";
2031 asyncResp->res.jsonValue["Password"] = nullptr;
Abhishek Patel58345852022-02-02 08:54:25 -06002032 asyncResp->res.jsonValue["StrictAccountTypes"] = true;
Ed Tanous1ef4c342022-05-12 16:12:36 -07002033
2034 for (const auto& interface : userIt->second)
2035 {
2036 if (interface.first == "xyz.openbmc_project.User.Attributes")
2037 {
2038 for (const auto& property : interface.second)
2039 {
2040 if (property.first == "UserEnabled")
2041 {
2042 const bool* userEnabled =
2043 std::get_if<bool>(&property.second);
2044 if (userEnabled == nullptr)
2045 {
Ed Tanous62598e32023-07-17 17:06:25 -07002046 BMCWEB_LOG_ERROR("UserEnabled wasn't a bool");
Ed Tanous1ef4c342022-05-12 16:12:36 -07002047 messages::internalError(asyncResp->res);
2048 return;
2049 }
2050 asyncResp->res.jsonValue["Enabled"] = *userEnabled;
2051 }
2052 else if (property.first == "UserLockedForFailedAttempt")
2053 {
2054 const bool* userLocked =
2055 std::get_if<bool>(&property.second);
2056 if (userLocked == nullptr)
2057 {
Ed Tanous62598e32023-07-17 17:06:25 -07002058 BMCWEB_LOG_ERROR("UserLockedForF"
2059 "ailedAttempt "
2060 "wasn't a bool");
Ed Tanous1ef4c342022-05-12 16:12:36 -07002061 messages::internalError(asyncResp->res);
2062 return;
2063 }
2064 asyncResp->res.jsonValue["Locked"] = *userLocked;
2065 asyncResp->res
2066 .jsonValue["Locked@Redfish.AllowableValues"] = {
2067 "false"}; // can only unlock accounts
2068 }
2069 else if (property.first == "UserPrivilege")
2070 {
2071 const std::string* userPrivPtr =
2072 std::get_if<std::string>(&property.second);
2073 if (userPrivPtr == nullptr)
2074 {
Ed Tanous62598e32023-07-17 17:06:25 -07002075 BMCWEB_LOG_ERROR("UserPrivilege wasn't a "
2076 "string");
Ed Tanous1ef4c342022-05-12 16:12:36 -07002077 messages::internalError(asyncResp->res);
2078 return;
2079 }
2080 std::string role = getRoleIdFromPrivilege(*userPrivPtr);
2081 if (role.empty())
2082 {
Ed Tanous62598e32023-07-17 17:06:25 -07002083 BMCWEB_LOG_ERROR("Invalid user role");
Ed Tanous1ef4c342022-05-12 16:12:36 -07002084 messages::internalError(asyncResp->res);
2085 return;
2086 }
2087 asyncResp->res.jsonValue["RoleId"] = role;
2088
2089 nlohmann::json& roleEntry =
2090 asyncResp->res.jsonValue["Links"]["Role"];
Ed Tanous3b327802023-08-14 09:23:43 -07002091 roleEntry["@odata.id"] = boost::urls::format(
2092 "/redfish/v1/AccountService/Roles/{}", role);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002093 }
2094 else if (property.first == "UserPasswordExpired")
2095 {
2096 const bool* userPasswordExpired =
2097 std::get_if<bool>(&property.second);
2098 if (userPasswordExpired == nullptr)
2099 {
Ed Tanous62598e32023-07-17 17:06:25 -07002100 BMCWEB_LOG_ERROR(
2101 "UserPasswordExpired wasn't a bool");
Ed Tanous1ef4c342022-05-12 16:12:36 -07002102 messages::internalError(asyncResp->res);
2103 return;
2104 }
2105 asyncResp->res.jsonValue["PasswordChangeRequired"] =
2106 *userPasswordExpired;
2107 }
Abhishek Patelc7229812022-02-01 10:07:15 -06002108 else if (property.first == "UserGroups")
2109 {
2110 const std::vector<std::string>* userGroups =
2111 std::get_if<std::vector<std::string>>(
2112 &property.second);
2113 if (userGroups == nullptr)
2114 {
Ed Tanous62598e32023-07-17 17:06:25 -07002115 BMCWEB_LOG_ERROR(
2116 "userGroups wasn't a string vector");
Abhishek Patelc7229812022-02-01 10:07:15 -06002117 messages::internalError(asyncResp->res);
2118 return;
2119 }
2120 if (!translateUserGroup(*userGroups, asyncResp->res))
2121 {
Ed Tanous62598e32023-07-17 17:06:25 -07002122 BMCWEB_LOG_ERROR("userGroups mapping failed");
Abhishek Patelc7229812022-02-01 10:07:15 -06002123 messages::internalError(asyncResp->res);
2124 return;
2125 }
2126 }
Ed Tanous1ef4c342022-05-12 16:12:36 -07002127 }
2128 }
2129 }
2130
Ed Tanous3b327802023-08-14 09:23:43 -07002131 asyncResp->res.jsonValue["@odata.id"] = boost::urls::format(
2132 "/redfish/v1/AccountService/Accounts/{}", accountName);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002133 asyncResp->res.jsonValue["Id"] = accountName;
2134 asyncResp->res.jsonValue["UserName"] = accountName;
George Liu5eb468d2023-06-20 17:03:24 +08002135 });
Ed Tanous1ef4c342022-05-12 16:12:36 -07002136}
2137
2138inline void
Gunnar Mills20fc3072023-01-27 15:13:36 -06002139 handleAccountDelete(App& app, const crow::Request& req,
2140 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
2141 const std::string& username)
Ed Tanous1ef4c342022-05-12 16:12:36 -07002142{
2143 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
2144 {
2145 return;
2146 }
2147
2148#ifdef BMCWEB_INSECURE_DISABLE_AUTHENTICATION
2149 // If authentication is disabled, there are no user accounts
Jiaqing Zhaod8a5d5d2022-08-05 16:21:51 +08002150 messages::resourceNotFound(asyncResp->res, "ManagerAccount", username);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002151 return;
2152
2153#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION
2154 sdbusplus::message::object_path tempObjPath(rootUserDbusPath);
2155 tempObjPath /= username;
2156 const std::string userPath(tempObjPath);
2157
2158 crow::connections::systemBus->async_method_call(
Ed Tanous5e7e2dc2023-02-16 10:37:01 -08002159 [asyncResp, username](const boost::system::error_code& ec) {
Ed Tanous1ef4c342022-05-12 16:12:36 -07002160 if (ec)
2161 {
Jiaqing Zhaod8a5d5d2022-08-05 16:21:51 +08002162 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
Ed Tanous1ef4c342022-05-12 16:12:36 -07002163 username);
2164 return;
2165 }
2166
2167 messages::accountRemoved(asyncResp->res);
2168 },
2169 "xyz.openbmc_project.User.Manager", userPath,
2170 "xyz.openbmc_project.Object.Delete", "Delete");
2171}
2172
2173inline void
2174 handleAccountPatch(App& app, const crow::Request& req,
2175 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp,
2176 const std::string& username)
2177{
2178 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
2179 {
2180 return;
2181 }
2182#ifdef BMCWEB_INSECURE_DISABLE_AUTHENTICATION
2183 // If authentication is disabled, there are no user accounts
Jiaqing Zhaod8a5d5d2022-08-05 16:21:51 +08002184 messages::resourceNotFound(asyncResp->res, "ManagerAccount", username);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002185 return;
2186
2187#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION
2188 std::optional<std::string> newUserName;
2189 std::optional<std::string> password;
2190 std::optional<bool> enabled;
2191 std::optional<std::string> roleId;
2192 std::optional<bool> locked;
Abhishek Patel58345852022-02-02 08:54:25 -06002193 std::optional<std::vector<std::string>> accountTypes;
2194
2195 bool userSelf = (username == req.session->username);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002196
2197 if (req.session == nullptr)
2198 {
2199 messages::internalError(asyncResp->res);
2200 return;
2201 }
2202
2203 Privileges effectiveUserPrivileges =
Ninad Palsule3e72c202023-03-27 17:19:55 -05002204 redfish::getUserPrivileges(*req.session);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002205 Privileges configureUsers = {"ConfigureUsers"};
2206 bool userHasConfigureUsers =
2207 effectiveUserPrivileges.isSupersetOf(configureUsers);
2208 if (userHasConfigureUsers)
2209 {
2210 // Users with ConfigureUsers can modify for all users
Abhishek Patel58345852022-02-02 08:54:25 -06002211 if (!json_util::readJsonPatch(
2212 req, asyncResp->res, "UserName", newUserName, "Password",
2213 password, "RoleId", roleId, "Enabled", enabled, "Locked",
2214 locked, "AccountTypes", accountTypes))
Ed Tanous1ef4c342022-05-12 16:12:36 -07002215 {
2216 return;
2217 }
2218 }
2219 else
2220 {
2221 // ConfigureSelf accounts can only modify their own account
Abhishek Patel58345852022-02-02 08:54:25 -06002222 if (!userSelf)
Ed Tanous1ef4c342022-05-12 16:12:36 -07002223 {
2224 messages::insufficientPrivilege(asyncResp->res);
2225 return;
2226 }
2227
2228 // ConfigureSelf accounts can only modify their password
2229 if (!json_util::readJsonPatch(req, asyncResp->res, "Password",
2230 password))
2231 {
2232 return;
2233 }
2234 }
2235
2236 // if user name is not provided in the patch method or if it
2237 // matches the user name in the URI, then we are treating it as
2238 // updating user properties other then username. If username
2239 // provided doesn't match the URI, then we are treating this as
2240 // user rename request.
2241 if (!newUserName || (newUserName.value() == username))
2242 {
2243 updateUserProperties(asyncResp, username, password, enabled, roleId,
Abhishek Patel58345852022-02-02 08:54:25 -06002244 locked, accountTypes, userSelf);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002245 return;
2246 }
2247 crow::connections::systemBus->async_method_call(
2248 [asyncResp, username, password(std::move(password)),
2249 roleId(std::move(roleId)), enabled, newUser{std::string(*newUserName)},
Abhishek Patel58345852022-02-02 08:54:25 -06002250 locked, userSelf, accountTypes(std::move(accountTypes))](
Ed Tanouse81de512023-06-27 17:07:00 -07002251 const boost::system::error_code& ec, sdbusplus::message_t& m) {
Ed Tanous1ef4c342022-05-12 16:12:36 -07002252 if (ec)
2253 {
2254 userErrorMessageHandler(m.get_error(), asyncResp, newUser,
2255 username);
2256 return;
2257 }
2258
2259 updateUserProperties(asyncResp, newUser, password, enabled, roleId,
Abhishek Patel58345852022-02-02 08:54:25 -06002260 locked, accountTypes, userSelf);
Ed Tanous1ef4c342022-05-12 16:12:36 -07002261 },
2262 "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user",
2263 "xyz.openbmc_project.User.Manager", "RenameUser", username,
2264 *newUserName);
2265}
2266
Ed Tanous6c51eab2021-06-03 12:30:29 -07002267inline void requestAccountServiceRoutes(App& app)
Ed Tanousb9b2e0b2018-09-13 13:47:50 -07002268{
Ed Tanous6c51eab2021-06-03 12:30:29 -07002269 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/")
Ed Tanous4c7d4d32022-07-07 15:29:35 -07002270 .privileges(redfish::privileges::headAccountService)
2271 .methods(boost::beast::http::verb::head)(
2272 std::bind_front(handleAccountServiceHead, std::ref(app)));
2273
2274 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/")
Ed Tanoused398212021-06-09 17:05:54 -07002275 .privileges(redfish::privileges::getAccountService)
Ed Tanous002d39b2022-05-31 08:59:27 -07002276 .methods(boost::beast::http::verb::get)(
Ed Tanous1ef4c342022-05-12 16:12:36 -07002277 std::bind_front(handleAccountServiceGet, std::ref(app)));
Ed Tanous6c51eab2021-06-03 12:30:29 -07002278
Ed Tanousf5ffd802021-07-19 10:55:33 -07002279 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/")
Gunnar Mills1ec43ee2022-01-04 15:39:52 -06002280 .privileges(redfish::privileges::patchAccountService)
Ed Tanousf5ffd802021-07-19 10:55:33 -07002281 .methods(boost::beast::http::verb::patch)(
Ed Tanous1ef4c342022-05-12 16:12:36 -07002282 std::bind_front(handleAccountServicePatch, std::ref(app)));
Ed Tanousf5ffd802021-07-19 10:55:33 -07002283
Ed Tanous6c51eab2021-06-03 12:30:29 -07002284 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/")
Ed Tanous4c7d4d32022-07-07 15:29:35 -07002285 .privileges(redfish::privileges::headManagerAccountCollection)
2286 .methods(boost::beast::http::verb::head)(
2287 std::bind_front(handleAccountCollectionHead, std::ref(app)));
2288
2289 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/")
Ed Tanoused398212021-06-09 17:05:54 -07002290 .privileges(redfish::privileges::getManagerAccountCollection)
Ed Tanous6c51eab2021-06-03 12:30:29 -07002291 .methods(boost::beast::http::verb::get)(
Ed Tanous1ef4c342022-05-12 16:12:36 -07002292 std::bind_front(handleAccountCollectionGet, std::ref(app)));
Ed Tanous06e086d2018-09-19 17:19:52 -07002293
Ed Tanous6c51eab2021-06-03 12:30:29 -07002294 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/")
Ed Tanoused398212021-06-09 17:05:54 -07002295 .privileges(redfish::privileges::postManagerAccountCollection)
Ed Tanous002d39b2022-05-31 08:59:27 -07002296 .methods(boost::beast::http::verb::post)(
Ed Tanous1ef4c342022-05-12 16:12:36 -07002297 std::bind_front(handleAccountCollectionPost, std::ref(app)));
Ed Tanous002d39b2022-05-31 08:59:27 -07002298
2299 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
Ed Tanous4c7d4d32022-07-07 15:29:35 -07002300 .privileges(redfish::privileges::headManagerAccount)
2301 .methods(boost::beast::http::verb::head)(
2302 std::bind_front(handleAccountHead, std::ref(app)));
2303
2304 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
Ed Tanous002d39b2022-05-31 08:59:27 -07002305 .privileges(redfish::privileges::getManagerAccount)
2306 .methods(boost::beast::http::verb::get)(
Ed Tanous1ef4c342022-05-12 16:12:36 -07002307 std::bind_front(handleAccountGet, std::ref(app)));
Ed Tanous6c51eab2021-06-03 12:30:29 -07002308
2309 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -07002310 // TODO this privilege should be using the generated endpoints, but
2311 // because of the special handling of ConfigureSelf, it's not able to
2312 // yet
Ed Tanous6c51eab2021-06-03 12:30:29 -07002313 .privileges({{"ConfigureUsers"}, {"ConfigureSelf"}})
2314 .methods(boost::beast::http::verb::patch)(
Ed Tanous1ef4c342022-05-12 16:12:36 -07002315 std::bind_front(handleAccountPatch, std::ref(app)));
Ed Tanous6c51eab2021-06-03 12:30:29 -07002316
2317 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
Ed Tanoused398212021-06-09 17:05:54 -07002318 .privileges(redfish::privileges::deleteManagerAccount)
Ed Tanous6c51eab2021-06-03 12:30:29 -07002319 .methods(boost::beast::http::verb::delete_)(
Gunnar Mills20fc3072023-01-27 15:13:36 -06002320 std::bind_front(handleAccountDelete, std::ref(app)));
Ed Tanous6c51eab2021-06-03 12:30:29 -07002321}
Lewanczyk, Dawid88d16c92018-02-02 14:51:09 +01002322
Ed Tanous1abe55e2018-09-05 08:30:59 -07002323} // namespace redfish