Borawski.Lukasz | 86e1b66 | 2018-01-19 14:22:14 +0100 | [diff] [blame] | 1 | /* |
| 2 | // Copyright (c) 2018 Intel Corporation |
| 3 | // |
| 4 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | // you may not use this file except in compliance with the License. |
| 6 | // You may obtain a copy of the License at |
| 7 | // |
| 8 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | // |
| 10 | // Unless required by applicable law or agreed to in writing, software |
| 11 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | // See the License for the specific language governing permissions and |
| 14 | // limitations under the License. |
| 15 | */ |
| 16 | #pragma once |
| 17 | |
Ed Tanous | c94ad49 | 2019-10-10 15:39:33 -0700 | [diff] [blame] | 18 | #include <logging.h> |
Tanous | f00032d | 2018-11-05 01:18:10 -0300 | [diff] [blame] | 19 | |
Tanous | f00032d | 2018-11-05 01:18:10 -0300 | [diff] [blame] | 20 | #include <boost/beast/http/verb.hpp> |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 21 | #include <boost/container/flat_map.hpp> |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 22 | |
| 23 | #include <array> |
| 24 | #include <bitset> |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 25 | #include <cstdint> |
| 26 | #include <vector> |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 27 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 28 | namespace redfish |
| 29 | { |
| 30 | |
| 31 | enum class PrivilegeType |
| 32 | { |
| 33 | BASE, |
| 34 | OEM |
| 35 | }; |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 36 | |
Ed Tanous | a692779 | 2018-03-06 10:01:57 -0800 | [diff] [blame] | 37 | /** @brief A fixed array of compile time privileges */ |
| 38 | constexpr std::array<const char*, 5> basePrivileges{ |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 39 | "Login", "ConfigureManager", "ConfigureComponents", "ConfigureSelf", |
| 40 | "ConfigureUsers"}; |
Borawski.Lukasz | 43a095a | 2018-02-19 15:39:01 +0100 | [diff] [blame] | 41 | |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 42 | constexpr const size_t basePrivilegeCount = basePrivileges.size(); |
Ed Tanous | a692779 | 2018-03-06 10:01:57 -0800 | [diff] [blame] | 43 | |
| 44 | /** @brief Max number of privileges per type */ |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 45 | constexpr const size_t maxPrivilegeCount = 32; |
Ed Tanous | a692779 | 2018-03-06 10:01:57 -0800 | [diff] [blame] | 46 | |
| 47 | /** @brief A vector of all privilege names and their indexes */ |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 48 | static const std::array<std::string, maxPrivilegeCount> privilegeNames{ |
| 49 | "Login", "ConfigureManager", "ConfigureComponents", "ConfigureSelf", |
| 50 | "ConfigureUsers"}; |
Borawski.Lukasz | 43a095a | 2018-02-19 15:39:01 +0100 | [diff] [blame] | 51 | |
Borawski.Lukasz | 86e1b66 | 2018-01-19 14:22:14 +0100 | [diff] [blame] | 52 | /** |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 53 | * @brief Redfish privileges |
| 54 | * |
Joseph Reynolds | 900f949 | 2019-11-25 15:37:29 -0600 | [diff] [blame] | 55 | * This implements a set of Redfish privileges. These directly represent |
| 56 | * user privileges and help represent entity privileges. |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 57 | * |
Ed Tanous | 55c7b7a | 2018-05-22 15:27:24 -0700 | [diff] [blame] | 58 | * Each incoming Connection requires a comparison between privileges held |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 59 | * by the user issuing a request and the target entity's privileges. |
| 60 | * |
| 61 | * To ensure best runtime performance of this comparison, privileges |
| 62 | * are represented as bitsets. Each bit in the bitset corresponds to a |
| 63 | * unique privilege name. |
| 64 | * |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 65 | * A bit is set if the privilege is required (entity domain) or granted |
| 66 | * (user domain) and false otherwise. |
| 67 | * |
Borawski.Lukasz | 86e1b66 | 2018-01-19 14:22:14 +0100 | [diff] [blame] | 68 | */ |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 69 | class Privileges |
| 70 | { |
| 71 | public: |
| 72 | /** |
| 73 | * @brief Constructs object without any privileges active |
| 74 | * |
| 75 | */ |
| 76 | Privileges() = default; |
Borawski.Lukasz | 43a095a | 2018-02-19 15:39:01 +0100 | [diff] [blame] | 77 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 78 | /** |
| 79 | * @brief Constructs object with given privileges active |
| 80 | * |
| 81 | * @param[in] privilegeList List of privileges to be activated |
| 82 | * |
| 83 | */ |
| 84 | Privileges(std::initializer_list<const char*> privilegeList) |
| 85 | { |
| 86 | for (const char* privilege : privilegeList) |
| 87 | { |
| 88 | if (!setSinglePrivilege(privilege)) |
| 89 | { |
| 90 | BMCWEB_LOG_CRITICAL << "Unable to set privilege " << privilege |
| 91 | << "in constructor"; |
| 92 | } |
| 93 | } |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 94 | } |
| 95 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 96 | /** |
| 97 | * @brief Sets given privilege in the bitset |
| 98 | * |
| 99 | * @param[in] privilege Privilege to be set |
| 100 | * |
| 101 | * @return None |
| 102 | * |
| 103 | */ |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 104 | bool setSinglePrivilege(const std::string_view privilege) |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 105 | { |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 106 | for (size_t searchIndex = 0; searchIndex < privilegeNames.size(); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 107 | searchIndex++) |
| 108 | { |
| 109 | if (privilege == privilegeNames[searchIndex]) |
| 110 | { |
| 111 | privilegeBitset.set(searchIndex); |
| 112 | return true; |
| 113 | } |
| 114 | } |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 115 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 116 | return false; |
Ed Tanous | a692779 | 2018-03-06 10:01:57 -0800 | [diff] [blame] | 117 | } |
| 118 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 119 | /** |
Joseph Reynolds | 900f949 | 2019-11-25 15:37:29 -0600 | [diff] [blame] | 120 | * @brief Resets the given privilege in the bitset |
| 121 | * |
| 122 | * @param[in] privilege Privilege to be reset |
| 123 | * |
| 124 | * @return None |
| 125 | * |
| 126 | */ |
| 127 | bool resetSinglePrivilege(const char* privilege) |
| 128 | { |
| 129 | for (size_t searchIndex = 0; searchIndex < privilegeNames.size(); |
| 130 | searchIndex++) |
| 131 | { |
| 132 | if (privilege == privilegeNames[searchIndex]) |
| 133 | { |
| 134 | privilegeBitset.reset(searchIndex); |
| 135 | return true; |
| 136 | } |
| 137 | } |
| 138 | return false; |
| 139 | } |
| 140 | |
| 141 | /** |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 142 | * @brief Retrieves names of all active privileges for a given type |
| 143 | * |
| 144 | * @param[in] type Base or OEM |
| 145 | * |
| 146 | * @return Vector of active privileges. Pointers are valid until |
| 147 | * the setSinglePrivilege is called, or the Privilege structure is destroyed |
| 148 | * |
| 149 | */ |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 150 | std::vector<std::string> |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 151 | getActivePrivilegeNames(const PrivilegeType type) const |
| 152 | { |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 153 | std::vector<std::string> activePrivileges; |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 154 | |
Ed Tanous | 271584a | 2019-07-09 16:24:22 -0700 | [diff] [blame] | 155 | size_t searchIndex = 0; |
| 156 | size_t endIndex = basePrivilegeCount; |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 157 | if (type == PrivilegeType::OEM) |
| 158 | { |
| 159 | searchIndex = basePrivilegeCount - 1; |
| 160 | endIndex = privilegeNames.size(); |
| 161 | } |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 162 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 163 | for (; searchIndex < endIndex; searchIndex++) |
| 164 | { |
| 165 | if (privilegeBitset.test(searchIndex)) |
| 166 | { |
Ed Tanous | 23a21a1 | 2020-07-25 04:45:05 +0000 | [diff] [blame] | 167 | activePrivileges.emplace_back(privilegeNames[searchIndex]); |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 168 | } |
| 169 | } |
| 170 | |
| 171 | return activePrivileges; |
| 172 | } |
| 173 | |
| 174 | /** |
| 175 | * @brief Determines if this Privilege set is a superset of the given |
| 176 | * privilege set |
| 177 | * |
| 178 | * @param[in] privilege Privilege to be checked |
| 179 | * |
| 180 | * @return None |
| 181 | * |
| 182 | */ |
| 183 | bool isSupersetOf(const Privileges& p) const |
| 184 | { |
| 185 | return (privilegeBitset & p.privilegeBitset) == p.privilegeBitset; |
| 186 | } |
| 187 | |
Joseph Reynolds | 3bf4e63 | 2020-02-06 14:44:32 -0600 | [diff] [blame] | 188 | /** |
| 189 | * @brief Returns the intersection of two Privilege sets. |
| 190 | * |
| 191 | * @param[in] privilege Privilege set to intersect with. |
| 192 | * |
| 193 | * @return The new Privilege set. |
| 194 | * |
| 195 | */ |
| 196 | Privileges intersection(const Privileges& p) const |
| 197 | { |
| 198 | return Privileges{privilegeBitset & p.privilegeBitset}; |
| 199 | } |
| 200 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 201 | private: |
Joseph Reynolds | 3bf4e63 | 2020-02-06 14:44:32 -0600 | [diff] [blame] | 202 | Privileges(const std::bitset<maxPrivilegeCount>& p) : privilegeBitset{p} |
Gunnar Mills | 1214b7e | 2020-06-04 10:11:30 -0500 | [diff] [blame] | 203 | {} |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 204 | std::bitset<maxPrivilegeCount> privilegeBitset = 0; |
Borawski.Lukasz | 86e1b66 | 2018-01-19 14:22:14 +0100 | [diff] [blame] | 205 | }; |
| 206 | |
Ratan Gupta | 6f35956 | 2019-04-03 10:39:08 +0530 | [diff] [blame] | 207 | inline const Privileges& getUserPrivileges(const std::string& userRole) |
| 208 | { |
| 209 | // Redfish privilege : Administrator |
| 210 | if (userRole == "priv-admin") |
| 211 | { |
| 212 | static Privileges admin{"Login", "ConfigureManager", "ConfigureSelf", |
| 213 | "ConfigureUsers", "ConfigureComponents"}; |
| 214 | return admin; |
| 215 | } |
| 216 | else if (userRole == "priv-operator") |
| 217 | { |
| 218 | // Redfish privilege : Operator |
| 219 | static Privileges op{"Login", "ConfigureSelf", "ConfigureComponents"}; |
| 220 | return op; |
| 221 | } |
jayaprakash Mutyala | d7e0802 | 2019-12-05 23:29:13 +0000 | [diff] [blame] | 222 | else if (userRole == "priv-user") |
Ratan Gupta | 6f35956 | 2019-04-03 10:39:08 +0530 | [diff] [blame] | 223 | { |
| 224 | // Redfish privilege : Readonly |
| 225 | static Privileges readOnly{"Login", "ConfigureSelf"}; |
| 226 | return readOnly; |
| 227 | } |
jayaprakash Mutyala | d7e0802 | 2019-12-05 23:29:13 +0000 | [diff] [blame] | 228 | else |
| 229 | { |
| 230 | // Redfish privilege : NoAccess |
| 231 | static Privileges noaccess; |
| 232 | return noaccess; |
| 233 | } |
Ratan Gupta | 6f35956 | 2019-04-03 10:39:08 +0530 | [diff] [blame] | 234 | } |
| 235 | |
Joseph Reynolds | 900f949 | 2019-11-25 15:37:29 -0600 | [diff] [blame] | 236 | /** |
| 237 | * @brief The OperationMap represents the privileges required for a |
| 238 | * single entity (URI). It maps from the allowable verbs to the |
| 239 | * privileges required to use that operation. |
| 240 | * |
| 241 | * This represents the Redfish "Privilege AND and OR syntax" as given |
| 242 | * in the spec and shown in the Privilege Registry. This does not |
| 243 | * implement any Redfish property overrides, subordinate overrides, or |
| 244 | * resource URI overrides. This does not implement the limitation of |
| 245 | * the ConfigureSelf privilege to operate only on your own account or |
| 246 | * session. |
| 247 | **/ |
Ed Tanous | e0d918b | 2018-03-27 17:41:04 -0700 | [diff] [blame] | 248 | using OperationMap = boost::container::flat_map<boost::beast::http::verb, |
| 249 | std::vector<Privileges>>; |
Borawski.Lukasz | 43a095a | 2018-02-19 15:39:01 +0100 | [diff] [blame] | 250 | |
Joseph Reynolds | 900f949 | 2019-11-25 15:37:29 -0600 | [diff] [blame] | 251 | /* @brief Checks if user is allowed to call an operation |
| 252 | * |
| 253 | * @param[in] operationPrivilegesRequired Privileges required |
| 254 | * @param[in] userPrivileges Privileges the user has |
| 255 | * |
| 256 | * @return True if operation is allowed, false otherwise |
| 257 | */ |
| 258 | inline bool isOperationAllowedWithPrivileges( |
| 259 | const std::vector<Privileges>& operationPrivilegesRequired, |
| 260 | const Privileges& userPrivileges) |
| 261 | { |
| 262 | // If there are no privileges assigned, there are no privileges required |
| 263 | if (operationPrivilegesRequired.empty()) |
| 264 | { |
| 265 | return true; |
| 266 | } |
| 267 | for (auto& requiredPrivileges : operationPrivilegesRequired) |
| 268 | { |
| 269 | BMCWEB_LOG_ERROR << "Checking operation privileges..."; |
| 270 | if (userPrivileges.isSupersetOf(requiredPrivileges)) |
| 271 | { |
| 272 | BMCWEB_LOG_ERROR << "...success"; |
| 273 | return true; |
| 274 | } |
| 275 | } |
| 276 | return false; |
| 277 | } |
| 278 | |
Borawski.Lukasz | 43a095a | 2018-02-19 15:39:01 +0100 | [diff] [blame] | 279 | /** |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 280 | * @brief Checks if given privileges allow to call an HTTP method |
| 281 | * |
| 282 | * @param[in] method HTTP method |
| 283 | * @param[in] user Privileges |
| 284 | * |
| 285 | * @return True if method allowed, false otherwise |
Borawski.Lukasz | 43a095a | 2018-02-19 15:39:01 +0100 | [diff] [blame] | 286 | * |
| 287 | */ |
Ed Tanous | e0d918b | 2018-03-27 17:41:04 -0700 | [diff] [blame] | 288 | inline bool isMethodAllowedWithPrivileges(const boost::beast::http::verb method, |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 289 | const OperationMap& operationMap, |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 290 | const Privileges& userPrivileges) |
| 291 | { |
| 292 | const auto& it = operationMap.find(method); |
| 293 | if (it == operationMap.end()) |
| 294 | { |
| 295 | return false; |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 296 | } |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 297 | |
Joseph Reynolds | 900f949 | 2019-11-25 15:37:29 -0600 | [diff] [blame] | 298 | return isOperationAllowedWithPrivileges(it->second, userPrivileges); |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 299 | } |
Borawski.Lukasz | aecb47a | 2018-01-25 12:14:14 +0100 | [diff] [blame] | 300 | |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 301 | /** |
| 302 | * @brief Checks if a user is allowed to call an HTTP method |
| 303 | * |
| 304 | * @param[in] method HTTP method |
| 305 | * @param[in] user Username |
| 306 | * |
| 307 | * @return True if method allowed, false otherwise |
| 308 | * |
| 309 | */ |
Ed Tanous | e0d918b | 2018-03-27 17:41:04 -0700 | [diff] [blame] | 310 | inline bool isMethodAllowedForUser(const boost::beast::http::verb method, |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 311 | const OperationMap& operationMap, |
Ed Tanous | cb13a39 | 2020-07-25 19:02:03 +0000 | [diff] [blame] | 312 | const std::string&) |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 313 | { |
| 314 | // TODO: load user privileges from configuration as soon as its available |
| 315 | // now we are granting all privileges to everyone. |
| 316 | Privileges userPrivileges{"Login", "ConfigureManager", "ConfigureSelf", |
| 317 | "ConfigureUsers", "ConfigureComponents"}; |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 318 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 319 | return isMethodAllowedWithPrivileges(method, operationMap, userPrivileges); |
Ed Tanous | 3ebd75f | 2018-03-05 18:20:01 -0800 | [diff] [blame] | 320 | } |
Borawski.Lukasz | 86e1b66 | 2018-01-19 14:22:14 +0100 | [diff] [blame] | 321 | |
Ed Tanous | 1abe55e | 2018-09-05 08:30:59 -0700 | [diff] [blame] | 322 | } // namespace redfish |