Lines Matching +full:redfish +full:- +full:messages
1 // SPDX-License-Identifier: Apache-2.0
2 // SPDX-FileCopyrightText: Copyright OpenBMC Authors
3 // SPDX-FileCopyrightText: Copyright 2018 Intel Corporation
29 #include <systemd/sd-bus.h>
56 namespace redfish
96 if (role == "priv-admin")
100 if (role == "priv-user")
104 if (role == "priv-operator")
114 return "priv-admin";
118 return "priv-user";
122 return "priv-operator";
128 * @brief Maps user group names retrieved from D-Bus object to
143 if (userGroup == "redfish")
145 accountTypes.emplace_back("Redfish");
165 // the user account in the D-Bus object. This group is currently not
166 // doing anything, and is considered to be equivalent to 'redfish'.
167 // 'redfish' user group is mapped to 'Redfish'and 'WebUI'
194 // Need both Redfish and WebUI Account Types to map to 'redfish' User Group
200 if (accountType == "Redfish")
223 messages::propertyValueNotInList(res, "AccountTypes", accountType);
228 // Both Redfish and WebUI Account Types are needed to PATCH
232 "Missing Redfish or WebUI Account Type to set redfish User Group");
233 messages::strictAccountTypes(res, "AccountTypes");
239 userGroups.emplace_back("redfish");
250 * @param[in] dbusObjectPath D-Bus Object Path
258 // Check if User is disabling own Redfish Account Type
261 std::find(accountTypes.cbegin(), accountTypes.cend(), "Redfish")))
264 "User disabling OWN Redfish Account Type is not allowed");
265 messages::strictAccountTypes(asyncResp->res, "AccountTypes");
270 if (!getUserGroupFromAccountType(asyncResp->res, accountTypes,
289 messages::internalError(asyncResp->res);
293 const char* errorMessage = e->name;
297 messages::resourceAlreadyExists(asyncResp->res, "ManagerAccount",
303 messages::resourceNotFound(asyncResp->res, "ManagerAccount", username);
313 messages::propertyValueFormatError(asyncResp->res, newUser, "UserName");
318 messages::createLimitReachedForResource(asyncResp->res);
323 messages::internalError(asyncResp->res);
401 messages::internalError(asyncResp->res);
404 asyncResp->res
414 messages::propertyValueTypeError(
415 asyncResp->res, "null",
420 else if (obj->empty())
432 *obj, asyncResp->res, //
461 messages::propertyValueNotInList(
462 asyncResp->res, *localRole,
485 messages::propertyMissing(asyncResp->res,
491 messages::propertyMissing(asyncResp->res,
516 messages::internalError(asyncResp->res);
520 asyncResp->res
560 std::string service = resp.begin()->first;
571 BMCWEB_LOG_WARNING("D-Bus responses error: {}", ec2);
874 messages::actionNotSupported(
875 asyncResp->res,
876 "Setting BasicAuth when basic-auth feature is disabled");
887 messages::actionNotSupported(
888 asyncResp->res,
889 "Setting Cookie when cookie-auth feature is disabled");
899 messages::actionNotSupported(
900 asyncResp->res,
901 "Setting SessionToken when session-auth feature is disabled");
911 messages::actionNotSupported(
912 asyncResp->res,
913 "Setting XToken when xtoken-auth feature is disabled");
923 messages::actionNotSupported(
924 asyncResp->res,
925 "Setting TLS when mutual-tls-auth feature is disabled");
936 messages::actionNotSupported(asyncResp->res,
946 messages::success(asyncResp->res);
994 messages::propertyValueNotInList(asyncResp->res, *input.authType,
1001 if (input.serviceAddressList->empty())
1003 messages::propertyValueNotInList(
1004 asyncResp->res, *input.serviceAddressList, "ServiceAddress");
1010 if (input.baseDNList->empty())
1012 messages::propertyValueNotInList(asyncResp->res, *input.baseDNList,
1036 messages::internalError(asyncResp->res);
1039 parseLDAPConfigData(asyncResp->res.jsonValue, confData, serverT);
1081 // the service. if user has given false then no-op
1125 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
1136 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
1142 messages::propertyValueFormatError(asyncResp->res, nullptr,
1148 messages::internalError(asyncResp->res);
1158 messages::success(asyncResp->res);
1175 messages::propertyValueNotInList(asyncResp->res, true, "Locked");
1191 messages::propertyValueNotInList(asyncResp->res, "true", "Locked");
1232 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1236 asyncResp->res.addHeader(
1238 "</redfish/v1/JsonSchemas/AccountService/AccountService.json>; rel=describedby");
1246 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates");
1260 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1265 asyncResp->res.addHeader(
1267 "</redfish/v1/JsonSchemas/Certificate/Certificate.json>; rel=describedby");
1274 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1280 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/{}",
1294 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1299 asyncResp->res.addHeader(
1301 "</redfish/v1/JsonSchemas/CertificateCollection/CertificateCollection.json>; rel=describedby");
1308 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1313 nlohmann::json& json = asyncResp->res.jsonValue;
1315 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates";
1318 json["Description"] = "Multi-factor Authentication Client Certificates";
1365 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1372 messages::internalError(asyncResp->res);
1379 asyncResp->res.addHeader(
1381 "</redfish/v1/JsonSchemas/AccountService/AccountService.json>; rel=describedby");
1383 nlohmann::json& json = asyncResp->res.jsonValue;
1384 json["@odata.id"] = "/redfish/v1/AccountService";
1391 json["Accounts"]["@odata.id"] = "/redfish/v1/AccountService/Accounts";
1392 json["Roles"]["@odata.id"] = "/redfish/v1/AccountService/Roles";
1413 messages::internalError(asyncResp->res);
1421 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates";
1434 "/redfish/v1/AccountService#/Oem/OpenBMC";
1443 // /redfish/v1/AccountService/LDAP/Certificates is something only
1447 redfish::getUserPrivileges(*req.session);
1452 asyncResp->res.jsonValue["LDAP"]["Certificates"]["@odata.id"] =
1453 "/redfish/v1/AccountService/LDAP/Certificates";
1462 messages::internalError(asyncResp->res);
1481 messages::internalError(asyncResp->res);
1487 asyncResp->res.jsonValue["MinPasswordLength"] =
1493 asyncResp->res.jsonValue["AccountLockoutDuration"] =
1499 asyncResp->res.jsonValue["AccountLockoutThreshold"] =
1510 parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType);
1524 messages::propertyValueNotInList(res, "CertificateMappingAttribute",
1543 if (req.session->sessionType != persistent_data::SessionType::MutualTLS)
1545 messages::propertyValueExternalConflict(
1570 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1586 req, asyncResp->res, //
1648 messages::propertyValueNotInList(asyncResp->res, "HttpBasicAuth",
1656 app, req, asyncResp->res, *respondToUnauthenticatedClients);
1661 handleCertificateMappingAttributePatch(asyncResp->res,
1676 messages::propertyNotWritable(asyncResp->res, "MaxPasswordLength");
1709 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1713 asyncResp->res.addHeader(
1715 "</redfish/v1/JsonSchemas/ManagerAccountCollection.json>; rel=describedby");
1722 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1729 messages::internalError(asyncResp->res);
1733 asyncResp->res.addHeader(
1735 "</redfish/v1/JsonSchemas/ManagerAccountCollection.json>; rel=describedby");
1737 asyncResp->res.jsonValue["@odata.id"] =
1738 "/redfish/v1/AccountService/Accounts";
1739 asyncResp->res.jsonValue["@odata.type"] = "#ManagerAccountCollection."
1741 asyncResp->res.jsonValue["Name"] = "Accounts Collection";
1742 asyncResp->res.jsonValue["Description"] = "BMC User Accounts";
1745 redfish::getUserPrivileges(*req.session);
1750 thisUser = req.session->username;
1760 messages::internalError(asyncResp->res);
1770 nlohmann::json& memberArray = asyncResp->res.jsonValue["Members"];
1778 messages::internalError(asyncResp->res);
1784 // As clarified by Redfish here:
1785 // https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration
1794 "/redfish/v1/AccountService/Accounts/{}", user);
1798 asyncResp->res.jsonValue["Members@odata.count"] =
1829 messages::internalError(asyncResp->res);
1834 messages::propertyValueFormatError(asyncResp->res, nullptr,
1844 messages::created(asyncResp->res);
1845 asyncResp->res.addHeader("Location",
1846 "/redfish/v1/AccountService/Accounts/" + username);
1862 if (!getUserGroupFromAccountType(asyncResp->res, *accountTypes,
1895 if ((grp == "hostconsole") && (roleId != "priv-admin"))
1901 asyncResp->res.result(boost::beast::http::status::bad_request);
1914 messages::internalError(asyncResp->res);
1932 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1942 req, asyncResp->res, //
1957 messages::propertyValueNotInList(asyncResp->res, roleId, "RoleId");
1973 BMCWEB_LOG_ERROR("D-Bus response error {}", ec);
1974 messages::internalError(asyncResp->res);
1980 messages::internalError(asyncResp->res);
1994 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
1998 asyncResp->res.addHeader(
2000 "</redfish/v1/JsonSchemas/ManagerAccount/ManagerAccount.json>; rel=describedby");
2008 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
2012 asyncResp->res.addHeader(
2014 "</redfish/v1/JsonSchemas/ManagerAccount/ManagerAccount.json>; rel=describedby");
2019 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
2026 messages::internalError(asyncResp->res);
2029 if (req.session->username != accountName)
2033 // have permissions to modify other users, so re-run the auth
2036 redfish::getUserPrivileges(*req.session);
2043 messages::insufficientPrivilege(asyncResp->res);
2056 messages::internalError(asyncResp->res);
2069 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
2074 asyncResp->res.jsonValue["@odata.type"] =
2076 asyncResp->res.jsonValue["Name"] = "User Account";
2077 asyncResp->res.jsonValue["Description"] = "User Account";
2078 asyncResp->res.jsonValue["Password"] = nullptr;
2079 asyncResp->res.jsonValue["StrictAccountTypes"] = true;
2081 for (const auto& interface : userIt->second)
2099 messages::internalError(asyncResp->res);
2105 messages::internalError(asyncResp->res);
2108 asyncResp->res.jsonValue["Enabled"] = *userEnabled;
2115 messages::internalError(asyncResp->res);
2118 asyncResp->res.jsonValue["Locked"] = *userLocked;
2122 asyncResp->res.jsonValue["Locked@Redfish.AllowableValues"] =
2129 messages::internalError(asyncResp->res);
2136 messages::internalError(asyncResp->res);
2139 asyncResp->res.jsonValue["RoleId"] = role;
2142 asyncResp->res.jsonValue["Links"]["Role"];
2144 "/redfish/v1/AccountService/Roles/{}", role);
2149 messages::internalError(asyncResp->res);
2152 asyncResp->res.jsonValue["PasswordChangeRequired"] =
2158 messages::internalError(asyncResp->res);
2161 if (!translateUserGroup(*userGroups, asyncResp->res))
2164 messages::internalError(asyncResp->res);
2170 asyncResp->res.jsonValue["@odata.id"] = boost::urls::format(
2171 "/redfish/v1/AccountService/Accounts/{}", accountName);
2172 asyncResp->res.jsonValue["Id"] = accountName;
2173 asyncResp->res.jsonValue["UserName"] = accountName;
2182 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
2190 messages::resourceNotFound(asyncResp->res, "ManagerAccount", username);
2202 messages::resourceNotFound(asyncResp->res, "ManagerAccount",
2207 messages::accountRemoved(asyncResp->res);
2218 if (!redfish::setUpRedfishRoute(app, req, asyncResp))
2225 messages::resourceNotFound(asyncResp->res, "ManagerAccount", username);
2237 messages::internalError(asyncResp->res);
2241 bool userSelf = (username == req.session->username);
2244 redfish::getUserPrivileges(*req.session);
2252 req, asyncResp->res, //
2269 messages::insufficientPrivilege(asyncResp->res);
2274 if (!json_util::readJsonPatch(req, asyncResp->res, "Password",
2316 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/")
2317 .privileges(redfish::privileges::headAccountService)
2321 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/")
2322 .privileges(redfish::privileges::getAccountService)
2326 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/")
2327 .privileges(redfish::privileges::patchAccountService)
2333 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/")
2334 .privileges(redfish::privileges::headCertificateCollection)
2340 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/")
2341 .privileges(redfish::privileges::getCertificateCollection)
2347 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/<str>/")
2348 .privileges(redfish::privileges::headCertificate)
2354 "/redfish/v1/AccountService/MultiFactorAuth/ClientCertificate/Certificates/<str>/")
2355 .privileges(redfish::privileges::getCertificate)
2359 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/")
2360 .privileges(redfish::privileges::headManagerAccountCollection)
2364 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/")
2365 .privileges(redfish::privileges::getManagerAccountCollection)
2369 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/")
2370 .privileges(redfish::privileges::postManagerAccountCollection)
2374 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
2375 .privileges(redfish::privileges::headManagerAccount)
2379 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
2380 .privileges(redfish::privileges::getManagerAccount)
2384 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
2392 BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/")
2393 .privileges(redfish::privileges::deleteManagerAccount)
2398 } // namespace redfish