| /openbmc/bmcweb/redfish-core/include/ |
| H A D | privileges.hpp | 31 /** @brief A fixed array of compile time privileges */
38 /** @brief Max number of privileges per type */
52 * @brief Redfish privileges
54 * This implements a set of Redfish privileges. These directly represent
55 * user privileges and help represent entity privileges.
57 * Each incoming Connection requires a comparison between privileges held
58 * by the user issuing a request and the target entity's privileges.
60 * To ensure best runtime performance of this comparison, privileges
68 class Privileges class
72 * @brief Constructs object without any privileges active
[all …]
|
| /openbmc/bmcweb/test/redfish-core/include/ |
| H A D | privileges_test.cpp | 3 #include "privileges.hpp"
22 Privileges privileges{"Login", "ConfigureManager"}; in TEST() local
24 EXPECT_THAT(privileges.getActivePrivilegeNames(PrivilegeType::BASE), in TEST()
30 Privileges userPrivileges{"Login"}; in TEST()
40 auto userPrivileges = Privileges{"Login"}; in TEST()
49 auto userPrivileges = Privileges{"Login"}; in TEST()
60 Privileges{"Login", "ConfigureManager", "ConfigureSelf"}; in TEST()
71 auto userPrivileges = Privileges{"Login", "ConfigureManager"}; in TEST()
82 auto userPrivileges = Privileges{"ConfigureManager"}; in TEST()
92 auto userPrivileges = Privileges{"ConfigureComponents"}; in TEST()
[all …]
|
| /openbmc/docs/designs/ |
| H A D | redfish-authorization.md | 25 of them is assigned a fixed array of standard privileges (e.g., `Login`,
32 type. It is used to determine whether the identity privileges of an
40 `ConfigureComponents`, and `ConfigureSelf` privileges, is authorized to send a
63 group, privileges, status, and account policies). It has a hardcoded list of
64 user groups (SSH, IPMI, Redfish, Web) and a hardcoded list of privileges
65 ("priv-admin", "priv-operator", "priv-user", "priv-noaccess"). These privileges
94 phosphor-user-manager to query the user's privileges and uses a hardcoded map to
95 convert the privileges to Redfish roles. The hardcoded map is listed below:
97 | Phosphor-user-manager privileges (implemented as groups) | BMCWeb Redfish Roles |
104 To map Redfish role to their assigned Redfish privileges, BMCWeb implements the
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/csdl/ |
| H A D | Privileges_v1.xml | 4 <!--# Redfish Schema: Privileges v1.0.6 -->
23 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges">
114 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_0">
119 …privileges might be defined on a `Link` element to provide read privileges for the referenced reso…
122 …privileges might be defined on a `Link` element to provide create privileges for the referenced re…
125 …privileges might be defined on a `Link` element to provide update privileges for the referenced re…
128 …privileges might be defined on a `Link` element to provide update privileges for the referenced re…
132 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_2">
137 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_3">
142 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_4">
[all …]
|
| H A D | PrivilegeRegistry_v1.xml | 27 <edmx:Include Namespace="Privileges"/>
62 … <Property Name="PrivilegesUsed" Type="Collection(Privileges.PrivilegeType)" Nullable="false">
64 …<Annotation Term="OData.Description" String="The set of Redfish standard privileges used in this m…
65 …tion" String="This property shall contain an array of Redfish standard privileges used in this map…
69 … <Annotation Term="OData.Description" String="The set of OEM privileges used in this mapping."/>
70 …a.LongDescription" String="This property shall contain an array of OEM privileges used in this map…
73 …ta.Description" String="The mappings between entities and the relevant privileges that access thos…
74 …property shall describe the mappings between entities and the relevant privileges that access thos…
79 …cription" String="The mapping between a resource type and the relevant privileges that accesses th…
80 …type shall describe a mapping between a resource type and the relevant privileges that accesses th…
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/installed/ |
| H A D | Privileges_v1.xml | 4 <!--# Redfish Schema: Privileges v1.0.6 -->
23 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges">
114 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_0">
119 …privileges might be defined on a `Link` element to provide read privileges for the referenced reso…
122 …privileges might be defined on a `Link` element to provide create privileges for the referenced re…
125 …privileges might be defined on a `Link` element to provide update privileges for the referenced re…
128 …privileges might be defined on a `Link` element to provide update privileges for the referenced re…
132 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_2">
137 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_3">
142 <Schema xmlns="http://docs.oasis-open.org/odata/ns/edm" Namespace="Privileges.v1_0_4">
[all …]
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/json-schema/ |
| H A D | PrivilegeRegistry.v1_1_5.json | 37 …"description": "The mapping between a resource type and the relevant privileges that accesses the …
38 …type shall describe a mapping between a resource type and the relevant privileges that accesses th…
78 … privilege overrides of resource URIs. The target lists the resource URI and the new privileges.",
115 "description": "The specific privileges required to complete a set of HTTP operations.",
116 …"longDescription": "This type shall describe the specific privileges required to complete a set of…
185 "description": "The privileges for a specific HTTP operation.",
186 …"longDescription": "This type shall describe the privileges required to complete a specific HTTP o…
203 …"description": "An array of privileges that are required to complete a specific HTTP operation on …
207 …"longDescription": "This array shall contain an array of privileges that are required to complete …
258 …"description": "The mappings between entities and the relevant privileges that access those entiti…
[all …]
|
| H A D | Role.v1_3_3.json | 101 "description": "The Redfish privileges for this role.",
103 … "$ref": "http://redfish.dmtf.org/schemas/v1/Privileges.json#/definitions/PrivilegeType"
105 …"longDescription": "This property shall contain the Redfish privileges for this role. For predefi…
140 "description": "The OEM privileges for this role.",
144 …"longDescription": "This property shall contain the OEM privileges for this role. For predefined …
150 …ricted by a service as defined by the 'Restricted roles and restricted privileges' clause of the R…
|
| /openbmc/bmcweb/redfish-core/lib/ |
| H A D | aggregation_service.hpp | 73 .privileges(redfish::privileges::headAggregationService) in requestRoutesAggregationService()
77 .privileges(redfish::privileges::getAggregationService) in requestRoutesAggregationService()
143 .privileges(redfish::privileges::getAggregationSourceCollection) in requestRoutesAggregationSourceCollection()
148 .privileges(redfish::privileges::getAggregationSourceCollection) in requestRoutesAggregationSourceCollection()
300 .privileges(redfish::privileges::getAggregationSource) in requestRoutesAggregationSource()
306 .privileges(redfish::privileges::deleteAggregationSource) in requestRoutesAggregationSource()
312 .privileges(redfish::privileges::headAggregationSource) in requestRoutesAggregationSource()
317 .privileges(redfish::privileges::postAggregationSourceCollection) in requestRoutesAggregationSource()
|
| H A D | redfish_sessions.hpp | 15 #include "privileges.hpp"
126 Privileges effectiveUserPrivileges = in handleSessionDelete()
372 .privileges(redfish::privileges::headSession) in requestRoutesSession()
377 .privileges(redfish::privileges::getSession) in requestRoutesSession()
382 .privileges(redfish::privileges::deleteSession) in requestRoutesSession()
387 .privileges(redfish::privileges::headSessionCollection) in requestRoutesSession()
392 .privileges(redfish::privileges::getSessionCollection) in requestRoutesSession()
402 .privileges({}) in requestRoutesSession()
407 .privileges({}) in requestRoutesSession()
412 .privileges(redfish::privileges::headSessionService) in requestRoutesSession()
[all …]
|
| H A D | log_services.hpp | 906 .privileges(redfish::privileges::getLogServiceCollection) in createDump()
1016 .privileges(redfish::privileges::getLogService) in requestRoutesSystemLogServiceCollection()
1156 .privileges(redfish::privileges::getLogServiceCollection) in fillEventLogLogEntryFromDbusLogEntry()
1499 .privileges(redfish::privileges::getLogService) in handleBMCLogServicesCollectionGet()
1507 .privileges(redfish::privileges in handleBMCLogServicesCollectionGet()
[all...] |
| H A D | redfish_v1.hpp | 252 .privileges(redfish::privileges::getJsonSchemaFile) in requestRoutesRedfish()
256 .privileges(redfish::privileges::getJsonSchemaFileCollection) in requestRoutesRedfish()
261 .privileges(redfish::privileges::getJsonSchemaFile) in requestRoutesRedfish()
268 .privileges(redfish::privileges::privilegeSetLogin)( in requestRoutesRedfish()
273 .privileges(redfish::privileges::privilegeSetLogin)( in requestRoutesRedfish()
|
| H A D | certificate_service.hpp | 17 #include "privileges.hpp"
464 Privileges effectiveUserPrivileges = in handleCertificateServiceGet()
925 .privileges(redfish::privileges::getCertificateService) in requestRoutesCertificateService()
930 .privileges(redfish::privileges::getCertificateLocations) in requestRoutesCertificateService()
937 .privileges(redfish::privileges::postCertificateService) in requestRoutesCertificateService()
944 .privileges(redfish::privileges::postCertificateService) in requestRoutesCertificateService()
1068 .privileges(redfish::privileges::getCertificateCollection) in requestRoutesHTTPSCertificate()
1074 .privileges(redfish::privileges::postCertificateCollection) in requestRoutesHTTPSCertificate()
1081 .privileges(redfish::privileges::getCertificate) in requestRoutesHTTPSCertificate()
1190 .privileges(redfish::privileges::getCertificateCollection) in requestRoutesLDAPCertificate()
[all …]
|
| H A D | thermal.hpp | 31 .privileges(redfish::privileges::getThermal) in requestRoutesThermal()
51 .privileges(redfish::privileges::patchThermal) in requestRoutesThermal()
|
| H A D | environment_metrics.hpp | 89 .privileges(redfish::privileges::headEnvironmentMetrics) in requestRoutesEnvironmentMetrics()
94 .privileges(redfish::privileges::getEnvironmentMetrics) in requestRoutesEnvironmentMetrics()
|
| H A D | metric_report.hpp | 39 .privileges(redfish::privileges::getMetricReportCollection) in requestRoutesMetricReportCollection()
67 .privileges(redfish::privileges::getMetricReport) in requestRoutesMetricReport()
|
| H A D | event_service.hpp | 62 .privileges(redfish::privileges::getEventService) in requestRoutesEventService()
117 .privileges(redfish::privileges::patchEventService) in requestRoutesEventService()
187 .privileges(redfish::privileges::postEventService) in requestRoutesSubmitTestEvent()
266 .privileges(redfish::privileges::getEventDestinationCollection) in requestRoutesEventDestinationCollection()
309 .privileges(redfish::privileges::postEventDestinationCollection) in requestRoutesEventDestinationCollection()
752 .privileges(redfish::privileges::getEventDestination) in requestRoutesEventDestination()
817 //.privileges(redfish::privileges::patchEventDestination) in requestRoutesEventDestination()
818 .privileges({{"ConfigureManager"}}) in requestRoutesEventDestination()
932 //.privileges(redfish::privileges::deleteEventDestination) in requestRoutesEventDestination()
933 .privileges({{"ConfigureManager"}}) in requestRoutesEventDestination()
|
| H A D | power_subsystem.hpp | 97 .privileges(redfish::privileges::headPowerSubsystem) in requestRoutesPowerSubsystem()
102 .privileges(redfish::privileges::getPowerSubsystem) in requestRoutesPowerSubsystem()
|
| H A D | bios.hpp | 69 .privileges(redfish::privileges::getBios) in requestRoutesBiosService()
123 .privileges(redfish::privileges::postBios) in requestRoutesBiosReset()
|
| /openbmc/bmcweb/http/routing/ |
| H A D | baserule.hpp | 7 #include "privileges.hpp"
70 bool checkPrivileges(const redfish::Privileges& userPrivileges) in checkPrivileges()
72 // If there are no privileges assigned, assume no privileges in checkPrivileges()
79 for (const redfish::Privileges& requiredPrivileges : privilegesSet) in checkPrivileges()
98 std::vector<redfish::Privileges> privilegesSet;
|
| H A D | ruleparametertraits.hpp | 5 #include "privileges.hpp"
85 self_t& privileges( in privileges() function
97 self_t& privileges(const std::array<redfish::Privileges, N>& p) in privileges() function
100 for (const redfish::Privileges& privilege : p) in privileges()
|
| /openbmc/linux/Documentation/admin-guide/LSM/ |
| D | SafeSetID.rst | |
| /openbmc/linux/Documentation/userspace-api/ |
| D | no_new_privs.rst | |
| /openbmc/bmcweb/include/ |
| H A D | dbus_privileges.hpp | 11 #include "privileges.hpp"
82 // Get the user's privileges from the role in isUserPrivileged()
83 redfish::Privileges userPrivileges = in isUserPrivileged()
86 // Modify privileges if isConfigureSelfOnly. in isUserPrivileged()
89 // Remove all privileges except ConfigureSelf in isUserPrivileged()
91 userPrivileges.intersection(redfish::Privileges{"ConfigureSelf"}); in isUserPrivileged()
|
| /openbmc/bmcweb/redfish-core/schema/dmtf/json-schema-installed/ |
| H A D | Role.v1_3_3.json | 101 "description": "The Redfish privileges for this role.",
103 … "$ref": "http://redfish.dmtf.org/schemas/v1/Privileges.json#/definitions/PrivilegeType"
105 …"longDescription": "This property shall contain the Redfish privileges for this role. For predefi…
140 "description": "The OEM privileges for this role.",
144 …"longDescription": "This property shall contain the OEM privileges for this role. For predefined …
150 …ricted by a service as defined by the 'Restricted roles and restricted privileges' clause of the R…
|