| /openbmc/phosphor-user-manager/phosphor-ldap-config/ |
| H A D | ldap_mapper_entry.cpp | 18 const std::string& privilege, Config& parent) : in LDAPMapperEntry() argument
23 Interfaces::privilege(privilege, true); in LDAPMapperEntry()
53 std::string LDAPMapperEntry::privilege(std::string value) in privilege() function in phosphor::ldap::LDAPMapperEntry
55 if (value == Interfaces::privilege()) in privilege()
61 auto val = Interfaces::privilege(value); in privilege()
|
| H A D | ldap_mapper_serialize.cpp | 33 archive(entry.groupName(), entry.privilege()); in save()
49 std::string privilege{}; in load() local
51 archive(groupName, privilege); in load()
56 privilege(privilege, true); in load()
|
| H A D | ldap_mapper_entry.hpp | 49 const std::string& privilege, Config& parent);
81 std::string privilege(std::string value) override;
84 privilege;
|
| H A D | ldap_config.cpp | 743 ObjectPath Config::create(std::string groupName, std::string privilege) in create() argument
746 checkPrivilegeLevel(privilege); in create()
761 groupName, privilege, *this); in create()
803 void Config::checkPrivilegeLevel(const std::string& privilege) in checkPrivilegeLevel() argument
805 if (privilege.empty()) in checkPrivilegeLevel()
812 if (std::find(privMgr.begin(), privMgr.end(), privilege) == privMgr.end()) in checkPrivilegeLevel()
814 lg2::error("Invalid privilege '{PRIVILEGE}'", "PRIVILEGE", privilege); in checkPrivilegeLevel()
816 Argument::ARGUMENT_VALUE(privilege.c_str())); in checkPrivilegeLevel()
|
| /openbmc/phosphor-net-ipmid/ |
| H A D | command_table.hpp | 56 session::Privilege privilege; member
117 Entry(CommandID command, session::Privilege privilege) : in Entry() argument
118 command(command), privilege(privilege) in Entry()
142 return privilege; in getPrivilege()
155 session::Privilege privilege; member in command::Entry
173 session::Privilege privilege, bool sessionless) : in NetIpmidEntry() argument
174 Entry(command, privilege), functor(functor), sessionless(sessionless) in NetIpmidEntry()
|
| /openbmc/bmcweb/redfish-core/include/ |
| H A D | privileges.hpp | 85 for (const char* privilege : privilegeList) in Privileges() local
87 if (!setSinglePrivilege(privilege)) in Privileges()
90 privilege); in Privileges()
103 bool setSinglePrivilege(std::string_view privilege) in setSinglePrivilege() argument
108 if (privilege == privilegeNames[searchIndex]) in setSinglePrivilege()
126 bool resetSinglePrivilege(const char* privilege) in resetSinglePrivilege() argument
131 if (privilege == privilegeNames[searchIndex]) in resetSinglePrivilege()
|
| /openbmc/openbmc-test-automation/redfish/account_service/ |
| H A D | test_ipmi_redfish_user.robot | 74 [Documentation] Update user privilege via Redfish and verify using IPMI.
77 # Create user using Redfish with admin privilege.
87 # Update user privilege to operator using Redfish.
91 # Verify new user privilege level via IPMI.
168 [Documentation] Update user privilege to operator via IPMI and verify using Redfish.
170 # Create user using IPMI with admin privilege.
174 # Change user privilege to opetrator using IPMI.
178 # Verify new user privilege level via Redfish.
179 ${privilege}= Redfish_Utils.Get Attribute
181 Should Be Equal ${privilege} Operator
[all …]
|
| H A D | test_ldap_configuration.robot | 149 [Documentation] Verify that LDAP user with administrator privilege able to do BMC reboot.
156 # With LDAP user and with right privilege trying to do BMC reboot.
163 [Documentation] Verify that LDAP user with operator privilege can do host
172 # Verify that the LDAP user with operator privilege is able to power the system off.
211 [Documentation] Verify that LDAP user with read privilege able to
221 [Documentation] Verify that LDAP user with read privilege should not be
304 ... privilege.
313 [Documentation] Verify that LDAP user authorization with wrong privilege
404 [Documentation] Verify that LDAP group name and group privilege able to
447 # Verify LDAP user with ReadOnly privilege not able to do host poweroff.
[all …]
|
| /openbmc/webui-vue/src/views/SecurityAndAccess/UserManagement/ |
| H A D | ModalUser.vue | 107 :label="i18n.t('pageUserManagement.modal.privilege')"
108 label-for="privilege"
111 id="privilege"
112 v-model="form.privilege"
114 data-test-id="userManagement-select-privilege"
115 :state="getValidationState(v$.form.privilege)"
117 @change="v$.form.privilege.$touch()"
126 <template v-if="v$.form.privilege.required.$invalid">
284 privilege: null,
325 this.form.privilege = value.privilege;
[all …]
|
| /openbmc/openbmc-test-automation/openpower/localuser/ |
| H A D | test_ipmi_redfish_user.robot | 24 [Documentation] Create user using IPMI without privilege and verify user privilege
34 # Verify new user privilege level via Redfish.
35 ${privilege}= Redfish.Get Attribute
37 Valid Value privilege ['ReadOnly']
121 [Documentation] Update user privilege via Redfish and verify using IPMI.
124 # Create user using Redfish with admin privilege.
140 # Update user privilege to readonly using Redfish.
144 # Verify new user privilege level via IPMI.
164 [Documentation] Create random IPMI user with given password and privilege
166 [Arguments] ${password} ${privilege}=0
[all …]
|
| /openbmc/bmcweb/http/routing/ |
| H A D | ruleparametertraits.hpp | 89 for (const std::initializer_list<const char*>& privilege : p) in privileges() local
91 self->privilegesSet.emplace_back(privilege); in privileges()
100 for (const redfish::Privileges& privilege : p) in privileges() local
102 self->privilegesSet.emplace_back(privilege); in privileges()
|
| /openbmc/openbmc-tools/openbmctool/ |
| H A D | README.md | 202 ### Add privilege mapping
205 openbmctool.py <connection options> ldap privilege-mapper create --groupName=<groupName> --privileg…
208 ### Delete privilege mapping
211 openbmctool.py <connection options> ldap privilege-mapper delete --groupName=<groupName>
214 ### List privilege mapping
217 openbmctool.py <connection options> ldap privilege-mapper list
225 - Configure user privilege.
230 privilege mapping for the LDAP credentials then the user will get the following
233 403, 'LDAP group privilege mapping does not exist'.
235 Action: Add the privilege (refer to the section "Add privilege mapping")
[all …]
|
| /openbmc/openbmc-test-automation/ipmi/ |
| H A D | test_ipmi_user.robot | 78 # Set admin privilege and enable IPMI messaging for newly created user.
79 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
200 # Set admin privilege and enable IPMI messaging for newly created user
201 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
253 [Documentation] Verify IPMI user with user privilege can only run user level commands.
264 [Documentation] Verify IPMI user with operator privilege can only run user and
276 [Documentation] Verify IPMI user with admin privilege can run all levels command.
298 # Set admin privilege and enable IPMI messaging for newly created user.
299 Set Channel Access ${random_userid} ipmi=on privilege=${admin_level_priv}
301 # Delay added for user privilege to get set.
[all …]
|
| H A D | test_ipmi_general.robot | 135 FOR ${privilege} IN 4 3 2
137 ${channel} ${privilege}
164 [Documentation] Set session privilege with given privilege level and verify the response with
177 [Documentation] Verify set invalid session privilege level via IPMI raw command.
322 [Documentation] Set session privilege with given privilege level and
329 # ‘return present privilege level’ was selected).
337 [Documentation] Set invalid session privilege level and verify the response.
351 # According to IPMI spec privilege level except 0x00-0x05, others are
352 # reserved. So if we try to set those privilege we will get rsp as
381 [Documentation] Verify authentication capabilities for given channel and privilege.
|
| /openbmc/openbmc-test-automation/gui/gui_test/security_and_access_menu/ |
| H A D | test_user_management_sub_menu.robot | 25 ${xpath_privilege_list_button} //*[@data-test-id='userManagement-select-privilege']
56 Page should contain View privilege role descriptions
108 [Documentation] Create a new user with a privilege and verify that user is created.
120 [Documentation] Create users with different access privilege
161 # Get random username and user privilege level.
173 …[Documentation] Modify user privilege of existing user via GUI and verify the changes using Redfi…
177 # Get random username and user privilege level.
184 # Get user privilege role details distinct from the current ones.
185 FOR ${privilege} IN @{list_user_privilege}
186 IF '${privilege}' != '${privilege_level}'
[all …]
|
| /openbmc/phosphor-host-ipmid/user_channel/ |
| H A D | user_layer.cpp | 158 privAccess.privilege = userInfo->userPrivAccess[chNum].privilege; in ipmiUserGetPrivilegeAccess()
171 userPrivAccess.privilege = privAccess.privilege; in ipmiUserSetPrivilegeAccess()
|
| H A D | user_mgmt.cpp | 149 .privilege != userPriv) in userUpdateHelper()
156 .privilege = userPriv; in userUpdateHelper()
802 static_cast<CommandPrivilege>(privAccess.privilege)); in setUserPrivilegeAccess()
805 privAccess.privilege != userInfo->userPrivAccess[syncIndex].privilege) in setUserPrivilegeAccess()
813 userInfo->userPrivAccess[chNum].privilege = privAccess.privilege; in setUserPrivilegeAccess()
961 userInfo->userPrivAccess[chIndex].privilege = in setUserName()
1145 std::vector<std::string> privilege = in readUserData() local
1195 if (privilege.size() != ipmiMaxChannels || in readUserData()
1207 usersTbl.user[usrIndex].userPrivAccess[chIndex].privilege = in readUserData()
1209 convertToIPMIPrivilege(privilege[chIndex])); in readUserData()
[all …]
|
| H A D | user_layer.hpp | 53 uint8_t privilege:4; member
64 uint8_t privilege:4; member
|
| /openbmc/webui-vue/src/store/modules/SecurityAndAccess/ |
| H A D | UserManagementStore.js | 115 async createUser({ dispatch }, { username, password, privilege, status }) {
119 RoleId: privilege,
143 { originalUsername, username, password, privilege, status, locked },
148 if (privilege) data.RoleId = privilege;
|
| /openbmc/docs/architecture/ |
| H A D | ipmi-architecture.md | 61 "privilege": enum:privilege - ADMIN, USER, OPERATOR, CALLBACK;
62 must be less than or equal to the privilege of the user and less
63 than or equal to the max privilege of this channel
75 credentials and determining the maximum privilege available for this session.
95 For session-less channels (like BT, KCS, and IPMB), the only privilege check
96 will be to see that the requested privilege is less than or equal to the
97 channel's maximum privilege. If the channel has a session and authenticates
98 users, the privilege must be less than or equal to the channel's maximum
99 privilege and the user's maximum privilege.
102 function. If the requested privilege is less than or equal to the required
[all …]
|
| H A D | user-management.md | 58 OpenBMC supports privilege roles which are common across all the supported
59 groups (i.e. User will have same privilege for REDFISH / Webserver / IPMI / SSH
60 / HostConsole). User can belong to any one of the following privilege roles at
71 | 4 | no-access | Users having empty or no privilege will be reported as no-access, from…
93 …*********|********************| V ^ || allowed privilege on ||
429 |privilege as the privilege |
451 the OpenBMC privilege roles. The preferred way is to group LDAP user accounts
452 into LDAP groups. D-Bus API is provided for the user to assign privilege role to
457 This section explains how the privilege roles of the user accounts are consumed
458 by the webserver interface. The privilege role is a property of the user D-Bus
[all …]
|
| /openbmc/u-boot/doc/ |
| H A D | README.fsl-trustzone-components | 7 privilege mode), but still some configurations of these peripherals
8 might be required while the bootloader is executing in EL3 privilege
|
| /openbmc/docs/designs/ |
| H A D | redfish-authorization.md | 21 The Redfish authorization model consists of the privilege model and the
22 operation-to-privilege mapping.
24 In the privilege model, there are fixed set of standard Redfish roles and each
30 The operation-to-privilege mapping is defined for every resource type and
35 official registry collection as a base operation-to-privilege mapping. It also
42 resource only requires the `Login` privilege. On the other hand, the same peer
44 POST operation on certificates requires `ConfigureManager` privilege that the
53 1. <https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#privilege-model>
54 2. <https://redfish.dmtf.org/schemas/DSP0266_1.15.1.html#redfish-service-operation-to-privilege-map…
137 5. the operation-to-privilege mapping
[all …]
|
| /openbmc/openbmc/meta-openembedded/meta-gnome/recipes-extended/gparted/files/ |
| H A D | 0001-Install-polkit-action-unconditionally-executable-pke.patch | 22 dnl Find graphical privilege escalation program
43 dnl Check for alternative graphical privilege escalation programs.
|
| /openbmc/phosphor-net-ipmid/command/ |
| H A D | rakp12.cpp | 245 if (session->sessionUserPrivAccess.privilege > in RAKP12()
259 session->sessionUserPrivAccess.privilege) in RAKP12()
265 minPriv = session->sessionUserPrivAccess.privilege; in RAKP12()
276 session->sessionUserPrivAccess.privilege)) in RAKP12()
|