188d16c9aSLewanczyk, Dawid /* 288d16c9aSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 388d16c9aSLewanczyk, Dawid // 488d16c9aSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 588d16c9aSLewanczyk, Dawid // you may not use this file except in compliance with the License. 688d16c9aSLewanczyk, Dawid // You may obtain a copy of the License at 788d16c9aSLewanczyk, Dawid // 888d16c9aSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 988d16c9aSLewanczyk, Dawid // 1088d16c9aSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 1188d16c9aSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 1288d16c9aSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1388d16c9aSLewanczyk, Dawid // See the License for the specific language governing permissions and 1488d16c9aSLewanczyk, Dawid // limitations under the License. 1588d16c9aSLewanczyk, Dawid */ 1688d16c9aSLewanczyk, Dawid #pragma once 1788d16c9aSLewanczyk, Dawid 187e860f15SJohn Edward Broadbent #include <app.hpp> 1924c8542dSRatan Gupta #include <dbus_utility.hpp> 2065b0dc32SEd Tanous #include <error_messages.hpp> 21b9b2e0b2SEd Tanous #include <openbmc_dbus_rest.hpp> 2252cc112dSEd Tanous #include <persistent_data.hpp> 23ed398213SEd Tanous #include <registries/privilege_registry.hpp> 24*1e1e598dSJonathan Doman #include <sdbusplus/asio/property.hpp> 25a840879dSEd Tanous #include <utils/json_utils.hpp> 261214b7e7SGunnar Mills 271abe55efSEd Tanous namespace redfish 281abe55efSEd Tanous { 2988d16c9aSLewanczyk, Dawid 3023a21a1cSEd Tanous constexpr const char* ldapConfigObjectName = 316973a582SRatan Gupta "/xyz/openbmc_project/user/ldap/openldap"; 322c70f800SEd Tanous constexpr const char* adConfigObject = 33ab828d7cSRatan Gupta "/xyz/openbmc_project/user/ldap/active_directory"; 34ab828d7cSRatan Gupta 35b477fd44SP Dheeraj Srujan Kumar constexpr const char* rootUserDbusPath = "/xyz/openbmc_project/user/"; 366973a582SRatan Gupta constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap"; 376973a582SRatan Gupta constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config"; 386973a582SRatan Gupta constexpr const char* ldapConfigInterface = 396973a582SRatan Gupta "xyz.openbmc_project.User.Ldap.Config"; 406973a582SRatan Gupta constexpr const char* ldapCreateInterface = 416973a582SRatan Gupta "xyz.openbmc_project.User.Ldap.Create"; 426973a582SRatan Gupta constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable"; 4306785244SRatan Gupta constexpr const char* ldapPrivMapperInterface = 4406785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapper"; 456973a582SRatan Gupta constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager"; 466973a582SRatan Gupta constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties"; 476973a582SRatan Gupta constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper"; 486973a582SRatan Gupta constexpr const char* mapperObjectPath = "/xyz/openbmc_project/object_mapper"; 496973a582SRatan Gupta constexpr const char* mapperIntf = "xyz.openbmc_project.ObjectMapper"; 506973a582SRatan Gupta 5154fc587aSNagaraju Goruganti struct LDAPRoleMapData 5254fc587aSNagaraju Goruganti { 5354fc587aSNagaraju Goruganti std::string groupName; 5454fc587aSNagaraju Goruganti std::string privilege; 5554fc587aSNagaraju Goruganti }; 5654fc587aSNagaraju Goruganti 576973a582SRatan Gupta struct LDAPConfigData 586973a582SRatan Gupta { 596973a582SRatan Gupta std::string uri{}; 606973a582SRatan Gupta std::string bindDN{}; 616973a582SRatan Gupta std::string baseDN{}; 626973a582SRatan Gupta std::string searchScope{}; 636973a582SRatan Gupta std::string serverType{}; 646973a582SRatan Gupta bool serviceEnabled = false; 656973a582SRatan Gupta std::string userNameAttribute{}; 666973a582SRatan Gupta std::string groupAttribute{}; 6754fc587aSNagaraju Goruganti std::vector<std::pair<std::string, LDAPRoleMapData>> groupRoleList; 686973a582SRatan Gupta }; 696973a582SRatan Gupta 70107077deSPrzemyslaw Czarnowski using DbusInterfaceType = boost::container::flat_map< 71168e20c1SEd Tanous std::string, 72168e20c1SEd Tanous boost::container::flat_map<std::string, dbus::utility::DbusVariantType>>; 73107077deSPrzemyslaw Czarnowski 74107077deSPrzemyslaw Czarnowski using ManagedObjectType = 75107077deSPrzemyslaw Czarnowski std::vector<std::pair<sdbusplus::message::object_path, DbusInterfaceType>>; 76107077deSPrzemyslaw Czarnowski 776973a582SRatan Gupta using GetObjectType = 786973a582SRatan Gupta std::vector<std::pair<std::string, std::vector<std::string>>>; 7984e12cb7SAppaRao Puli 8054fc587aSNagaraju Goruganti inline std::string getRoleIdFromPrivilege(std::string_view role) 8184e12cb7SAppaRao Puli { 8284e12cb7SAppaRao Puli if (role == "priv-admin") 8384e12cb7SAppaRao Puli { 8484e12cb7SAppaRao Puli return "Administrator"; 8584e12cb7SAppaRao Puli } 863174e4dfSEd Tanous if (role == "priv-user") 8784e12cb7SAppaRao Puli { 88c80fee55SAppaRao Puli return "ReadOnly"; 8984e12cb7SAppaRao Puli } 903174e4dfSEd Tanous if (role == "priv-operator") 9184e12cb7SAppaRao Puli { 9284e12cb7SAppaRao Puli return "Operator"; 9384e12cb7SAppaRao Puli } 943174e4dfSEd Tanous if ((role == "") || (role == "priv-noaccess")) 95e9e6d240Sjayaprakash Mutyala { 96e9e6d240Sjayaprakash Mutyala return "NoAccess"; 97e9e6d240Sjayaprakash Mutyala } 9884e12cb7SAppaRao Puli return ""; 9984e12cb7SAppaRao Puli } 10054fc587aSNagaraju Goruganti inline std::string getPrivilegeFromRoleId(std::string_view role) 10184e12cb7SAppaRao Puli { 10284e12cb7SAppaRao Puli if (role == "Administrator") 10384e12cb7SAppaRao Puli { 10484e12cb7SAppaRao Puli return "priv-admin"; 10584e12cb7SAppaRao Puli } 1063174e4dfSEd Tanous if (role == "ReadOnly") 10784e12cb7SAppaRao Puli { 10884e12cb7SAppaRao Puli return "priv-user"; 10984e12cb7SAppaRao Puli } 1103174e4dfSEd Tanous if (role == "Operator") 11184e12cb7SAppaRao Puli { 11284e12cb7SAppaRao Puli return "priv-operator"; 11384e12cb7SAppaRao Puli } 1143174e4dfSEd Tanous if ((role == "NoAccess") || (role == "")) 115e9e6d240Sjayaprakash Mutyala { 116e9e6d240Sjayaprakash Mutyala return "priv-noaccess"; 117e9e6d240Sjayaprakash Mutyala } 11884e12cb7SAppaRao Puli return ""; 11984e12cb7SAppaRao Puli } 120b9b2e0b2SEd Tanous 1218d1b46d7Szhanghch05 inline void userErrorMessageHandler( 1228d1b46d7Szhanghch05 const sd_bus_error* e, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1238d1b46d7Szhanghch05 const std::string& newUser, const std::string& username) 12466b5ca76Sjayaprakash Mutyala { 12566b5ca76Sjayaprakash Mutyala if (e == nullptr) 12666b5ca76Sjayaprakash Mutyala { 12766b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 12866b5ca76Sjayaprakash Mutyala return; 12966b5ca76Sjayaprakash Mutyala } 13066b5ca76Sjayaprakash Mutyala 131055806b3SManojkiran Eda const char* errorMessage = e->name; 13266b5ca76Sjayaprakash Mutyala if (strcmp(errorMessage, 13366b5ca76Sjayaprakash Mutyala "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0) 13466b5ca76Sjayaprakash Mutyala { 13566b5ca76Sjayaprakash Mutyala messages::resourceAlreadyExists(asyncResp->res, 1368114bd4dSGunnar Mills "#ManagerAccount.v1_4_0.ManagerAccount", 13766b5ca76Sjayaprakash Mutyala "UserName", newUser); 13866b5ca76Sjayaprakash Mutyala } 13966b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error." 14066b5ca76Sjayaprakash Mutyala "UserNameDoesNotExist") == 0) 14166b5ca76Sjayaprakash Mutyala { 14266b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 1438114bd4dSGunnar Mills asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", username); 14466b5ca76Sjayaprakash Mutyala } 145d4d25793SEd Tanous else if ((strcmp(errorMessage, 146d4d25793SEd Tanous "xyz.openbmc_project.Common.Error.InvalidArgument") == 147d4d25793SEd Tanous 0) || 1480fda0f12SGeorge Liu (strcmp( 1490fda0f12SGeorge Liu errorMessage, 1500fda0f12SGeorge Liu "xyz.openbmc_project.User.Common.Error.UserNameGroupFail") == 1510fda0f12SGeorge Liu 0)) 15266b5ca76Sjayaprakash Mutyala { 15366b5ca76Sjayaprakash Mutyala messages::propertyValueFormatError(asyncResp->res, newUser, "UserName"); 15466b5ca76Sjayaprakash Mutyala } 15566b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, 15666b5ca76Sjayaprakash Mutyala "xyz.openbmc_project.User.Common.Error.NoResource") == 0) 15766b5ca76Sjayaprakash Mutyala { 15866b5ca76Sjayaprakash Mutyala messages::createLimitReachedForResource(asyncResp->res); 15966b5ca76Sjayaprakash Mutyala } 16066b5ca76Sjayaprakash Mutyala else 16166b5ca76Sjayaprakash Mutyala { 16266b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 16366b5ca76Sjayaprakash Mutyala } 16466b5ca76Sjayaprakash Mutyala 16566b5ca76Sjayaprakash Mutyala return; 16666b5ca76Sjayaprakash Mutyala } 16766b5ca76Sjayaprakash Mutyala 16881ce609eSEd Tanous inline void parseLDAPConfigData(nlohmann::json& jsonResponse, 169ab828d7cSRatan Gupta const LDAPConfigData& confData, 170ab828d7cSRatan Gupta const std::string& ldapType) 1716973a582SRatan Gupta { 172ab828d7cSRatan Gupta std::string service = 173ab828d7cSRatan Gupta (ldapType == "LDAP") ? "LDAPService" : "ActiveDirectoryService"; 17437cce918SMarri Devender Rao nlohmann::json ldap = { 1756973a582SRatan Gupta {"ServiceEnabled", confData.serviceEnabled}, 1766973a582SRatan Gupta {"ServiceAddresses", nlohmann::json::array({confData.uri})}, 1776973a582SRatan Gupta {"Authentication", 1786973a582SRatan Gupta {{"AuthenticationType", "UsernameAndPassword"}, 1796973a582SRatan Gupta {"Username", confData.bindDN}, 1806973a582SRatan Gupta {"Password", nullptr}}}, 1816973a582SRatan Gupta {"LDAPService", 1826973a582SRatan Gupta {{"SearchSettings", 1836973a582SRatan Gupta {{"BaseDistinguishedNames", 1846973a582SRatan Gupta nlohmann::json::array({confData.baseDN})}, 1856973a582SRatan Gupta {"UsernameAttribute", confData.userNameAttribute}, 1866973a582SRatan Gupta {"GroupsAttribute", confData.groupAttribute}}}}}, 1876973a582SRatan Gupta }; 18854fc587aSNagaraju Goruganti 18981ce609eSEd Tanous jsonResponse[ldapType].update(ldap); 19054fc587aSNagaraju Goruganti 19181ce609eSEd Tanous nlohmann::json& roleMapArray = jsonResponse[ldapType]["RemoteRoleMapping"]; 19254fc587aSNagaraju Goruganti roleMapArray = nlohmann::json::array(); 19354fc587aSNagaraju Goruganti for (auto& obj : confData.groupRoleList) 19454fc587aSNagaraju Goruganti { 19554fc587aSNagaraju Goruganti BMCWEB_LOG_DEBUG << "Pushing the data groupName=" 19654fc587aSNagaraju Goruganti << obj.second.groupName << "\n"; 19754fc587aSNagaraju Goruganti roleMapArray.push_back( 19854fc587aSNagaraju Goruganti {nlohmann::json::array({"RemoteGroup", obj.second.groupName}), 19954fc587aSNagaraju Goruganti nlohmann::json::array( 20054fc587aSNagaraju Goruganti {"LocalRole", getRoleIdFromPrivilege(obj.second.privilege)})}); 20154fc587aSNagaraju Goruganti } 2026973a582SRatan Gupta } 2036973a582SRatan Gupta 2046973a582SRatan Gupta /** 20506785244SRatan Gupta * @brief validates given JSON input and then calls appropriate method to 20606785244SRatan Gupta * create, to delete or to set Rolemapping object based on the given input. 20706785244SRatan Gupta * 20806785244SRatan Gupta */ 20923a21a1cSEd Tanous inline void handleRoleMapPatch( 2108d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 21106785244SRatan Gupta const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData, 212f23b7296SEd Tanous const std::string& serverType, const std::vector<nlohmann::json>& input) 21306785244SRatan Gupta { 21406785244SRatan Gupta for (size_t index = 0; index < input.size(); index++) 21506785244SRatan Gupta { 216f23b7296SEd Tanous const nlohmann::json& thisJson = input[index]; 21706785244SRatan Gupta 21806785244SRatan Gupta if (thisJson.is_null()) 21906785244SRatan Gupta { 22006785244SRatan Gupta // delete the existing object 22106785244SRatan Gupta if (index < roleMapObjData.size()) 22206785244SRatan Gupta { 22306785244SRatan Gupta crow::connections::systemBus->async_method_call( 22406785244SRatan Gupta [asyncResp, roleMapObjData, serverType, 22506785244SRatan Gupta index](const boost::system::error_code ec) { 22606785244SRatan Gupta if (ec) 22706785244SRatan Gupta { 22806785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " << ec; 22906785244SRatan Gupta messages::internalError(asyncResp->res); 23006785244SRatan Gupta return; 23106785244SRatan Gupta } 23206785244SRatan Gupta asyncResp->res 23306785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"][index] = 23406785244SRatan Gupta nullptr; 23506785244SRatan Gupta }, 23606785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 23706785244SRatan Gupta "xyz.openbmc_project.Object.Delete", "Delete"); 23806785244SRatan Gupta } 23906785244SRatan Gupta else 24006785244SRatan Gupta { 24106785244SRatan Gupta BMCWEB_LOG_ERROR << "Can't delete the object"; 24206785244SRatan Gupta messages::propertyValueTypeError( 24371f52d96SEd Tanous asyncResp->res, 24471f52d96SEd Tanous thisJson.dump(2, ' ', true, 24571f52d96SEd Tanous nlohmann::json::error_handler_t::replace), 24606785244SRatan Gupta "RemoteRoleMapping/" + std::to_string(index)); 24706785244SRatan Gupta return; 24806785244SRatan Gupta } 24906785244SRatan Gupta } 25006785244SRatan Gupta else if (thisJson.empty()) 25106785244SRatan Gupta { 25206785244SRatan Gupta // Don't do anything for the empty objects,parse next json 25306785244SRatan Gupta // eg {"RemoteRoleMapping",[{}]} 25406785244SRatan Gupta } 25506785244SRatan Gupta else 25606785244SRatan Gupta { 25706785244SRatan Gupta // update/create the object 25806785244SRatan Gupta std::optional<std::string> remoteGroup; 25906785244SRatan Gupta std::optional<std::string> localRole; 26006785244SRatan Gupta 261f23b7296SEd Tanous // This is a copy, but it's required in this case because of how 262f23b7296SEd Tanous // readJson is structured 263f23b7296SEd Tanous nlohmann::json thisJsonCopy = thisJson; 264f23b7296SEd Tanous if (!json_util::readJson(thisJsonCopy, asyncResp->res, 265f23b7296SEd Tanous "RemoteGroup", remoteGroup, "LocalRole", 266f23b7296SEd Tanous localRole)) 26706785244SRatan Gupta { 26806785244SRatan Gupta continue; 26906785244SRatan Gupta } 27006785244SRatan Gupta 27106785244SRatan Gupta // Update existing RoleMapping Object 27206785244SRatan Gupta if (index < roleMapObjData.size()) 27306785244SRatan Gupta { 27406785244SRatan Gupta BMCWEB_LOG_DEBUG << "Update Role Map Object"; 27506785244SRatan Gupta // If "RemoteGroup" info is provided 27606785244SRatan Gupta if (remoteGroup) 27706785244SRatan Gupta { 27806785244SRatan Gupta crow::connections::systemBus->async_method_call( 27906785244SRatan Gupta [asyncResp, roleMapObjData, serverType, index, 28006785244SRatan Gupta remoteGroup](const boost::system::error_code ec) { 28106785244SRatan Gupta if (ec) 28206785244SRatan Gupta { 28306785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " 28406785244SRatan Gupta << ec; 28506785244SRatan Gupta messages::internalError(asyncResp->res); 28606785244SRatan Gupta return; 28706785244SRatan Gupta } 28806785244SRatan Gupta asyncResp->res 28906785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"] 29006785244SRatan Gupta [index]["RemoteGroup"] = *remoteGroup; 29106785244SRatan Gupta }, 29206785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 29306785244SRatan Gupta propertyInterface, "Set", 29406785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapperEntry", 29506785244SRatan Gupta "GroupName", 296168e20c1SEd Tanous dbus::utility::DbusVariantType( 297168e20c1SEd Tanous std::move(*remoteGroup))); 29806785244SRatan Gupta } 29906785244SRatan Gupta 30006785244SRatan Gupta // If "LocalRole" info is provided 30106785244SRatan Gupta if (localRole) 30206785244SRatan Gupta { 30306785244SRatan Gupta crow::connections::systemBus->async_method_call( 30406785244SRatan Gupta [asyncResp, roleMapObjData, serverType, index, 30506785244SRatan Gupta localRole](const boost::system::error_code ec) { 30606785244SRatan Gupta if (ec) 30706785244SRatan Gupta { 30806785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " 30906785244SRatan Gupta << ec; 31006785244SRatan Gupta messages::internalError(asyncResp->res); 31106785244SRatan Gupta return; 31206785244SRatan Gupta } 31306785244SRatan Gupta asyncResp->res 31406785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"] 31506785244SRatan Gupta [index]["LocalRole"] = *localRole; 31606785244SRatan Gupta }, 31706785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 31806785244SRatan Gupta propertyInterface, "Set", 31906785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapperEntry", 32006785244SRatan Gupta "Privilege", 321168e20c1SEd Tanous dbus::utility::DbusVariantType( 32206785244SRatan Gupta getPrivilegeFromRoleId(std::move(*localRole)))); 32306785244SRatan Gupta } 32406785244SRatan Gupta } 32506785244SRatan Gupta // Create a new RoleMapping Object. 32606785244SRatan Gupta else 32706785244SRatan Gupta { 32806785244SRatan Gupta BMCWEB_LOG_DEBUG 32906785244SRatan Gupta << "setRoleMappingProperties: Creating new Object"; 33006785244SRatan Gupta std::string pathString = 33106785244SRatan Gupta "RemoteRoleMapping/" + std::to_string(index); 33206785244SRatan Gupta 33306785244SRatan Gupta if (!localRole) 33406785244SRatan Gupta { 33506785244SRatan Gupta messages::propertyMissing(asyncResp->res, 33606785244SRatan Gupta pathString + "/LocalRole"); 33706785244SRatan Gupta continue; 33806785244SRatan Gupta } 33906785244SRatan Gupta if (!remoteGroup) 34006785244SRatan Gupta { 34106785244SRatan Gupta messages::propertyMissing(asyncResp->res, 34206785244SRatan Gupta pathString + "/RemoteGroup"); 34306785244SRatan Gupta continue; 34406785244SRatan Gupta } 34506785244SRatan Gupta 34606785244SRatan Gupta std::string dbusObjectPath; 34706785244SRatan Gupta if (serverType == "ActiveDirectory") 34806785244SRatan Gupta { 3492c70f800SEd Tanous dbusObjectPath = adConfigObject; 35006785244SRatan Gupta } 35106785244SRatan Gupta else if (serverType == "LDAP") 35206785244SRatan Gupta { 35323a21a1cSEd Tanous dbusObjectPath = ldapConfigObjectName; 35406785244SRatan Gupta } 35506785244SRatan Gupta 35606785244SRatan Gupta BMCWEB_LOG_DEBUG << "Remote Group=" << *remoteGroup 35706785244SRatan Gupta << ",LocalRole=" << *localRole; 35806785244SRatan Gupta 35906785244SRatan Gupta crow::connections::systemBus->async_method_call( 360271584abSEd Tanous [asyncResp, serverType, localRole, 36106785244SRatan Gupta remoteGroup](const boost::system::error_code ec) { 36206785244SRatan Gupta if (ec) 36306785244SRatan Gupta { 36406785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " << ec; 36506785244SRatan Gupta messages::internalError(asyncResp->res); 36606785244SRatan Gupta return; 36706785244SRatan Gupta } 36806785244SRatan Gupta nlohmann::json& remoteRoleJson = 36906785244SRatan Gupta asyncResp->res 37006785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"]; 37106785244SRatan Gupta remoteRoleJson.push_back( 37206785244SRatan Gupta {{"LocalRole", *localRole}, 37306785244SRatan Gupta {"RemoteGroup", *remoteGroup}}); 37406785244SRatan Gupta }, 37506785244SRatan Gupta ldapDbusService, dbusObjectPath, ldapPrivMapperInterface, 3763174e4dfSEd Tanous "Create", *remoteGroup, 37706785244SRatan Gupta getPrivilegeFromRoleId(std::move(*localRole))); 37806785244SRatan Gupta } 37906785244SRatan Gupta } 38006785244SRatan Gupta } 38106785244SRatan Gupta } 38206785244SRatan Gupta 38306785244SRatan Gupta /** 3846973a582SRatan Gupta * Function that retrieves all properties for LDAP config object 3856973a582SRatan Gupta * into JSON 3866973a582SRatan Gupta */ 3876973a582SRatan Gupta template <typename CallbackFunc> 3886973a582SRatan Gupta inline void getLDAPConfigData(const std::string& ldapType, 3896973a582SRatan Gupta CallbackFunc&& callback) 3906973a582SRatan Gupta { 39154fc587aSNagaraju Goruganti 39254fc587aSNagaraju Goruganti const std::array<const char*, 2> interfaces = {ldapEnableInterface, 39354fc587aSNagaraju Goruganti ldapConfigInterface}; 39454fc587aSNagaraju Goruganti 39554fc587aSNagaraju Goruganti crow::connections::systemBus->async_method_call( 39654fc587aSNagaraju Goruganti [callback, ldapType](const boost::system::error_code ec, 39754fc587aSNagaraju Goruganti const GetObjectType& resp) { 39854fc587aSNagaraju Goruganti if (ec || resp.empty()) 39954fc587aSNagaraju Goruganti { 4000fda0f12SGeorge Liu BMCWEB_LOG_ERROR 4010fda0f12SGeorge Liu << "DBUS response error during getting of service name: " 40254fc587aSNagaraju Goruganti << ec; 40323a21a1cSEd Tanous LDAPConfigData empty{}; 40423a21a1cSEd Tanous callback(false, empty, ldapType); 40554fc587aSNagaraju Goruganti return; 40654fc587aSNagaraju Goruganti } 40754fc587aSNagaraju Goruganti std::string service = resp.begin()->first; 40854fc587aSNagaraju Goruganti crow::connections::systemBus->async_method_call( 40981ce609eSEd Tanous [callback, ldapType](const boost::system::error_code errorCode, 4106973a582SRatan Gupta const ManagedObjectType& ldapObjects) { 4116973a582SRatan Gupta LDAPConfigData confData{}; 41281ce609eSEd Tanous if (errorCode) 4136973a582SRatan Gupta { 414ab828d7cSRatan Gupta callback(false, confData, ldapType); 41554fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR << "D-Bus responses error: " 41681ce609eSEd Tanous << errorCode; 4176973a582SRatan Gupta return; 4186973a582SRatan Gupta } 419ab828d7cSRatan Gupta 420ab828d7cSRatan Gupta std::string ldapDbusType; 42154fc587aSNagaraju Goruganti std::string searchString; 42254fc587aSNagaraju Goruganti 423ab828d7cSRatan Gupta if (ldapType == "LDAP") 424ab828d7cSRatan Gupta { 4250fda0f12SGeorge Liu ldapDbusType = 4260fda0f12SGeorge Liu "xyz.openbmc_project.User.Ldap.Config.Type.OpenLdap"; 42754fc587aSNagaraju Goruganti searchString = "openldap"; 428ab828d7cSRatan Gupta } 429ab828d7cSRatan Gupta else if (ldapType == "ActiveDirectory") 430ab828d7cSRatan Gupta { 43154fc587aSNagaraju Goruganti ldapDbusType = 4320fda0f12SGeorge Liu "xyz.openbmc_project.User.Ldap.Config.Type.ActiveDirectory"; 43354fc587aSNagaraju Goruganti searchString = "active_directory"; 434ab828d7cSRatan Gupta } 435ab828d7cSRatan Gupta else 436ab828d7cSRatan Gupta { 43754fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR 43854fc587aSNagaraju Goruganti << "Can't get the DbusType for the given type=" 439ab828d7cSRatan Gupta << ldapType; 440ab828d7cSRatan Gupta callback(false, confData, ldapType); 441ab828d7cSRatan Gupta return; 442ab828d7cSRatan Gupta } 443ab828d7cSRatan Gupta 444ab828d7cSRatan Gupta std::string ldapEnableInterfaceStr = ldapEnableInterface; 445ab828d7cSRatan Gupta std::string ldapConfigInterfaceStr = ldapConfigInterface; 446ab828d7cSRatan Gupta 4476973a582SRatan Gupta for (const auto& object : ldapObjects) 4486973a582SRatan Gupta { 44954fc587aSNagaraju Goruganti // let's find the object whose ldap type is equal to the 45054fc587aSNagaraju Goruganti // given type 45154fc587aSNagaraju Goruganti if (object.first.str.find(searchString) == 45254fc587aSNagaraju Goruganti std::string::npos) 4536973a582SRatan Gupta { 454ab828d7cSRatan Gupta continue; 455ab828d7cSRatan Gupta } 456ab828d7cSRatan Gupta 4576973a582SRatan Gupta for (const auto& interface : object.second) 4586973a582SRatan Gupta { 4596973a582SRatan Gupta if (interface.first == ldapEnableInterfaceStr) 4606973a582SRatan Gupta { 4616973a582SRatan Gupta // rest of the properties are string. 4626973a582SRatan Gupta for (const auto& property : interface.second) 4636973a582SRatan Gupta { 4646973a582SRatan Gupta if (property.first == "Enabled") 4656973a582SRatan Gupta { 4666973a582SRatan Gupta const bool* value = 4676973a582SRatan Gupta std::get_if<bool>(&property.second); 4686973a582SRatan Gupta if (value == nullptr) 4696973a582SRatan Gupta { 4706973a582SRatan Gupta continue; 4716973a582SRatan Gupta } 4726973a582SRatan Gupta confData.serviceEnabled = *value; 4736973a582SRatan Gupta break; 4746973a582SRatan Gupta } 4756973a582SRatan Gupta } 4766973a582SRatan Gupta } 4776973a582SRatan Gupta else if (interface.first == ldapConfigInterfaceStr) 4786973a582SRatan Gupta { 4796973a582SRatan Gupta 4806973a582SRatan Gupta for (const auto& property : interface.second) 4816973a582SRatan Gupta { 482271584abSEd Tanous const std::string* strValue = 48354fc587aSNagaraju Goruganti std::get_if<std::string>( 48454fc587aSNagaraju Goruganti &property.second); 485271584abSEd Tanous if (strValue == nullptr) 4866973a582SRatan Gupta { 4876973a582SRatan Gupta continue; 4886973a582SRatan Gupta } 4896973a582SRatan Gupta if (property.first == "LDAPServerURI") 4906973a582SRatan Gupta { 491271584abSEd Tanous confData.uri = *strValue; 4926973a582SRatan Gupta } 4936973a582SRatan Gupta else if (property.first == "LDAPBindDN") 4946973a582SRatan Gupta { 495271584abSEd Tanous confData.bindDN = *strValue; 4966973a582SRatan Gupta } 4976973a582SRatan Gupta else if (property.first == "LDAPBaseDN") 4986973a582SRatan Gupta { 499271584abSEd Tanous confData.baseDN = *strValue; 5006973a582SRatan Gupta } 50154fc587aSNagaraju Goruganti else if (property.first == 50254fc587aSNagaraju Goruganti "LDAPSearchScope") 5036973a582SRatan Gupta { 504271584abSEd Tanous confData.searchScope = *strValue; 5056973a582SRatan Gupta } 50654fc587aSNagaraju Goruganti else if (property.first == 50754fc587aSNagaraju Goruganti "GroupNameAttribute") 5086973a582SRatan Gupta { 509271584abSEd Tanous confData.groupAttribute = *strValue; 5106973a582SRatan Gupta } 51154fc587aSNagaraju Goruganti else if (property.first == 51254fc587aSNagaraju Goruganti "UserNameAttribute") 5136973a582SRatan Gupta { 514271584abSEd Tanous confData.userNameAttribute = *strValue; 5156973a582SRatan Gupta } 51654fc587aSNagaraju Goruganti else if (property.first == "LDAPType") 517ab828d7cSRatan Gupta { 518271584abSEd Tanous confData.serverType = *strValue; 51954fc587aSNagaraju Goruganti } 52054fc587aSNagaraju Goruganti } 52154fc587aSNagaraju Goruganti } 5220fda0f12SGeorge Liu else if ( 5230fda0f12SGeorge Liu interface.first == 5240fda0f12SGeorge Liu "xyz.openbmc_project.User.PrivilegeMapperEntry") 52554fc587aSNagaraju Goruganti { 52654fc587aSNagaraju Goruganti LDAPRoleMapData roleMapData{}; 52754fc587aSNagaraju Goruganti for (const auto& property : interface.second) 52854fc587aSNagaraju Goruganti { 529271584abSEd Tanous const std::string* strValue = 53054fc587aSNagaraju Goruganti std::get_if<std::string>( 53154fc587aSNagaraju Goruganti &property.second); 53254fc587aSNagaraju Goruganti 533271584abSEd Tanous if (strValue == nullptr) 53454fc587aSNagaraju Goruganti { 53554fc587aSNagaraju Goruganti continue; 53654fc587aSNagaraju Goruganti } 53754fc587aSNagaraju Goruganti 53854fc587aSNagaraju Goruganti if (property.first == "GroupName") 53954fc587aSNagaraju Goruganti { 540271584abSEd Tanous roleMapData.groupName = *strValue; 54154fc587aSNagaraju Goruganti } 54254fc587aSNagaraju Goruganti else if (property.first == "Privilege") 54354fc587aSNagaraju Goruganti { 544271584abSEd Tanous roleMapData.privilege = *strValue; 54554fc587aSNagaraju Goruganti } 54654fc587aSNagaraju Goruganti } 54754fc587aSNagaraju Goruganti 5480f0353b6SEd Tanous confData.groupRoleList.emplace_back( 5490f0353b6SEd Tanous object.first.str, roleMapData); 55054fc587aSNagaraju Goruganti } 55154fc587aSNagaraju Goruganti } 55254fc587aSNagaraju Goruganti } 553ab828d7cSRatan Gupta callback(true, confData, ldapType); 55454fc587aSNagaraju Goruganti }, 55554fc587aSNagaraju Goruganti service, ldapRootObject, dbusObjManagerIntf, 5566973a582SRatan Gupta "GetManagedObjects"); 55754fc587aSNagaraju Goruganti }, 55854fc587aSNagaraju Goruganti mapperBusName, mapperObjectPath, mapperIntf, "GetObject", 55923a21a1cSEd Tanous ldapConfigObjectName, interfaces); 5606973a582SRatan Gupta } 5616973a582SRatan Gupta 5628a07d286SRatan Gupta /** 5638a07d286SRatan Gupta * @brief parses the authentication section under the LDAP 5648a07d286SRatan Gupta * @param input JSON data 5658a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 5668a07d286SRatan Gupta * @param userName userName to be filled from the given JSON. 5678a07d286SRatan Gupta * @param password password to be filled from the given JSON. 5688a07d286SRatan Gupta */ 5694f48d5f6SEd Tanous inline void parseLDAPAuthenticationJson( 5706c51eab1SEd Tanous nlohmann::json input, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 5716c51eab1SEd Tanous std::optional<std::string>& username, std::optional<std::string>& password) 5728a07d286SRatan Gupta { 5738a07d286SRatan Gupta std::optional<std::string> authType; 5748a07d286SRatan Gupta 5758a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "AuthenticationType", 5768a07d286SRatan Gupta authType, "Username", username, "Password", 5778a07d286SRatan Gupta password)) 5788a07d286SRatan Gupta { 5798a07d286SRatan Gupta return; 5808a07d286SRatan Gupta } 5818a07d286SRatan Gupta if (!authType) 5828a07d286SRatan Gupta { 5838a07d286SRatan Gupta return; 5848a07d286SRatan Gupta } 5858a07d286SRatan Gupta if (*authType != "UsernameAndPassword") 5868a07d286SRatan Gupta { 5878a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, *authType, 5888a07d286SRatan Gupta "AuthenticationType"); 5898a07d286SRatan Gupta return; 5908a07d286SRatan Gupta } 5918a07d286SRatan Gupta } 5928a07d286SRatan Gupta /** 5938a07d286SRatan Gupta * @brief parses the LDAPService section under the LDAP 5948a07d286SRatan Gupta * @param input JSON data 5958a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 5968a07d286SRatan Gupta * @param baseDNList baseDN to be filled from the given JSON. 5978a07d286SRatan Gupta * @param userNameAttribute userName to be filled from the given JSON. 5988a07d286SRatan Gupta * @param groupaAttribute password to be filled from the given JSON. 5998a07d286SRatan Gupta */ 6008a07d286SRatan Gupta 6014f48d5f6SEd Tanous inline void 6024f48d5f6SEd Tanous parseLDAPServiceJson(nlohmann::json input, 6038d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 6048a07d286SRatan Gupta std::optional<std::vector<std::string>>& baseDNList, 6058a07d286SRatan Gupta std::optional<std::string>& userNameAttribute, 6068a07d286SRatan Gupta std::optional<std::string>& groupsAttribute) 6078a07d286SRatan Gupta { 6088a07d286SRatan Gupta std::optional<nlohmann::json> searchSettings; 6098a07d286SRatan Gupta 6108a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "SearchSettings", 6118a07d286SRatan Gupta searchSettings)) 6128a07d286SRatan Gupta { 6138a07d286SRatan Gupta return; 6148a07d286SRatan Gupta } 6158a07d286SRatan Gupta if (!searchSettings) 6168a07d286SRatan Gupta { 6178a07d286SRatan Gupta return; 6188a07d286SRatan Gupta } 6198a07d286SRatan Gupta if (!json_util::readJson(*searchSettings, asyncResp->res, 6208a07d286SRatan Gupta "BaseDistinguishedNames", baseDNList, 6218a07d286SRatan Gupta "UsernameAttribute", userNameAttribute, 6228a07d286SRatan Gupta "GroupsAttribute", groupsAttribute)) 6238a07d286SRatan Gupta { 6248a07d286SRatan Gupta return; 6258a07d286SRatan Gupta } 6268a07d286SRatan Gupta } 6278a07d286SRatan Gupta /** 6288a07d286SRatan Gupta * @brief updates the LDAP server address and updates the 6298a07d286SRatan Gupta json response with the new value. 6308a07d286SRatan Gupta * @param serviceAddressList address to be updated. 6318a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6328a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 6338a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 6348a07d286SRatan Gupta */ 6358a07d286SRatan Gupta 6364f48d5f6SEd Tanous inline void handleServiceAddressPatch( 6378a07d286SRatan Gupta const std::vector<std::string>& serviceAddressList, 6388d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 6398a07d286SRatan Gupta const std::string& ldapServerElementName, 6408a07d286SRatan Gupta const std::string& ldapConfigObject) 6418a07d286SRatan Gupta { 6428a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 6438a07d286SRatan Gupta [asyncResp, ldapServerElementName, 6448a07d286SRatan Gupta serviceAddressList](const boost::system::error_code ec) { 6458a07d286SRatan Gupta if (ec) 6468a07d286SRatan Gupta { 6478a07d286SRatan Gupta BMCWEB_LOG_DEBUG 648c61704abSGunnar Mills << "Error Occurred in updating the service address"; 6498a07d286SRatan Gupta messages::internalError(asyncResp->res); 6508a07d286SRatan Gupta return; 6518a07d286SRatan Gupta } 6528a07d286SRatan Gupta std::vector<std::string> modifiedserviceAddressList = { 6538a07d286SRatan Gupta serviceAddressList.front()}; 6548a07d286SRatan Gupta asyncResp->res 6558a07d286SRatan Gupta .jsonValue[ldapServerElementName]["ServiceAddresses"] = 6568a07d286SRatan Gupta modifiedserviceAddressList; 6578a07d286SRatan Gupta if ((serviceAddressList).size() > 1) 6588a07d286SRatan Gupta { 6598a07d286SRatan Gupta messages::propertyValueModified(asyncResp->res, 6608a07d286SRatan Gupta "ServiceAddresses", 6618a07d286SRatan Gupta serviceAddressList.front()); 6628a07d286SRatan Gupta } 6638a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the service address"; 6648a07d286SRatan Gupta }, 6658a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 6668a07d286SRatan Gupta ldapConfigInterface, "LDAPServerURI", 667168e20c1SEd Tanous dbus::utility::DbusVariantType(serviceAddressList.front())); 6688a07d286SRatan Gupta } 6698a07d286SRatan Gupta /** 6708a07d286SRatan Gupta * @brief updates the LDAP Bind DN and updates the 6718a07d286SRatan Gupta json response with the new value. 6728a07d286SRatan Gupta * @param username name of the user which needs to be updated. 6738a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6748a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 6758a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 6768a07d286SRatan Gupta */ 6778a07d286SRatan Gupta 6784f48d5f6SEd Tanous inline void 6794f48d5f6SEd Tanous handleUserNamePatch(const std::string& username, 6808d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 6818a07d286SRatan Gupta const std::string& ldapServerElementName, 6828a07d286SRatan Gupta const std::string& ldapConfigObject) 6838a07d286SRatan Gupta { 6848a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 6858a07d286SRatan Gupta [asyncResp, username, 6868a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 6878a07d286SRatan Gupta if (ec) 6888a07d286SRatan Gupta { 6896c51eab1SEd Tanous BMCWEB_LOG_DEBUG << "Error occurred in updating the username"; 6908a07d286SRatan Gupta messages::internalError(asyncResp->res); 6918a07d286SRatan Gupta return; 6928a07d286SRatan Gupta } 6936c51eab1SEd Tanous asyncResp->res.jsonValue[ldapServerElementName]["Authentication"] 6946c51eab1SEd Tanous ["Username"] = username; 6958a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the username"; 6968a07d286SRatan Gupta }, 6978a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 698168e20c1SEd Tanous ldapConfigInterface, "LDAPBindDN", 699168e20c1SEd Tanous dbus::utility::DbusVariantType(username)); 7008a07d286SRatan Gupta } 7018a07d286SRatan Gupta 7028a07d286SRatan Gupta /** 7038a07d286SRatan Gupta * @brief updates the LDAP password 7048a07d286SRatan Gupta * @param password : ldap password which needs to be updated. 7058a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7068a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7078a07d286SRatan Gupta * server(openLDAP/ActiveDirectory) 7088a07d286SRatan Gupta */ 7098a07d286SRatan Gupta 7104f48d5f6SEd Tanous inline void 7114f48d5f6SEd Tanous handlePasswordPatch(const std::string& password, 7128d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 7138a07d286SRatan Gupta const std::string& ldapServerElementName, 7148a07d286SRatan Gupta const std::string& ldapConfigObject) 7158a07d286SRatan Gupta { 7168a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7178a07d286SRatan Gupta [asyncResp, password, 7188a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7198a07d286SRatan Gupta if (ec) 7208a07d286SRatan Gupta { 7216c51eab1SEd Tanous BMCWEB_LOG_DEBUG << "Error occurred in updating the password"; 7228a07d286SRatan Gupta messages::internalError(asyncResp->res); 7238a07d286SRatan Gupta return; 7248a07d286SRatan Gupta } 7256c51eab1SEd Tanous asyncResp->res.jsonValue[ldapServerElementName]["Authentication"] 7266c51eab1SEd Tanous ["Password"] = ""; 7278a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the password"; 7288a07d286SRatan Gupta }, 7298a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7308a07d286SRatan Gupta ldapConfigInterface, "LDAPBindDNPassword", 731168e20c1SEd Tanous dbus::utility::DbusVariantType(password)); 7328a07d286SRatan Gupta } 7338a07d286SRatan Gupta 7348a07d286SRatan Gupta /** 7358a07d286SRatan Gupta * @brief updates the LDAP BaseDN and updates the 7368a07d286SRatan Gupta json response with the new value. 7378a07d286SRatan Gupta * @param baseDNList baseDN list which needs to be updated. 7388a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7398a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7408a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 7418a07d286SRatan Gupta */ 7428a07d286SRatan Gupta 7434f48d5f6SEd Tanous inline void 7444f48d5f6SEd Tanous handleBaseDNPatch(const std::vector<std::string>& baseDNList, 7458d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 7468a07d286SRatan Gupta const std::string& ldapServerElementName, 7478a07d286SRatan Gupta const std::string& ldapConfigObject) 7488a07d286SRatan Gupta { 7498a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7508a07d286SRatan Gupta [asyncResp, baseDNList, 7518a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7528a07d286SRatan Gupta if (ec) 7538a07d286SRatan Gupta { 7546c51eab1SEd Tanous BMCWEB_LOG_DEBUG << "Error Occurred in Updating the base DN"; 7558a07d286SRatan Gupta messages::internalError(asyncResp->res); 7568a07d286SRatan Gupta return; 7578a07d286SRatan Gupta } 7588a07d286SRatan Gupta auto& serverTypeJson = 7598a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 7608a07d286SRatan Gupta auto& searchSettingsJson = 7618a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 7626c51eab1SEd Tanous std::vector<std::string> modifiedBaseDNList = {baseDNList.front()}; 7636c51eab1SEd Tanous searchSettingsJson["BaseDistinguishedNames"] = modifiedBaseDNList; 7648a07d286SRatan Gupta if (baseDNList.size() > 1) 7658a07d286SRatan Gupta { 7668a07d286SRatan Gupta messages::propertyValueModified(asyncResp->res, 7678a07d286SRatan Gupta "BaseDistinguishedNames", 7688a07d286SRatan Gupta baseDNList.front()); 7698a07d286SRatan Gupta } 7708a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the base DN"; 7718a07d286SRatan Gupta }, 7728a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7738a07d286SRatan Gupta ldapConfigInterface, "LDAPBaseDN", 774168e20c1SEd Tanous dbus::utility::DbusVariantType(baseDNList.front())); 7758a07d286SRatan Gupta } 7768a07d286SRatan Gupta /** 7778a07d286SRatan Gupta * @brief updates the LDAP user name attribute and updates the 7788a07d286SRatan Gupta json response with the new value. 7798a07d286SRatan Gupta * @param userNameAttribute attribute to be updated. 7808a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7818a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7828a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 7838a07d286SRatan Gupta */ 7848a07d286SRatan Gupta 7854f48d5f6SEd Tanous inline void 7864f48d5f6SEd Tanous handleUserNameAttrPatch(const std::string& userNameAttribute, 7878d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 7888a07d286SRatan Gupta const std::string& ldapServerElementName, 7898a07d286SRatan Gupta const std::string& ldapConfigObject) 7908a07d286SRatan Gupta { 7918a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7928a07d286SRatan Gupta [asyncResp, userNameAttribute, 7938a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7948a07d286SRatan Gupta if (ec) 7958a07d286SRatan Gupta { 796c61704abSGunnar Mills BMCWEB_LOG_DEBUG << "Error Occurred in Updating the " 7978a07d286SRatan Gupta "username attribute"; 7988a07d286SRatan Gupta messages::internalError(asyncResp->res); 7998a07d286SRatan Gupta return; 8008a07d286SRatan Gupta } 8018a07d286SRatan Gupta auto& serverTypeJson = 8028a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 8038a07d286SRatan Gupta auto& searchSettingsJson = 8048a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 8058a07d286SRatan Gupta searchSettingsJson["UsernameAttribute"] = userNameAttribute; 8068a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the user name attr."; 8078a07d286SRatan Gupta }, 8088a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 8098a07d286SRatan Gupta ldapConfigInterface, "UserNameAttribute", 810168e20c1SEd Tanous dbus::utility::DbusVariantType(userNameAttribute)); 8118a07d286SRatan Gupta } 8128a07d286SRatan Gupta /** 8138a07d286SRatan Gupta * @brief updates the LDAP group attribute and updates the 8148a07d286SRatan Gupta json response with the new value. 8158a07d286SRatan Gupta * @param groupsAttribute attribute to be updated. 8168a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 8178a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 8188a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 8198a07d286SRatan Gupta */ 8208a07d286SRatan Gupta 8214f48d5f6SEd Tanous inline void handleGroupNameAttrPatch( 8228d1b46d7Szhanghch05 const std::string& groupsAttribute, 8238d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 8248a07d286SRatan Gupta const std::string& ldapServerElementName, 8258a07d286SRatan Gupta const std::string& ldapConfigObject) 8268a07d286SRatan Gupta { 8278a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8288a07d286SRatan Gupta [asyncResp, groupsAttribute, 8298a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8308a07d286SRatan Gupta if (ec) 8318a07d286SRatan Gupta { 832c61704abSGunnar Mills BMCWEB_LOG_DEBUG << "Error Occurred in Updating the " 8338a07d286SRatan Gupta "groupname attribute"; 8348a07d286SRatan Gupta messages::internalError(asyncResp->res); 8358a07d286SRatan Gupta return; 8368a07d286SRatan Gupta } 8378a07d286SRatan Gupta auto& serverTypeJson = 8388a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 8398a07d286SRatan Gupta auto& searchSettingsJson = 8408a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 8418a07d286SRatan Gupta searchSettingsJson["GroupsAttribute"] = groupsAttribute; 8428a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the groupname attr"; 8438a07d286SRatan Gupta }, 8448a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 8458a07d286SRatan Gupta ldapConfigInterface, "GroupNameAttribute", 846168e20c1SEd Tanous dbus::utility::DbusVariantType(groupsAttribute)); 8478a07d286SRatan Gupta } 8488a07d286SRatan Gupta /** 8498a07d286SRatan Gupta * @brief updates the LDAP service enable and updates the 8508a07d286SRatan Gupta json response with the new value. 8518a07d286SRatan Gupta * @param input JSON data. 8528a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 8538a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 8548a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 8558a07d286SRatan Gupta */ 8568a07d286SRatan Gupta 8574f48d5f6SEd Tanous inline void handleServiceEnablePatch( 8586c51eab1SEd Tanous bool serviceEnabled, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 8598a07d286SRatan Gupta const std::string& ldapServerElementName, 8608a07d286SRatan Gupta const std::string& ldapConfigObject) 8618a07d286SRatan Gupta { 8628a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8638a07d286SRatan Gupta [asyncResp, serviceEnabled, 8648a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8658a07d286SRatan Gupta if (ec) 8668a07d286SRatan Gupta { 8678a07d286SRatan Gupta BMCWEB_LOG_DEBUG 868c61704abSGunnar Mills << "Error Occurred in Updating the service enable"; 8698a07d286SRatan Gupta messages::internalError(asyncResp->res); 8708a07d286SRatan Gupta return; 8718a07d286SRatan Gupta } 8726c51eab1SEd Tanous asyncResp->res.jsonValue[ldapServerElementName]["ServiceEnabled"] = 8738a07d286SRatan Gupta serviceEnabled; 8746c51eab1SEd Tanous BMCWEB_LOG_DEBUG << "Updated Service enable = " << serviceEnabled; 8758a07d286SRatan Gupta }, 8768a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 877168e20c1SEd Tanous ldapEnableInterface, "Enabled", 878168e20c1SEd Tanous dbus::utility::DbusVariantType(serviceEnabled)); 8798a07d286SRatan Gupta } 8808a07d286SRatan Gupta 8814f48d5f6SEd Tanous inline void 8824f48d5f6SEd Tanous handleAuthMethodsPatch(nlohmann::json& input, 8838d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 88478158631SZbigniew Kurzynski { 88578158631SZbigniew Kurzynski std::optional<bool> basicAuth; 88678158631SZbigniew Kurzynski std::optional<bool> cookie; 88778158631SZbigniew Kurzynski std::optional<bool> sessionToken; 88878158631SZbigniew Kurzynski std::optional<bool> xToken; 889501f1e58SZbigniew Kurzynski std::optional<bool> tls; 89078158631SZbigniew Kurzynski 89178158631SZbigniew Kurzynski if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth, 89278158631SZbigniew Kurzynski "Cookie", cookie, "SessionToken", sessionToken, 893501f1e58SZbigniew Kurzynski "XToken", xToken, "TLS", tls)) 89478158631SZbigniew Kurzynski { 89578158631SZbigniew Kurzynski BMCWEB_LOG_ERROR << "Cannot read values from AuthMethod tag"; 89678158631SZbigniew Kurzynski return; 89778158631SZbigniew Kurzynski } 89878158631SZbigniew Kurzynski 89978158631SZbigniew Kurzynski // Make a copy of methods configuration 90052cc112dSEd Tanous persistent_data::AuthConfigMethods authMethodsConfig = 90152cc112dSEd Tanous persistent_data::SessionStore::getInstance().getAuthMethodsConfig(); 90278158631SZbigniew Kurzynski 90378158631SZbigniew Kurzynski if (basicAuth) 90478158631SZbigniew Kurzynski { 905f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_BASIC_AUTHENTICATION 906f16f6263SAlan Kuo messages::actionNotSupported( 9070fda0f12SGeorge Liu asyncResp->res, 9080fda0f12SGeorge Liu "Setting BasicAuth when basic-auth feature is disabled"); 909f16f6263SAlan Kuo return; 910f16f6263SAlan Kuo #endif 91178158631SZbigniew Kurzynski authMethodsConfig.basic = *basicAuth; 91278158631SZbigniew Kurzynski } 91378158631SZbigniew Kurzynski 91478158631SZbigniew Kurzynski if (cookie) 91578158631SZbigniew Kurzynski { 916f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_COOKIE_AUTHENTICATION 9170fda0f12SGeorge Liu messages::actionNotSupported( 9180fda0f12SGeorge Liu asyncResp->res, 9190fda0f12SGeorge Liu "Setting Cookie when cookie-auth feature is disabled"); 920f16f6263SAlan Kuo return; 921f16f6263SAlan Kuo #endif 92278158631SZbigniew Kurzynski authMethodsConfig.cookie = *cookie; 92378158631SZbigniew Kurzynski } 92478158631SZbigniew Kurzynski 92578158631SZbigniew Kurzynski if (sessionToken) 92678158631SZbigniew Kurzynski { 927f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_SESSION_AUTHENTICATION 928f16f6263SAlan Kuo messages::actionNotSupported( 9290fda0f12SGeorge Liu asyncResp->res, 9300fda0f12SGeorge Liu "Setting SessionToken when session-auth feature is disabled"); 931f16f6263SAlan Kuo return; 932f16f6263SAlan Kuo #endif 93378158631SZbigniew Kurzynski authMethodsConfig.sessionToken = *sessionToken; 93478158631SZbigniew Kurzynski } 93578158631SZbigniew Kurzynski 93678158631SZbigniew Kurzynski if (xToken) 93778158631SZbigniew Kurzynski { 938f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION 9390fda0f12SGeorge Liu messages::actionNotSupported( 9400fda0f12SGeorge Liu asyncResp->res, 9410fda0f12SGeorge Liu "Setting XToken when xtoken-auth feature is disabled"); 942f16f6263SAlan Kuo return; 943f16f6263SAlan Kuo #endif 94478158631SZbigniew Kurzynski authMethodsConfig.xtoken = *xToken; 94578158631SZbigniew Kurzynski } 94678158631SZbigniew Kurzynski 947501f1e58SZbigniew Kurzynski if (tls) 948501f1e58SZbigniew Kurzynski { 949f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION 9500fda0f12SGeorge Liu messages::actionNotSupported( 9510fda0f12SGeorge Liu asyncResp->res, 9520fda0f12SGeorge Liu "Setting TLS when mutual-tls-auth feature is disabled"); 953f16f6263SAlan Kuo return; 954f16f6263SAlan Kuo #endif 955501f1e58SZbigniew Kurzynski authMethodsConfig.tls = *tls; 956501f1e58SZbigniew Kurzynski } 957501f1e58SZbigniew Kurzynski 95878158631SZbigniew Kurzynski if (!authMethodsConfig.basic && !authMethodsConfig.cookie && 959501f1e58SZbigniew Kurzynski !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken && 960501f1e58SZbigniew Kurzynski !authMethodsConfig.tls) 96178158631SZbigniew Kurzynski { 96278158631SZbigniew Kurzynski // Do not allow user to disable everything 96378158631SZbigniew Kurzynski messages::actionNotSupported(asyncResp->res, 96478158631SZbigniew Kurzynski "of disabling all available methods"); 96578158631SZbigniew Kurzynski return; 96678158631SZbigniew Kurzynski } 96778158631SZbigniew Kurzynski 96852cc112dSEd Tanous persistent_data::SessionStore::getInstance().updateAuthMethodsConfig( 96952cc112dSEd Tanous authMethodsConfig); 97078158631SZbigniew Kurzynski // Save configuration immediately 97152cc112dSEd Tanous persistent_data::getConfig().writeData(); 97278158631SZbigniew Kurzynski 97378158631SZbigniew Kurzynski messages::success(asyncResp->res); 97478158631SZbigniew Kurzynski } 97578158631SZbigniew Kurzynski 9768a07d286SRatan Gupta /** 9778a07d286SRatan Gupta * @brief Get the required values from the given JSON, validates the 9788a07d286SRatan Gupta * value and create the LDAP config object. 9798a07d286SRatan Gupta * @param input JSON data 9808a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 9818a07d286SRatan Gupta * @param serverType Type of LDAP server(openLDAP/ActiveDirectory) 9828a07d286SRatan Gupta */ 9838a07d286SRatan Gupta 9846c51eab1SEd Tanous inline void handleLDAPPatch(nlohmann::json& input, 9858d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 9868a07d286SRatan Gupta const std::string& serverType) 9878a07d286SRatan Gupta { 988eb2bbe56SRatan Gupta std::string dbusObjectPath; 989eb2bbe56SRatan Gupta if (serverType == "ActiveDirectory") 990eb2bbe56SRatan Gupta { 9912c70f800SEd Tanous dbusObjectPath = adConfigObject; 992eb2bbe56SRatan Gupta } 993eb2bbe56SRatan Gupta else if (serverType == "LDAP") 994eb2bbe56SRatan Gupta { 99523a21a1cSEd Tanous dbusObjectPath = ldapConfigObjectName; 996eb2bbe56SRatan Gupta } 997cb13a392SEd Tanous else 998cb13a392SEd Tanous { 999cb13a392SEd Tanous return; 1000cb13a392SEd Tanous } 1001eb2bbe56SRatan Gupta 10028a07d286SRatan Gupta std::optional<nlohmann::json> authentication; 10038a07d286SRatan Gupta std::optional<nlohmann::json> ldapService; 10048a07d286SRatan Gupta std::optional<std::vector<std::string>> serviceAddressList; 10058a07d286SRatan Gupta std::optional<bool> serviceEnabled; 10068a07d286SRatan Gupta std::optional<std::vector<std::string>> baseDNList; 10078a07d286SRatan Gupta std::optional<std::string> userNameAttribute; 10088a07d286SRatan Gupta std::optional<std::string> groupsAttribute; 10098a07d286SRatan Gupta std::optional<std::string> userName; 10108a07d286SRatan Gupta std::optional<std::string> password; 101106785244SRatan Gupta std::optional<std::vector<nlohmann::json>> remoteRoleMapData; 10128a07d286SRatan Gupta 10138a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "Authentication", 10148a07d286SRatan Gupta authentication, "LDAPService", ldapService, 10158a07d286SRatan Gupta "ServiceAddresses", serviceAddressList, 101606785244SRatan Gupta "ServiceEnabled", serviceEnabled, 101706785244SRatan Gupta "RemoteRoleMapping", remoteRoleMapData)) 10188a07d286SRatan Gupta { 10198a07d286SRatan Gupta return; 10208a07d286SRatan Gupta } 10218a07d286SRatan Gupta 10228a07d286SRatan Gupta if (authentication) 10238a07d286SRatan Gupta { 10248a07d286SRatan Gupta parseLDAPAuthenticationJson(*authentication, asyncResp, userName, 10258a07d286SRatan Gupta password); 10268a07d286SRatan Gupta } 10278a07d286SRatan Gupta if (ldapService) 10288a07d286SRatan Gupta { 10298a07d286SRatan Gupta parseLDAPServiceJson(*ldapService, asyncResp, baseDNList, 10308a07d286SRatan Gupta userNameAttribute, groupsAttribute); 10318a07d286SRatan Gupta } 10328a07d286SRatan Gupta if (serviceAddressList) 10338a07d286SRatan Gupta { 10348a07d286SRatan Gupta if ((*serviceAddressList).size() == 0) 10358a07d286SRatan Gupta { 10368a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, "[]", 10378a07d286SRatan Gupta "ServiceAddress"); 10388a07d286SRatan Gupta return; 10398a07d286SRatan Gupta } 10408a07d286SRatan Gupta } 10418a07d286SRatan Gupta if (baseDNList) 10428a07d286SRatan Gupta { 10438a07d286SRatan Gupta if ((*baseDNList).size() == 0) 10448a07d286SRatan Gupta { 10458a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, "[]", 10468a07d286SRatan Gupta "BaseDistinguishedNames"); 10478a07d286SRatan Gupta return; 10488a07d286SRatan Gupta } 10498a07d286SRatan Gupta } 10508a07d286SRatan Gupta 10518a07d286SRatan Gupta // nothing to update, then return 10528a07d286SRatan Gupta if (!userName && !password && !serviceAddressList && !baseDNList && 105306785244SRatan Gupta !userNameAttribute && !groupsAttribute && !serviceEnabled && 105406785244SRatan Gupta !remoteRoleMapData) 10558a07d286SRatan Gupta { 10568a07d286SRatan Gupta return; 10578a07d286SRatan Gupta } 10588a07d286SRatan Gupta 10598a07d286SRatan Gupta // Get the existing resource first then keep modifying 10608a07d286SRatan Gupta // whenever any property gets updated. 10616c51eab1SEd Tanous getLDAPConfigData(serverType, [asyncResp, userName, password, baseDNList, 10626c51eab1SEd Tanous userNameAttribute, groupsAttribute, 10636c51eab1SEd Tanous serviceAddressList, serviceEnabled, 10646c51eab1SEd Tanous dbusObjectPath, remoteRoleMapData]( 10656c51eab1SEd Tanous bool success, 10666c51eab1SEd Tanous const LDAPConfigData& confData, 106723a21a1cSEd Tanous const std::string& serverT) { 10688a07d286SRatan Gupta if (!success) 10698a07d286SRatan Gupta { 10708a07d286SRatan Gupta messages::internalError(asyncResp->res); 10718a07d286SRatan Gupta return; 10728a07d286SRatan Gupta } 10736c51eab1SEd Tanous parseLDAPConfigData(asyncResp->res.jsonValue, confData, serverT); 10748a07d286SRatan Gupta if (confData.serviceEnabled) 10758a07d286SRatan Gupta { 10768a07d286SRatan Gupta // Disable the service first and update the rest of 10778a07d286SRatan Gupta // the properties. 10786c51eab1SEd Tanous handleServiceEnablePatch(false, asyncResp, serverT, dbusObjectPath); 10798a07d286SRatan Gupta } 10808a07d286SRatan Gupta 10818a07d286SRatan Gupta if (serviceAddressList) 10828a07d286SRatan Gupta { 10836c51eab1SEd Tanous handleServiceAddressPatch(*serviceAddressList, asyncResp, serverT, 10846c51eab1SEd Tanous dbusObjectPath); 10858a07d286SRatan Gupta } 10868a07d286SRatan Gupta if (userName) 10878a07d286SRatan Gupta { 10886c51eab1SEd Tanous handleUserNamePatch(*userName, asyncResp, serverT, dbusObjectPath); 10898a07d286SRatan Gupta } 10908a07d286SRatan Gupta if (password) 10918a07d286SRatan Gupta { 10926c51eab1SEd Tanous handlePasswordPatch(*password, asyncResp, serverT, dbusObjectPath); 10938a07d286SRatan Gupta } 10948a07d286SRatan Gupta 10958a07d286SRatan Gupta if (baseDNList) 10968a07d286SRatan Gupta { 10976c51eab1SEd Tanous handleBaseDNPatch(*baseDNList, asyncResp, serverT, dbusObjectPath); 10988a07d286SRatan Gupta } 10998a07d286SRatan Gupta if (userNameAttribute) 11008a07d286SRatan Gupta { 11016c51eab1SEd Tanous handleUserNameAttrPatch(*userNameAttribute, asyncResp, serverT, 11026c51eab1SEd Tanous dbusObjectPath); 11038a07d286SRatan Gupta } 11048a07d286SRatan Gupta if (groupsAttribute) 11058a07d286SRatan Gupta { 11066c51eab1SEd Tanous handleGroupNameAttrPatch(*groupsAttribute, asyncResp, serverT, 11076c51eab1SEd Tanous dbusObjectPath); 11088a07d286SRatan Gupta } 11098a07d286SRatan Gupta if (serviceEnabled) 11108a07d286SRatan Gupta { 11118a07d286SRatan Gupta // if user has given the value as true then enable 11128a07d286SRatan Gupta // the service. if user has given false then no-op 11138a07d286SRatan Gupta // as service is already stopped. 11148a07d286SRatan Gupta if (*serviceEnabled) 11158a07d286SRatan Gupta { 11166c51eab1SEd Tanous handleServiceEnablePatch(*serviceEnabled, asyncResp, serverT, 11176c51eab1SEd Tanous dbusObjectPath); 11188a07d286SRatan Gupta } 11198a07d286SRatan Gupta } 11208a07d286SRatan Gupta else 11218a07d286SRatan Gupta { 11228a07d286SRatan Gupta // if user has not given the service enabled value 11238a07d286SRatan Gupta // then revert it to the same state as it was 11248a07d286SRatan Gupta // before. 11258a07d286SRatan Gupta handleServiceEnablePatch(confData.serviceEnabled, asyncResp, 112623a21a1cSEd Tanous serverT, dbusObjectPath); 11278a07d286SRatan Gupta } 112806785244SRatan Gupta 112906785244SRatan Gupta if (remoteRoleMapData) 113006785244SRatan Gupta { 11316c51eab1SEd Tanous handleRoleMapPatch(asyncResp, confData.groupRoleList, serverT, 11326c51eab1SEd Tanous *remoteRoleMapData); 113306785244SRatan Gupta } 11348a07d286SRatan Gupta }); 11358a07d286SRatan Gupta } 1136d4b5443fSEd Tanous 11376c51eab1SEd Tanous inline void updateUserProperties(std::shared_ptr<bmcweb::AsyncResp> asyncResp, 11386c51eab1SEd Tanous const std::string& username, 11396c51eab1SEd Tanous std::optional<std::string> password, 11406c51eab1SEd Tanous std::optional<bool> enabled, 11416c51eab1SEd Tanous std::optional<std::string> roleId, 11426c51eab1SEd Tanous std::optional<bool> locked) 11431abe55efSEd Tanous { 1144b477fd44SP Dheeraj Srujan Kumar sdbusplus::message::object_path tempObjPath(rootUserDbusPath); 1145b477fd44SP Dheeraj Srujan Kumar tempObjPath /= username; 1146b477fd44SP Dheeraj Srujan Kumar std::string dbusObjectPath(tempObjPath); 11476c51eab1SEd Tanous 11486c51eab1SEd Tanous dbus::utility::checkDbusPathExists( 11496c51eab1SEd Tanous dbusObjectPath, 11501106333aSEd Tanous [dbusObjectPath, username, password(std::move(password)), 11511106333aSEd Tanous roleId(std::move(roleId)), enabled, locked, 11521106333aSEd Tanous asyncResp{std::move(asyncResp)}](int rc) { 11536c51eab1SEd Tanous if (!rc) 11546c51eab1SEd Tanous { 11556c51eab1SEd Tanous messages::resourceNotFound( 11566c51eab1SEd Tanous asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", 11576c51eab1SEd Tanous username); 11586c51eab1SEd Tanous return; 11596c51eab1SEd Tanous } 11606c51eab1SEd Tanous 11616c51eab1SEd Tanous if (password) 11626c51eab1SEd Tanous { 11636c51eab1SEd Tanous int retval = pamUpdatePassword(username, *password); 11646c51eab1SEd Tanous 11656c51eab1SEd Tanous if (retval == PAM_USER_UNKNOWN) 11666c51eab1SEd Tanous { 11676c51eab1SEd Tanous messages::resourceNotFound( 11686c51eab1SEd Tanous asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", 11696c51eab1SEd Tanous username); 11706c51eab1SEd Tanous } 11716c51eab1SEd Tanous else if (retval == PAM_AUTHTOK_ERR) 11726c51eab1SEd Tanous { 11736c51eab1SEd Tanous // If password is invalid 11746c51eab1SEd Tanous messages::propertyValueFormatError(asyncResp->res, 11756c51eab1SEd Tanous *password, "Password"); 11766c51eab1SEd Tanous BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; 11776c51eab1SEd Tanous } 11786c51eab1SEd Tanous else if (retval != PAM_SUCCESS) 11796c51eab1SEd Tanous { 11806c51eab1SEd Tanous messages::internalError(asyncResp->res); 11816c51eab1SEd Tanous return; 11826c51eab1SEd Tanous } 11836c51eab1SEd Tanous } 11846c51eab1SEd Tanous 11856c51eab1SEd Tanous if (enabled) 11866c51eab1SEd Tanous { 11876c51eab1SEd Tanous crow::connections::systemBus->async_method_call( 11886c51eab1SEd Tanous [asyncResp](const boost::system::error_code ec) { 11896c51eab1SEd Tanous if (ec) 11906c51eab1SEd Tanous { 11916c51eab1SEd Tanous BMCWEB_LOG_ERROR << "D-Bus responses error: " << ec; 11926c51eab1SEd Tanous messages::internalError(asyncResp->res); 11936c51eab1SEd Tanous return; 11946c51eab1SEd Tanous } 11956c51eab1SEd Tanous messages::success(asyncResp->res); 11966c51eab1SEd Tanous return; 11976c51eab1SEd Tanous }, 11986c51eab1SEd Tanous "xyz.openbmc_project.User.Manager", dbusObjectPath.c_str(), 11996c51eab1SEd Tanous "org.freedesktop.DBus.Properties", "Set", 12006c51eab1SEd Tanous "xyz.openbmc_project.User.Attributes", "UserEnabled", 1201168e20c1SEd Tanous dbus::utility::DbusVariantType{*enabled}); 12026c51eab1SEd Tanous } 12036c51eab1SEd Tanous 12046c51eab1SEd Tanous if (roleId) 12056c51eab1SEd Tanous { 12066c51eab1SEd Tanous std::string priv = getPrivilegeFromRoleId(*roleId); 12076c51eab1SEd Tanous if (priv.empty()) 12086c51eab1SEd Tanous { 12096c51eab1SEd Tanous messages::propertyValueNotInList(asyncResp->res, *roleId, 12106c51eab1SEd Tanous "RoleId"); 12116c51eab1SEd Tanous return; 12126c51eab1SEd Tanous } 12136c51eab1SEd Tanous if (priv == "priv-noaccess") 12146c51eab1SEd Tanous { 12156c51eab1SEd Tanous priv = ""; 12166c51eab1SEd Tanous } 12176c51eab1SEd Tanous 12186c51eab1SEd Tanous crow::connections::systemBus->async_method_call( 12196c51eab1SEd Tanous [asyncResp](const boost::system::error_code ec) { 12206c51eab1SEd Tanous if (ec) 12216c51eab1SEd Tanous { 12226c51eab1SEd Tanous BMCWEB_LOG_ERROR << "D-Bus responses error: " << ec; 12236c51eab1SEd Tanous messages::internalError(asyncResp->res); 12246c51eab1SEd Tanous return; 12256c51eab1SEd Tanous } 12266c51eab1SEd Tanous messages::success(asyncResp->res); 12276c51eab1SEd Tanous }, 12286c51eab1SEd Tanous "xyz.openbmc_project.User.Manager", dbusObjectPath.c_str(), 12296c51eab1SEd Tanous "org.freedesktop.DBus.Properties", "Set", 12306c51eab1SEd Tanous "xyz.openbmc_project.User.Attributes", "UserPrivilege", 1231168e20c1SEd Tanous dbus::utility::DbusVariantType{priv}); 12326c51eab1SEd Tanous } 12336c51eab1SEd Tanous 12346c51eab1SEd Tanous if (locked) 12356c51eab1SEd Tanous { 12366c51eab1SEd Tanous // admin can unlock the account which is locked by 12376c51eab1SEd Tanous // successive authentication failures but admin should 12386c51eab1SEd Tanous // not be allowed to lock an account. 12396c51eab1SEd Tanous if (*locked) 12406c51eab1SEd Tanous { 12416c51eab1SEd Tanous messages::propertyValueNotInList(asyncResp->res, "true", 12426c51eab1SEd Tanous "Locked"); 12436c51eab1SEd Tanous return; 12446c51eab1SEd Tanous } 12456c51eab1SEd Tanous 12466c51eab1SEd Tanous crow::connections::systemBus->async_method_call( 12476c51eab1SEd Tanous [asyncResp](const boost::system::error_code ec) { 12486c51eab1SEd Tanous if (ec) 12496c51eab1SEd Tanous { 12506c51eab1SEd Tanous BMCWEB_LOG_ERROR << "D-Bus responses error: " << ec; 12516c51eab1SEd Tanous messages::internalError(asyncResp->res); 12526c51eab1SEd Tanous return; 12536c51eab1SEd Tanous } 12546c51eab1SEd Tanous messages::success(asyncResp->res); 12556c51eab1SEd Tanous return; 12566c51eab1SEd Tanous }, 12576c51eab1SEd Tanous "xyz.openbmc_project.User.Manager", dbusObjectPath.c_str(), 12586c51eab1SEd Tanous "org.freedesktop.DBus.Properties", "Set", 12596c51eab1SEd Tanous "xyz.openbmc_project.User.Attributes", 1260168e20c1SEd Tanous "UserLockedForFailedAttempt", 1261168e20c1SEd Tanous dbus::utility::DbusVariantType{*locked}); 12626c51eab1SEd Tanous } 12636c51eab1SEd Tanous }); 12646c51eab1SEd Tanous } 12656c51eab1SEd Tanous 12666c51eab1SEd Tanous inline void requestAccountServiceRoutes(App& app) 12676c51eab1SEd Tanous { 12686c51eab1SEd Tanous 12696c51eab1SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/AccountService/") 1270ed398213SEd Tanous .privileges(redfish::privileges::getAccountService) 12716c51eab1SEd Tanous .methods( 127272048780SAbhishek Patel boost::beast::http::verb::get)([](const crow::Request& req, 12736c51eab1SEd Tanous const std::shared_ptr< 12746c51eab1SEd Tanous bmcweb::AsyncResp>& asyncResp) 12756c51eab1SEd Tanous -> void { 127652cc112dSEd Tanous const persistent_data::AuthConfigMethods& authMethodsConfig = 12776c51eab1SEd Tanous persistent_data::SessionStore::getInstance() 12786c51eab1SEd Tanous .getAuthMethodsConfig(); 127978158631SZbigniew Kurzynski 12808d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 12813d958bbcSAppaRao Puli {"@odata.id", "/redfish/v1/AccountService"}, 12823d958bbcSAppaRao Puli {"@odata.type", "#AccountService." 1283ba9dd4a8SGunnar Mills "v1_5_0.AccountService"}, 12843d958bbcSAppaRao Puli {"Id", "AccountService"}, 12853d958bbcSAppaRao Puli {"Name", "Account Service"}, 12863d958bbcSAppaRao Puli {"Description", "Account Service"}, 12873d958bbcSAppaRao Puli {"ServiceEnabled", true}, 1288343ff2e1SAppaRao Puli {"MaxPasswordLength", 20}, 12893d958bbcSAppaRao Puli {"Accounts", 12903d958bbcSAppaRao Puli {{"@odata.id", "/redfish/v1/AccountService/Accounts"}}}, 129137cce918SMarri Devender Rao {"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}}, 129278158631SZbigniew Kurzynski {"Oem", 129378158631SZbigniew Kurzynski {{"OpenBMC", 129478158631SZbigniew Kurzynski {{"@odata.type", "#OemAccountService.v1_0_0.AccountService"}, 1295d8e3c29aSEd Tanous {"@odata.id", "/redfish/v1/AccountService#/Oem/OpenBMC"}, 129678158631SZbigniew Kurzynski {"AuthMethods", 129778158631SZbigniew Kurzynski { 129878158631SZbigniew Kurzynski {"BasicAuth", authMethodsConfig.basic}, 129978158631SZbigniew Kurzynski {"SessionToken", authMethodsConfig.sessionToken}, 130078158631SZbigniew Kurzynski {"XToken", authMethodsConfig.xtoken}, 130178158631SZbigniew Kurzynski {"Cookie", authMethodsConfig.cookie}, 1302501f1e58SZbigniew Kurzynski {"TLS", authMethodsConfig.tls}, 130372048780SAbhishek Patel }}}}}}}; 130472048780SAbhishek Patel // /redfish/v1/AccountService/LDAP/Certificates is something only 130572048780SAbhishek Patel // ConfigureManager can access then only display when the user has 130672048780SAbhishek Patel // permissions ConfigureManager 130772048780SAbhishek Patel Privileges effectiveUserPrivileges = 130872048780SAbhishek Patel redfish::getUserPrivileges(req.userRole); 130972048780SAbhishek Patel 131072048780SAbhishek Patel if (isOperationAllowedWithPrivileges({{"ConfigureManager"}}, 131172048780SAbhishek Patel effectiveUserPrivileges)) 131272048780SAbhishek Patel { 131372048780SAbhishek Patel asyncResp->res.jsonValue["LDAP"] = { 131472048780SAbhishek Patel {"Certificates", 131537cce918SMarri Devender Rao {{"@odata.id", 131672048780SAbhishek Patel "/redfish/v1/AccountService/LDAP/Certificates"}}}}; 131772048780SAbhishek Patel } 13183d958bbcSAppaRao Puli crow::connections::systemBus->async_method_call( 13193d958bbcSAppaRao Puli [asyncResp]( 13203d958bbcSAppaRao Puli const boost::system::error_code ec, 13216c51eab1SEd Tanous const std::vector< 1322168e20c1SEd Tanous std::pair<std::string, dbus::utility::DbusVariantType>>& 13233d958bbcSAppaRao Puli propertiesList) { 13243d958bbcSAppaRao Puli if (ec) 13253d958bbcSAppaRao Puli { 13263d958bbcSAppaRao Puli messages::internalError(asyncResp->res); 13273d958bbcSAppaRao Puli return; 13283d958bbcSAppaRao Puli } 13293d958bbcSAppaRao Puli BMCWEB_LOG_DEBUG << "Got " << propertiesList.size() 13303d958bbcSAppaRao Puli << "properties for AccountService"; 13313d958bbcSAppaRao Puli for (const std::pair<std::string, 1332168e20c1SEd Tanous dbus::utility::DbusVariantType>& 1333168e20c1SEd Tanous property : propertiesList) 13343d958bbcSAppaRao Puli { 13353d958bbcSAppaRao Puli if (property.first == "MinPasswordLength") 13363d958bbcSAppaRao Puli { 13373d958bbcSAppaRao Puli const uint8_t* value = 1338abf2add6SEd Tanous std::get_if<uint8_t>(&property.second); 13393d958bbcSAppaRao Puli if (value != nullptr) 13403d958bbcSAppaRao Puli { 13413d958bbcSAppaRao Puli asyncResp->res.jsonValue["MinPasswordLength"] = 13423d958bbcSAppaRao Puli *value; 13433d958bbcSAppaRao Puli } 13443d958bbcSAppaRao Puli } 13453d958bbcSAppaRao Puli if (property.first == "AccountUnlockTimeout") 13463d958bbcSAppaRao Puli { 13473d958bbcSAppaRao Puli const uint32_t* value = 1348abf2add6SEd Tanous std::get_if<uint32_t>(&property.second); 13493d958bbcSAppaRao Puli if (value != nullptr) 13503d958bbcSAppaRao Puli { 13516c51eab1SEd Tanous asyncResp->res 13526c51eab1SEd Tanous .jsonValue["AccountLockoutDuration"] = 13533d958bbcSAppaRao Puli *value; 13543d958bbcSAppaRao Puli } 13553d958bbcSAppaRao Puli } 13563d958bbcSAppaRao Puli if (property.first == "MaxLoginAttemptBeforeLockout") 13573d958bbcSAppaRao Puli { 13583d958bbcSAppaRao Puli const uint16_t* value = 1359abf2add6SEd Tanous std::get_if<uint16_t>(&property.second); 13603d958bbcSAppaRao Puli if (value != nullptr) 13613d958bbcSAppaRao Puli { 13623d958bbcSAppaRao Puli asyncResp->res 13636c51eab1SEd Tanous .jsonValue["AccountLockoutThreshold"] = 13646c51eab1SEd Tanous *value; 13653d958bbcSAppaRao Puli } 13663d958bbcSAppaRao Puli } 13673d958bbcSAppaRao Puli } 13683d958bbcSAppaRao Puli }, 13693d958bbcSAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 13703d958bbcSAppaRao Puli "org.freedesktop.DBus.Properties", "GetAll", 13713d958bbcSAppaRao Puli "xyz.openbmc_project.User.AccountPolicy"); 13726973a582SRatan Gupta 1373ab828d7cSRatan Gupta auto callback = [asyncResp](bool success, LDAPConfigData& confData, 1374ab828d7cSRatan Gupta const std::string& ldapType) { 1375cb13a392SEd Tanous if (!success) 1376cb13a392SEd Tanous { 1377cb13a392SEd Tanous return; 1378cb13a392SEd Tanous } 13796c51eab1SEd Tanous parseLDAPConfigData(asyncResp->res.jsonValue, confData, 13806c51eab1SEd Tanous ldapType); 1381ab828d7cSRatan Gupta }; 1382ab828d7cSRatan Gupta 1383ab828d7cSRatan Gupta getLDAPConfigData("LDAP", callback); 1384ab828d7cSRatan Gupta getLDAPConfigData("ActiveDirectory", callback); 13856c51eab1SEd Tanous }); 13866973a582SRatan Gupta 1387f5ffd806SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/AccountService/") 1388f5ffd806SEd Tanous .privileges(redfish::privileges::getAccountService) 1389f5ffd806SEd Tanous .methods(boost::beast::http::verb::patch)( 1390f5ffd806SEd Tanous [](const crow::Request& req, 1391f5ffd806SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) -> void { 1392f5ffd806SEd Tanous std::optional<uint32_t> unlockTimeout; 1393f5ffd806SEd Tanous std::optional<uint16_t> lockoutThreshold; 1394f5ffd806SEd Tanous std::optional<uint16_t> minPasswordLength; 1395f5ffd806SEd Tanous std::optional<uint16_t> maxPasswordLength; 1396f5ffd806SEd Tanous std::optional<nlohmann::json> ldapObject; 1397f5ffd806SEd Tanous std::optional<nlohmann::json> activeDirectoryObject; 1398f5ffd806SEd Tanous std::optional<nlohmann::json> oemObject; 1399f5ffd806SEd Tanous 1400f5ffd806SEd Tanous if (!json_util::readJson( 1401f5ffd806SEd Tanous req, asyncResp->res, "AccountLockoutDuration", 1402f5ffd806SEd Tanous unlockTimeout, "AccountLockoutThreshold", 1403f5ffd806SEd Tanous lockoutThreshold, "MaxPasswordLength", 1404f5ffd806SEd Tanous maxPasswordLength, "MinPasswordLength", 1405f5ffd806SEd Tanous minPasswordLength, "LDAP", ldapObject, 1406f5ffd806SEd Tanous "ActiveDirectory", activeDirectoryObject, "Oem", 1407f5ffd806SEd Tanous oemObject)) 1408f5ffd806SEd Tanous { 1409f5ffd806SEd Tanous return; 1410f5ffd806SEd Tanous } 1411f5ffd806SEd Tanous 1412f5ffd806SEd Tanous if (minPasswordLength) 1413f5ffd806SEd Tanous { 1414f5ffd806SEd Tanous messages::propertyNotWritable(asyncResp->res, 1415f5ffd806SEd Tanous "MinPasswordLength"); 1416f5ffd806SEd Tanous } 1417f5ffd806SEd Tanous 1418f5ffd806SEd Tanous if (maxPasswordLength) 1419f5ffd806SEd Tanous { 1420f5ffd806SEd Tanous messages::propertyNotWritable(asyncResp->res, 1421f5ffd806SEd Tanous "MaxPasswordLength"); 1422f5ffd806SEd Tanous } 1423f5ffd806SEd Tanous 1424f5ffd806SEd Tanous if (ldapObject) 1425f5ffd806SEd Tanous { 1426f5ffd806SEd Tanous handleLDAPPatch(*ldapObject, asyncResp, "LDAP"); 1427f5ffd806SEd Tanous } 1428f5ffd806SEd Tanous 1429f5ffd806SEd Tanous if (std::optional<nlohmann::json> oemOpenBMCObject; 1430f5ffd806SEd Tanous oemObject && 1431f5ffd806SEd Tanous json_util::readJson(*oemObject, asyncResp->res, "OpenBMC", 1432f5ffd806SEd Tanous oemOpenBMCObject)) 1433f5ffd806SEd Tanous { 1434f5ffd806SEd Tanous if (std::optional<nlohmann::json> authMethodsObject; 1435f5ffd806SEd Tanous oemOpenBMCObject && 1436f5ffd806SEd Tanous json_util::readJson(*oemOpenBMCObject, asyncResp->res, 1437f5ffd806SEd Tanous "AuthMethods", authMethodsObject)) 1438f5ffd806SEd Tanous { 1439f5ffd806SEd Tanous if (authMethodsObject) 1440f5ffd806SEd Tanous { 1441f5ffd806SEd Tanous handleAuthMethodsPatch(*authMethodsObject, 1442f5ffd806SEd Tanous asyncResp); 1443f5ffd806SEd Tanous } 1444f5ffd806SEd Tanous } 1445f5ffd806SEd Tanous } 1446f5ffd806SEd Tanous 1447f5ffd806SEd Tanous if (activeDirectoryObject) 1448f5ffd806SEd Tanous { 1449f5ffd806SEd Tanous handleLDAPPatch(*activeDirectoryObject, asyncResp, 1450f5ffd806SEd Tanous "ActiveDirectory"); 1451f5ffd806SEd Tanous } 1452f5ffd806SEd Tanous 1453f5ffd806SEd Tanous if (unlockTimeout) 1454f5ffd806SEd Tanous { 1455f5ffd806SEd Tanous crow::connections::systemBus->async_method_call( 1456f5ffd806SEd Tanous [asyncResp](const boost::system::error_code ec) { 1457f5ffd806SEd Tanous if (ec) 1458f5ffd806SEd Tanous { 1459f5ffd806SEd Tanous messages::internalError(asyncResp->res); 1460f5ffd806SEd Tanous return; 1461f5ffd806SEd Tanous } 1462f5ffd806SEd Tanous messages::success(asyncResp->res); 1463f5ffd806SEd Tanous }, 1464f5ffd806SEd Tanous "xyz.openbmc_project.User.Manager", 1465f5ffd806SEd Tanous "/xyz/openbmc_project/user", 1466f5ffd806SEd Tanous "org.freedesktop.DBus.Properties", "Set", 1467f5ffd806SEd Tanous "xyz.openbmc_project.User.AccountPolicy", 1468f5ffd806SEd Tanous "AccountUnlockTimeout", 1469168e20c1SEd Tanous dbus::utility::DbusVariantType(*unlockTimeout)); 1470f5ffd806SEd Tanous } 1471f5ffd806SEd Tanous if (lockoutThreshold) 1472f5ffd806SEd Tanous { 1473f5ffd806SEd Tanous crow::connections::systemBus->async_method_call( 1474f5ffd806SEd Tanous [asyncResp](const boost::system::error_code ec) { 1475f5ffd806SEd Tanous if (ec) 1476f5ffd806SEd Tanous { 1477f5ffd806SEd Tanous messages::internalError(asyncResp->res); 1478f5ffd806SEd Tanous return; 1479f5ffd806SEd Tanous } 1480f5ffd806SEd Tanous messages::success(asyncResp->res); 1481f5ffd806SEd Tanous }, 1482f5ffd806SEd Tanous "xyz.openbmc_project.User.Manager", 1483f5ffd806SEd Tanous "/xyz/openbmc_project/user", 1484f5ffd806SEd Tanous "org.freedesktop.DBus.Properties", "Set", 1485f5ffd806SEd Tanous "xyz.openbmc_project.User.AccountPolicy", 1486f5ffd806SEd Tanous "MaxLoginAttemptBeforeLockout", 1487168e20c1SEd Tanous dbus::utility::DbusVariantType(*lockoutThreshold)); 1488f5ffd806SEd Tanous } 1489f5ffd806SEd Tanous }); 1490f5ffd806SEd Tanous 14916c51eab1SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/") 1492ed398213SEd Tanous .privileges(redfish::privileges::getManagerAccountCollection) 14936c51eab1SEd Tanous .methods(boost::beast::http::verb::get)( 14946c51eab1SEd Tanous [](const crow::Request& req, 14956c51eab1SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) -> void { 14968d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 14978d1b46d7Szhanghch05 {"@odata.id", "/redfish/v1/AccountService/Accounts"}, 14980f74e643SEd Tanous {"@odata.type", "#ManagerAccountCollection." 14990f74e643SEd Tanous "ManagerAccountCollection"}, 15000f74e643SEd Tanous {"Name", "Accounts Collection"}, 15010f74e643SEd Tanous {"Description", "BMC User Accounts"}}; 15020f74e643SEd Tanous 15036c51eab1SEd Tanous Privileges effectiveUserPrivileges = 15046c51eab1SEd Tanous redfish::getUserPrivileges(req.userRole); 15056c51eab1SEd Tanous 1506f5e29f33SJunLin Chen std::string thisUser; 1507f5e29f33SJunLin Chen if (req.session) 1508f5e29f33SJunLin Chen { 1509f5e29f33SJunLin Chen thisUser = req.session->username; 1510f5e29f33SJunLin Chen } 1511b9b2e0b2SEd Tanous crow::connections::systemBus->async_method_call( 1512cef1ddfbSEd Tanous [asyncResp, thisUser, effectiveUserPrivileges]( 1513cef1ddfbSEd Tanous const boost::system::error_code ec, 1514b9b2e0b2SEd Tanous const ManagedObjectType& users) { 1515b9b2e0b2SEd Tanous if (ec) 1516b9b2e0b2SEd Tanous { 1517f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1518b9b2e0b2SEd Tanous return; 1519b9b2e0b2SEd Tanous } 1520b9b2e0b2SEd Tanous 1521cef1ddfbSEd Tanous bool userCanSeeAllAccounts = 1522cef1ddfbSEd Tanous effectiveUserPrivileges.isSupersetOf( 15234f48d5f6SEd Tanous {"ConfigureUsers"}); 1524cef1ddfbSEd Tanous 1525cef1ddfbSEd Tanous bool userCanSeeSelf = 1526cef1ddfbSEd Tanous effectiveUserPrivileges.isSupersetOf( 15274f48d5f6SEd Tanous {"ConfigureSelf"}); 1528cef1ddfbSEd Tanous 1529b9b2e0b2SEd Tanous nlohmann::json& memberArray = 1530b9b2e0b2SEd Tanous asyncResp->res.jsonValue["Members"]; 1531b9b2e0b2SEd Tanous memberArray = nlohmann::json::array(); 1532b9b2e0b2SEd Tanous 15332dfd18efSEd Tanous for (auto& userpath : users) 1534b9b2e0b2SEd Tanous { 15352dfd18efSEd Tanous std::string user = userpath.first.filename(); 15362dfd18efSEd Tanous if (user.empty()) 1537b9b2e0b2SEd Tanous { 15382dfd18efSEd Tanous messages::internalError(asyncResp->res); 15392dfd18efSEd Tanous BMCWEB_LOG_ERROR << "Invalid firmware ID"; 15402dfd18efSEd Tanous 15412dfd18efSEd Tanous return; 1542b9b2e0b2SEd Tanous } 1543f365910cSGunnar Mills 1544f365910cSGunnar Mills // As clarified by Redfish here: 1545f365910cSGunnar Mills // https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration 15466c51eab1SEd Tanous // Users without ConfigureUsers, only see their own 15476c51eab1SEd Tanous // account. Users with ConfigureUsers, see all 15486c51eab1SEd Tanous // accounts. 1549cef1ddfbSEd Tanous if (userCanSeeAllAccounts || 1550cef1ddfbSEd Tanous (thisUser == user && userCanSeeSelf)) 1551f365910cSGunnar Mills { 1552b9b2e0b2SEd Tanous memberArray.push_back( 1553f365910cSGunnar Mills {{"@odata.id", 15546c51eab1SEd Tanous "/redfish/v1/AccountService/Accounts/" + 15556c51eab1SEd Tanous user}}); 1556b9b2e0b2SEd Tanous } 1557f365910cSGunnar Mills } 1558f365910cSGunnar Mills asyncResp->res.jsonValue["Members@odata.count"] = 1559f365910cSGunnar Mills memberArray.size(); 1560b9b2e0b2SEd Tanous }, 15616c51eab1SEd Tanous "xyz.openbmc_project.User.Manager", 15626c51eab1SEd Tanous "/xyz/openbmc_project/user", 1563b9b2e0b2SEd Tanous "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); 15646c51eab1SEd Tanous }); 15656c51eab1SEd Tanous 15666c51eab1SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/") 1567ed398213SEd Tanous .privileges(redfish::privileges::postManagerAccountCollection) 15686c51eab1SEd Tanous .methods(boost::beast::http::verb::post)([](const crow::Request& req, 15696c51eab1SEd Tanous const std::shared_ptr< 15706c51eab1SEd Tanous bmcweb::AsyncResp>& 15716c51eab1SEd Tanous asyncResp) -> void { 15729712f8acSEd Tanous std::string username; 15739712f8acSEd Tanous std::string password; 1574a24526dcSEd Tanous std::optional<std::string> roleId("User"); 1575a24526dcSEd Tanous std::optional<bool> enabled = true; 15768d1b46d7Szhanghch05 if (!json_util::readJson(req, asyncResp->res, "UserName", username, 15778d1b46d7Szhanghch05 "Password", password, "RoleId", roleId, 15788d1b46d7Szhanghch05 "Enabled", enabled)) 157904ae99ecSEd Tanous { 158004ae99ecSEd Tanous return; 158104ae99ecSEd Tanous } 158204ae99ecSEd Tanous 158354fc587aSNagaraju Goruganti std::string priv = getPrivilegeFromRoleId(*roleId); 158484e12cb7SAppaRao Puli if (priv.empty()) 158504ae99ecSEd Tanous { 15866c51eab1SEd Tanous messages::propertyValueNotInList(asyncResp->res, *roleId, 15876c51eab1SEd Tanous "RoleId"); 158804ae99ecSEd Tanous return; 158904ae99ecSEd Tanous } 159096200606Sjayaprakash Mutyala // TODO: Following override will be reverted once support in 15916c51eab1SEd Tanous // phosphor-user-manager is added. In order to avoid dependency 15926c51eab1SEd Tanous // issues, this is added in bmcweb, which will removed, once 159396200606Sjayaprakash Mutyala // phosphor-user-manager supports priv-noaccess. 159496200606Sjayaprakash Mutyala if (priv == "priv-noaccess") 159596200606Sjayaprakash Mutyala { 159696200606Sjayaprakash Mutyala roleId = ""; 159796200606Sjayaprakash Mutyala } 159896200606Sjayaprakash Mutyala else 159996200606Sjayaprakash Mutyala { 16009712f8acSEd Tanous roleId = priv; 160196200606Sjayaprakash Mutyala } 160204ae99ecSEd Tanous 1603599c71d8SAyushi Smriti // Reading AllGroups property 1604*1e1e598dSJonathan Doman sdbusplus::asio::getProperty<std::vector<std::string>>( 1605*1e1e598dSJonathan Doman *crow::connections::systemBus, 1606*1e1e598dSJonathan Doman "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1607*1e1e598dSJonathan Doman "xyz.openbmc_project.User.Manager", "AllGroups", 1608599c71d8SAyushi Smriti [asyncResp, username, password{std::move(password)}, roleId, 1609168e20c1SEd Tanous enabled](const boost::system::error_code ec, 1610*1e1e598dSJonathan Doman const std::vector<std::string>& allGroupsList) { 1611599c71d8SAyushi Smriti if (ec) 1612599c71d8SAyushi Smriti { 1613599c71d8SAyushi Smriti BMCWEB_LOG_DEBUG << "ERROR with async_method_call"; 1614599c71d8SAyushi Smriti messages::internalError(asyncResp->res); 1615599c71d8SAyushi Smriti return; 1616599c71d8SAyushi Smriti } 1617599c71d8SAyushi Smriti 1618*1e1e598dSJonathan Doman if (allGroupsList.empty()) 1619599c71d8SAyushi Smriti { 1620599c71d8SAyushi Smriti messages::internalError(asyncResp->res); 1621599c71d8SAyushi Smriti return; 1622599c71d8SAyushi Smriti } 1623599c71d8SAyushi Smriti 162404ae99ecSEd Tanous crow::connections::systemBus->async_method_call( 1625f23b7296SEd Tanous [asyncResp, username, 1626f23b7296SEd Tanous password](const boost::system::error_code ec2, 16270d4197e0Sanil kumar appana sdbusplus::message::message& m) { 162823a21a1cSEd Tanous if (ec2) 162904ae99ecSEd Tanous { 16306c51eab1SEd Tanous userErrorMessageHandler( 16316c51eab1SEd Tanous m.get_error(), asyncResp, username, ""); 163204ae99ecSEd Tanous return; 163304ae99ecSEd Tanous } 163404ae99ecSEd Tanous 163566b5ca76Sjayaprakash Mutyala if (pamUpdatePassword(username, password) != 163666b5ca76Sjayaprakash Mutyala PAM_SUCCESS) 163704ae99ecSEd Tanous { 16386c51eab1SEd Tanous // At this point we have a user that's been 16396c51eab1SEd Tanous // created, but the password set 16406c51eab1SEd Tanous // failed.Something is wrong, so delete the user 16416c51eab1SEd Tanous // that we've already created 1642b477fd44SP Dheeraj Srujan Kumar sdbusplus::message::object_path tempObjPath( 1643b477fd44SP Dheeraj Srujan Kumar rootUserDbusPath); 1644b477fd44SP Dheeraj Srujan Kumar tempObjPath /= username; 1645b477fd44SP Dheeraj Srujan Kumar const std::string userPath(tempObjPath); 1646b477fd44SP Dheeraj Srujan Kumar 164704ae99ecSEd Tanous crow::connections::systemBus->async_method_call( 164823a21a1cSEd Tanous [asyncResp, password]( 164923a21a1cSEd Tanous const boost::system::error_code ec3) { 165023a21a1cSEd Tanous if (ec3) 165104ae99ecSEd Tanous { 16526c51eab1SEd Tanous messages::internalError( 16536c51eab1SEd Tanous asyncResp->res); 165404ae99ecSEd Tanous return; 165504ae99ecSEd Tanous } 165604ae99ecSEd Tanous 16570d4197e0Sanil kumar appana // If password is invalid 16580d4197e0Sanil kumar appana messages::propertyValueFormatError( 16596c51eab1SEd Tanous asyncResp->res, password, 16606c51eab1SEd Tanous "Password"); 166104ae99ecSEd Tanous }, 166204ae99ecSEd Tanous "xyz.openbmc_project.User.Manager", 1663b477fd44SP Dheeraj Srujan Kumar userPath, 16646c51eab1SEd Tanous "xyz.openbmc_project.Object.Delete", 16656c51eab1SEd Tanous "Delete"); 166604ae99ecSEd Tanous 166704ae99ecSEd Tanous BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; 166804ae99ecSEd Tanous return; 166904ae99ecSEd Tanous } 167004ae99ecSEd Tanous 1671f12894f8SJason M. Bills messages::created(asyncResp->res); 167204ae99ecSEd Tanous asyncResp->res.addHeader( 167304ae99ecSEd Tanous "Location", 16746c51eab1SEd Tanous "/redfish/v1/AccountService/Accounts/" + 16756c51eab1SEd Tanous username); 167604ae99ecSEd Tanous }, 1677599c71d8SAyushi Smriti "xyz.openbmc_project.User.Manager", 1678599c71d8SAyushi Smriti "/xyz/openbmc_project/user", 16796c51eab1SEd Tanous "xyz.openbmc_project.User.Manager", "CreateUser", 1680*1e1e598dSJonathan Doman username, allGroupsList, *roleId, *enabled); 1681*1e1e598dSJonathan Doman }); 16826c51eab1SEd Tanous }); 1683b9b2e0b2SEd Tanous 16846c51eab1SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/") 1685ed398213SEd Tanous .privileges(redfish::privileges::getManagerAccount) 16866c51eab1SEd Tanous .methods( 16876c51eab1SEd Tanous boost::beast::http::verb:: 16886c51eab1SEd Tanous get)([](const crow::Request& req, 16896c51eab1SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 16906c51eab1SEd Tanous const std::string& accountName) -> void { 16916c51eab1SEd Tanous if (req.session->username != accountName) 1692b9b2e0b2SEd Tanous { 16936c51eab1SEd Tanous // At this point we've determined that the user is trying to 16946c51eab1SEd Tanous // modify a user that isn't them. We need to verify that they 16956c51eab1SEd Tanous // have permissions to modify other users, so re-run the auth 16966c51eab1SEd Tanous // check with the same permissions, minus ConfigureSelf. 16976c51eab1SEd Tanous Privileges effectiveUserPrivileges = 16986c51eab1SEd Tanous redfish::getUserPrivileges(req.userRole); 16996c51eab1SEd Tanous Privileges requiredPermissionsToChangeNonSelf = { 17004f48d5f6SEd Tanous "ConfigureUsers", "ConfigureManager"}; 17016c51eab1SEd Tanous if (!effectiveUserPrivileges.isSupersetOf( 17026c51eab1SEd Tanous requiredPermissionsToChangeNonSelf)) 1703900f9497SJoseph Reynolds { 1704900f9497SJoseph Reynolds BMCWEB_LOG_DEBUG << "GET Account denied access"; 1705900f9497SJoseph Reynolds messages::insufficientPrivilege(asyncResp->res); 1706900f9497SJoseph Reynolds return; 1707900f9497SJoseph Reynolds } 1708900f9497SJoseph Reynolds } 1709900f9497SJoseph Reynolds 1710b9b2e0b2SEd Tanous crow::connections::systemBus->async_method_call( 17116c51eab1SEd Tanous [asyncResp, accountName](const boost::system::error_code ec, 1712b9b2e0b2SEd Tanous const ManagedObjectType& users) { 1713b9b2e0b2SEd Tanous if (ec) 1714b9b2e0b2SEd Tanous { 1715f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1716b9b2e0b2SEd Tanous return; 1717b9b2e0b2SEd Tanous } 1718b477fd44SP Dheeraj Srujan Kumar auto userIt = std::find_if( 1719b477fd44SP Dheeraj Srujan Kumar users.begin(), users.end(), 1720b477fd44SP Dheeraj Srujan Kumar [accountName]( 1721b477fd44SP Dheeraj Srujan Kumar const std::pair<sdbusplus::message::object_path, 1722b477fd44SP Dheeraj Srujan Kumar DbusInterfaceType>& user) { 1723b477fd44SP Dheeraj Srujan Kumar return !accountName.compare(user.first.filename()); 1724b477fd44SP Dheeraj Srujan Kumar }); 1725b9b2e0b2SEd Tanous 172684e12cb7SAppaRao Puli if (userIt == users.end()) 1727b9b2e0b2SEd Tanous { 17286c51eab1SEd Tanous messages::resourceNotFound( 17296c51eab1SEd Tanous asyncResp->res, "ManagerAccount", accountName); 173084e12cb7SAppaRao Puli return; 173184e12cb7SAppaRao Puli } 17324e68c45bSAyushi Smriti 17334e68c45bSAyushi Smriti asyncResp->res.jsonValue = { 17346c51eab1SEd Tanous {"@odata.type", 17356c51eab1SEd Tanous "#ManagerAccount.v1_4_0.ManagerAccount"}, 17364e68c45bSAyushi Smriti {"Name", "User Account"}, 17374e68c45bSAyushi Smriti {"Description", "User Account"}, 17388114bd4dSGunnar Mills {"Password", nullptr}, 17398114bd4dSGunnar Mills {"AccountTypes", {"Redfish"}}}; 17404e68c45bSAyushi Smriti 174184e12cb7SAppaRao Puli for (const auto& interface : userIt->second) 174265b0dc32SEd Tanous { 174365b0dc32SEd Tanous if (interface.first == 174465b0dc32SEd Tanous "xyz.openbmc_project.User.Attributes") 174565b0dc32SEd Tanous { 174665b0dc32SEd Tanous for (const auto& property : interface.second) 174765b0dc32SEd Tanous { 174865b0dc32SEd Tanous if (property.first == "UserEnabled") 174965b0dc32SEd Tanous { 175065b0dc32SEd Tanous const bool* userEnabled = 1751abf2add6SEd Tanous std::get_if<bool>(&property.second); 175265b0dc32SEd Tanous if (userEnabled == nullptr) 175365b0dc32SEd Tanous { 175465b0dc32SEd Tanous BMCWEB_LOG_ERROR 175565b0dc32SEd Tanous << "UserEnabled wasn't a bool"; 175684e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 175784e12cb7SAppaRao Puli return; 175865b0dc32SEd Tanous } 175965b0dc32SEd Tanous asyncResp->res.jsonValue["Enabled"] = 176065b0dc32SEd Tanous *userEnabled; 176165b0dc32SEd Tanous } 176265b0dc32SEd Tanous else if (property.first == 176365b0dc32SEd Tanous "UserLockedForFailedAttempt") 176465b0dc32SEd Tanous { 176565b0dc32SEd Tanous const bool* userLocked = 1766abf2add6SEd Tanous std::get_if<bool>(&property.second); 176765b0dc32SEd Tanous if (userLocked == nullptr) 176865b0dc32SEd Tanous { 176984e12cb7SAppaRao Puli BMCWEB_LOG_ERROR << "UserLockedForF" 177084e12cb7SAppaRao Puli "ailedAttempt " 177184e12cb7SAppaRao Puli "wasn't a bool"; 177284e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 177384e12cb7SAppaRao Puli return; 177465b0dc32SEd Tanous } 177565b0dc32SEd Tanous asyncResp->res.jsonValue["Locked"] = 177665b0dc32SEd Tanous *userLocked; 177724c8542dSRatan Gupta asyncResp->res.jsonValue 177824c8542dSRatan Gupta ["Locked@Redfish.AllowableValues"] = { 17793bf4e632SJoseph Reynolds "false"}; // can only unlock accounts 178065b0dc32SEd Tanous } 178184e12cb7SAppaRao Puli else if (property.first == "UserPrivilege") 178284e12cb7SAppaRao Puli { 178354fc587aSNagaraju Goruganti const std::string* userPrivPtr = 17846c51eab1SEd Tanous std::get_if<std::string>( 17856c51eab1SEd Tanous &property.second); 178654fc587aSNagaraju Goruganti if (userPrivPtr == nullptr) 178784e12cb7SAppaRao Puli { 178884e12cb7SAppaRao Puli BMCWEB_LOG_ERROR 178984e12cb7SAppaRao Puli << "UserPrivilege wasn't a " 179084e12cb7SAppaRao Puli "string"; 179184e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 179284e12cb7SAppaRao Puli return; 179384e12cb7SAppaRao Puli } 179454fc587aSNagaraju Goruganti std::string role = 179554fc587aSNagaraju Goruganti getRoleIdFromPrivilege(*userPrivPtr); 179654fc587aSNagaraju Goruganti if (role.empty()) 179784e12cb7SAppaRao Puli { 179884e12cb7SAppaRao Puli BMCWEB_LOG_ERROR << "Invalid user role"; 179984e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 180084e12cb7SAppaRao Puli return; 180184e12cb7SAppaRao Puli } 180254fc587aSNagaraju Goruganti asyncResp->res.jsonValue["RoleId"] = role; 180384e12cb7SAppaRao Puli 18046c51eab1SEd Tanous asyncResp->res.jsonValue["Links"]["Role"] = 18056c51eab1SEd Tanous {{"@odata.id", 18060fda0f12SGeorge Liu "/redfish/v1/AccountService/Roles/" + 180754fc587aSNagaraju Goruganti role}}; 180884e12cb7SAppaRao Puli } 18096c51eab1SEd Tanous else if (property.first == 18106c51eab1SEd Tanous "UserPasswordExpired") 18113bf4e632SJoseph Reynolds { 18123bf4e632SJoseph Reynolds const bool* userPasswordExpired = 18133bf4e632SJoseph Reynolds std::get_if<bool>(&property.second); 18143bf4e632SJoseph Reynolds if (userPasswordExpired == nullptr) 18153bf4e632SJoseph Reynolds { 18160fda0f12SGeorge Liu BMCWEB_LOG_ERROR 18170fda0f12SGeorge Liu << "UserPasswordExpired wasn't a bool"; 18183bf4e632SJoseph Reynolds messages::internalError(asyncResp->res); 18193bf4e632SJoseph Reynolds return; 18203bf4e632SJoseph Reynolds } 18213bf4e632SJoseph Reynolds asyncResp->res 18223bf4e632SJoseph Reynolds .jsonValue["PasswordChangeRequired"] = 18233bf4e632SJoseph Reynolds *userPasswordExpired; 18243bf4e632SJoseph Reynolds } 182565b0dc32SEd Tanous } 182665b0dc32SEd Tanous } 182765b0dc32SEd Tanous } 182865b0dc32SEd Tanous 1829b9b2e0b2SEd Tanous asyncResp->res.jsonValue["@odata.id"] = 183084e12cb7SAppaRao Puli "/redfish/v1/AccountService/Accounts/" + accountName; 1831b9b2e0b2SEd Tanous asyncResp->res.jsonValue["Id"] = accountName; 1832b9b2e0b2SEd Tanous asyncResp->res.jsonValue["UserName"] = accountName; 1833b9b2e0b2SEd Tanous }, 1834b9b2e0b2SEd Tanous "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1835b9b2e0b2SEd Tanous "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); 18366c51eab1SEd Tanous }); 1837a840879dSEd Tanous 18386c51eab1SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/") 1839ed398213SEd Tanous // TODO this privilege should be using the generated endpoints, but 1840ed398213SEd Tanous // because of the special handling of ConfigureSelf, it's not able to 1841ed398213SEd Tanous // yet 18426c51eab1SEd Tanous .privileges({{"ConfigureUsers"}, {"ConfigureSelf"}}) 18436c51eab1SEd Tanous .methods(boost::beast::http::verb::patch)( 18446c51eab1SEd Tanous [](const crow::Request& req, 18456c51eab1SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 18466c51eab1SEd Tanous const std::string& username) -> void { 1847a24526dcSEd Tanous std::optional<std::string> newUserName; 1848a24526dcSEd Tanous std::optional<std::string> password; 1849a24526dcSEd Tanous std::optional<bool> enabled; 1850a24526dcSEd Tanous std::optional<std::string> roleId; 185124c8542dSRatan Gupta std::optional<bool> locked; 1852e9cc5172SEd Tanous 1853e9cc5172SEd Tanous Privileges effectiveUserPrivileges = 1854e9cc5172SEd Tanous redfish::getUserPrivileges(req.userRole); 1855e9cc5172SEd Tanous Privileges configureUsers = {"ConfigureUsers"}; 1856e9cc5172SEd Tanous bool userHasConfigureUsers = 1857e9cc5172SEd Tanous effectiveUserPrivileges.isSupersetOf(configureUsers); 1858e9cc5172SEd Tanous if (userHasConfigureUsers) 1859e9cc5172SEd Tanous { 1860e9cc5172SEd Tanous // Users with ConfigureUsers can modify for all users 18616c51eab1SEd Tanous if (!json_util::readJson(req, asyncResp->res, "UserName", 18626c51eab1SEd Tanous newUserName, "Password", password, 1863e9cc5172SEd Tanous "RoleId", roleId, "Enabled", 1864e9cc5172SEd Tanous enabled, "Locked", locked)) 1865a840879dSEd Tanous { 1866a840879dSEd Tanous return; 1867a840879dSEd Tanous } 1868e9cc5172SEd Tanous } 1869e9cc5172SEd Tanous else 1870900f9497SJoseph Reynolds { 1871e9cc5172SEd Tanous // ConfigureSelf accounts can only modify their own account 1872e9cc5172SEd Tanous if (username != req.session->username) 1873900f9497SJoseph Reynolds { 1874900f9497SJoseph Reynolds messages::insufficientPrivilege(asyncResp->res); 1875900f9497SJoseph Reynolds return; 1876900f9497SJoseph Reynolds } 1877e9cc5172SEd Tanous // ConfigureSelf accounts can only modify their password 1878e9cc5172SEd Tanous if (!json_util::readJson(req, asyncResp->res, "Password", 1879e9cc5172SEd Tanous password)) 1880e9cc5172SEd Tanous { 1881e9cc5172SEd Tanous return; 1882e9cc5172SEd Tanous } 1883900f9497SJoseph Reynolds } 1884900f9497SJoseph Reynolds 188566b5ca76Sjayaprakash Mutyala // if user name is not provided in the patch method or if it 18866c51eab1SEd Tanous // matches the user name in the URI, then we are treating it as 18876c51eab1SEd Tanous // updating user properties other then username. If username 18886c51eab1SEd Tanous // provided doesn't match the URI, then we are treating this as 18896c51eab1SEd Tanous // user rename request. 189066b5ca76Sjayaprakash Mutyala if (!newUserName || (newUserName.value() == username)) 1891a840879dSEd Tanous { 18926c51eab1SEd Tanous updateUserProperties(asyncResp, username, password, enabled, 18936c51eab1SEd Tanous roleId, locked); 189484e12cb7SAppaRao Puli return; 189584e12cb7SAppaRao Puli } 189684e12cb7SAppaRao Puli crow::connections::systemBus->async_method_call( 18976c51eab1SEd Tanous [asyncResp, username, password(std::move(password)), 1898f23b7296SEd Tanous roleId(std::move(roleId)), enabled, 189966b5ca76Sjayaprakash Mutyala newUser{std::string(*newUserName)}, 1900f23b7296SEd Tanous locked](const boost::system::error_code ec, 190166b5ca76Sjayaprakash Mutyala sdbusplus::message::message& m) { 190284e12cb7SAppaRao Puli if (ec) 190384e12cb7SAppaRao Puli { 19046c51eab1SEd Tanous userErrorMessageHandler(m.get_error(), asyncResp, 19056c51eab1SEd Tanous newUser, username); 1906a840879dSEd Tanous return; 1907a840879dSEd Tanous } 1908a840879dSEd Tanous 19096c51eab1SEd Tanous updateUserProperties(asyncResp, newUser, password, 19106c51eab1SEd Tanous enabled, roleId, locked); 191184e12cb7SAppaRao Puli }, 19126c51eab1SEd Tanous "xyz.openbmc_project.User.Manager", 19136c51eab1SEd Tanous "/xyz/openbmc_project/user", 191484e12cb7SAppaRao Puli "xyz.openbmc_project.User.Manager", "RenameUser", username, 191584e12cb7SAppaRao Puli *newUserName); 19166c51eab1SEd Tanous }); 191784e12cb7SAppaRao Puli 19186c51eab1SEd Tanous BMCWEB_ROUTE(app, "/redfish/v1/AccountService/Accounts/<str>/") 1919ed398213SEd Tanous .privileges(redfish::privileges::deleteManagerAccount) 19206c51eab1SEd Tanous .methods(boost::beast::http::verb::delete_)( 19216c51eab1SEd Tanous [](const crow::Request& /*req*/, 19226c51eab1SEd Tanous const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 19236c51eab1SEd Tanous const std::string& username) -> void { 1924b477fd44SP Dheeraj Srujan Kumar sdbusplus::message::object_path tempObjPath(rootUserDbusPath); 1925b477fd44SP Dheeraj Srujan Kumar tempObjPath /= username; 1926b477fd44SP Dheeraj Srujan Kumar const std::string userPath(tempObjPath); 192724c8542dSRatan Gupta 19286c51eab1SEd Tanous crow::connections::systemBus->async_method_call( 19296c51eab1SEd Tanous [asyncResp, username](const boost::system::error_code ec) { 19306c51eab1SEd Tanous if (ec) 193166b5ca76Sjayaprakash Mutyala { 193266b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 193366b5ca76Sjayaprakash Mutyala asyncResp->res, 19346c51eab1SEd Tanous "#ManagerAccount.v1_4_0.ManagerAccount", 1935f12894f8SJason M. Bills username); 193606e086d9SEd Tanous return; 193706e086d9SEd Tanous } 193806e086d9SEd Tanous 1939f12894f8SJason M. Bills messages::accountRemoved(asyncResp->res); 194006e086d9SEd Tanous }, 194106e086d9SEd Tanous "xyz.openbmc_project.User.Manager", userPath, 194206e086d9SEd Tanous "xyz.openbmc_project.Object.Delete", "Delete"); 19436c51eab1SEd Tanous }); 194406e086d9SEd Tanous } 194588d16c9aSLewanczyk, Dawid 194688d16c9aSLewanczyk, Dawid } // namespace redfish 1947