188d16c9aSLewanczyk, Dawid /* 288d16c9aSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 388d16c9aSLewanczyk, Dawid // 488d16c9aSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 588d16c9aSLewanczyk, Dawid // you may not use this file except in compliance with the License. 688d16c9aSLewanczyk, Dawid // You may obtain a copy of the License at 788d16c9aSLewanczyk, Dawid // 888d16c9aSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 988d16c9aSLewanczyk, Dawid // 1088d16c9aSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 1188d16c9aSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 1288d16c9aSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1388d16c9aSLewanczyk, Dawid // See the License for the specific language governing permissions and 1488d16c9aSLewanczyk, Dawid // limitations under the License. 1588d16c9aSLewanczyk, Dawid */ 1688d16c9aSLewanczyk, Dawid #pragma once 1788d16c9aSLewanczyk, Dawid #include "node.hpp" 1888d16c9aSLewanczyk, Dawid 1924c8542dSRatan Gupta #include <dbus_utility.hpp> 2065b0dc32SEd Tanous #include <error_messages.hpp> 21b9b2e0b2SEd Tanous #include <openbmc_dbus_rest.hpp> 22a840879dSEd Tanous #include <utils/json_utils.hpp> 231214b7e7SGunnar Mills 24abf2add6SEd Tanous #include <variant> 25b9b2e0b2SEd Tanous 261abe55efSEd Tanous namespace redfish 271abe55efSEd Tanous { 2888d16c9aSLewanczyk, Dawid 296973a582SRatan Gupta constexpr const char* ldapConfigObject = 306973a582SRatan Gupta "/xyz/openbmc_project/user/ldap/openldap"; 31ab828d7cSRatan Gupta constexpr const char* ADConfigObject = 32ab828d7cSRatan Gupta "/xyz/openbmc_project/user/ldap/active_directory"; 33ab828d7cSRatan Gupta 346973a582SRatan Gupta constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap"; 356973a582SRatan Gupta constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config"; 366973a582SRatan Gupta constexpr const char* ldapConfigInterface = 376973a582SRatan Gupta "xyz.openbmc_project.User.Ldap.Config"; 386973a582SRatan Gupta constexpr const char* ldapCreateInterface = 396973a582SRatan Gupta "xyz.openbmc_project.User.Ldap.Create"; 406973a582SRatan Gupta constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable"; 4106785244SRatan Gupta constexpr const char* ldapPrivMapperInterface = 4206785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapper"; 436973a582SRatan Gupta constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager"; 446973a582SRatan Gupta constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties"; 456973a582SRatan Gupta constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper"; 466973a582SRatan Gupta constexpr const char* mapperObjectPath = "/xyz/openbmc_project/object_mapper"; 476973a582SRatan Gupta constexpr const char* mapperIntf = "xyz.openbmc_project.ObjectMapper"; 486973a582SRatan Gupta 4954fc587aSNagaraju Goruganti struct LDAPRoleMapData 5054fc587aSNagaraju Goruganti { 5154fc587aSNagaraju Goruganti std::string groupName; 5254fc587aSNagaraju Goruganti std::string privilege; 5354fc587aSNagaraju Goruganti }; 5454fc587aSNagaraju Goruganti 556973a582SRatan Gupta struct LDAPConfigData 566973a582SRatan Gupta { 576973a582SRatan Gupta std::string uri{}; 586973a582SRatan Gupta std::string bindDN{}; 596973a582SRatan Gupta std::string baseDN{}; 606973a582SRatan Gupta std::string searchScope{}; 616973a582SRatan Gupta std::string serverType{}; 626973a582SRatan Gupta bool serviceEnabled = false; 636973a582SRatan Gupta std::string userNameAttribute{}; 646973a582SRatan Gupta std::string groupAttribute{}; 6554fc587aSNagaraju Goruganti std::vector<std::pair<std::string, LDAPRoleMapData>> groupRoleList; 666973a582SRatan Gupta }; 676973a582SRatan Gupta 6819bd78d9SPatrick Williams using DbusVariantType = std::variant<bool, int32_t, std::string>; 69107077deSPrzemyslaw Czarnowski 70107077deSPrzemyslaw Czarnowski using DbusInterfaceType = boost::container::flat_map< 71107077deSPrzemyslaw Czarnowski std::string, boost::container::flat_map<std::string, DbusVariantType>>; 72107077deSPrzemyslaw Czarnowski 73107077deSPrzemyslaw Czarnowski using ManagedObjectType = 74107077deSPrzemyslaw Czarnowski std::vector<std::pair<sdbusplus::message::object_path, DbusInterfaceType>>; 75107077deSPrzemyslaw Czarnowski 766973a582SRatan Gupta using GetObjectType = 776973a582SRatan Gupta std::vector<std::pair<std::string, std::vector<std::string>>>; 7884e12cb7SAppaRao Puli 7954fc587aSNagaraju Goruganti inline std::string getRoleIdFromPrivilege(std::string_view role) 8084e12cb7SAppaRao Puli { 8184e12cb7SAppaRao Puli if (role == "priv-admin") 8284e12cb7SAppaRao Puli { 8384e12cb7SAppaRao Puli return "Administrator"; 8484e12cb7SAppaRao Puli } 8584e12cb7SAppaRao Puli else if (role == "priv-user") 8684e12cb7SAppaRao Puli { 87c80fee55SAppaRao Puli return "ReadOnly"; 8884e12cb7SAppaRao Puli } 8984e12cb7SAppaRao Puli else if (role == "priv-operator") 9084e12cb7SAppaRao Puli { 9184e12cb7SAppaRao Puli return "Operator"; 9284e12cb7SAppaRao Puli } 93e9e6d240Sjayaprakash Mutyala else if ((role == "") || (role == "priv-noaccess")) 94e9e6d240Sjayaprakash Mutyala { 95e9e6d240Sjayaprakash Mutyala return "NoAccess"; 96e9e6d240Sjayaprakash Mutyala } 9784e12cb7SAppaRao Puli return ""; 9884e12cb7SAppaRao Puli } 9954fc587aSNagaraju Goruganti inline std::string getPrivilegeFromRoleId(std::string_view role) 10084e12cb7SAppaRao Puli { 10184e12cb7SAppaRao Puli if (role == "Administrator") 10284e12cb7SAppaRao Puli { 10384e12cb7SAppaRao Puli return "priv-admin"; 10484e12cb7SAppaRao Puli } 105c80fee55SAppaRao Puli else if (role == "ReadOnly") 10684e12cb7SAppaRao Puli { 10784e12cb7SAppaRao Puli return "priv-user"; 10884e12cb7SAppaRao Puli } 10984e12cb7SAppaRao Puli else if (role == "Operator") 11084e12cb7SAppaRao Puli { 11184e12cb7SAppaRao Puli return "priv-operator"; 11284e12cb7SAppaRao Puli } 11396200606Sjayaprakash Mutyala else if ((role == "NoAccess") || (role == "")) 114e9e6d240Sjayaprakash Mutyala { 115e9e6d240Sjayaprakash Mutyala return "priv-noaccess"; 116e9e6d240Sjayaprakash Mutyala } 11784e12cb7SAppaRao Puli return ""; 11884e12cb7SAppaRao Puli } 119b9b2e0b2SEd Tanous 12066b5ca76Sjayaprakash Mutyala void userErrorMessageHandler(const sd_bus_error* e, 12166b5ca76Sjayaprakash Mutyala std::shared_ptr<AsyncResp> asyncResp, 12266b5ca76Sjayaprakash Mutyala const std::string& newUser, 12366b5ca76Sjayaprakash Mutyala const std::string& username) 12466b5ca76Sjayaprakash Mutyala { 12566b5ca76Sjayaprakash Mutyala const char* errorMessage = e->name; 12666b5ca76Sjayaprakash Mutyala if (e == nullptr) 12766b5ca76Sjayaprakash Mutyala { 12866b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 12966b5ca76Sjayaprakash Mutyala return; 13066b5ca76Sjayaprakash Mutyala } 13166b5ca76Sjayaprakash Mutyala 13266b5ca76Sjayaprakash Mutyala if (strcmp(errorMessage, 13366b5ca76Sjayaprakash Mutyala "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0) 13466b5ca76Sjayaprakash Mutyala { 13566b5ca76Sjayaprakash Mutyala messages::resourceAlreadyExists(asyncResp->res, 136*8114bd4dSGunnar Mills "#ManagerAccount.v1_4_0.ManagerAccount", 13766b5ca76Sjayaprakash Mutyala "UserName", newUser); 13866b5ca76Sjayaprakash Mutyala } 13966b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error." 14066b5ca76Sjayaprakash Mutyala "UserNameDoesNotExist") == 0) 14166b5ca76Sjayaprakash Mutyala { 14266b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 143*8114bd4dSGunnar Mills asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", username); 14466b5ca76Sjayaprakash Mutyala } 14566b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, 14666b5ca76Sjayaprakash Mutyala "xyz.openbmc_project.Common.Error.InvalidArgument") == 0) 14766b5ca76Sjayaprakash Mutyala { 14866b5ca76Sjayaprakash Mutyala messages::propertyValueFormatError(asyncResp->res, newUser, "UserName"); 14966b5ca76Sjayaprakash Mutyala } 15066b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, 15166b5ca76Sjayaprakash Mutyala "xyz.openbmc_project.User.Common.Error.NoResource") == 0) 15266b5ca76Sjayaprakash Mutyala { 15366b5ca76Sjayaprakash Mutyala messages::createLimitReachedForResource(asyncResp->res); 15466b5ca76Sjayaprakash Mutyala } 15566b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error." 15666b5ca76Sjayaprakash Mutyala "UserNameGroupFail") == 0) 15766b5ca76Sjayaprakash Mutyala { 15866b5ca76Sjayaprakash Mutyala messages::propertyValueFormatError(asyncResp->res, newUser, "UserName"); 15966b5ca76Sjayaprakash Mutyala } 16066b5ca76Sjayaprakash Mutyala else 16166b5ca76Sjayaprakash Mutyala { 16266b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 16366b5ca76Sjayaprakash Mutyala } 16466b5ca76Sjayaprakash Mutyala 16566b5ca76Sjayaprakash Mutyala return; 16666b5ca76Sjayaprakash Mutyala } 16766b5ca76Sjayaprakash Mutyala 1686973a582SRatan Gupta void parseLDAPConfigData(nlohmann::json& json_response, 169ab828d7cSRatan Gupta const LDAPConfigData& confData, 170ab828d7cSRatan Gupta const std::string& ldapType) 1716973a582SRatan Gupta { 172ab828d7cSRatan Gupta std::string service = 173ab828d7cSRatan Gupta (ldapType == "LDAP") ? "LDAPService" : "ActiveDirectoryService"; 17437cce918SMarri Devender Rao nlohmann::json ldap = { 1756973a582SRatan Gupta {"ServiceEnabled", confData.serviceEnabled}, 1766973a582SRatan Gupta {"ServiceAddresses", nlohmann::json::array({confData.uri})}, 1776973a582SRatan Gupta {"Authentication", 1786973a582SRatan Gupta {{"AuthenticationType", "UsernameAndPassword"}, 1796973a582SRatan Gupta {"Username", confData.bindDN}, 1806973a582SRatan Gupta {"Password", nullptr}}}, 1816973a582SRatan Gupta {"LDAPService", 1826973a582SRatan Gupta {{"SearchSettings", 1836973a582SRatan Gupta {{"BaseDistinguishedNames", 1846973a582SRatan Gupta nlohmann::json::array({confData.baseDN})}, 1856973a582SRatan Gupta {"UsernameAttribute", confData.userNameAttribute}, 1866973a582SRatan Gupta {"GroupsAttribute", confData.groupAttribute}}}}}, 1876973a582SRatan Gupta }; 18854fc587aSNagaraju Goruganti 18937cce918SMarri Devender Rao json_response[ldapType].update(std::move(ldap)); 19054fc587aSNagaraju Goruganti 19154fc587aSNagaraju Goruganti nlohmann::json& roleMapArray = json_response[ldapType]["RemoteRoleMapping"]; 19254fc587aSNagaraju Goruganti roleMapArray = nlohmann::json::array(); 19354fc587aSNagaraju Goruganti for (auto& obj : confData.groupRoleList) 19454fc587aSNagaraju Goruganti { 19554fc587aSNagaraju Goruganti BMCWEB_LOG_DEBUG << "Pushing the data groupName=" 19654fc587aSNagaraju Goruganti << obj.second.groupName << "\n"; 19754fc587aSNagaraju Goruganti roleMapArray.push_back( 19854fc587aSNagaraju Goruganti {nlohmann::json::array({"RemoteGroup", obj.second.groupName}), 19954fc587aSNagaraju Goruganti nlohmann::json::array( 20054fc587aSNagaraju Goruganti {"LocalRole", getRoleIdFromPrivilege(obj.second.privilege)})}); 20154fc587aSNagaraju Goruganti } 2026973a582SRatan Gupta } 2036973a582SRatan Gupta 2046973a582SRatan Gupta /** 20506785244SRatan Gupta * @brief validates given JSON input and then calls appropriate method to 20606785244SRatan Gupta * create, to delete or to set Rolemapping object based on the given input. 20706785244SRatan Gupta * 20806785244SRatan Gupta */ 20906785244SRatan Gupta static void handleRoleMapPatch( 21006785244SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 21106785244SRatan Gupta const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData, 21206785244SRatan Gupta const std::string& serverType, std::vector<nlohmann::json>& input) 21306785244SRatan Gupta { 21406785244SRatan Gupta for (size_t index = 0; index < input.size(); index++) 21506785244SRatan Gupta { 21606785244SRatan Gupta nlohmann::json& thisJson = input[index]; 21706785244SRatan Gupta 21806785244SRatan Gupta if (thisJson.is_null()) 21906785244SRatan Gupta { 22006785244SRatan Gupta // delete the existing object 22106785244SRatan Gupta if (index < roleMapObjData.size()) 22206785244SRatan Gupta { 22306785244SRatan Gupta crow::connections::systemBus->async_method_call( 22406785244SRatan Gupta [asyncResp, roleMapObjData, serverType, 22506785244SRatan Gupta index](const boost::system::error_code ec) { 22606785244SRatan Gupta if (ec) 22706785244SRatan Gupta { 22806785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " << ec; 22906785244SRatan Gupta messages::internalError(asyncResp->res); 23006785244SRatan Gupta return; 23106785244SRatan Gupta } 23206785244SRatan Gupta asyncResp->res 23306785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"][index] = 23406785244SRatan Gupta nullptr; 23506785244SRatan Gupta }, 23606785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 23706785244SRatan Gupta "xyz.openbmc_project.Object.Delete", "Delete"); 23806785244SRatan Gupta } 23906785244SRatan Gupta else 24006785244SRatan Gupta { 24106785244SRatan Gupta BMCWEB_LOG_ERROR << "Can't delete the object"; 24206785244SRatan Gupta messages::propertyValueTypeError( 24306785244SRatan Gupta asyncResp->res, thisJson.dump(), 24406785244SRatan Gupta "RemoteRoleMapping/" + std::to_string(index)); 24506785244SRatan Gupta return; 24606785244SRatan Gupta } 24706785244SRatan Gupta } 24806785244SRatan Gupta else if (thisJson.empty()) 24906785244SRatan Gupta { 25006785244SRatan Gupta // Don't do anything for the empty objects,parse next json 25106785244SRatan Gupta // eg {"RemoteRoleMapping",[{}]} 25206785244SRatan Gupta } 25306785244SRatan Gupta else 25406785244SRatan Gupta { 25506785244SRatan Gupta // update/create the object 25606785244SRatan Gupta std::optional<std::string> remoteGroup; 25706785244SRatan Gupta std::optional<std::string> localRole; 25806785244SRatan Gupta 25906785244SRatan Gupta if (!json_util::readJson(thisJson, asyncResp->res, "RemoteGroup", 26006785244SRatan Gupta remoteGroup, "LocalRole", localRole)) 26106785244SRatan Gupta { 26206785244SRatan Gupta continue; 26306785244SRatan Gupta } 26406785244SRatan Gupta 26506785244SRatan Gupta // Update existing RoleMapping Object 26606785244SRatan Gupta if (index < roleMapObjData.size()) 26706785244SRatan Gupta { 26806785244SRatan Gupta BMCWEB_LOG_DEBUG << "Update Role Map Object"; 26906785244SRatan Gupta // If "RemoteGroup" info is provided 27006785244SRatan Gupta if (remoteGroup) 27106785244SRatan Gupta { 27206785244SRatan Gupta crow::connections::systemBus->async_method_call( 27306785244SRatan Gupta [asyncResp, roleMapObjData, serverType, index, 27406785244SRatan Gupta remoteGroup](const boost::system::error_code ec) { 27506785244SRatan Gupta if (ec) 27606785244SRatan Gupta { 27706785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " 27806785244SRatan Gupta << ec; 27906785244SRatan Gupta messages::internalError(asyncResp->res); 28006785244SRatan Gupta return; 28106785244SRatan Gupta } 28206785244SRatan Gupta asyncResp->res 28306785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"] 28406785244SRatan Gupta [index]["RemoteGroup"] = *remoteGroup; 28506785244SRatan Gupta }, 28606785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 28706785244SRatan Gupta propertyInterface, "Set", 28806785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapperEntry", 28906785244SRatan Gupta "GroupName", 29006785244SRatan Gupta std::variant<std::string>(std::move(*remoteGroup))); 29106785244SRatan Gupta } 29206785244SRatan Gupta 29306785244SRatan Gupta // If "LocalRole" info is provided 29406785244SRatan Gupta if (localRole) 29506785244SRatan Gupta { 29606785244SRatan Gupta crow::connections::systemBus->async_method_call( 29706785244SRatan Gupta [asyncResp, roleMapObjData, serverType, index, 29806785244SRatan Gupta localRole](const boost::system::error_code ec) { 29906785244SRatan Gupta if (ec) 30006785244SRatan Gupta { 30106785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " 30206785244SRatan Gupta << ec; 30306785244SRatan Gupta messages::internalError(asyncResp->res); 30406785244SRatan Gupta return; 30506785244SRatan Gupta } 30606785244SRatan Gupta asyncResp->res 30706785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"] 30806785244SRatan Gupta [index]["LocalRole"] = *localRole; 30906785244SRatan Gupta }, 31006785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 31106785244SRatan Gupta propertyInterface, "Set", 31206785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapperEntry", 31306785244SRatan Gupta "Privilege", 31406785244SRatan Gupta std::variant<std::string>( 31506785244SRatan Gupta getPrivilegeFromRoleId(std::move(*localRole)))); 31606785244SRatan Gupta } 31706785244SRatan Gupta } 31806785244SRatan Gupta // Create a new RoleMapping Object. 31906785244SRatan Gupta else 32006785244SRatan Gupta { 32106785244SRatan Gupta BMCWEB_LOG_DEBUG 32206785244SRatan Gupta << "setRoleMappingProperties: Creating new Object"; 32306785244SRatan Gupta std::string pathString = 32406785244SRatan Gupta "RemoteRoleMapping/" + std::to_string(index); 32506785244SRatan Gupta 32606785244SRatan Gupta if (!localRole) 32706785244SRatan Gupta { 32806785244SRatan Gupta messages::propertyMissing(asyncResp->res, 32906785244SRatan Gupta pathString + "/LocalRole"); 33006785244SRatan Gupta continue; 33106785244SRatan Gupta } 33206785244SRatan Gupta if (!remoteGroup) 33306785244SRatan Gupta { 33406785244SRatan Gupta messages::propertyMissing(asyncResp->res, 33506785244SRatan Gupta pathString + "/RemoteGroup"); 33606785244SRatan Gupta continue; 33706785244SRatan Gupta } 33806785244SRatan Gupta 33906785244SRatan Gupta std::string dbusObjectPath; 34006785244SRatan Gupta if (serverType == "ActiveDirectory") 34106785244SRatan Gupta { 34206785244SRatan Gupta dbusObjectPath = ADConfigObject; 34306785244SRatan Gupta } 34406785244SRatan Gupta else if (serverType == "LDAP") 34506785244SRatan Gupta { 34606785244SRatan Gupta dbusObjectPath = ldapConfigObject; 34706785244SRatan Gupta } 34806785244SRatan Gupta 34906785244SRatan Gupta BMCWEB_LOG_DEBUG << "Remote Group=" << *remoteGroup 35006785244SRatan Gupta << ",LocalRole=" << *localRole; 35106785244SRatan Gupta 35206785244SRatan Gupta crow::connections::systemBus->async_method_call( 353271584abSEd Tanous [asyncResp, serverType, localRole, 35406785244SRatan Gupta remoteGroup](const boost::system::error_code ec) { 35506785244SRatan Gupta if (ec) 35606785244SRatan Gupta { 35706785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " << ec; 35806785244SRatan Gupta messages::internalError(asyncResp->res); 35906785244SRatan Gupta return; 36006785244SRatan Gupta } 36106785244SRatan Gupta nlohmann::json& remoteRoleJson = 36206785244SRatan Gupta asyncResp->res 36306785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"]; 36406785244SRatan Gupta remoteRoleJson.push_back( 36506785244SRatan Gupta {{"LocalRole", *localRole}, 36606785244SRatan Gupta {"RemoteGroup", *remoteGroup}}); 36706785244SRatan Gupta }, 36806785244SRatan Gupta ldapDbusService, dbusObjectPath, ldapPrivMapperInterface, 36906785244SRatan Gupta "Create", std::move(*remoteGroup), 37006785244SRatan Gupta getPrivilegeFromRoleId(std::move(*localRole))); 37106785244SRatan Gupta } 37206785244SRatan Gupta } 37306785244SRatan Gupta } 37406785244SRatan Gupta } 37506785244SRatan Gupta 37606785244SRatan Gupta /** 3776973a582SRatan Gupta * Function that retrieves all properties for LDAP config object 3786973a582SRatan Gupta * into JSON 3796973a582SRatan Gupta */ 3806973a582SRatan Gupta template <typename CallbackFunc> 3816973a582SRatan Gupta inline void getLDAPConfigData(const std::string& ldapType, 3826973a582SRatan Gupta CallbackFunc&& callback) 3836973a582SRatan Gupta { 38454fc587aSNagaraju Goruganti 38554fc587aSNagaraju Goruganti const std::array<const char*, 2> interfaces = {ldapEnableInterface, 38654fc587aSNagaraju Goruganti ldapConfigInterface}; 38754fc587aSNagaraju Goruganti 38854fc587aSNagaraju Goruganti crow::connections::systemBus->async_method_call( 38954fc587aSNagaraju Goruganti [callback, ldapType](const boost::system::error_code ec, 39054fc587aSNagaraju Goruganti const GetObjectType& resp) { 39154fc587aSNagaraju Goruganti LDAPConfigData confData{}; 39254fc587aSNagaraju Goruganti if (ec || resp.empty()) 39354fc587aSNagaraju Goruganti { 39454fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR << "DBUS response error during getting of " 39554fc587aSNagaraju Goruganti "service name: " 39654fc587aSNagaraju Goruganti << ec; 39754fc587aSNagaraju Goruganti callback(false, confData, ldapType); 39854fc587aSNagaraju Goruganti return; 39954fc587aSNagaraju Goruganti } 40054fc587aSNagaraju Goruganti std::string service = resp.begin()->first; 40154fc587aSNagaraju Goruganti crow::connections::systemBus->async_method_call( 40254fc587aSNagaraju Goruganti [callback, ldapType](const boost::system::error_code error_code, 4036973a582SRatan Gupta const ManagedObjectType& ldapObjects) { 4046973a582SRatan Gupta LDAPConfigData confData{}; 4056973a582SRatan Gupta if (error_code) 4066973a582SRatan Gupta { 407ab828d7cSRatan Gupta callback(false, confData, ldapType); 40854fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR << "D-Bus responses error: " 40954fc587aSNagaraju Goruganti << error_code; 4106973a582SRatan Gupta return; 4116973a582SRatan Gupta } 412ab828d7cSRatan Gupta 413ab828d7cSRatan Gupta std::string ldapDbusType; 41454fc587aSNagaraju Goruganti std::string searchString; 41554fc587aSNagaraju Goruganti 416ab828d7cSRatan Gupta if (ldapType == "LDAP") 417ab828d7cSRatan Gupta { 41854fc587aSNagaraju Goruganti ldapDbusType = "xyz.openbmc_project.User.Ldap.Config." 41954fc587aSNagaraju Goruganti "Type.OpenLdap"; 42054fc587aSNagaraju Goruganti searchString = "openldap"; 421ab828d7cSRatan Gupta } 422ab828d7cSRatan Gupta else if (ldapType == "ActiveDirectory") 423ab828d7cSRatan Gupta { 42454fc587aSNagaraju Goruganti ldapDbusType = 42554fc587aSNagaraju Goruganti "xyz.openbmc_project.User.Ldap.Config.Type." 426ab828d7cSRatan Gupta "ActiveDirectory"; 42754fc587aSNagaraju Goruganti searchString = "active_directory"; 428ab828d7cSRatan Gupta } 429ab828d7cSRatan Gupta else 430ab828d7cSRatan Gupta { 43154fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR 43254fc587aSNagaraju Goruganti << "Can't get the DbusType for the given type=" 433ab828d7cSRatan Gupta << ldapType; 434ab828d7cSRatan Gupta callback(false, confData, ldapType); 435ab828d7cSRatan Gupta return; 436ab828d7cSRatan Gupta } 437ab828d7cSRatan Gupta 438ab828d7cSRatan Gupta std::string ldapEnableInterfaceStr = ldapEnableInterface; 439ab828d7cSRatan Gupta std::string ldapConfigInterfaceStr = ldapConfigInterface; 440ab828d7cSRatan Gupta 4416973a582SRatan Gupta for (const auto& object : ldapObjects) 4426973a582SRatan Gupta { 44354fc587aSNagaraju Goruganti // let's find the object whose ldap type is equal to the 44454fc587aSNagaraju Goruganti // given type 44554fc587aSNagaraju Goruganti if (object.first.str.find(searchString) == 44654fc587aSNagaraju Goruganti std::string::npos) 4476973a582SRatan Gupta { 448ab828d7cSRatan Gupta continue; 449ab828d7cSRatan Gupta } 450ab828d7cSRatan Gupta 4516973a582SRatan Gupta for (const auto& interface : object.second) 4526973a582SRatan Gupta { 4536973a582SRatan Gupta if (interface.first == ldapEnableInterfaceStr) 4546973a582SRatan Gupta { 4556973a582SRatan Gupta // rest of the properties are string. 4566973a582SRatan Gupta for (const auto& property : interface.second) 4576973a582SRatan Gupta { 4586973a582SRatan Gupta if (property.first == "Enabled") 4596973a582SRatan Gupta { 4606973a582SRatan Gupta const bool* value = 4616973a582SRatan Gupta std::get_if<bool>(&property.second); 4626973a582SRatan Gupta if (value == nullptr) 4636973a582SRatan Gupta { 4646973a582SRatan Gupta continue; 4656973a582SRatan Gupta } 4666973a582SRatan Gupta confData.serviceEnabled = *value; 4676973a582SRatan Gupta break; 4686973a582SRatan Gupta } 4696973a582SRatan Gupta } 4706973a582SRatan Gupta } 4716973a582SRatan Gupta else if (interface.first == ldapConfigInterfaceStr) 4726973a582SRatan Gupta { 4736973a582SRatan Gupta 4746973a582SRatan Gupta for (const auto& property : interface.second) 4756973a582SRatan Gupta { 476271584abSEd Tanous const std::string* strValue = 47754fc587aSNagaraju Goruganti std::get_if<std::string>( 47854fc587aSNagaraju Goruganti &property.second); 479271584abSEd Tanous if (strValue == nullptr) 4806973a582SRatan Gupta { 4816973a582SRatan Gupta continue; 4826973a582SRatan Gupta } 4836973a582SRatan Gupta if (property.first == "LDAPServerURI") 4846973a582SRatan Gupta { 485271584abSEd Tanous confData.uri = *strValue; 4866973a582SRatan Gupta } 4876973a582SRatan Gupta else if (property.first == "LDAPBindDN") 4886973a582SRatan Gupta { 489271584abSEd Tanous confData.bindDN = *strValue; 4906973a582SRatan Gupta } 4916973a582SRatan Gupta else if (property.first == "LDAPBaseDN") 4926973a582SRatan Gupta { 493271584abSEd Tanous confData.baseDN = *strValue; 4946973a582SRatan Gupta } 49554fc587aSNagaraju Goruganti else if (property.first == 49654fc587aSNagaraju Goruganti "LDAPSearchScope") 4976973a582SRatan Gupta { 498271584abSEd Tanous confData.searchScope = *strValue; 4996973a582SRatan Gupta } 50054fc587aSNagaraju Goruganti else if (property.first == 50154fc587aSNagaraju Goruganti "GroupNameAttribute") 5026973a582SRatan Gupta { 503271584abSEd Tanous confData.groupAttribute = *strValue; 5046973a582SRatan Gupta } 50554fc587aSNagaraju Goruganti else if (property.first == 50654fc587aSNagaraju Goruganti "UserNameAttribute") 5076973a582SRatan Gupta { 508271584abSEd Tanous confData.userNameAttribute = *strValue; 5096973a582SRatan Gupta } 51054fc587aSNagaraju Goruganti else if (property.first == "LDAPType") 511ab828d7cSRatan Gupta { 512271584abSEd Tanous confData.serverType = *strValue; 51354fc587aSNagaraju Goruganti } 51454fc587aSNagaraju Goruganti } 51554fc587aSNagaraju Goruganti } 51654fc587aSNagaraju Goruganti else if (interface.first == 51754fc587aSNagaraju Goruganti "xyz.openbmc_project.User." 51854fc587aSNagaraju Goruganti "PrivilegeMapperEntry") 51954fc587aSNagaraju Goruganti { 52054fc587aSNagaraju Goruganti LDAPRoleMapData roleMapData{}; 52154fc587aSNagaraju Goruganti for (const auto& property : interface.second) 52254fc587aSNagaraju Goruganti { 523271584abSEd Tanous const std::string* strValue = 52454fc587aSNagaraju Goruganti std::get_if<std::string>( 52554fc587aSNagaraju Goruganti &property.second); 52654fc587aSNagaraju Goruganti 527271584abSEd Tanous if (strValue == nullptr) 52854fc587aSNagaraju Goruganti { 52954fc587aSNagaraju Goruganti continue; 53054fc587aSNagaraju Goruganti } 53154fc587aSNagaraju Goruganti 53254fc587aSNagaraju Goruganti if (property.first == "GroupName") 53354fc587aSNagaraju Goruganti { 534271584abSEd Tanous roleMapData.groupName = *strValue; 53554fc587aSNagaraju Goruganti } 53654fc587aSNagaraju Goruganti else if (property.first == "Privilege") 53754fc587aSNagaraju Goruganti { 538271584abSEd Tanous roleMapData.privilege = *strValue; 53954fc587aSNagaraju Goruganti } 54054fc587aSNagaraju Goruganti } 54154fc587aSNagaraju Goruganti 5420f0353b6SEd Tanous confData.groupRoleList.emplace_back( 5430f0353b6SEd Tanous object.first.str, roleMapData); 54454fc587aSNagaraju Goruganti } 54554fc587aSNagaraju Goruganti } 54654fc587aSNagaraju Goruganti } 547ab828d7cSRatan Gupta callback(true, confData, ldapType); 54854fc587aSNagaraju Goruganti }, 54954fc587aSNagaraju Goruganti service, ldapRootObject, dbusObjManagerIntf, 5506973a582SRatan Gupta "GetManagedObjects"); 55154fc587aSNagaraju Goruganti }, 55254fc587aSNagaraju Goruganti mapperBusName, mapperObjectPath, mapperIntf, "GetObject", 55354fc587aSNagaraju Goruganti ldapConfigObject, interfaces); 5546973a582SRatan Gupta } 5556973a582SRatan Gupta 5561abe55efSEd Tanous class AccountService : public Node 5571abe55efSEd Tanous { 55888d16c9aSLewanczyk, Dawid public: 55978158631SZbigniew Kurzynski AccountService(CrowApp& app) : 56078158631SZbigniew Kurzynski Node(app, "/redfish/v1/AccountService/"), app(app) 5611abe55efSEd Tanous { 5623ebd75f7SEd Tanous entityPrivileges = { 5633c5a376eSGunnar Mills {boost::beast::http::verb::get, {{"Login"}}}, 564e0d918bcSEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 565e0d918bcSEd Tanous {boost::beast::http::verb::patch, {{"ConfigureUsers"}}}, 566e0d918bcSEd Tanous {boost::beast::http::verb::put, {{"ConfigureUsers"}}}, 567e0d918bcSEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}}, 568e0d918bcSEd Tanous {boost::beast::http::verb::post, {{"ConfigureUsers"}}}}; 56988d16c9aSLewanczyk, Dawid } 57088d16c9aSLewanczyk, Dawid 57188d16c9aSLewanczyk, Dawid private: 5728a07d286SRatan Gupta /** 5738a07d286SRatan Gupta * @brief parses the authentication section under the LDAP 5748a07d286SRatan Gupta * @param input JSON data 5758a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 5768a07d286SRatan Gupta * @param userName userName to be filled from the given JSON. 5778a07d286SRatan Gupta * @param password password to be filled from the given JSON. 5788a07d286SRatan Gupta */ 5798a07d286SRatan Gupta void 5808a07d286SRatan Gupta parseLDAPAuthenticationJson(nlohmann::json input, 5818a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 5828a07d286SRatan Gupta std::optional<std::string>& username, 5838a07d286SRatan Gupta std::optional<std::string>& password) 5848a07d286SRatan Gupta { 5858a07d286SRatan Gupta std::optional<std::string> authType; 5868a07d286SRatan Gupta 5878a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "AuthenticationType", 5888a07d286SRatan Gupta authType, "Username", username, "Password", 5898a07d286SRatan Gupta password)) 5908a07d286SRatan Gupta { 5918a07d286SRatan Gupta return; 5928a07d286SRatan Gupta } 5938a07d286SRatan Gupta if (!authType) 5948a07d286SRatan Gupta { 5958a07d286SRatan Gupta return; 5968a07d286SRatan Gupta } 5978a07d286SRatan Gupta if (*authType != "UsernameAndPassword") 5988a07d286SRatan Gupta { 5998a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, *authType, 6008a07d286SRatan Gupta "AuthenticationType"); 6018a07d286SRatan Gupta return; 6028a07d286SRatan Gupta } 6038a07d286SRatan Gupta } 6048a07d286SRatan Gupta /** 6058a07d286SRatan Gupta * @brief parses the LDAPService section under the LDAP 6068a07d286SRatan Gupta * @param input JSON data 6078a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6088a07d286SRatan Gupta * @param baseDNList baseDN to be filled from the given JSON. 6098a07d286SRatan Gupta * @param userNameAttribute userName to be filled from the given JSON. 6108a07d286SRatan Gupta * @param groupaAttribute password to be filled from the given JSON. 6118a07d286SRatan Gupta */ 6128a07d286SRatan Gupta 6138a07d286SRatan Gupta void parseLDAPServiceJson( 6148a07d286SRatan Gupta nlohmann::json input, const std::shared_ptr<AsyncResp>& asyncResp, 6158a07d286SRatan Gupta std::optional<std::vector<std::string>>& baseDNList, 6168a07d286SRatan Gupta std::optional<std::string>& userNameAttribute, 6178a07d286SRatan Gupta std::optional<std::string>& groupsAttribute) 6188a07d286SRatan Gupta { 6198a07d286SRatan Gupta std::optional<nlohmann::json> searchSettings; 6208a07d286SRatan Gupta 6218a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "SearchSettings", 6228a07d286SRatan Gupta searchSettings)) 6238a07d286SRatan Gupta { 6248a07d286SRatan Gupta return; 6258a07d286SRatan Gupta } 6268a07d286SRatan Gupta if (!searchSettings) 6278a07d286SRatan Gupta { 6288a07d286SRatan Gupta return; 6298a07d286SRatan Gupta } 6308a07d286SRatan Gupta if (!json_util::readJson(*searchSettings, asyncResp->res, 6318a07d286SRatan Gupta "BaseDistinguishedNames", baseDNList, 6328a07d286SRatan Gupta "UsernameAttribute", userNameAttribute, 6338a07d286SRatan Gupta "GroupsAttribute", groupsAttribute)) 6348a07d286SRatan Gupta { 6358a07d286SRatan Gupta return; 6368a07d286SRatan Gupta } 6378a07d286SRatan Gupta } 6388a07d286SRatan Gupta /** 6398a07d286SRatan Gupta * @brief updates the LDAP server address and updates the 6408a07d286SRatan Gupta json response with the new value. 6418a07d286SRatan Gupta * @param serviceAddressList address to be updated. 6428a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6438a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 6448a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 6458a07d286SRatan Gupta */ 6468a07d286SRatan Gupta 6478a07d286SRatan Gupta void handleServiceAddressPatch( 6488a07d286SRatan Gupta const std::vector<std::string>& serviceAddressList, 6498a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 6508a07d286SRatan Gupta const std::string& ldapServerElementName, 6518a07d286SRatan Gupta const std::string& ldapConfigObject) 6528a07d286SRatan Gupta { 6538a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 6548a07d286SRatan Gupta [asyncResp, ldapServerElementName, 6558a07d286SRatan Gupta serviceAddressList](const boost::system::error_code ec) { 6568a07d286SRatan Gupta if (ec) 6578a07d286SRatan Gupta { 6588a07d286SRatan Gupta BMCWEB_LOG_DEBUG 6598a07d286SRatan Gupta << "Error Occured in updating the service address"; 6608a07d286SRatan Gupta messages::internalError(asyncResp->res); 6618a07d286SRatan Gupta return; 6628a07d286SRatan Gupta } 6638a07d286SRatan Gupta std::vector<std::string> modifiedserviceAddressList = { 6648a07d286SRatan Gupta serviceAddressList.front()}; 6658a07d286SRatan Gupta asyncResp->res 6668a07d286SRatan Gupta .jsonValue[ldapServerElementName]["ServiceAddresses"] = 6678a07d286SRatan Gupta modifiedserviceAddressList; 6688a07d286SRatan Gupta if ((serviceAddressList).size() > 1) 6698a07d286SRatan Gupta { 6708a07d286SRatan Gupta messages::propertyValueModified(asyncResp->res, 6718a07d286SRatan Gupta "ServiceAddresses", 6728a07d286SRatan Gupta serviceAddressList.front()); 6738a07d286SRatan Gupta } 6748a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the service address"; 6758a07d286SRatan Gupta }, 6768a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 6778a07d286SRatan Gupta ldapConfigInterface, "LDAPServerURI", 6788a07d286SRatan Gupta std::variant<std::string>(serviceAddressList.front())); 6798a07d286SRatan Gupta } 6808a07d286SRatan Gupta /** 6818a07d286SRatan Gupta * @brief updates the LDAP Bind DN and updates the 6828a07d286SRatan Gupta json response with the new value. 6838a07d286SRatan Gupta * @param username name of the user which needs to be updated. 6848a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6858a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 6868a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 6878a07d286SRatan Gupta */ 6888a07d286SRatan Gupta 6898a07d286SRatan Gupta void handleUserNamePatch(const std::string& username, 6908a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 6918a07d286SRatan Gupta const std::string& ldapServerElementName, 6928a07d286SRatan Gupta const std::string& ldapConfigObject) 6938a07d286SRatan Gupta { 6948a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 6958a07d286SRatan Gupta [asyncResp, username, 6968a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 6978a07d286SRatan Gupta if (ec) 6988a07d286SRatan Gupta { 6998a07d286SRatan Gupta BMCWEB_LOG_DEBUG 7008a07d286SRatan Gupta << "Error occured in updating the username"; 7018a07d286SRatan Gupta messages::internalError(asyncResp->res); 7028a07d286SRatan Gupta return; 7038a07d286SRatan Gupta } 7048a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName] 7058a07d286SRatan Gupta ["Authentication"]["Username"] = 7068a07d286SRatan Gupta username; 7078a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the username"; 7088a07d286SRatan Gupta }, 7098a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7108a07d286SRatan Gupta ldapConfigInterface, "LDAPBindDN", 7118a07d286SRatan Gupta std::variant<std::string>(username)); 7128a07d286SRatan Gupta } 7138a07d286SRatan Gupta 7148a07d286SRatan Gupta /** 7158a07d286SRatan Gupta * @brief updates the LDAP password 7168a07d286SRatan Gupta * @param password : ldap password which needs to be updated. 7178a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7188a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7198a07d286SRatan Gupta * server(openLDAP/ActiveDirectory) 7208a07d286SRatan Gupta */ 7218a07d286SRatan Gupta 7228a07d286SRatan Gupta void handlePasswordPatch(const std::string& password, 7238a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 7248a07d286SRatan Gupta const std::string& ldapServerElementName, 7258a07d286SRatan Gupta const std::string& ldapConfigObject) 7268a07d286SRatan Gupta { 7278a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7288a07d286SRatan Gupta [asyncResp, password, 7298a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7308a07d286SRatan Gupta if (ec) 7318a07d286SRatan Gupta { 7328a07d286SRatan Gupta BMCWEB_LOG_DEBUG 7338a07d286SRatan Gupta << "Error occured in updating the password"; 7348a07d286SRatan Gupta messages::internalError(asyncResp->res); 7358a07d286SRatan Gupta return; 7368a07d286SRatan Gupta } 7378a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName] 7388a07d286SRatan Gupta ["Authentication"]["Password"] = ""; 7398a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the password"; 7408a07d286SRatan Gupta }, 7418a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7428a07d286SRatan Gupta ldapConfigInterface, "LDAPBindDNPassword", 7438a07d286SRatan Gupta std::variant<std::string>(password)); 7448a07d286SRatan Gupta } 7458a07d286SRatan Gupta 7468a07d286SRatan Gupta /** 7478a07d286SRatan Gupta * @brief updates the LDAP BaseDN and updates the 7488a07d286SRatan Gupta json response with the new value. 7498a07d286SRatan Gupta * @param baseDNList baseDN list which needs to be updated. 7508a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7518a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7528a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 7538a07d286SRatan Gupta */ 7548a07d286SRatan Gupta 7558a07d286SRatan Gupta void handleBaseDNPatch(const std::vector<std::string>& baseDNList, 7568a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 7578a07d286SRatan Gupta const std::string& ldapServerElementName, 7588a07d286SRatan Gupta const std::string& ldapConfigObject) 7598a07d286SRatan Gupta { 7608a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7618a07d286SRatan Gupta [asyncResp, baseDNList, 7628a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7638a07d286SRatan Gupta if (ec) 7648a07d286SRatan Gupta { 7658a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Error Occured in Updating the base DN"; 7668a07d286SRatan Gupta messages::internalError(asyncResp->res); 7678a07d286SRatan Gupta return; 7688a07d286SRatan Gupta } 7698a07d286SRatan Gupta auto& serverTypeJson = 7708a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 7718a07d286SRatan Gupta auto& searchSettingsJson = 7728a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 7738a07d286SRatan Gupta std::vector<std::string> modifiedBaseDNList = { 7748a07d286SRatan Gupta baseDNList.front()}; 7758a07d286SRatan Gupta searchSettingsJson["BaseDistinguishedNames"] = 7768a07d286SRatan Gupta modifiedBaseDNList; 7778a07d286SRatan Gupta if (baseDNList.size() > 1) 7788a07d286SRatan Gupta { 7798a07d286SRatan Gupta messages::propertyValueModified(asyncResp->res, 7808a07d286SRatan Gupta "BaseDistinguishedNames", 7818a07d286SRatan Gupta baseDNList.front()); 7828a07d286SRatan Gupta } 7838a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the base DN"; 7848a07d286SRatan Gupta }, 7858a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7868a07d286SRatan Gupta ldapConfigInterface, "LDAPBaseDN", 7878a07d286SRatan Gupta std::variant<std::string>(baseDNList.front())); 7888a07d286SRatan Gupta } 7898a07d286SRatan Gupta /** 7908a07d286SRatan Gupta * @brief updates the LDAP user name attribute and updates the 7918a07d286SRatan Gupta json response with the new value. 7928a07d286SRatan Gupta * @param userNameAttribute attribute to be updated. 7938a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7948a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7958a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 7968a07d286SRatan Gupta */ 7978a07d286SRatan Gupta 7988a07d286SRatan Gupta void handleUserNameAttrPatch(const std::string& userNameAttribute, 7998a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 8008a07d286SRatan Gupta const std::string& ldapServerElementName, 8018a07d286SRatan Gupta const std::string& ldapConfigObject) 8028a07d286SRatan Gupta { 8038a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8048a07d286SRatan Gupta [asyncResp, userNameAttribute, 8058a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8068a07d286SRatan Gupta if (ec) 8078a07d286SRatan Gupta { 8088a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Error Occured in Updating the " 8098a07d286SRatan Gupta "username attribute"; 8108a07d286SRatan Gupta messages::internalError(asyncResp->res); 8118a07d286SRatan Gupta return; 8128a07d286SRatan Gupta } 8138a07d286SRatan Gupta auto& serverTypeJson = 8148a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 8158a07d286SRatan Gupta auto& searchSettingsJson = 8168a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 8178a07d286SRatan Gupta searchSettingsJson["UsernameAttribute"] = userNameAttribute; 8188a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the user name attr."; 8198a07d286SRatan Gupta }, 8208a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 8218a07d286SRatan Gupta ldapConfigInterface, "UserNameAttribute", 8228a07d286SRatan Gupta std::variant<std::string>(userNameAttribute)); 8238a07d286SRatan Gupta } 8248a07d286SRatan Gupta /** 8258a07d286SRatan Gupta * @brief updates the LDAP group attribute and updates the 8268a07d286SRatan Gupta json response with the new value. 8278a07d286SRatan Gupta * @param groupsAttribute attribute to be updated. 8288a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 8298a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 8308a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 8318a07d286SRatan Gupta */ 8328a07d286SRatan Gupta 8338a07d286SRatan Gupta void handleGroupNameAttrPatch(const std::string& groupsAttribute, 8348a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 8358a07d286SRatan Gupta const std::string& ldapServerElementName, 8368a07d286SRatan Gupta const std::string& ldapConfigObject) 8378a07d286SRatan Gupta { 8388a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8398a07d286SRatan Gupta [asyncResp, groupsAttribute, 8408a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8418a07d286SRatan Gupta if (ec) 8428a07d286SRatan Gupta { 8438a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Error Occured in Updating the " 8448a07d286SRatan Gupta "groupname attribute"; 8458a07d286SRatan Gupta messages::internalError(asyncResp->res); 8468a07d286SRatan Gupta return; 8478a07d286SRatan Gupta } 8488a07d286SRatan Gupta auto& serverTypeJson = 8498a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 8508a07d286SRatan Gupta auto& searchSettingsJson = 8518a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 8528a07d286SRatan Gupta searchSettingsJson["GroupsAttribute"] = groupsAttribute; 8538a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the groupname attr"; 8548a07d286SRatan Gupta }, 8558a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 8568a07d286SRatan Gupta ldapConfigInterface, "GroupNameAttribute", 8578a07d286SRatan Gupta std::variant<std::string>(groupsAttribute)); 8588a07d286SRatan Gupta } 8598a07d286SRatan Gupta /** 8608a07d286SRatan Gupta * @brief updates the LDAP service enable and updates the 8618a07d286SRatan Gupta json response with the new value. 8628a07d286SRatan Gupta * @param input JSON data. 8638a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 8648a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 8658a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 8668a07d286SRatan Gupta */ 8678a07d286SRatan Gupta 8688a07d286SRatan Gupta void handleServiceEnablePatch(bool serviceEnabled, 8698a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 8708a07d286SRatan Gupta const std::string& ldapServerElementName, 8718a07d286SRatan Gupta const std::string& ldapConfigObject) 8728a07d286SRatan Gupta { 8738a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8748a07d286SRatan Gupta [asyncResp, serviceEnabled, 8758a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8768a07d286SRatan Gupta if (ec) 8778a07d286SRatan Gupta { 8788a07d286SRatan Gupta BMCWEB_LOG_DEBUG 8798a07d286SRatan Gupta << "Error Occured in Updating the service enable"; 8808a07d286SRatan Gupta messages::internalError(asyncResp->res); 8818a07d286SRatan Gupta return; 8828a07d286SRatan Gupta } 8838a07d286SRatan Gupta asyncResp->res 8848a07d286SRatan Gupta .jsonValue[ldapServerElementName]["ServiceEnabled"] = 8858a07d286SRatan Gupta serviceEnabled; 8868a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated Service enable = " 8878a07d286SRatan Gupta << serviceEnabled; 8888a07d286SRatan Gupta }, 8898a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 8908a07d286SRatan Gupta ldapEnableInterface, "Enabled", std::variant<bool>(serviceEnabled)); 8918a07d286SRatan Gupta } 8928a07d286SRatan Gupta 89378158631SZbigniew Kurzynski void handleAuthMethodsPatch(nlohmann::json& input, 89478158631SZbigniew Kurzynski const std::shared_ptr<AsyncResp>& asyncResp) 89578158631SZbigniew Kurzynski { 89678158631SZbigniew Kurzynski std::optional<bool> basicAuth; 89778158631SZbigniew Kurzynski std::optional<bool> cookie; 89878158631SZbigniew Kurzynski std::optional<bool> sessionToken; 89978158631SZbigniew Kurzynski std::optional<bool> xToken; 900501f1e58SZbigniew Kurzynski std::optional<bool> tls; 90178158631SZbigniew Kurzynski 90278158631SZbigniew Kurzynski if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth, 90378158631SZbigniew Kurzynski "Cookie", cookie, "SessionToken", sessionToken, 904501f1e58SZbigniew Kurzynski "XToken", xToken, "TLS", tls)) 90578158631SZbigniew Kurzynski { 90678158631SZbigniew Kurzynski BMCWEB_LOG_ERROR << "Cannot read values from AuthMethod tag"; 90778158631SZbigniew Kurzynski return; 90878158631SZbigniew Kurzynski } 90978158631SZbigniew Kurzynski 91078158631SZbigniew Kurzynski // Make a copy of methods configuration 91178158631SZbigniew Kurzynski crow::persistent_data::AuthConfigMethods authMethodsConfig = 91278158631SZbigniew Kurzynski crow::persistent_data::SessionStore::getInstance() 91378158631SZbigniew Kurzynski .getAuthMethodsConfig(); 91478158631SZbigniew Kurzynski 91578158631SZbigniew Kurzynski if (basicAuth) 91678158631SZbigniew Kurzynski { 91778158631SZbigniew Kurzynski authMethodsConfig.basic = *basicAuth; 91878158631SZbigniew Kurzynski } 91978158631SZbigniew Kurzynski 92078158631SZbigniew Kurzynski if (cookie) 92178158631SZbigniew Kurzynski { 92278158631SZbigniew Kurzynski authMethodsConfig.cookie = *cookie; 92378158631SZbigniew Kurzynski } 92478158631SZbigniew Kurzynski 92578158631SZbigniew Kurzynski if (sessionToken) 92678158631SZbigniew Kurzynski { 92778158631SZbigniew Kurzynski authMethodsConfig.sessionToken = *sessionToken; 92878158631SZbigniew Kurzynski } 92978158631SZbigniew Kurzynski 93078158631SZbigniew Kurzynski if (xToken) 93178158631SZbigniew Kurzynski { 93278158631SZbigniew Kurzynski authMethodsConfig.xtoken = *xToken; 93378158631SZbigniew Kurzynski } 93478158631SZbigniew Kurzynski 935501f1e58SZbigniew Kurzynski if (tls) 936501f1e58SZbigniew Kurzynski { 937501f1e58SZbigniew Kurzynski authMethodsConfig.tls = *tls; 938501f1e58SZbigniew Kurzynski } 939501f1e58SZbigniew Kurzynski 94078158631SZbigniew Kurzynski if (!authMethodsConfig.basic && !authMethodsConfig.cookie && 941501f1e58SZbigniew Kurzynski !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken && 942501f1e58SZbigniew Kurzynski !authMethodsConfig.tls) 94378158631SZbigniew Kurzynski { 94478158631SZbigniew Kurzynski // Do not allow user to disable everything 94578158631SZbigniew Kurzynski messages::actionNotSupported(asyncResp->res, 94678158631SZbigniew Kurzynski "of disabling all available methods"); 94778158631SZbigniew Kurzynski return; 94878158631SZbigniew Kurzynski } 94978158631SZbigniew Kurzynski 95078158631SZbigniew Kurzynski crow::persistent_data::SessionStore::getInstance() 95178158631SZbigniew Kurzynski .updateAuthMethodsConfig(authMethodsConfig); 95278158631SZbigniew Kurzynski // Save configuration immediately 95378158631SZbigniew Kurzynski app.template getMiddleware<crow::persistent_data::Middleware>() 95478158631SZbigniew Kurzynski .writeData(); 95578158631SZbigniew Kurzynski 95678158631SZbigniew Kurzynski messages::success(asyncResp->res); 95778158631SZbigniew Kurzynski } 95878158631SZbigniew Kurzynski 9598a07d286SRatan Gupta /** 9608a07d286SRatan Gupta * @brief Get the required values from the given JSON, validates the 9618a07d286SRatan Gupta * value and create the LDAP config object. 9628a07d286SRatan Gupta * @param input JSON data 9638a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 9648a07d286SRatan Gupta * @param serverType Type of LDAP server(openLDAP/ActiveDirectory) 9658a07d286SRatan Gupta */ 9668a07d286SRatan Gupta 9678a07d286SRatan Gupta void handleLDAPPatch(nlohmann::json& input, 9688a07d286SRatan Gupta const std::shared_ptr<AsyncResp>& asyncResp, 9698a07d286SRatan Gupta const crow::Request& req, 9708a07d286SRatan Gupta const std::vector<std::string>& params, 9718a07d286SRatan Gupta const std::string& serverType) 9728a07d286SRatan Gupta { 973eb2bbe56SRatan Gupta std::string dbusObjectPath; 974eb2bbe56SRatan Gupta if (serverType == "ActiveDirectory") 975eb2bbe56SRatan Gupta { 976eb2bbe56SRatan Gupta dbusObjectPath = ADConfigObject; 977eb2bbe56SRatan Gupta } 978eb2bbe56SRatan Gupta else if (serverType == "LDAP") 979eb2bbe56SRatan Gupta { 980eb2bbe56SRatan Gupta dbusObjectPath = ldapConfigObject; 981eb2bbe56SRatan Gupta } 982eb2bbe56SRatan Gupta 9838a07d286SRatan Gupta std::optional<nlohmann::json> authentication; 9848a07d286SRatan Gupta std::optional<nlohmann::json> ldapService; 9858a07d286SRatan Gupta std::optional<std::vector<std::string>> serviceAddressList; 9868a07d286SRatan Gupta std::optional<bool> serviceEnabled; 9878a07d286SRatan Gupta std::optional<std::vector<std::string>> baseDNList; 9888a07d286SRatan Gupta std::optional<std::string> userNameAttribute; 9898a07d286SRatan Gupta std::optional<std::string> groupsAttribute; 9908a07d286SRatan Gupta std::optional<std::string> userName; 9918a07d286SRatan Gupta std::optional<std::string> password; 99206785244SRatan Gupta std::optional<std::vector<nlohmann::json>> remoteRoleMapData; 9938a07d286SRatan Gupta 9948a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "Authentication", 9958a07d286SRatan Gupta authentication, "LDAPService", ldapService, 9968a07d286SRatan Gupta "ServiceAddresses", serviceAddressList, 99706785244SRatan Gupta "ServiceEnabled", serviceEnabled, 99806785244SRatan Gupta "RemoteRoleMapping", remoteRoleMapData)) 9998a07d286SRatan Gupta { 10008a07d286SRatan Gupta return; 10018a07d286SRatan Gupta } 10028a07d286SRatan Gupta 10038a07d286SRatan Gupta if (authentication) 10048a07d286SRatan Gupta { 10058a07d286SRatan Gupta parseLDAPAuthenticationJson(*authentication, asyncResp, userName, 10068a07d286SRatan Gupta password); 10078a07d286SRatan Gupta } 10088a07d286SRatan Gupta if (ldapService) 10098a07d286SRatan Gupta { 10108a07d286SRatan Gupta parseLDAPServiceJson(*ldapService, asyncResp, baseDNList, 10118a07d286SRatan Gupta userNameAttribute, groupsAttribute); 10128a07d286SRatan Gupta } 10138a07d286SRatan Gupta if (serviceAddressList) 10148a07d286SRatan Gupta { 10158a07d286SRatan Gupta if ((*serviceAddressList).size() == 0) 10168a07d286SRatan Gupta { 10178a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, "[]", 10188a07d286SRatan Gupta "ServiceAddress"); 10198a07d286SRatan Gupta return; 10208a07d286SRatan Gupta } 10218a07d286SRatan Gupta } 10228a07d286SRatan Gupta if (baseDNList) 10238a07d286SRatan Gupta { 10248a07d286SRatan Gupta if ((*baseDNList).size() == 0) 10258a07d286SRatan Gupta { 10268a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, "[]", 10278a07d286SRatan Gupta "BaseDistinguishedNames"); 10288a07d286SRatan Gupta return; 10298a07d286SRatan Gupta } 10308a07d286SRatan Gupta } 10318a07d286SRatan Gupta 10328a07d286SRatan Gupta // nothing to update, then return 10338a07d286SRatan Gupta if (!userName && !password && !serviceAddressList && !baseDNList && 103406785244SRatan Gupta !userNameAttribute && !groupsAttribute && !serviceEnabled && 103506785244SRatan Gupta !remoteRoleMapData) 10368a07d286SRatan Gupta { 10378a07d286SRatan Gupta return; 10388a07d286SRatan Gupta } 10398a07d286SRatan Gupta 10408a07d286SRatan Gupta // Get the existing resource first then keep modifying 10418a07d286SRatan Gupta // whenever any property gets updated. 1042ab828d7cSRatan Gupta getLDAPConfigData(serverType, [this, asyncResp, userName, password, 1043ab828d7cSRatan Gupta baseDNList, userNameAttribute, 1044ba9dd4a8SGunnar Mills groupsAttribute, serviceAddressList, 1045ba9dd4a8SGunnar Mills serviceEnabled, dbusObjectPath, 1046ba9dd4a8SGunnar Mills remoteRoleMapData]( 1047ab828d7cSRatan Gupta bool success, LDAPConfigData confData, 1048ab828d7cSRatan Gupta const std::string& serverType) { 10498a07d286SRatan Gupta if (!success) 10508a07d286SRatan Gupta { 10518a07d286SRatan Gupta messages::internalError(asyncResp->res); 10528a07d286SRatan Gupta return; 10538a07d286SRatan Gupta } 1054ab828d7cSRatan Gupta parseLDAPConfigData(asyncResp->res.jsonValue, confData, serverType); 10558a07d286SRatan Gupta if (confData.serviceEnabled) 10568a07d286SRatan Gupta { 10578a07d286SRatan Gupta // Disable the service first and update the rest of 10588a07d286SRatan Gupta // the properties. 10598a07d286SRatan Gupta handleServiceEnablePatch(false, asyncResp, serverType, 1060eb2bbe56SRatan Gupta dbusObjectPath); 10618a07d286SRatan Gupta } 10628a07d286SRatan Gupta 10638a07d286SRatan Gupta if (serviceAddressList) 10648a07d286SRatan Gupta { 10658a07d286SRatan Gupta handleServiceAddressPatch(*serviceAddressList, asyncResp, 1066eb2bbe56SRatan Gupta serverType, dbusObjectPath); 10678a07d286SRatan Gupta } 10688a07d286SRatan Gupta if (userName) 10698a07d286SRatan Gupta { 10708a07d286SRatan Gupta handleUserNamePatch(*userName, asyncResp, serverType, 1071eb2bbe56SRatan Gupta dbusObjectPath); 10728a07d286SRatan Gupta } 10738a07d286SRatan Gupta if (password) 10748a07d286SRatan Gupta { 10758a07d286SRatan Gupta handlePasswordPatch(*password, asyncResp, serverType, 1076eb2bbe56SRatan Gupta dbusObjectPath); 10778a07d286SRatan Gupta } 10788a07d286SRatan Gupta 10798a07d286SRatan Gupta if (baseDNList) 10808a07d286SRatan Gupta { 10818a07d286SRatan Gupta handleBaseDNPatch(*baseDNList, asyncResp, serverType, 1082eb2bbe56SRatan Gupta dbusObjectPath); 10838a07d286SRatan Gupta } 10848a07d286SRatan Gupta if (userNameAttribute) 10858a07d286SRatan Gupta { 10868a07d286SRatan Gupta handleUserNameAttrPatch(*userNameAttribute, asyncResp, 1087eb2bbe56SRatan Gupta serverType, dbusObjectPath); 10888a07d286SRatan Gupta } 10898a07d286SRatan Gupta if (groupsAttribute) 10908a07d286SRatan Gupta { 10918a07d286SRatan Gupta handleGroupNameAttrPatch(*groupsAttribute, asyncResp, 1092eb2bbe56SRatan Gupta serverType, dbusObjectPath); 10938a07d286SRatan Gupta } 10948a07d286SRatan Gupta if (serviceEnabled) 10958a07d286SRatan Gupta { 10968a07d286SRatan Gupta // if user has given the value as true then enable 10978a07d286SRatan Gupta // the service. if user has given false then no-op 10988a07d286SRatan Gupta // as service is already stopped. 10998a07d286SRatan Gupta if (*serviceEnabled) 11008a07d286SRatan Gupta { 11018a07d286SRatan Gupta handleServiceEnablePatch(*serviceEnabled, asyncResp, 1102eb2bbe56SRatan Gupta serverType, dbusObjectPath); 11038a07d286SRatan Gupta } 11048a07d286SRatan Gupta } 11058a07d286SRatan Gupta else 11068a07d286SRatan Gupta { 11078a07d286SRatan Gupta // if user has not given the service enabled value 11088a07d286SRatan Gupta // then revert it to the same state as it was 11098a07d286SRatan Gupta // before. 11108a07d286SRatan Gupta handleServiceEnablePatch(confData.serviceEnabled, asyncResp, 1111eb2bbe56SRatan Gupta serverType, dbusObjectPath); 11128a07d286SRatan Gupta } 111306785244SRatan Gupta 111406785244SRatan Gupta if (remoteRoleMapData) 111506785244SRatan Gupta { 111606785244SRatan Gupta std::vector<nlohmann::json> remoteRoleMap = 111706785244SRatan Gupta std::move(*remoteRoleMapData); 111806785244SRatan Gupta 111906785244SRatan Gupta handleRoleMapPatch(asyncResp, confData.groupRoleList, 112006785244SRatan Gupta serverType, remoteRoleMap); 112106785244SRatan Gupta } 11228a07d286SRatan Gupta }); 11238a07d286SRatan Gupta } 1124d4b5443fSEd Tanous 112555c7b7a2SEd Tanous void doGet(crow::Response& res, const crow::Request& req, 11261abe55efSEd Tanous const std::vector<std::string>& params) override 11271abe55efSEd Tanous { 112878158631SZbigniew Kurzynski const crow::persistent_data::AuthConfigMethods& authMethodsConfig = 112978158631SZbigniew Kurzynski crow::persistent_data::SessionStore::getInstance() 113078158631SZbigniew Kurzynski .getAuthMethodsConfig(); 113178158631SZbigniew Kurzynski 11323d958bbcSAppaRao Puli auto asyncResp = std::make_shared<AsyncResp>(res); 11333d958bbcSAppaRao Puli res.jsonValue = { 11343d958bbcSAppaRao Puli {"@odata.id", "/redfish/v1/AccountService"}, 11353d958bbcSAppaRao Puli {"@odata.type", "#AccountService." 1136ba9dd4a8SGunnar Mills "v1_5_0.AccountService"}, 11373d958bbcSAppaRao Puli {"Id", "AccountService"}, 11383d958bbcSAppaRao Puli {"Name", "Account Service"}, 11393d958bbcSAppaRao Puli {"Description", "Account Service"}, 11403d958bbcSAppaRao Puli {"ServiceEnabled", true}, 1141343ff2e1SAppaRao Puli {"MaxPasswordLength", 20}, 11423d958bbcSAppaRao Puli {"Accounts", 11433d958bbcSAppaRao Puli {{"@odata.id", "/redfish/v1/AccountService/Accounts"}}}, 114437cce918SMarri Devender Rao {"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}}, 114578158631SZbigniew Kurzynski {"Oem", 114678158631SZbigniew Kurzynski {{"OpenBMC", 114778158631SZbigniew Kurzynski {{"@odata.type", "#OemAccountService.v1_0_0.AccountService"}, 114878158631SZbigniew Kurzynski {"AuthMethods", 114978158631SZbigniew Kurzynski { 115078158631SZbigniew Kurzynski {"BasicAuth", authMethodsConfig.basic}, 115178158631SZbigniew Kurzynski {"SessionToken", authMethodsConfig.sessionToken}, 115278158631SZbigniew Kurzynski {"XToken", authMethodsConfig.xtoken}, 115378158631SZbigniew Kurzynski {"Cookie", authMethodsConfig.cookie}, 1154501f1e58SZbigniew Kurzynski {"TLS", authMethodsConfig.tls}, 115578158631SZbigniew Kurzynski }}}}}}, 115637cce918SMarri Devender Rao {"LDAP", 115737cce918SMarri Devender Rao {{"Certificates", 115837cce918SMarri Devender Rao {{"@odata.id", 115937cce918SMarri Devender Rao "/redfish/v1/AccountService/LDAP/Certificates"}}}}}}; 11603d958bbcSAppaRao Puli crow::connections::systemBus->async_method_call( 11613d958bbcSAppaRao Puli [asyncResp]( 11623d958bbcSAppaRao Puli const boost::system::error_code ec, 11633d958bbcSAppaRao Puli const std::vector<std::pair< 1164abf2add6SEd Tanous std::string, std::variant<uint32_t, uint16_t, uint8_t>>>& 11653d958bbcSAppaRao Puli propertiesList) { 11663d958bbcSAppaRao Puli if (ec) 11673d958bbcSAppaRao Puli { 11683d958bbcSAppaRao Puli messages::internalError(asyncResp->res); 11693d958bbcSAppaRao Puli return; 11703d958bbcSAppaRao Puli } 11713d958bbcSAppaRao Puli BMCWEB_LOG_DEBUG << "Got " << propertiesList.size() 11723d958bbcSAppaRao Puli << "properties for AccountService"; 11733d958bbcSAppaRao Puli for (const std::pair<std::string, 1174abf2add6SEd Tanous std::variant<uint32_t, uint16_t, uint8_t>>& 11753d958bbcSAppaRao Puli property : propertiesList) 11763d958bbcSAppaRao Puli { 11773d958bbcSAppaRao Puli if (property.first == "MinPasswordLength") 11783d958bbcSAppaRao Puli { 11793d958bbcSAppaRao Puli const uint8_t* value = 1180abf2add6SEd Tanous std::get_if<uint8_t>(&property.second); 11813d958bbcSAppaRao Puli if (value != nullptr) 11823d958bbcSAppaRao Puli { 11833d958bbcSAppaRao Puli asyncResp->res.jsonValue["MinPasswordLength"] = 11843d958bbcSAppaRao Puli *value; 11853d958bbcSAppaRao Puli } 11863d958bbcSAppaRao Puli } 11873d958bbcSAppaRao Puli if (property.first == "AccountUnlockTimeout") 11883d958bbcSAppaRao Puli { 11893d958bbcSAppaRao Puli const uint32_t* value = 1190abf2add6SEd Tanous std::get_if<uint32_t>(&property.second); 11913d958bbcSAppaRao Puli if (value != nullptr) 11923d958bbcSAppaRao Puli { 11933d958bbcSAppaRao Puli asyncResp->res.jsonValue["AccountLockoutDuration"] = 11943d958bbcSAppaRao Puli *value; 11953d958bbcSAppaRao Puli } 11963d958bbcSAppaRao Puli } 11973d958bbcSAppaRao Puli if (property.first == "MaxLoginAttemptBeforeLockout") 11983d958bbcSAppaRao Puli { 11993d958bbcSAppaRao Puli const uint16_t* value = 1200abf2add6SEd Tanous std::get_if<uint16_t>(&property.second); 12013d958bbcSAppaRao Puli if (value != nullptr) 12023d958bbcSAppaRao Puli { 12033d958bbcSAppaRao Puli asyncResp->res 12043d958bbcSAppaRao Puli .jsonValue["AccountLockoutThreshold"] = *value; 12053d958bbcSAppaRao Puli } 12063d958bbcSAppaRao Puli } 12073d958bbcSAppaRao Puli } 12083d958bbcSAppaRao Puli }, 12093d958bbcSAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 12103d958bbcSAppaRao Puli "org.freedesktop.DBus.Properties", "GetAll", 12113d958bbcSAppaRao Puli "xyz.openbmc_project.User.AccountPolicy"); 12126973a582SRatan Gupta 1213ab828d7cSRatan Gupta auto callback = [asyncResp](bool success, LDAPConfigData& confData, 1214ab828d7cSRatan Gupta const std::string& ldapType) { 1215ab828d7cSRatan Gupta parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType); 1216ab828d7cSRatan Gupta }; 1217ab828d7cSRatan Gupta 1218ab828d7cSRatan Gupta getLDAPConfigData("LDAP", callback); 1219ab828d7cSRatan Gupta getLDAPConfigData("ActiveDirectory", callback); 12203d958bbcSAppaRao Puli } 12216973a582SRatan Gupta 12223d958bbcSAppaRao Puli void doPatch(crow::Response& res, const crow::Request& req, 12233d958bbcSAppaRao Puli const std::vector<std::string>& params) override 12243d958bbcSAppaRao Puli { 12253d958bbcSAppaRao Puli auto asyncResp = std::make_shared<AsyncResp>(res); 12263d958bbcSAppaRao Puli 12273d958bbcSAppaRao Puli std::optional<uint32_t> unlockTimeout; 12283d958bbcSAppaRao Puli std::optional<uint16_t> lockoutThreshold; 122919fb6e71SRatan Gupta std::optional<uint16_t> minPasswordLength; 123019fb6e71SRatan Gupta std::optional<uint16_t> maxPasswordLength; 12318a07d286SRatan Gupta std::optional<nlohmann::json> ldapObject; 1232eb2bbe56SRatan Gupta std::optional<nlohmann::json> activeDirectoryObject; 123378158631SZbigniew Kurzynski std::optional<nlohmann::json> oemObject; 123419fb6e71SRatan Gupta 123578158631SZbigniew Kurzynski if (!json_util::readJson( 123678158631SZbigniew Kurzynski req, res, "AccountLockoutDuration", unlockTimeout, 123778158631SZbigniew Kurzynski "AccountLockoutThreshold", lockoutThreshold, 123878158631SZbigniew Kurzynski "MaxPasswordLength", maxPasswordLength, "MinPasswordLength", 123978158631SZbigniew Kurzynski minPasswordLength, "LDAP", ldapObject, "ActiveDirectory", 124078158631SZbigniew Kurzynski activeDirectoryObject, "Oem", oemObject)) 12413d958bbcSAppaRao Puli { 12423d958bbcSAppaRao Puli return; 12433d958bbcSAppaRao Puli } 124419fb6e71SRatan Gupta 124519fb6e71SRatan Gupta if (minPasswordLength) 124619fb6e71SRatan Gupta { 124719fb6e71SRatan Gupta messages::propertyNotWritable(asyncResp->res, "MinPasswordLength"); 124819fb6e71SRatan Gupta } 124919fb6e71SRatan Gupta 125019fb6e71SRatan Gupta if (maxPasswordLength) 125119fb6e71SRatan Gupta { 125219fb6e71SRatan Gupta messages::propertyNotWritable(asyncResp->res, "MaxPasswordLength"); 125319fb6e71SRatan Gupta } 125419fb6e71SRatan Gupta 12558a07d286SRatan Gupta if (ldapObject) 12568a07d286SRatan Gupta { 12578a07d286SRatan Gupta handleLDAPPatch(*ldapObject, asyncResp, req, params, "LDAP"); 12588a07d286SRatan Gupta } 12598a07d286SRatan Gupta 126078158631SZbigniew Kurzynski if (std::optional<nlohmann::json> oemOpenBMCObject; 126178158631SZbigniew Kurzynski oemObject && 126278158631SZbigniew Kurzynski json_util::readJson(*oemObject, res, "OpenBMC", oemOpenBMCObject)) 126378158631SZbigniew Kurzynski { 126478158631SZbigniew Kurzynski if (std::optional<nlohmann::json> authMethodsObject; 126578158631SZbigniew Kurzynski oemOpenBMCObject && 126678158631SZbigniew Kurzynski json_util::readJson(*oemOpenBMCObject, res, "AuthMethods", 126778158631SZbigniew Kurzynski authMethodsObject)) 126878158631SZbigniew Kurzynski { 126978158631SZbigniew Kurzynski if (authMethodsObject) 127078158631SZbigniew Kurzynski { 127178158631SZbigniew Kurzynski handleAuthMethodsPatch(*authMethodsObject, asyncResp); 127278158631SZbigniew Kurzynski } 127378158631SZbigniew Kurzynski } 127478158631SZbigniew Kurzynski } 127578158631SZbigniew Kurzynski 1276eb2bbe56SRatan Gupta if (activeDirectoryObject) 1277eb2bbe56SRatan Gupta { 1278eb2bbe56SRatan Gupta handleLDAPPatch(*activeDirectoryObject, asyncResp, req, params, 1279eb2bbe56SRatan Gupta "ActiveDirectory"); 1280eb2bbe56SRatan Gupta } 1281eb2bbe56SRatan Gupta 12823d958bbcSAppaRao Puli if (unlockTimeout) 12833d958bbcSAppaRao Puli { 12843d958bbcSAppaRao Puli crow::connections::systemBus->async_method_call( 12853d958bbcSAppaRao Puli [asyncResp](const boost::system::error_code ec) { 12863d958bbcSAppaRao Puli if (ec) 12873d958bbcSAppaRao Puli { 12883d958bbcSAppaRao Puli messages::internalError(asyncResp->res); 12893d958bbcSAppaRao Puli return; 12903d958bbcSAppaRao Puli } 1291add6133bSRatan Gupta messages::success(asyncResp->res); 12923d958bbcSAppaRao Puli }, 12933d958bbcSAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 12943d958bbcSAppaRao Puli "org.freedesktop.DBus.Properties", "Set", 12953d958bbcSAppaRao Puli "xyz.openbmc_project.User.AccountPolicy", 1296abf2add6SEd Tanous "AccountUnlockTimeout", std::variant<uint32_t>(*unlockTimeout)); 12973d958bbcSAppaRao Puli } 12983d958bbcSAppaRao Puli if (lockoutThreshold) 12993d958bbcSAppaRao Puli { 13003d958bbcSAppaRao Puli crow::connections::systemBus->async_method_call( 13013d958bbcSAppaRao Puli [asyncResp](const boost::system::error_code ec) { 13023d958bbcSAppaRao Puli if (ec) 13033d958bbcSAppaRao Puli { 13043d958bbcSAppaRao Puli messages::internalError(asyncResp->res); 13053d958bbcSAppaRao Puli return; 13063d958bbcSAppaRao Puli } 1307add6133bSRatan Gupta messages::success(asyncResp->res); 13083d958bbcSAppaRao Puli }, 13093d958bbcSAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 13103d958bbcSAppaRao Puli "org.freedesktop.DBus.Properties", "Set", 13113d958bbcSAppaRao Puli "xyz.openbmc_project.User.AccountPolicy", 13123d958bbcSAppaRao Puli "MaxLoginAttemptBeforeLockout", 1313abf2add6SEd Tanous std::variant<uint16_t>(*lockoutThreshold)); 13143d958bbcSAppaRao Puli } 131588d16c9aSLewanczyk, Dawid } 131678158631SZbigniew Kurzynski 131778158631SZbigniew Kurzynski CrowApp& app; 131888d16c9aSLewanczyk, Dawid }; 1319f00032dbSTanous 1320b9b2e0b2SEd Tanous class AccountsCollection : public Node 1321b9b2e0b2SEd Tanous { 1322b9b2e0b2SEd Tanous public: 1323b9b2e0b2SEd Tanous AccountsCollection(CrowApp& app) : 1324b9b2e0b2SEd Tanous Node(app, "/redfish/v1/AccountService/Accounts/") 1325b9b2e0b2SEd Tanous { 1326b9b2e0b2SEd Tanous entityPrivileges = { 1327f365910cSGunnar Mills // According to the PrivilegeRegistry, GET should actually be 1328f365910cSGunnar Mills // "Login". A "Login" only privilege would return an empty "Members" 1329f365910cSGunnar Mills // list. Not going to worry about this since none of the defined 1330f365910cSGunnar Mills // roles are just "Login". E.g. Readonly is {"Login", 1331f365910cSGunnar Mills // "ConfigureSelf"}. In the rare event anyone defines a role that 1332f365910cSGunnar Mills // has Login but not ConfigureSelf, implement this. 1333b9b2e0b2SEd Tanous {boost::beast::http::verb::get, 1334f365910cSGunnar Mills {{"ConfigureUsers"}, {"ConfigureSelf"}}}, 1335b9b2e0b2SEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 1336b9b2e0b2SEd Tanous {boost::beast::http::verb::patch, {{"ConfigureUsers"}}}, 1337b9b2e0b2SEd Tanous {boost::beast::http::verb::put, {{"ConfigureUsers"}}}, 1338b9b2e0b2SEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}}, 1339b9b2e0b2SEd Tanous {boost::beast::http::verb::post, {{"ConfigureUsers"}}}}; 1340b9b2e0b2SEd Tanous } 1341b9b2e0b2SEd Tanous 1342b9b2e0b2SEd Tanous private: 1343b9b2e0b2SEd Tanous void doGet(crow::Response& res, const crow::Request& req, 1344b9b2e0b2SEd Tanous const std::vector<std::string>& params) override 1345b9b2e0b2SEd Tanous { 1346b9b2e0b2SEd Tanous auto asyncResp = std::make_shared<AsyncResp>(res); 134794400960SGunnar Mills res.jsonValue = {{"@odata.id", "/redfish/v1/AccountService/Accounts"}, 13480f74e643SEd Tanous {"@odata.type", "#ManagerAccountCollection." 13490f74e643SEd Tanous "ManagerAccountCollection"}, 13500f74e643SEd Tanous {"Name", "Accounts Collection"}, 13510f74e643SEd Tanous {"Description", "BMC User Accounts"}}; 13520f74e643SEd Tanous 1353b9b2e0b2SEd Tanous crow::connections::systemBus->async_method_call( 1354f365910cSGunnar Mills [asyncResp, &req, this](const boost::system::error_code ec, 1355b9b2e0b2SEd Tanous const ManagedObjectType& users) { 1356b9b2e0b2SEd Tanous if (ec) 1357b9b2e0b2SEd Tanous { 1358f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1359b9b2e0b2SEd Tanous return; 1360b9b2e0b2SEd Tanous } 1361b9b2e0b2SEd Tanous 1362b9b2e0b2SEd Tanous nlohmann::json& memberArray = 1363b9b2e0b2SEd Tanous asyncResp->res.jsonValue["Members"]; 1364b9b2e0b2SEd Tanous memberArray = nlohmann::json::array(); 1365b9b2e0b2SEd Tanous 1366b9b2e0b2SEd Tanous for (auto& user : users) 1367b9b2e0b2SEd Tanous { 1368b9b2e0b2SEd Tanous const std::string& path = 1369b9b2e0b2SEd Tanous static_cast<const std::string&>(user.first); 1370b9b2e0b2SEd Tanous std::size_t lastIndex = path.rfind("/"); 1371b9b2e0b2SEd Tanous if (lastIndex == std::string::npos) 1372b9b2e0b2SEd Tanous { 1373b9b2e0b2SEd Tanous lastIndex = 0; 1374b9b2e0b2SEd Tanous } 1375b9b2e0b2SEd Tanous else 1376b9b2e0b2SEd Tanous { 1377b9b2e0b2SEd Tanous lastIndex += 1; 1378b9b2e0b2SEd Tanous } 1379f365910cSGunnar Mills 1380f365910cSGunnar Mills // As clarified by Redfish here: 1381f365910cSGunnar Mills // https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration 1382f365910cSGunnar Mills // Users without ConfigureUsers, only see their own account. 1383f365910cSGunnar Mills // Users with ConfigureUsers, see all accounts. 1384f365910cSGunnar Mills if (req.session->username == path.substr(lastIndex) || 1385f365910cSGunnar Mills isAllowedWithoutConfigureSelf(req)) 1386f365910cSGunnar Mills { 1387b9b2e0b2SEd Tanous memberArray.push_back( 1388f365910cSGunnar Mills {{"@odata.id", 1389f365910cSGunnar Mills "/redfish/v1/AccountService/Accounts/" + 1390b9b2e0b2SEd Tanous path.substr(lastIndex)}}); 1391b9b2e0b2SEd Tanous } 1392f365910cSGunnar Mills } 1393f365910cSGunnar Mills asyncResp->res.jsonValue["Members@odata.count"] = 1394f365910cSGunnar Mills memberArray.size(); 1395b9b2e0b2SEd Tanous }, 1396b9b2e0b2SEd Tanous "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1397b9b2e0b2SEd Tanous "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); 1398b9b2e0b2SEd Tanous } 139904ae99ecSEd Tanous void doPost(crow::Response& res, const crow::Request& req, 140004ae99ecSEd Tanous const std::vector<std::string>& params) override 140104ae99ecSEd Tanous { 140204ae99ecSEd Tanous auto asyncResp = std::make_shared<AsyncResp>(res); 140304ae99ecSEd Tanous 14049712f8acSEd Tanous std::string username; 14059712f8acSEd Tanous std::string password; 1406a24526dcSEd Tanous std::optional<std::string> roleId("User"); 1407a24526dcSEd Tanous std::optional<bool> enabled = true; 14089712f8acSEd Tanous if (!json_util::readJson(req, res, "UserName", username, "Password", 14099712f8acSEd Tanous password, "RoleId", roleId, "Enabled", 14109712f8acSEd Tanous enabled)) 141104ae99ecSEd Tanous { 141204ae99ecSEd Tanous return; 141304ae99ecSEd Tanous } 141404ae99ecSEd Tanous 141554fc587aSNagaraju Goruganti std::string priv = getPrivilegeFromRoleId(*roleId); 141684e12cb7SAppaRao Puli if (priv.empty()) 141704ae99ecSEd Tanous { 1418f12894f8SJason M. Bills messages::propertyValueNotInList(asyncResp->res, *roleId, "RoleId"); 141904ae99ecSEd Tanous return; 142004ae99ecSEd Tanous } 142196200606Sjayaprakash Mutyala // TODO: Following override will be reverted once support in 142296200606Sjayaprakash Mutyala // phosphor-user-manager is added. In order to avoid dependency issues, 142396200606Sjayaprakash Mutyala // this is added in bmcweb, which will removed, once 142496200606Sjayaprakash Mutyala // phosphor-user-manager supports priv-noaccess. 142596200606Sjayaprakash Mutyala if (priv == "priv-noaccess") 142696200606Sjayaprakash Mutyala { 142796200606Sjayaprakash Mutyala roleId = ""; 142896200606Sjayaprakash Mutyala } 142996200606Sjayaprakash Mutyala else 143096200606Sjayaprakash Mutyala { 14319712f8acSEd Tanous roleId = priv; 143296200606Sjayaprakash Mutyala } 143304ae99ecSEd Tanous 1434599c71d8SAyushi Smriti // Reading AllGroups property 1435599c71d8SAyushi Smriti crow::connections::systemBus->async_method_call( 1436599c71d8SAyushi Smriti [asyncResp, username, password{std::move(password)}, roleId, 1437599c71d8SAyushi Smriti enabled](const boost::system::error_code ec, 1438599c71d8SAyushi Smriti const std::variant<std::vector<std::string>>& allGroups) { 1439599c71d8SAyushi Smriti if (ec) 1440599c71d8SAyushi Smriti { 1441599c71d8SAyushi Smriti BMCWEB_LOG_DEBUG << "ERROR with async_method_call"; 1442599c71d8SAyushi Smriti messages::internalError(asyncResp->res); 1443599c71d8SAyushi Smriti return; 1444599c71d8SAyushi Smriti } 1445599c71d8SAyushi Smriti 1446599c71d8SAyushi Smriti const std::vector<std::string>* allGroupsList = 1447599c71d8SAyushi Smriti std::get_if<std::vector<std::string>>(&allGroups); 1448599c71d8SAyushi Smriti 1449599c71d8SAyushi Smriti if (allGroupsList == nullptr || allGroupsList->empty()) 1450599c71d8SAyushi Smriti { 1451599c71d8SAyushi Smriti messages::internalError(asyncResp->res); 1452599c71d8SAyushi Smriti return; 1453599c71d8SAyushi Smriti } 1454599c71d8SAyushi Smriti 145504ae99ecSEd Tanous crow::connections::systemBus->async_method_call( 14569712f8acSEd Tanous [asyncResp, username, password{std::move(password)}]( 14570d4197e0Sanil kumar appana const boost::system::error_code ec, 14580d4197e0Sanil kumar appana sdbusplus::message::message& m) { 145904ae99ecSEd Tanous if (ec) 146004ae99ecSEd Tanous { 14610d4197e0Sanil kumar appana userErrorMessageHandler(m.get_error(), asyncResp, 14620d4197e0Sanil kumar appana username, ""); 146304ae99ecSEd Tanous return; 146404ae99ecSEd Tanous } 146504ae99ecSEd Tanous 146666b5ca76Sjayaprakash Mutyala if (pamUpdatePassword(username, password) != 146766b5ca76Sjayaprakash Mutyala PAM_SUCCESS) 146804ae99ecSEd Tanous { 1469599c71d8SAyushi Smriti // At this point we have a user that's been created, 1470599c71d8SAyushi Smriti // but the password set failed.Something is wrong, 1471599c71d8SAyushi Smriti // so delete the user that we've already created 147204ae99ecSEd Tanous crow::connections::systemBus->async_method_call( 14730d4197e0Sanil kumar appana [asyncResp, 14740d4197e0Sanil kumar appana password](const boost::system::error_code ec) { 147504ae99ecSEd Tanous if (ec) 147604ae99ecSEd Tanous { 1477f12894f8SJason M. Bills messages::internalError(asyncResp->res); 147804ae99ecSEd Tanous return; 147904ae99ecSEd Tanous } 148004ae99ecSEd Tanous 14810d4197e0Sanil kumar appana // If password is invalid 14820d4197e0Sanil kumar appana messages::propertyValueFormatError( 14830d4197e0Sanil kumar appana asyncResp->res, password, "Password"); 148404ae99ecSEd Tanous }, 148504ae99ecSEd Tanous "xyz.openbmc_project.User.Manager", 148604ae99ecSEd Tanous "/xyz/openbmc_project/user/" + username, 148704ae99ecSEd Tanous "xyz.openbmc_project.Object.Delete", "Delete"); 148804ae99ecSEd Tanous 148904ae99ecSEd Tanous BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; 149004ae99ecSEd Tanous return; 149104ae99ecSEd Tanous } 149204ae99ecSEd Tanous 1493f12894f8SJason M. Bills messages::created(asyncResp->res); 149404ae99ecSEd Tanous asyncResp->res.addHeader( 149504ae99ecSEd Tanous "Location", 149604ae99ecSEd Tanous "/redfish/v1/AccountService/Accounts/" + username); 149704ae99ecSEd Tanous }, 1498599c71d8SAyushi Smriti "xyz.openbmc_project.User.Manager", 1499599c71d8SAyushi Smriti "/xyz/openbmc_project/user", 15009712f8acSEd Tanous "xyz.openbmc_project.User.Manager", "CreateUser", username, 1501599c71d8SAyushi Smriti *allGroupsList, *roleId, *enabled); 1502599c71d8SAyushi Smriti }, 1503599c71d8SAyushi Smriti "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1504599c71d8SAyushi Smriti "org.freedesktop.DBus.Properties", "Get", 1505599c71d8SAyushi Smriti "xyz.openbmc_project.User.Manager", "AllGroups"); 150604ae99ecSEd Tanous } 1507b9b2e0b2SEd Tanous }; 1508b9b2e0b2SEd Tanous 1509b9b2e0b2SEd Tanous class ManagerAccount : public Node 1510b9b2e0b2SEd Tanous { 1511b9b2e0b2SEd Tanous public: 1512b9b2e0b2SEd Tanous ManagerAccount(CrowApp& app) : 1513b9b2e0b2SEd Tanous Node(app, "/redfish/v1/AccountService/Accounts/<str>/", std::string()) 1514b9b2e0b2SEd Tanous { 1515b9b2e0b2SEd Tanous entityPrivileges = { 1516b9b2e0b2SEd Tanous {boost::beast::http::verb::get, 1517b9b2e0b2SEd Tanous {{"ConfigureUsers"}, {"ConfigureManager"}, {"ConfigureSelf"}}}, 1518b9b2e0b2SEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 1519900f9497SJoseph Reynolds {boost::beast::http::verb::patch, 1520900f9497SJoseph Reynolds {{"ConfigureUsers"}, {"ConfigureSelf"}}}, 1521b9b2e0b2SEd Tanous {boost::beast::http::verb::put, {{"ConfigureUsers"}}}, 1522b9b2e0b2SEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}}, 1523b9b2e0b2SEd Tanous {boost::beast::http::verb::post, {{"ConfigureUsers"}}}}; 1524b9b2e0b2SEd Tanous } 1525b9b2e0b2SEd Tanous 1526b9b2e0b2SEd Tanous private: 1527b9b2e0b2SEd Tanous void doGet(crow::Response& res, const crow::Request& req, 1528b9b2e0b2SEd Tanous const std::vector<std::string>& params) override 1529b9b2e0b2SEd Tanous { 1530b9b2e0b2SEd Tanous auto asyncResp = std::make_shared<AsyncResp>(res); 1531b9b2e0b2SEd Tanous 1532b9b2e0b2SEd Tanous if (params.size() != 1) 1533b9b2e0b2SEd Tanous { 1534f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1535b9b2e0b2SEd Tanous return; 1536b9b2e0b2SEd Tanous } 1537b9b2e0b2SEd Tanous 1538900f9497SJoseph Reynolds // Perform a proper ConfigureSelf authority check. If the 1539900f9497SJoseph Reynolds // user is operating on an account not their own, then their 1540900f9497SJoseph Reynolds // ConfigureSelf privilege does not apply. In this case, 1541900f9497SJoseph Reynolds // perform the authority check again without the user's 1542900f9497SJoseph Reynolds // ConfigureSelf privilege. 1543900f9497SJoseph Reynolds if (req.session->username != params[0]) 1544900f9497SJoseph Reynolds { 1545900f9497SJoseph Reynolds if (!isAllowedWithoutConfigureSelf(req)) 1546900f9497SJoseph Reynolds { 1547900f9497SJoseph Reynolds BMCWEB_LOG_DEBUG << "GET Account denied access"; 1548900f9497SJoseph Reynolds messages::insufficientPrivilege(asyncResp->res); 1549900f9497SJoseph Reynolds return; 1550900f9497SJoseph Reynolds } 1551900f9497SJoseph Reynolds } 1552900f9497SJoseph Reynolds 1553b9b2e0b2SEd Tanous crow::connections::systemBus->async_method_call( 1554b9b2e0b2SEd Tanous [asyncResp, accountName{std::string(params[0])}]( 1555b9b2e0b2SEd Tanous const boost::system::error_code ec, 1556b9b2e0b2SEd Tanous const ManagedObjectType& users) { 1557b9b2e0b2SEd Tanous if (ec) 1558b9b2e0b2SEd Tanous { 1559f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1560b9b2e0b2SEd Tanous return; 1561b9b2e0b2SEd Tanous } 156284e12cb7SAppaRao Puli auto userIt = users.begin(); 1563b9b2e0b2SEd Tanous 156484e12cb7SAppaRao Puli for (; userIt != users.end(); userIt++) 1565b9b2e0b2SEd Tanous { 156684e12cb7SAppaRao Puli if (boost::ends_with(userIt->first.str, "/" + accountName)) 1567b9b2e0b2SEd Tanous { 156884e12cb7SAppaRao Puli break; 1569b9b2e0b2SEd Tanous } 1570b9b2e0b2SEd Tanous } 157184e12cb7SAppaRao Puli if (userIt == users.end()) 1572b9b2e0b2SEd Tanous { 157384e12cb7SAppaRao Puli messages::resourceNotFound(asyncResp->res, "ManagerAccount", 157484e12cb7SAppaRao Puli accountName); 157584e12cb7SAppaRao Puli return; 157684e12cb7SAppaRao Puli } 15774e68c45bSAyushi Smriti 15784e68c45bSAyushi Smriti asyncResp->res.jsonValue = { 1579*8114bd4dSGunnar Mills {"@odata.type", "#ManagerAccount.v1_4_0.ManagerAccount"}, 15804e68c45bSAyushi Smriti {"Name", "User Account"}, 15814e68c45bSAyushi Smriti {"Description", "User Account"}, 1582*8114bd4dSGunnar Mills {"Password", nullptr}, 1583*8114bd4dSGunnar Mills {"AccountTypes", {"Redfish"}}}; 15844e68c45bSAyushi Smriti 158584e12cb7SAppaRao Puli for (const auto& interface : userIt->second) 158665b0dc32SEd Tanous { 158765b0dc32SEd Tanous if (interface.first == 158865b0dc32SEd Tanous "xyz.openbmc_project.User.Attributes") 158965b0dc32SEd Tanous { 159065b0dc32SEd Tanous for (const auto& property : interface.second) 159165b0dc32SEd Tanous { 159265b0dc32SEd Tanous if (property.first == "UserEnabled") 159365b0dc32SEd Tanous { 159465b0dc32SEd Tanous const bool* userEnabled = 1595abf2add6SEd Tanous std::get_if<bool>(&property.second); 159665b0dc32SEd Tanous if (userEnabled == nullptr) 159765b0dc32SEd Tanous { 159865b0dc32SEd Tanous BMCWEB_LOG_ERROR 159965b0dc32SEd Tanous << "UserEnabled wasn't a bool"; 160084e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 160184e12cb7SAppaRao Puli return; 160265b0dc32SEd Tanous } 160365b0dc32SEd Tanous asyncResp->res.jsonValue["Enabled"] = 160465b0dc32SEd Tanous *userEnabled; 160565b0dc32SEd Tanous } 160665b0dc32SEd Tanous else if (property.first == 160765b0dc32SEd Tanous "UserLockedForFailedAttempt") 160865b0dc32SEd Tanous { 160965b0dc32SEd Tanous const bool* userLocked = 1610abf2add6SEd Tanous std::get_if<bool>(&property.second); 161165b0dc32SEd Tanous if (userLocked == nullptr) 161265b0dc32SEd Tanous { 161384e12cb7SAppaRao Puli BMCWEB_LOG_ERROR << "UserLockedForF" 161484e12cb7SAppaRao Puli "ailedAttempt " 161584e12cb7SAppaRao Puli "wasn't a bool"; 161684e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 161784e12cb7SAppaRao Puli return; 161865b0dc32SEd Tanous } 161965b0dc32SEd Tanous asyncResp->res.jsonValue["Locked"] = 162065b0dc32SEd Tanous *userLocked; 162124c8542dSRatan Gupta asyncResp->res.jsonValue 162224c8542dSRatan Gupta ["Locked@Redfish.AllowableValues"] = { 16233bf4e632SJoseph Reynolds "false"}; // can only unlock accounts 162465b0dc32SEd Tanous } 162584e12cb7SAppaRao Puli else if (property.first == "UserPrivilege") 162684e12cb7SAppaRao Puli { 162754fc587aSNagaraju Goruganti const std::string* userPrivPtr = 1628abf2add6SEd Tanous std::get_if<std::string>(&property.second); 162954fc587aSNagaraju Goruganti if (userPrivPtr == nullptr) 163084e12cb7SAppaRao Puli { 163184e12cb7SAppaRao Puli BMCWEB_LOG_ERROR 163284e12cb7SAppaRao Puli << "UserPrivilege wasn't a " 163384e12cb7SAppaRao Puli "string"; 163484e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 163584e12cb7SAppaRao Puli return; 163684e12cb7SAppaRao Puli } 163754fc587aSNagaraju Goruganti std::string role = 163854fc587aSNagaraju Goruganti getRoleIdFromPrivilege(*userPrivPtr); 163954fc587aSNagaraju Goruganti if (role.empty()) 164084e12cb7SAppaRao Puli { 164184e12cb7SAppaRao Puli BMCWEB_LOG_ERROR << "Invalid user role"; 164284e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 164384e12cb7SAppaRao Puli return; 164484e12cb7SAppaRao Puli } 164554fc587aSNagaraju Goruganti asyncResp->res.jsonValue["RoleId"] = role; 164684e12cb7SAppaRao Puli 164784e12cb7SAppaRao Puli asyncResp->res.jsonValue["Links"]["Role"] = { 164884e12cb7SAppaRao Puli {"@odata.id", "/redfish/v1/AccountService/" 164984e12cb7SAppaRao Puli "Roles/" + 165054fc587aSNagaraju Goruganti role}}; 165184e12cb7SAppaRao Puli } 16523bf4e632SJoseph Reynolds else if (property.first == "UserPasswordExpired") 16533bf4e632SJoseph Reynolds { 16543bf4e632SJoseph Reynolds const bool* userPasswordExpired = 16553bf4e632SJoseph Reynolds std::get_if<bool>(&property.second); 16563bf4e632SJoseph Reynolds if (userPasswordExpired == nullptr) 16573bf4e632SJoseph Reynolds { 16583bf4e632SJoseph Reynolds BMCWEB_LOG_ERROR << "UserPassword" 16593bf4e632SJoseph Reynolds "Expired " 16603bf4e632SJoseph Reynolds "wasn't a bool"; 16613bf4e632SJoseph Reynolds messages::internalError(asyncResp->res); 16623bf4e632SJoseph Reynolds return; 16633bf4e632SJoseph Reynolds } 16643bf4e632SJoseph Reynolds asyncResp->res 16653bf4e632SJoseph Reynolds .jsonValue["PasswordChangeRequired"] = 16663bf4e632SJoseph Reynolds *userPasswordExpired; 16673bf4e632SJoseph Reynolds } 166865b0dc32SEd Tanous } 166965b0dc32SEd Tanous } 167065b0dc32SEd Tanous } 167165b0dc32SEd Tanous 1672b9b2e0b2SEd Tanous asyncResp->res.jsonValue["@odata.id"] = 167384e12cb7SAppaRao Puli "/redfish/v1/AccountService/Accounts/" + accountName; 1674b9b2e0b2SEd Tanous asyncResp->res.jsonValue["Id"] = accountName; 1675b9b2e0b2SEd Tanous asyncResp->res.jsonValue["UserName"] = accountName; 1676b9b2e0b2SEd Tanous }, 1677b9b2e0b2SEd Tanous "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1678b9b2e0b2SEd Tanous "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); 1679b9b2e0b2SEd Tanous } 1680a840879dSEd Tanous 1681a840879dSEd Tanous void doPatch(crow::Response& res, const crow::Request& req, 1682a840879dSEd Tanous const std::vector<std::string>& params) override 1683a840879dSEd Tanous { 1684a840879dSEd Tanous auto asyncResp = std::make_shared<AsyncResp>(res); 1685a840879dSEd Tanous if (params.size() != 1) 1686a840879dSEd Tanous { 1687f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1688a840879dSEd Tanous return; 1689a840879dSEd Tanous } 1690a840879dSEd Tanous 1691a24526dcSEd Tanous std::optional<std::string> newUserName; 1692a24526dcSEd Tanous std::optional<std::string> password; 1693a24526dcSEd Tanous std::optional<bool> enabled; 1694a24526dcSEd Tanous std::optional<std::string> roleId; 169524c8542dSRatan Gupta std::optional<bool> locked; 169684e12cb7SAppaRao Puli if (!json_util::readJson(req, res, "UserName", newUserName, "Password", 169724c8542dSRatan Gupta password, "RoleId", roleId, "Enabled", enabled, 169824c8542dSRatan Gupta "Locked", locked)) 1699a840879dSEd Tanous { 1700a840879dSEd Tanous return; 1701a840879dSEd Tanous } 1702a840879dSEd Tanous 170384e12cb7SAppaRao Puli const std::string& username = params[0]; 170484e12cb7SAppaRao Puli 1705900f9497SJoseph Reynolds // Perform a proper ConfigureSelf authority check. If the 1706900f9497SJoseph Reynolds // session is being used to PATCH a property other than 1707900f9497SJoseph Reynolds // Password, then the ConfigureSelf privilege does not apply. 1708900f9497SJoseph Reynolds // If the user is operating on an account not their own, then 1709900f9497SJoseph Reynolds // their ConfigureSelf privilege does not apply. In either 1710900f9497SJoseph Reynolds // case, perform the authority check again without the user's 1711900f9497SJoseph Reynolds // ConfigureSelf privilege. 1712900f9497SJoseph Reynolds if ((username != req.session->username) || 1713900f9497SJoseph Reynolds (newUserName || enabled || roleId || locked)) 1714900f9497SJoseph Reynolds { 1715900f9497SJoseph Reynolds if (!isAllowedWithoutConfigureSelf(req)) 1716900f9497SJoseph Reynolds { 1717900f9497SJoseph Reynolds BMCWEB_LOG_WARNING << "PATCH Password denied access"; 1718900f9497SJoseph Reynolds asyncResp->res.clear(); 1719900f9497SJoseph Reynolds messages::insufficientPrivilege(asyncResp->res); 1720900f9497SJoseph Reynolds return; 1721900f9497SJoseph Reynolds } 1722900f9497SJoseph Reynolds } 1723900f9497SJoseph Reynolds 172466b5ca76Sjayaprakash Mutyala // if user name is not provided in the patch method or if it 172566b5ca76Sjayaprakash Mutyala // matches the user name in the URI, then we are treating it as updating 172666b5ca76Sjayaprakash Mutyala // user properties other then username. If username provided doesn't 172766b5ca76Sjayaprakash Mutyala // match the URI, then we are treating this as user rename request. 172866b5ca76Sjayaprakash Mutyala if (!newUserName || (newUserName.value() == username)) 1729a840879dSEd Tanous { 173024c8542dSRatan Gupta updateUserProperties(asyncResp, username, password, enabled, roleId, 173124c8542dSRatan Gupta locked); 173284e12cb7SAppaRao Puli return; 173384e12cb7SAppaRao Puli } 173484e12cb7SAppaRao Puli else 173584e12cb7SAppaRao Puli { 173684e12cb7SAppaRao Puli crow::connections::systemBus->async_method_call( 173784e12cb7SAppaRao Puli [this, asyncResp, username, password(std::move(password)), 173884e12cb7SAppaRao Puli roleId(std::move(roleId)), enabled(std::move(enabled)), 173966b5ca76Sjayaprakash Mutyala newUser{std::string(*newUserName)}, 174066b5ca76Sjayaprakash Mutyala locked(std::move(locked))](const boost::system::error_code ec, 174166b5ca76Sjayaprakash Mutyala sdbusplus::message::message& m) { 174284e12cb7SAppaRao Puli if (ec) 174384e12cb7SAppaRao Puli { 174466b5ca76Sjayaprakash Mutyala userErrorMessageHandler(m.get_error(), asyncResp, 174566b5ca76Sjayaprakash Mutyala newUser, username); 1746a840879dSEd Tanous return; 1747a840879dSEd Tanous } 1748a840879dSEd Tanous 174984e12cb7SAppaRao Puli updateUserProperties(asyncResp, newUser, password, enabled, 175024c8542dSRatan Gupta roleId, locked); 175184e12cb7SAppaRao Puli }, 175284e12cb7SAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 175384e12cb7SAppaRao Puli "xyz.openbmc_project.User.Manager", "RenameUser", username, 175484e12cb7SAppaRao Puli *newUserName); 175584e12cb7SAppaRao Puli } 175684e12cb7SAppaRao Puli } 175784e12cb7SAppaRao Puli 175884e12cb7SAppaRao Puli void updateUserProperties(std::shared_ptr<AsyncResp> asyncResp, 175984e12cb7SAppaRao Puli const std::string& username, 1760a24526dcSEd Tanous std::optional<std::string> password, 1761a24526dcSEd Tanous std::optional<bool> enabled, 176224c8542dSRatan Gupta std::optional<std::string> roleId, 176324c8542dSRatan Gupta std::optional<bool> locked) 176484e12cb7SAppaRao Puli { 176524c8542dSRatan Gupta std::string dbusObjectPath = "/xyz/openbmc_project/user/" + username; 176624c8542dSRatan Gupta dbus::utility::escapePathForDbus(dbusObjectPath); 176724c8542dSRatan Gupta 176822c33710SRatan Gupta dbus::utility::checkDbusPathExists( 176924c8542dSRatan Gupta dbusObjectPath, 177024c8542dSRatan Gupta [dbusObjectPath(std::move(dbusObjectPath)), username, 177124c8542dSRatan Gupta password(std::move(password)), roleId(std::move(roleId)), 177224c8542dSRatan Gupta enabled(std::move(enabled)), locked(std::move(locked)), 177324c8542dSRatan Gupta asyncResp{std::move(asyncResp)}](int rc) { 177424c8542dSRatan Gupta if (!rc) 177524c8542dSRatan Gupta { 177666b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 1777*8114bd4dSGunnar Mills asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", 177866b5ca76Sjayaprakash Mutyala username); 177924c8542dSRatan Gupta return; 178024c8542dSRatan Gupta } 178166b5ca76Sjayaprakash Mutyala 178266b5ca76Sjayaprakash Mutyala if (password) 178366b5ca76Sjayaprakash Mutyala { 178466b5ca76Sjayaprakash Mutyala int retval = pamUpdatePassword(username, *password); 178566b5ca76Sjayaprakash Mutyala 178666b5ca76Sjayaprakash Mutyala if (retval == PAM_USER_UNKNOWN) 178766b5ca76Sjayaprakash Mutyala { 178866b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 178966b5ca76Sjayaprakash Mutyala asyncResp->res, 1790*8114bd4dSGunnar Mills "#ManagerAccount.v1_4_0.ManagerAccount", username); 179166b5ca76Sjayaprakash Mutyala } 179266b5ca76Sjayaprakash Mutyala else if (retval == PAM_AUTHTOK_ERR) 179366b5ca76Sjayaprakash Mutyala { 179466b5ca76Sjayaprakash Mutyala // If password is invalid 179566b5ca76Sjayaprakash Mutyala messages::propertyValueFormatError( 179666b5ca76Sjayaprakash Mutyala asyncResp->res, *password, "Password"); 179766b5ca76Sjayaprakash Mutyala BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; 179866b5ca76Sjayaprakash Mutyala } 179966b5ca76Sjayaprakash Mutyala else if (retval != PAM_SUCCESS) 180066b5ca76Sjayaprakash Mutyala { 180166b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 180266b5ca76Sjayaprakash Mutyala return; 180366b5ca76Sjayaprakash Mutyala } 180466b5ca76Sjayaprakash Mutyala } 180566b5ca76Sjayaprakash Mutyala 18069712f8acSEd Tanous if (enabled) 1807a840879dSEd Tanous { 1808a840879dSEd Tanous crow::connections::systemBus->async_method_call( 1809a840879dSEd Tanous [asyncResp](const boost::system::error_code ec) { 1810a840879dSEd Tanous if (ec) 1811a840879dSEd Tanous { 181224c8542dSRatan Gupta BMCWEB_LOG_ERROR << "D-Bus responses error: " 181324c8542dSRatan Gupta << ec; 1814f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1815a840879dSEd Tanous return; 1816a840879dSEd Tanous } 181784e12cb7SAppaRao Puli messages::success(asyncResp->res); 181884e12cb7SAppaRao Puli return; 181984e12cb7SAppaRao Puli }, 182084e12cb7SAppaRao Puli "xyz.openbmc_project.User.Manager", 182124c8542dSRatan Gupta dbusObjectPath.c_str(), 182284e12cb7SAppaRao Puli "org.freedesktop.DBus.Properties", "Set", 182384e12cb7SAppaRao Puli "xyz.openbmc_project.User.Attributes", "UserEnabled", 1824abf2add6SEd Tanous std::variant<bool>{*enabled}); 182584e12cb7SAppaRao Puli } 182684e12cb7SAppaRao Puli 182784e12cb7SAppaRao Puli if (roleId) 182884e12cb7SAppaRao Puli { 182954fc587aSNagaraju Goruganti std::string priv = getPrivilegeFromRoleId(*roleId); 183084e12cb7SAppaRao Puli if (priv.empty()) 183184e12cb7SAppaRao Puli { 183224c8542dSRatan Gupta messages::propertyValueNotInList(asyncResp->res, 183324c8542dSRatan Gupta *roleId, "RoleId"); 183484e12cb7SAppaRao Puli return; 183584e12cb7SAppaRao Puli } 183696200606Sjayaprakash Mutyala if (priv == "priv-noaccess") 183796200606Sjayaprakash Mutyala { 183896200606Sjayaprakash Mutyala priv = ""; 183996200606Sjayaprakash Mutyala } 184084e12cb7SAppaRao Puli 184184e12cb7SAppaRao Puli crow::connections::systemBus->async_method_call( 184284e12cb7SAppaRao Puli [asyncResp](const boost::system::error_code ec) { 184384e12cb7SAppaRao Puli if (ec) 184484e12cb7SAppaRao Puli { 184524c8542dSRatan Gupta BMCWEB_LOG_ERROR << "D-Bus responses error: " 184624c8542dSRatan Gupta << ec; 184784e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 184884e12cb7SAppaRao Puli return; 184984e12cb7SAppaRao Puli } 1850f12894f8SJason M. Bills messages::success(asyncResp->res); 1851a840879dSEd Tanous }, 1852a840879dSEd Tanous "xyz.openbmc_project.User.Manager", 185324c8542dSRatan Gupta dbusObjectPath.c_str(), 1854a840879dSEd Tanous "org.freedesktop.DBus.Properties", "Set", 185584e12cb7SAppaRao Puli "xyz.openbmc_project.User.Attributes", "UserPrivilege", 1856abf2add6SEd Tanous std::variant<std::string>{priv}); 1857a840879dSEd Tanous } 185824c8542dSRatan Gupta 185924c8542dSRatan Gupta if (locked) 186024c8542dSRatan Gupta { 186124c8542dSRatan Gupta // admin can unlock the account which is locked by 186254fc587aSNagaraju Goruganti // successive authentication failures but admin should 186354fc587aSNagaraju Goruganti // not be allowed to lock an account. 186424c8542dSRatan Gupta if (*locked) 186524c8542dSRatan Gupta { 186624c8542dSRatan Gupta messages::propertyValueNotInList(asyncResp->res, "true", 186724c8542dSRatan Gupta "Locked"); 186824c8542dSRatan Gupta return; 186924c8542dSRatan Gupta } 187024c8542dSRatan Gupta 187124c8542dSRatan Gupta crow::connections::systemBus->async_method_call( 187224c8542dSRatan Gupta [asyncResp](const boost::system::error_code ec) { 187324c8542dSRatan Gupta if (ec) 187424c8542dSRatan Gupta { 187524c8542dSRatan Gupta BMCWEB_LOG_ERROR << "D-Bus responses error: " 187624c8542dSRatan Gupta << ec; 187724c8542dSRatan Gupta messages::internalError(asyncResp->res); 187824c8542dSRatan Gupta return; 187924c8542dSRatan Gupta } 188024c8542dSRatan Gupta messages::success(asyncResp->res); 188124c8542dSRatan Gupta return; 188224c8542dSRatan Gupta }, 188324c8542dSRatan Gupta "xyz.openbmc_project.User.Manager", 188424c8542dSRatan Gupta dbusObjectPath.c_str(), 188524c8542dSRatan Gupta "org.freedesktop.DBus.Properties", "Set", 188624c8542dSRatan Gupta "xyz.openbmc_project.User.Attributes", 188724c8542dSRatan Gupta "UserLockedForFailedAttempt", 188819bd78d9SPatrick Williams std::variant<bool>{*locked}); 188924c8542dSRatan Gupta } 189024c8542dSRatan Gupta }); 1891a840879dSEd Tanous } 189206e086d9SEd Tanous 189306e086d9SEd Tanous void doDelete(crow::Response& res, const crow::Request& req, 189406e086d9SEd Tanous const std::vector<std::string>& params) override 189506e086d9SEd Tanous { 189606e086d9SEd Tanous auto asyncResp = std::make_shared<AsyncResp>(res); 189706e086d9SEd Tanous 189806e086d9SEd Tanous if (params.size() != 1) 189906e086d9SEd Tanous { 1900f12894f8SJason M. Bills messages::internalError(asyncResp->res); 190106e086d9SEd Tanous return; 190206e086d9SEd Tanous } 190306e086d9SEd Tanous 190406e086d9SEd Tanous const std::string userPath = "/xyz/openbmc_project/user/" + params[0]; 190506e086d9SEd Tanous 190606e086d9SEd Tanous crow::connections::systemBus->async_method_call( 190706e086d9SEd Tanous [asyncResp, username{std::move(params[0])}]( 190806e086d9SEd Tanous const boost::system::error_code ec) { 190906e086d9SEd Tanous if (ec) 191006e086d9SEd Tanous { 191106e086d9SEd Tanous messages::resourceNotFound( 1912*8114bd4dSGunnar Mills asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", 1913f12894f8SJason M. Bills username); 191406e086d9SEd Tanous return; 191506e086d9SEd Tanous } 191606e086d9SEd Tanous 1917f12894f8SJason M. Bills messages::accountRemoved(asyncResp->res); 191806e086d9SEd Tanous }, 191906e086d9SEd Tanous "xyz.openbmc_project.User.Manager", userPath, 192006e086d9SEd Tanous "xyz.openbmc_project.Object.Delete", "Delete"); 192106e086d9SEd Tanous } 192284e12cb7SAppaRao Puli }; 192388d16c9aSLewanczyk, Dawid 192488d16c9aSLewanczyk, Dawid } // namespace redfish 1925