188d16c9aSLewanczyk, Dawid /* 288d16c9aSLewanczyk, Dawid // Copyright (c) 2018 Intel Corporation 388d16c9aSLewanczyk, Dawid // 488d16c9aSLewanczyk, Dawid // Licensed under the Apache License, Version 2.0 (the "License"); 588d16c9aSLewanczyk, Dawid // you may not use this file except in compliance with the License. 688d16c9aSLewanczyk, Dawid // You may obtain a copy of the License at 788d16c9aSLewanczyk, Dawid // 888d16c9aSLewanczyk, Dawid // http://www.apache.org/licenses/LICENSE-2.0 988d16c9aSLewanczyk, Dawid // 1088d16c9aSLewanczyk, Dawid // Unless required by applicable law or agreed to in writing, software 1188d16c9aSLewanczyk, Dawid // distributed under the License is distributed on an "AS IS" BASIS, 1288d16c9aSLewanczyk, Dawid // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1388d16c9aSLewanczyk, Dawid // See the License for the specific language governing permissions and 1488d16c9aSLewanczyk, Dawid // limitations under the License. 1588d16c9aSLewanczyk, Dawid */ 1688d16c9aSLewanczyk, Dawid #pragma once 1788d16c9aSLewanczyk, Dawid #include "node.hpp" 1888d16c9aSLewanczyk, Dawid 1924c8542dSRatan Gupta #include <dbus_utility.hpp> 2065b0dc32SEd Tanous #include <error_messages.hpp> 21b9b2e0b2SEd Tanous #include <openbmc_dbus_rest.hpp> 2252cc112dSEd Tanous #include <persistent_data.hpp> 23a840879dSEd Tanous #include <utils/json_utils.hpp> 241214b7e7SGunnar Mills 25abf2add6SEd Tanous #include <variant> 26b9b2e0b2SEd Tanous 271abe55efSEd Tanous namespace redfish 281abe55efSEd Tanous { 2988d16c9aSLewanczyk, Dawid 3023a21a1cSEd Tanous constexpr const char* ldapConfigObjectName = 316973a582SRatan Gupta "/xyz/openbmc_project/user/ldap/openldap"; 322c70f800SEd Tanous constexpr const char* adConfigObject = 33ab828d7cSRatan Gupta "/xyz/openbmc_project/user/ldap/active_directory"; 34ab828d7cSRatan Gupta 356973a582SRatan Gupta constexpr const char* ldapRootObject = "/xyz/openbmc_project/user/ldap"; 366973a582SRatan Gupta constexpr const char* ldapDbusService = "xyz.openbmc_project.Ldap.Config"; 376973a582SRatan Gupta constexpr const char* ldapConfigInterface = 386973a582SRatan Gupta "xyz.openbmc_project.User.Ldap.Config"; 396973a582SRatan Gupta constexpr const char* ldapCreateInterface = 406973a582SRatan Gupta "xyz.openbmc_project.User.Ldap.Create"; 416973a582SRatan Gupta constexpr const char* ldapEnableInterface = "xyz.openbmc_project.Object.Enable"; 4206785244SRatan Gupta constexpr const char* ldapPrivMapperInterface = 4306785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapper"; 446973a582SRatan Gupta constexpr const char* dbusObjManagerIntf = "org.freedesktop.DBus.ObjectManager"; 456973a582SRatan Gupta constexpr const char* propertyInterface = "org.freedesktop.DBus.Properties"; 466973a582SRatan Gupta constexpr const char* mapperBusName = "xyz.openbmc_project.ObjectMapper"; 476973a582SRatan Gupta constexpr const char* mapperObjectPath = "/xyz/openbmc_project/object_mapper"; 486973a582SRatan Gupta constexpr const char* mapperIntf = "xyz.openbmc_project.ObjectMapper"; 496973a582SRatan Gupta 5054fc587aSNagaraju Goruganti struct LDAPRoleMapData 5154fc587aSNagaraju Goruganti { 5254fc587aSNagaraju Goruganti std::string groupName; 5354fc587aSNagaraju Goruganti std::string privilege; 5454fc587aSNagaraju Goruganti }; 5554fc587aSNagaraju Goruganti 566973a582SRatan Gupta struct LDAPConfigData 576973a582SRatan Gupta { 586973a582SRatan Gupta std::string uri{}; 596973a582SRatan Gupta std::string bindDN{}; 606973a582SRatan Gupta std::string baseDN{}; 616973a582SRatan Gupta std::string searchScope{}; 626973a582SRatan Gupta std::string serverType{}; 636973a582SRatan Gupta bool serviceEnabled = false; 646973a582SRatan Gupta std::string userNameAttribute{}; 656973a582SRatan Gupta std::string groupAttribute{}; 6654fc587aSNagaraju Goruganti std::vector<std::pair<std::string, LDAPRoleMapData>> groupRoleList; 676973a582SRatan Gupta }; 686973a582SRatan Gupta 6919bd78d9SPatrick Williams using DbusVariantType = std::variant<bool, int32_t, std::string>; 70107077deSPrzemyslaw Czarnowski 71107077deSPrzemyslaw Czarnowski using DbusInterfaceType = boost::container::flat_map< 72107077deSPrzemyslaw Czarnowski std::string, boost::container::flat_map<std::string, DbusVariantType>>; 73107077deSPrzemyslaw Czarnowski 74107077deSPrzemyslaw Czarnowski using ManagedObjectType = 75107077deSPrzemyslaw Czarnowski std::vector<std::pair<sdbusplus::message::object_path, DbusInterfaceType>>; 76107077deSPrzemyslaw Czarnowski 776973a582SRatan Gupta using GetObjectType = 786973a582SRatan Gupta std::vector<std::pair<std::string, std::vector<std::string>>>; 7984e12cb7SAppaRao Puli 8054fc587aSNagaraju Goruganti inline std::string getRoleIdFromPrivilege(std::string_view role) 8184e12cb7SAppaRao Puli { 8284e12cb7SAppaRao Puli if (role == "priv-admin") 8384e12cb7SAppaRao Puli { 8484e12cb7SAppaRao Puli return "Administrator"; 8584e12cb7SAppaRao Puli } 863174e4dfSEd Tanous if (role == "priv-user") 8784e12cb7SAppaRao Puli { 88c80fee55SAppaRao Puli return "ReadOnly"; 8984e12cb7SAppaRao Puli } 903174e4dfSEd Tanous if (role == "priv-operator") 9184e12cb7SAppaRao Puli { 9284e12cb7SAppaRao Puli return "Operator"; 9384e12cb7SAppaRao Puli } 943174e4dfSEd Tanous if ((role == "") || (role == "priv-noaccess")) 95e9e6d240Sjayaprakash Mutyala { 96e9e6d240Sjayaprakash Mutyala return "NoAccess"; 97e9e6d240Sjayaprakash Mutyala } 9884e12cb7SAppaRao Puli return ""; 9984e12cb7SAppaRao Puli } 10054fc587aSNagaraju Goruganti inline std::string getPrivilegeFromRoleId(std::string_view role) 10184e12cb7SAppaRao Puli { 10284e12cb7SAppaRao Puli if (role == "Administrator") 10384e12cb7SAppaRao Puli { 10484e12cb7SAppaRao Puli return "priv-admin"; 10584e12cb7SAppaRao Puli } 1063174e4dfSEd Tanous if (role == "ReadOnly") 10784e12cb7SAppaRao Puli { 10884e12cb7SAppaRao Puli return "priv-user"; 10984e12cb7SAppaRao Puli } 1103174e4dfSEd Tanous if (role == "Operator") 11184e12cb7SAppaRao Puli { 11284e12cb7SAppaRao Puli return "priv-operator"; 11384e12cb7SAppaRao Puli } 1143174e4dfSEd Tanous if ((role == "NoAccess") || (role == "")) 115e9e6d240Sjayaprakash Mutyala { 116e9e6d240Sjayaprakash Mutyala return "priv-noaccess"; 117e9e6d240Sjayaprakash Mutyala } 11884e12cb7SAppaRao Puli return ""; 11984e12cb7SAppaRao Puli } 120b9b2e0b2SEd Tanous 121*8d1b46d7Szhanghch05 inline void userErrorMessageHandler( 122*8d1b46d7Szhanghch05 const sd_bus_error* e, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 123*8d1b46d7Szhanghch05 const std::string& newUser, const std::string& username) 12466b5ca76Sjayaprakash Mutyala { 12566b5ca76Sjayaprakash Mutyala if (e == nullptr) 12666b5ca76Sjayaprakash Mutyala { 12766b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 12866b5ca76Sjayaprakash Mutyala return; 12966b5ca76Sjayaprakash Mutyala } 13066b5ca76Sjayaprakash Mutyala 131055806b3SManojkiran Eda const char* errorMessage = e->name; 13266b5ca76Sjayaprakash Mutyala if (strcmp(errorMessage, 13366b5ca76Sjayaprakash Mutyala "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0) 13466b5ca76Sjayaprakash Mutyala { 13566b5ca76Sjayaprakash Mutyala messages::resourceAlreadyExists(asyncResp->res, 1368114bd4dSGunnar Mills "#ManagerAccount.v1_4_0.ManagerAccount", 13766b5ca76Sjayaprakash Mutyala "UserName", newUser); 13866b5ca76Sjayaprakash Mutyala } 13966b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error." 14066b5ca76Sjayaprakash Mutyala "UserNameDoesNotExist") == 0) 14166b5ca76Sjayaprakash Mutyala { 14266b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 1438114bd4dSGunnar Mills asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", username); 14466b5ca76Sjayaprakash Mutyala } 145d4d25793SEd Tanous else if ((strcmp(errorMessage, 146d4d25793SEd Tanous "xyz.openbmc_project.Common.Error.InvalidArgument") == 147d4d25793SEd Tanous 0) || 148d4d25793SEd Tanous (strcmp(errorMessage, "xyz.openbmc_project.User.Common.Error." 149d4d25793SEd Tanous "UserNameGroupFail") == 0)) 15066b5ca76Sjayaprakash Mutyala { 15166b5ca76Sjayaprakash Mutyala messages::propertyValueFormatError(asyncResp->res, newUser, "UserName"); 15266b5ca76Sjayaprakash Mutyala } 15366b5ca76Sjayaprakash Mutyala else if (strcmp(errorMessage, 15466b5ca76Sjayaprakash Mutyala "xyz.openbmc_project.User.Common.Error.NoResource") == 0) 15566b5ca76Sjayaprakash Mutyala { 15666b5ca76Sjayaprakash Mutyala messages::createLimitReachedForResource(asyncResp->res); 15766b5ca76Sjayaprakash Mutyala } 15866b5ca76Sjayaprakash Mutyala else 15966b5ca76Sjayaprakash Mutyala { 16066b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 16166b5ca76Sjayaprakash Mutyala } 16266b5ca76Sjayaprakash Mutyala 16366b5ca76Sjayaprakash Mutyala return; 16466b5ca76Sjayaprakash Mutyala } 16566b5ca76Sjayaprakash Mutyala 16681ce609eSEd Tanous inline void parseLDAPConfigData(nlohmann::json& jsonResponse, 167ab828d7cSRatan Gupta const LDAPConfigData& confData, 168ab828d7cSRatan Gupta const std::string& ldapType) 1696973a582SRatan Gupta { 170ab828d7cSRatan Gupta std::string service = 171ab828d7cSRatan Gupta (ldapType == "LDAP") ? "LDAPService" : "ActiveDirectoryService"; 17237cce918SMarri Devender Rao nlohmann::json ldap = { 1736973a582SRatan Gupta {"ServiceEnabled", confData.serviceEnabled}, 1746973a582SRatan Gupta {"ServiceAddresses", nlohmann::json::array({confData.uri})}, 1756973a582SRatan Gupta {"Authentication", 1766973a582SRatan Gupta {{"AuthenticationType", "UsernameAndPassword"}, 1776973a582SRatan Gupta {"Username", confData.bindDN}, 1786973a582SRatan Gupta {"Password", nullptr}}}, 1796973a582SRatan Gupta {"LDAPService", 1806973a582SRatan Gupta {{"SearchSettings", 1816973a582SRatan Gupta {{"BaseDistinguishedNames", 1826973a582SRatan Gupta nlohmann::json::array({confData.baseDN})}, 1836973a582SRatan Gupta {"UsernameAttribute", confData.userNameAttribute}, 1846973a582SRatan Gupta {"GroupsAttribute", confData.groupAttribute}}}}}, 1856973a582SRatan Gupta }; 18654fc587aSNagaraju Goruganti 18781ce609eSEd Tanous jsonResponse[ldapType].update(ldap); 18854fc587aSNagaraju Goruganti 18981ce609eSEd Tanous nlohmann::json& roleMapArray = jsonResponse[ldapType]["RemoteRoleMapping"]; 19054fc587aSNagaraju Goruganti roleMapArray = nlohmann::json::array(); 19154fc587aSNagaraju Goruganti for (auto& obj : confData.groupRoleList) 19254fc587aSNagaraju Goruganti { 19354fc587aSNagaraju Goruganti BMCWEB_LOG_DEBUG << "Pushing the data groupName=" 19454fc587aSNagaraju Goruganti << obj.second.groupName << "\n"; 19554fc587aSNagaraju Goruganti roleMapArray.push_back( 19654fc587aSNagaraju Goruganti {nlohmann::json::array({"RemoteGroup", obj.second.groupName}), 19754fc587aSNagaraju Goruganti nlohmann::json::array( 19854fc587aSNagaraju Goruganti {"LocalRole", getRoleIdFromPrivilege(obj.second.privilege)})}); 19954fc587aSNagaraju Goruganti } 2006973a582SRatan Gupta } 2016973a582SRatan Gupta 2026973a582SRatan Gupta /** 20306785244SRatan Gupta * @brief validates given JSON input and then calls appropriate method to 20406785244SRatan Gupta * create, to delete or to set Rolemapping object based on the given input. 20506785244SRatan Gupta * 20606785244SRatan Gupta */ 20723a21a1cSEd Tanous inline void handleRoleMapPatch( 208*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 20906785244SRatan Gupta const std::vector<std::pair<std::string, LDAPRoleMapData>>& roleMapObjData, 210f23b7296SEd Tanous const std::string& serverType, const std::vector<nlohmann::json>& input) 21106785244SRatan Gupta { 21206785244SRatan Gupta for (size_t index = 0; index < input.size(); index++) 21306785244SRatan Gupta { 214f23b7296SEd Tanous const nlohmann::json& thisJson = input[index]; 21506785244SRatan Gupta 21606785244SRatan Gupta if (thisJson.is_null()) 21706785244SRatan Gupta { 21806785244SRatan Gupta // delete the existing object 21906785244SRatan Gupta if (index < roleMapObjData.size()) 22006785244SRatan Gupta { 22106785244SRatan Gupta crow::connections::systemBus->async_method_call( 22206785244SRatan Gupta [asyncResp, roleMapObjData, serverType, 22306785244SRatan Gupta index](const boost::system::error_code ec) { 22406785244SRatan Gupta if (ec) 22506785244SRatan Gupta { 22606785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " << ec; 22706785244SRatan Gupta messages::internalError(asyncResp->res); 22806785244SRatan Gupta return; 22906785244SRatan Gupta } 23006785244SRatan Gupta asyncResp->res 23106785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"][index] = 23206785244SRatan Gupta nullptr; 23306785244SRatan Gupta }, 23406785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 23506785244SRatan Gupta "xyz.openbmc_project.Object.Delete", "Delete"); 23606785244SRatan Gupta } 23706785244SRatan Gupta else 23806785244SRatan Gupta { 23906785244SRatan Gupta BMCWEB_LOG_ERROR << "Can't delete the object"; 24006785244SRatan Gupta messages::propertyValueTypeError( 24171f52d96SEd Tanous asyncResp->res, 24271f52d96SEd Tanous thisJson.dump(2, ' ', true, 24371f52d96SEd Tanous nlohmann::json::error_handler_t::replace), 24406785244SRatan Gupta "RemoteRoleMapping/" + std::to_string(index)); 24506785244SRatan Gupta return; 24606785244SRatan Gupta } 24706785244SRatan Gupta } 24806785244SRatan Gupta else if (thisJson.empty()) 24906785244SRatan Gupta { 25006785244SRatan Gupta // Don't do anything for the empty objects,parse next json 25106785244SRatan Gupta // eg {"RemoteRoleMapping",[{}]} 25206785244SRatan Gupta } 25306785244SRatan Gupta else 25406785244SRatan Gupta { 25506785244SRatan Gupta // update/create the object 25606785244SRatan Gupta std::optional<std::string> remoteGroup; 25706785244SRatan Gupta std::optional<std::string> localRole; 25806785244SRatan Gupta 259f23b7296SEd Tanous // This is a copy, but it's required in this case because of how 260f23b7296SEd Tanous // readJson is structured 261f23b7296SEd Tanous nlohmann::json thisJsonCopy = thisJson; 262f23b7296SEd Tanous if (!json_util::readJson(thisJsonCopy, asyncResp->res, 263f23b7296SEd Tanous "RemoteGroup", remoteGroup, "LocalRole", 264f23b7296SEd Tanous localRole)) 26506785244SRatan Gupta { 26606785244SRatan Gupta continue; 26706785244SRatan Gupta } 26806785244SRatan Gupta 26906785244SRatan Gupta // Update existing RoleMapping Object 27006785244SRatan Gupta if (index < roleMapObjData.size()) 27106785244SRatan Gupta { 27206785244SRatan Gupta BMCWEB_LOG_DEBUG << "Update Role Map Object"; 27306785244SRatan Gupta // If "RemoteGroup" info is provided 27406785244SRatan Gupta if (remoteGroup) 27506785244SRatan Gupta { 27606785244SRatan Gupta crow::connections::systemBus->async_method_call( 27706785244SRatan Gupta [asyncResp, roleMapObjData, serverType, index, 27806785244SRatan Gupta remoteGroup](const boost::system::error_code ec) { 27906785244SRatan Gupta if (ec) 28006785244SRatan Gupta { 28106785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " 28206785244SRatan Gupta << ec; 28306785244SRatan Gupta messages::internalError(asyncResp->res); 28406785244SRatan Gupta return; 28506785244SRatan Gupta } 28606785244SRatan Gupta asyncResp->res 28706785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"] 28806785244SRatan Gupta [index]["RemoteGroup"] = *remoteGroup; 28906785244SRatan Gupta }, 29006785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 29106785244SRatan Gupta propertyInterface, "Set", 29206785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapperEntry", 29306785244SRatan Gupta "GroupName", 29406785244SRatan Gupta std::variant<std::string>(std::move(*remoteGroup))); 29506785244SRatan Gupta } 29606785244SRatan Gupta 29706785244SRatan Gupta // If "LocalRole" info is provided 29806785244SRatan Gupta if (localRole) 29906785244SRatan Gupta { 30006785244SRatan Gupta crow::connections::systemBus->async_method_call( 30106785244SRatan Gupta [asyncResp, roleMapObjData, serverType, index, 30206785244SRatan Gupta localRole](const boost::system::error_code ec) { 30306785244SRatan Gupta if (ec) 30406785244SRatan Gupta { 30506785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " 30606785244SRatan Gupta << ec; 30706785244SRatan Gupta messages::internalError(asyncResp->res); 30806785244SRatan Gupta return; 30906785244SRatan Gupta } 31006785244SRatan Gupta asyncResp->res 31106785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"] 31206785244SRatan Gupta [index]["LocalRole"] = *localRole; 31306785244SRatan Gupta }, 31406785244SRatan Gupta ldapDbusService, roleMapObjData[index].first, 31506785244SRatan Gupta propertyInterface, "Set", 31606785244SRatan Gupta "xyz.openbmc_project.User.PrivilegeMapperEntry", 31706785244SRatan Gupta "Privilege", 31806785244SRatan Gupta std::variant<std::string>( 31906785244SRatan Gupta getPrivilegeFromRoleId(std::move(*localRole)))); 32006785244SRatan Gupta } 32106785244SRatan Gupta } 32206785244SRatan Gupta // Create a new RoleMapping Object. 32306785244SRatan Gupta else 32406785244SRatan Gupta { 32506785244SRatan Gupta BMCWEB_LOG_DEBUG 32606785244SRatan Gupta << "setRoleMappingProperties: Creating new Object"; 32706785244SRatan Gupta std::string pathString = 32806785244SRatan Gupta "RemoteRoleMapping/" + std::to_string(index); 32906785244SRatan Gupta 33006785244SRatan Gupta if (!localRole) 33106785244SRatan Gupta { 33206785244SRatan Gupta messages::propertyMissing(asyncResp->res, 33306785244SRatan Gupta pathString + "/LocalRole"); 33406785244SRatan Gupta continue; 33506785244SRatan Gupta } 33606785244SRatan Gupta if (!remoteGroup) 33706785244SRatan Gupta { 33806785244SRatan Gupta messages::propertyMissing(asyncResp->res, 33906785244SRatan Gupta pathString + "/RemoteGroup"); 34006785244SRatan Gupta continue; 34106785244SRatan Gupta } 34206785244SRatan Gupta 34306785244SRatan Gupta std::string dbusObjectPath; 34406785244SRatan Gupta if (serverType == "ActiveDirectory") 34506785244SRatan Gupta { 3462c70f800SEd Tanous dbusObjectPath = adConfigObject; 34706785244SRatan Gupta } 34806785244SRatan Gupta else if (serverType == "LDAP") 34906785244SRatan Gupta { 35023a21a1cSEd Tanous dbusObjectPath = ldapConfigObjectName; 35106785244SRatan Gupta } 35206785244SRatan Gupta 35306785244SRatan Gupta BMCWEB_LOG_DEBUG << "Remote Group=" << *remoteGroup 35406785244SRatan Gupta << ",LocalRole=" << *localRole; 35506785244SRatan Gupta 35606785244SRatan Gupta crow::connections::systemBus->async_method_call( 357271584abSEd Tanous [asyncResp, serverType, localRole, 35806785244SRatan Gupta remoteGroup](const boost::system::error_code ec) { 35906785244SRatan Gupta if (ec) 36006785244SRatan Gupta { 36106785244SRatan Gupta BMCWEB_LOG_ERROR << "DBUS response error: " << ec; 36206785244SRatan Gupta messages::internalError(asyncResp->res); 36306785244SRatan Gupta return; 36406785244SRatan Gupta } 36506785244SRatan Gupta nlohmann::json& remoteRoleJson = 36606785244SRatan Gupta asyncResp->res 36706785244SRatan Gupta .jsonValue[serverType]["RemoteRoleMapping"]; 36806785244SRatan Gupta remoteRoleJson.push_back( 36906785244SRatan Gupta {{"LocalRole", *localRole}, 37006785244SRatan Gupta {"RemoteGroup", *remoteGroup}}); 37106785244SRatan Gupta }, 37206785244SRatan Gupta ldapDbusService, dbusObjectPath, ldapPrivMapperInterface, 3733174e4dfSEd Tanous "Create", *remoteGroup, 37406785244SRatan Gupta getPrivilegeFromRoleId(std::move(*localRole))); 37506785244SRatan Gupta } 37606785244SRatan Gupta } 37706785244SRatan Gupta } 37806785244SRatan Gupta } 37906785244SRatan Gupta 38006785244SRatan Gupta /** 3816973a582SRatan Gupta * Function that retrieves all properties for LDAP config object 3826973a582SRatan Gupta * into JSON 3836973a582SRatan Gupta */ 3846973a582SRatan Gupta template <typename CallbackFunc> 3856973a582SRatan Gupta inline void getLDAPConfigData(const std::string& ldapType, 3866973a582SRatan Gupta CallbackFunc&& callback) 3876973a582SRatan Gupta { 38854fc587aSNagaraju Goruganti 38954fc587aSNagaraju Goruganti const std::array<const char*, 2> interfaces = {ldapEnableInterface, 39054fc587aSNagaraju Goruganti ldapConfigInterface}; 39154fc587aSNagaraju Goruganti 39254fc587aSNagaraju Goruganti crow::connections::systemBus->async_method_call( 39354fc587aSNagaraju Goruganti [callback, ldapType](const boost::system::error_code ec, 39454fc587aSNagaraju Goruganti const GetObjectType& resp) { 39554fc587aSNagaraju Goruganti if (ec || resp.empty()) 39654fc587aSNagaraju Goruganti { 39754fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR << "DBUS response error during getting of " 39854fc587aSNagaraju Goruganti "service name: " 39954fc587aSNagaraju Goruganti << ec; 40023a21a1cSEd Tanous LDAPConfigData empty{}; 40123a21a1cSEd Tanous callback(false, empty, ldapType); 40254fc587aSNagaraju Goruganti return; 40354fc587aSNagaraju Goruganti } 40454fc587aSNagaraju Goruganti std::string service = resp.begin()->first; 40554fc587aSNagaraju Goruganti crow::connections::systemBus->async_method_call( 40681ce609eSEd Tanous [callback, ldapType](const boost::system::error_code errorCode, 4076973a582SRatan Gupta const ManagedObjectType& ldapObjects) { 4086973a582SRatan Gupta LDAPConfigData confData{}; 40981ce609eSEd Tanous if (errorCode) 4106973a582SRatan Gupta { 411ab828d7cSRatan Gupta callback(false, confData, ldapType); 41254fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR << "D-Bus responses error: " 41381ce609eSEd Tanous << errorCode; 4146973a582SRatan Gupta return; 4156973a582SRatan Gupta } 416ab828d7cSRatan Gupta 417ab828d7cSRatan Gupta std::string ldapDbusType; 41854fc587aSNagaraju Goruganti std::string searchString; 41954fc587aSNagaraju Goruganti 420ab828d7cSRatan Gupta if (ldapType == "LDAP") 421ab828d7cSRatan Gupta { 42254fc587aSNagaraju Goruganti ldapDbusType = "xyz.openbmc_project.User.Ldap.Config." 42354fc587aSNagaraju Goruganti "Type.OpenLdap"; 42454fc587aSNagaraju Goruganti searchString = "openldap"; 425ab828d7cSRatan Gupta } 426ab828d7cSRatan Gupta else if (ldapType == "ActiveDirectory") 427ab828d7cSRatan Gupta { 42854fc587aSNagaraju Goruganti ldapDbusType = 42954fc587aSNagaraju Goruganti "xyz.openbmc_project.User.Ldap.Config.Type." 430ab828d7cSRatan Gupta "ActiveDirectory"; 43154fc587aSNagaraju Goruganti searchString = "active_directory"; 432ab828d7cSRatan Gupta } 433ab828d7cSRatan Gupta else 434ab828d7cSRatan Gupta { 43554fc587aSNagaraju Goruganti BMCWEB_LOG_ERROR 43654fc587aSNagaraju Goruganti << "Can't get the DbusType for the given type=" 437ab828d7cSRatan Gupta << ldapType; 438ab828d7cSRatan Gupta callback(false, confData, ldapType); 439ab828d7cSRatan Gupta return; 440ab828d7cSRatan Gupta } 441ab828d7cSRatan Gupta 442ab828d7cSRatan Gupta std::string ldapEnableInterfaceStr = ldapEnableInterface; 443ab828d7cSRatan Gupta std::string ldapConfigInterfaceStr = ldapConfigInterface; 444ab828d7cSRatan Gupta 4456973a582SRatan Gupta for (const auto& object : ldapObjects) 4466973a582SRatan Gupta { 44754fc587aSNagaraju Goruganti // let's find the object whose ldap type is equal to the 44854fc587aSNagaraju Goruganti // given type 44954fc587aSNagaraju Goruganti if (object.first.str.find(searchString) == 45054fc587aSNagaraju Goruganti std::string::npos) 4516973a582SRatan Gupta { 452ab828d7cSRatan Gupta continue; 453ab828d7cSRatan Gupta } 454ab828d7cSRatan Gupta 4556973a582SRatan Gupta for (const auto& interface : object.second) 4566973a582SRatan Gupta { 4576973a582SRatan Gupta if (interface.first == ldapEnableInterfaceStr) 4586973a582SRatan Gupta { 4596973a582SRatan Gupta // rest of the properties are string. 4606973a582SRatan Gupta for (const auto& property : interface.second) 4616973a582SRatan Gupta { 4626973a582SRatan Gupta if (property.first == "Enabled") 4636973a582SRatan Gupta { 4646973a582SRatan Gupta const bool* value = 4656973a582SRatan Gupta std::get_if<bool>(&property.second); 4666973a582SRatan Gupta if (value == nullptr) 4676973a582SRatan Gupta { 4686973a582SRatan Gupta continue; 4696973a582SRatan Gupta } 4706973a582SRatan Gupta confData.serviceEnabled = *value; 4716973a582SRatan Gupta break; 4726973a582SRatan Gupta } 4736973a582SRatan Gupta } 4746973a582SRatan Gupta } 4756973a582SRatan Gupta else if (interface.first == ldapConfigInterfaceStr) 4766973a582SRatan Gupta { 4776973a582SRatan Gupta 4786973a582SRatan Gupta for (const auto& property : interface.second) 4796973a582SRatan Gupta { 480271584abSEd Tanous const std::string* strValue = 48154fc587aSNagaraju Goruganti std::get_if<std::string>( 48254fc587aSNagaraju Goruganti &property.second); 483271584abSEd Tanous if (strValue == nullptr) 4846973a582SRatan Gupta { 4856973a582SRatan Gupta continue; 4866973a582SRatan Gupta } 4876973a582SRatan Gupta if (property.first == "LDAPServerURI") 4886973a582SRatan Gupta { 489271584abSEd Tanous confData.uri = *strValue; 4906973a582SRatan Gupta } 4916973a582SRatan Gupta else if (property.first == "LDAPBindDN") 4926973a582SRatan Gupta { 493271584abSEd Tanous confData.bindDN = *strValue; 4946973a582SRatan Gupta } 4956973a582SRatan Gupta else if (property.first == "LDAPBaseDN") 4966973a582SRatan Gupta { 497271584abSEd Tanous confData.baseDN = *strValue; 4986973a582SRatan Gupta } 49954fc587aSNagaraju Goruganti else if (property.first == 50054fc587aSNagaraju Goruganti "LDAPSearchScope") 5016973a582SRatan Gupta { 502271584abSEd Tanous confData.searchScope = *strValue; 5036973a582SRatan Gupta } 50454fc587aSNagaraju Goruganti else if (property.first == 50554fc587aSNagaraju Goruganti "GroupNameAttribute") 5066973a582SRatan Gupta { 507271584abSEd Tanous confData.groupAttribute = *strValue; 5086973a582SRatan Gupta } 50954fc587aSNagaraju Goruganti else if (property.first == 51054fc587aSNagaraju Goruganti "UserNameAttribute") 5116973a582SRatan Gupta { 512271584abSEd Tanous confData.userNameAttribute = *strValue; 5136973a582SRatan Gupta } 51454fc587aSNagaraju Goruganti else if (property.first == "LDAPType") 515ab828d7cSRatan Gupta { 516271584abSEd Tanous confData.serverType = *strValue; 51754fc587aSNagaraju Goruganti } 51854fc587aSNagaraju Goruganti } 51954fc587aSNagaraju Goruganti } 52054fc587aSNagaraju Goruganti else if (interface.first == 52154fc587aSNagaraju Goruganti "xyz.openbmc_project.User." 52254fc587aSNagaraju Goruganti "PrivilegeMapperEntry") 52354fc587aSNagaraju Goruganti { 52454fc587aSNagaraju Goruganti LDAPRoleMapData roleMapData{}; 52554fc587aSNagaraju Goruganti for (const auto& property : interface.second) 52654fc587aSNagaraju Goruganti { 527271584abSEd Tanous const std::string* strValue = 52854fc587aSNagaraju Goruganti std::get_if<std::string>( 52954fc587aSNagaraju Goruganti &property.second); 53054fc587aSNagaraju Goruganti 531271584abSEd Tanous if (strValue == nullptr) 53254fc587aSNagaraju Goruganti { 53354fc587aSNagaraju Goruganti continue; 53454fc587aSNagaraju Goruganti } 53554fc587aSNagaraju Goruganti 53654fc587aSNagaraju Goruganti if (property.first == "GroupName") 53754fc587aSNagaraju Goruganti { 538271584abSEd Tanous roleMapData.groupName = *strValue; 53954fc587aSNagaraju Goruganti } 54054fc587aSNagaraju Goruganti else if (property.first == "Privilege") 54154fc587aSNagaraju Goruganti { 542271584abSEd Tanous roleMapData.privilege = *strValue; 54354fc587aSNagaraju Goruganti } 54454fc587aSNagaraju Goruganti } 54554fc587aSNagaraju Goruganti 5460f0353b6SEd Tanous confData.groupRoleList.emplace_back( 5470f0353b6SEd Tanous object.first.str, roleMapData); 54854fc587aSNagaraju Goruganti } 54954fc587aSNagaraju Goruganti } 55054fc587aSNagaraju Goruganti } 551ab828d7cSRatan Gupta callback(true, confData, ldapType); 55254fc587aSNagaraju Goruganti }, 55354fc587aSNagaraju Goruganti service, ldapRootObject, dbusObjManagerIntf, 5546973a582SRatan Gupta "GetManagedObjects"); 55554fc587aSNagaraju Goruganti }, 55654fc587aSNagaraju Goruganti mapperBusName, mapperObjectPath, mapperIntf, "GetObject", 55723a21a1cSEd Tanous ldapConfigObjectName, interfaces); 5586973a582SRatan Gupta } 5596973a582SRatan Gupta 5601abe55efSEd Tanous class AccountService : public Node 5611abe55efSEd Tanous { 56288d16c9aSLewanczyk, Dawid public: 56323a21a1cSEd Tanous AccountService(App& app) : Node(app, "/redfish/v1/AccountService/") 5641abe55efSEd Tanous { 5653ebd75f7SEd Tanous entityPrivileges = { 5663c5a376eSGunnar Mills {boost::beast::http::verb::get, {{"Login"}}}, 567e0d918bcSEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 568e0d918bcSEd Tanous {boost::beast::http::verb::patch, {{"ConfigureUsers"}}}, 569e0d918bcSEd Tanous {boost::beast::http::verb::put, {{"ConfigureUsers"}}}, 570e0d918bcSEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}}, 571e0d918bcSEd Tanous {boost::beast::http::verb::post, {{"ConfigureUsers"}}}}; 57288d16c9aSLewanczyk, Dawid } 57388d16c9aSLewanczyk, Dawid 57488d16c9aSLewanczyk, Dawid private: 5758a07d286SRatan Gupta /** 5768a07d286SRatan Gupta * @brief parses the authentication section under the LDAP 5778a07d286SRatan Gupta * @param input JSON data 5788a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 5798a07d286SRatan Gupta * @param userName userName to be filled from the given JSON. 5808a07d286SRatan Gupta * @param password password to be filled from the given JSON. 5818a07d286SRatan Gupta */ 582*8d1b46d7Szhanghch05 void parseLDAPAuthenticationJson( 583*8d1b46d7Szhanghch05 nlohmann::json input, 584*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 5858a07d286SRatan Gupta std::optional<std::string>& username, 5868a07d286SRatan Gupta std::optional<std::string>& password) 5878a07d286SRatan Gupta { 5888a07d286SRatan Gupta std::optional<std::string> authType; 5898a07d286SRatan Gupta 5908a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "AuthenticationType", 5918a07d286SRatan Gupta authType, "Username", username, "Password", 5928a07d286SRatan Gupta password)) 5938a07d286SRatan Gupta { 5948a07d286SRatan Gupta return; 5958a07d286SRatan Gupta } 5968a07d286SRatan Gupta if (!authType) 5978a07d286SRatan Gupta { 5988a07d286SRatan Gupta return; 5998a07d286SRatan Gupta } 6008a07d286SRatan Gupta if (*authType != "UsernameAndPassword") 6018a07d286SRatan Gupta { 6028a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, *authType, 6038a07d286SRatan Gupta "AuthenticationType"); 6048a07d286SRatan Gupta return; 6058a07d286SRatan Gupta } 6068a07d286SRatan Gupta } 6078a07d286SRatan Gupta /** 6088a07d286SRatan Gupta * @brief parses the LDAPService section under the LDAP 6098a07d286SRatan Gupta * @param input JSON data 6108a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6118a07d286SRatan Gupta * @param baseDNList baseDN to be filled from the given JSON. 6128a07d286SRatan Gupta * @param userNameAttribute userName to be filled from the given JSON. 6138a07d286SRatan Gupta * @param groupaAttribute password to be filled from the given JSON. 6148a07d286SRatan Gupta */ 6158a07d286SRatan Gupta 6168a07d286SRatan Gupta void parseLDAPServiceJson( 617*8d1b46d7Szhanghch05 nlohmann::json input, 618*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 6198a07d286SRatan Gupta std::optional<std::vector<std::string>>& baseDNList, 6208a07d286SRatan Gupta std::optional<std::string>& userNameAttribute, 6218a07d286SRatan Gupta std::optional<std::string>& groupsAttribute) 6228a07d286SRatan Gupta { 6238a07d286SRatan Gupta std::optional<nlohmann::json> searchSettings; 6248a07d286SRatan Gupta 6258a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "SearchSettings", 6268a07d286SRatan Gupta searchSettings)) 6278a07d286SRatan Gupta { 6288a07d286SRatan Gupta return; 6298a07d286SRatan Gupta } 6308a07d286SRatan Gupta if (!searchSettings) 6318a07d286SRatan Gupta { 6328a07d286SRatan Gupta return; 6338a07d286SRatan Gupta } 6348a07d286SRatan Gupta if (!json_util::readJson(*searchSettings, asyncResp->res, 6358a07d286SRatan Gupta "BaseDistinguishedNames", baseDNList, 6368a07d286SRatan Gupta "UsernameAttribute", userNameAttribute, 6378a07d286SRatan Gupta "GroupsAttribute", groupsAttribute)) 6388a07d286SRatan Gupta { 6398a07d286SRatan Gupta return; 6408a07d286SRatan Gupta } 6418a07d286SRatan Gupta } 6428a07d286SRatan Gupta /** 6438a07d286SRatan Gupta * @brief updates the LDAP server address and updates the 6448a07d286SRatan Gupta json response with the new value. 6458a07d286SRatan Gupta * @param serviceAddressList address to be updated. 6468a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6478a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 6488a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 6498a07d286SRatan Gupta */ 6508a07d286SRatan Gupta 6518a07d286SRatan Gupta void handleServiceAddressPatch( 6528a07d286SRatan Gupta const std::vector<std::string>& serviceAddressList, 653*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 6548a07d286SRatan Gupta const std::string& ldapServerElementName, 6558a07d286SRatan Gupta const std::string& ldapConfigObject) 6568a07d286SRatan Gupta { 6578a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 6588a07d286SRatan Gupta [asyncResp, ldapServerElementName, 6598a07d286SRatan Gupta serviceAddressList](const boost::system::error_code ec) { 6608a07d286SRatan Gupta if (ec) 6618a07d286SRatan Gupta { 6628a07d286SRatan Gupta BMCWEB_LOG_DEBUG 663c61704abSGunnar Mills << "Error Occurred in updating the service address"; 6648a07d286SRatan Gupta messages::internalError(asyncResp->res); 6658a07d286SRatan Gupta return; 6668a07d286SRatan Gupta } 6678a07d286SRatan Gupta std::vector<std::string> modifiedserviceAddressList = { 6688a07d286SRatan Gupta serviceAddressList.front()}; 6698a07d286SRatan Gupta asyncResp->res 6708a07d286SRatan Gupta .jsonValue[ldapServerElementName]["ServiceAddresses"] = 6718a07d286SRatan Gupta modifiedserviceAddressList; 6728a07d286SRatan Gupta if ((serviceAddressList).size() > 1) 6738a07d286SRatan Gupta { 6748a07d286SRatan Gupta messages::propertyValueModified(asyncResp->res, 6758a07d286SRatan Gupta "ServiceAddresses", 6768a07d286SRatan Gupta serviceAddressList.front()); 6778a07d286SRatan Gupta } 6788a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the service address"; 6798a07d286SRatan Gupta }, 6808a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 6818a07d286SRatan Gupta ldapConfigInterface, "LDAPServerURI", 6828a07d286SRatan Gupta std::variant<std::string>(serviceAddressList.front())); 6838a07d286SRatan Gupta } 6848a07d286SRatan Gupta /** 6858a07d286SRatan Gupta * @brief updates the LDAP Bind DN and updates the 6868a07d286SRatan Gupta json response with the new value. 6878a07d286SRatan Gupta * @param username name of the user which needs to be updated. 6888a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 6898a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 6908a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 6918a07d286SRatan Gupta */ 6928a07d286SRatan Gupta 693*8d1b46d7Szhanghch05 void 694*8d1b46d7Szhanghch05 handleUserNamePatch(const std::string& username, 695*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 6968a07d286SRatan Gupta const std::string& ldapServerElementName, 6978a07d286SRatan Gupta const std::string& ldapConfigObject) 6988a07d286SRatan Gupta { 6998a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7008a07d286SRatan Gupta [asyncResp, username, 7018a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7028a07d286SRatan Gupta if (ec) 7038a07d286SRatan Gupta { 7048a07d286SRatan Gupta BMCWEB_LOG_DEBUG 705c61704abSGunnar Mills << "Error occurred in updating the username"; 7068a07d286SRatan Gupta messages::internalError(asyncResp->res); 7078a07d286SRatan Gupta return; 7088a07d286SRatan Gupta } 7098a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName] 7108a07d286SRatan Gupta ["Authentication"]["Username"] = 7118a07d286SRatan Gupta username; 7128a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the username"; 7138a07d286SRatan Gupta }, 7148a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7158a07d286SRatan Gupta ldapConfigInterface, "LDAPBindDN", 7168a07d286SRatan Gupta std::variant<std::string>(username)); 7178a07d286SRatan Gupta } 7188a07d286SRatan Gupta 7198a07d286SRatan Gupta /** 7208a07d286SRatan Gupta * @brief updates the LDAP password 7218a07d286SRatan Gupta * @param password : ldap password which needs to be updated. 7228a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7238a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7248a07d286SRatan Gupta * server(openLDAP/ActiveDirectory) 7258a07d286SRatan Gupta */ 7268a07d286SRatan Gupta 727*8d1b46d7Szhanghch05 void 728*8d1b46d7Szhanghch05 handlePasswordPatch(const std::string& password, 729*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 7308a07d286SRatan Gupta const std::string& ldapServerElementName, 7318a07d286SRatan Gupta const std::string& ldapConfigObject) 7328a07d286SRatan Gupta { 7338a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7348a07d286SRatan Gupta [asyncResp, password, 7358a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7368a07d286SRatan Gupta if (ec) 7378a07d286SRatan Gupta { 7388a07d286SRatan Gupta BMCWEB_LOG_DEBUG 739c61704abSGunnar Mills << "Error occurred in updating the password"; 7408a07d286SRatan Gupta messages::internalError(asyncResp->res); 7418a07d286SRatan Gupta return; 7428a07d286SRatan Gupta } 7438a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName] 7448a07d286SRatan Gupta ["Authentication"]["Password"] = ""; 7458a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the password"; 7468a07d286SRatan Gupta }, 7478a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7488a07d286SRatan Gupta ldapConfigInterface, "LDAPBindDNPassword", 7498a07d286SRatan Gupta std::variant<std::string>(password)); 7508a07d286SRatan Gupta } 7518a07d286SRatan Gupta 7528a07d286SRatan Gupta /** 7538a07d286SRatan Gupta * @brief updates the LDAP BaseDN and updates the 7548a07d286SRatan Gupta json response with the new value. 7558a07d286SRatan Gupta * @param baseDNList baseDN list which needs to be updated. 7568a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 7578a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 7588a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 7598a07d286SRatan Gupta */ 7608a07d286SRatan Gupta 7618a07d286SRatan Gupta void handleBaseDNPatch(const std::vector<std::string>& baseDNList, 762*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 7638a07d286SRatan Gupta const std::string& ldapServerElementName, 7648a07d286SRatan Gupta const std::string& ldapConfigObject) 7658a07d286SRatan Gupta { 7668a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 7678a07d286SRatan Gupta [asyncResp, baseDNList, 7688a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 7698a07d286SRatan Gupta if (ec) 7708a07d286SRatan Gupta { 771c61704abSGunnar Mills BMCWEB_LOG_DEBUG 772c61704abSGunnar Mills << "Error Occurred in Updating the base DN"; 7738a07d286SRatan Gupta messages::internalError(asyncResp->res); 7748a07d286SRatan Gupta return; 7758a07d286SRatan Gupta } 7768a07d286SRatan Gupta auto& serverTypeJson = 7778a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 7788a07d286SRatan Gupta auto& searchSettingsJson = 7798a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 7808a07d286SRatan Gupta std::vector<std::string> modifiedBaseDNList = { 7818a07d286SRatan Gupta baseDNList.front()}; 7828a07d286SRatan Gupta searchSettingsJson["BaseDistinguishedNames"] = 7838a07d286SRatan Gupta modifiedBaseDNList; 7848a07d286SRatan Gupta if (baseDNList.size() > 1) 7858a07d286SRatan Gupta { 7868a07d286SRatan Gupta messages::propertyValueModified(asyncResp->res, 7878a07d286SRatan Gupta "BaseDistinguishedNames", 7888a07d286SRatan Gupta baseDNList.front()); 7898a07d286SRatan Gupta } 7908a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the base DN"; 7918a07d286SRatan Gupta }, 7928a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 7938a07d286SRatan Gupta ldapConfigInterface, "LDAPBaseDN", 7948a07d286SRatan Gupta std::variant<std::string>(baseDNList.front())); 7958a07d286SRatan Gupta } 7968a07d286SRatan Gupta /** 7978a07d286SRatan Gupta * @brief updates the LDAP user name attribute and updates the 7988a07d286SRatan Gupta json response with the new value. 7998a07d286SRatan Gupta * @param userNameAttribute attribute to be updated. 8008a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 8018a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 8028a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 8038a07d286SRatan Gupta */ 8048a07d286SRatan Gupta 805*8d1b46d7Szhanghch05 void handleUserNameAttrPatch( 806*8d1b46d7Szhanghch05 const std::string& userNameAttribute, 807*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 8088a07d286SRatan Gupta const std::string& ldapServerElementName, 8098a07d286SRatan Gupta const std::string& ldapConfigObject) 8108a07d286SRatan Gupta { 8118a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8128a07d286SRatan Gupta [asyncResp, userNameAttribute, 8138a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8148a07d286SRatan Gupta if (ec) 8158a07d286SRatan Gupta { 816c61704abSGunnar Mills BMCWEB_LOG_DEBUG << "Error Occurred in Updating the " 8178a07d286SRatan Gupta "username attribute"; 8188a07d286SRatan Gupta messages::internalError(asyncResp->res); 8198a07d286SRatan Gupta return; 8208a07d286SRatan Gupta } 8218a07d286SRatan Gupta auto& serverTypeJson = 8228a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 8238a07d286SRatan Gupta auto& searchSettingsJson = 8248a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 8258a07d286SRatan Gupta searchSettingsJson["UsernameAttribute"] = userNameAttribute; 8268a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the user name attr."; 8278a07d286SRatan Gupta }, 8288a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 8298a07d286SRatan Gupta ldapConfigInterface, "UserNameAttribute", 8308a07d286SRatan Gupta std::variant<std::string>(userNameAttribute)); 8318a07d286SRatan Gupta } 8328a07d286SRatan Gupta /** 8338a07d286SRatan Gupta * @brief updates the LDAP group attribute and updates the 8348a07d286SRatan Gupta json response with the new value. 8358a07d286SRatan Gupta * @param groupsAttribute attribute to be updated. 8368a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 8378a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 8388a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 8398a07d286SRatan Gupta */ 8408a07d286SRatan Gupta 841*8d1b46d7Szhanghch05 void handleGroupNameAttrPatch( 842*8d1b46d7Szhanghch05 const std::string& groupsAttribute, 843*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 8448a07d286SRatan Gupta const std::string& ldapServerElementName, 8458a07d286SRatan Gupta const std::string& ldapConfigObject) 8468a07d286SRatan Gupta { 8478a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8488a07d286SRatan Gupta [asyncResp, groupsAttribute, 8498a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8508a07d286SRatan Gupta if (ec) 8518a07d286SRatan Gupta { 852c61704abSGunnar Mills BMCWEB_LOG_DEBUG << "Error Occurred in Updating the " 8538a07d286SRatan Gupta "groupname attribute"; 8548a07d286SRatan Gupta messages::internalError(asyncResp->res); 8558a07d286SRatan Gupta return; 8568a07d286SRatan Gupta } 8578a07d286SRatan Gupta auto& serverTypeJson = 8588a07d286SRatan Gupta asyncResp->res.jsonValue[ldapServerElementName]; 8598a07d286SRatan Gupta auto& searchSettingsJson = 8608a07d286SRatan Gupta serverTypeJson["LDAPService"]["SearchSettings"]; 8618a07d286SRatan Gupta searchSettingsJson["GroupsAttribute"] = groupsAttribute; 8628a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated the groupname attr"; 8638a07d286SRatan Gupta }, 8648a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 8658a07d286SRatan Gupta ldapConfigInterface, "GroupNameAttribute", 8668a07d286SRatan Gupta std::variant<std::string>(groupsAttribute)); 8678a07d286SRatan Gupta } 8688a07d286SRatan Gupta /** 8698a07d286SRatan Gupta * @brief updates the LDAP service enable and updates the 8708a07d286SRatan Gupta json response with the new value. 8718a07d286SRatan Gupta * @param input JSON data. 8728a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 8738a07d286SRatan Gupta * @param ldapServerElementName Type of LDAP 8748a07d286SRatan Gupta server(openLDAP/ActiveDirectory) 8758a07d286SRatan Gupta */ 8768a07d286SRatan Gupta 877*8d1b46d7Szhanghch05 void handleServiceEnablePatch( 878*8d1b46d7Szhanghch05 bool serviceEnabled, 879*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 8808a07d286SRatan Gupta const std::string& ldapServerElementName, 8818a07d286SRatan Gupta const std::string& ldapConfigObject) 8828a07d286SRatan Gupta { 8838a07d286SRatan Gupta crow::connections::systemBus->async_method_call( 8848a07d286SRatan Gupta [asyncResp, serviceEnabled, 8858a07d286SRatan Gupta ldapServerElementName](const boost::system::error_code ec) { 8868a07d286SRatan Gupta if (ec) 8878a07d286SRatan Gupta { 8888a07d286SRatan Gupta BMCWEB_LOG_DEBUG 889c61704abSGunnar Mills << "Error Occurred in Updating the service enable"; 8908a07d286SRatan Gupta messages::internalError(asyncResp->res); 8918a07d286SRatan Gupta return; 8928a07d286SRatan Gupta } 8938a07d286SRatan Gupta asyncResp->res 8948a07d286SRatan Gupta .jsonValue[ldapServerElementName]["ServiceEnabled"] = 8958a07d286SRatan Gupta serviceEnabled; 8968a07d286SRatan Gupta BMCWEB_LOG_DEBUG << "Updated Service enable = " 8978a07d286SRatan Gupta << serviceEnabled; 8988a07d286SRatan Gupta }, 8998a07d286SRatan Gupta ldapDbusService, ldapConfigObject, propertyInterface, "Set", 9008a07d286SRatan Gupta ldapEnableInterface, "Enabled", std::variant<bool>(serviceEnabled)); 9018a07d286SRatan Gupta } 9028a07d286SRatan Gupta 903*8d1b46d7Szhanghch05 void handleAuthMethodsPatch( 904*8d1b46d7Szhanghch05 nlohmann::json& input, 905*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) 90678158631SZbigniew Kurzynski { 90778158631SZbigniew Kurzynski std::optional<bool> basicAuth; 90878158631SZbigniew Kurzynski std::optional<bool> cookie; 90978158631SZbigniew Kurzynski std::optional<bool> sessionToken; 91078158631SZbigniew Kurzynski std::optional<bool> xToken; 911501f1e58SZbigniew Kurzynski std::optional<bool> tls; 91278158631SZbigniew Kurzynski 91378158631SZbigniew Kurzynski if (!json_util::readJson(input, asyncResp->res, "BasicAuth", basicAuth, 91478158631SZbigniew Kurzynski "Cookie", cookie, "SessionToken", sessionToken, 915501f1e58SZbigniew Kurzynski "XToken", xToken, "TLS", tls)) 91678158631SZbigniew Kurzynski { 91778158631SZbigniew Kurzynski BMCWEB_LOG_ERROR << "Cannot read values from AuthMethod tag"; 91878158631SZbigniew Kurzynski return; 91978158631SZbigniew Kurzynski } 92078158631SZbigniew Kurzynski 92178158631SZbigniew Kurzynski // Make a copy of methods configuration 92252cc112dSEd Tanous persistent_data::AuthConfigMethods authMethodsConfig = 92352cc112dSEd Tanous persistent_data::SessionStore::getInstance().getAuthMethodsConfig(); 92478158631SZbigniew Kurzynski 92578158631SZbigniew Kurzynski if (basicAuth) 92678158631SZbigniew Kurzynski { 927f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_BASIC_AUTHENTICATION 928f16f6263SAlan Kuo messages::actionNotSupported( 929f16f6263SAlan Kuo asyncResp->res, "Setting BasicAuth when basic-auth feature " 930f16f6263SAlan Kuo "is disabled"); 931f16f6263SAlan Kuo return; 932f16f6263SAlan Kuo #endif 93378158631SZbigniew Kurzynski authMethodsConfig.basic = *basicAuth; 93478158631SZbigniew Kurzynski } 93578158631SZbigniew Kurzynski 93678158631SZbigniew Kurzynski if (cookie) 93778158631SZbigniew Kurzynski { 938f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_COOKIE_AUTHENTICATION 939f16f6263SAlan Kuo messages::actionNotSupported( 940f16f6263SAlan Kuo asyncResp->res, "Setting Cookie when cookie-auth feature " 941f16f6263SAlan Kuo "is disabled"); 942f16f6263SAlan Kuo return; 943f16f6263SAlan Kuo #endif 94478158631SZbigniew Kurzynski authMethodsConfig.cookie = *cookie; 94578158631SZbigniew Kurzynski } 94678158631SZbigniew Kurzynski 94778158631SZbigniew Kurzynski if (sessionToken) 94878158631SZbigniew Kurzynski { 949f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_SESSION_AUTHENTICATION 950f16f6263SAlan Kuo messages::actionNotSupported( 951f16f6263SAlan Kuo asyncResp->res, 952f16f6263SAlan Kuo "Setting SessionToken when session-auth feature " 953f16f6263SAlan Kuo "is disabled"); 954f16f6263SAlan Kuo return; 955f16f6263SAlan Kuo #endif 95678158631SZbigniew Kurzynski authMethodsConfig.sessionToken = *sessionToken; 95778158631SZbigniew Kurzynski } 95878158631SZbigniew Kurzynski 95978158631SZbigniew Kurzynski if (xToken) 96078158631SZbigniew Kurzynski { 961f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_XTOKEN_AUTHENTICATION 962f16f6263SAlan Kuo messages::actionNotSupported( 963f16f6263SAlan Kuo asyncResp->res, "Setting XToken when xtoken-auth feature " 964f16f6263SAlan Kuo "is disabled"); 965f16f6263SAlan Kuo return; 966f16f6263SAlan Kuo #endif 96778158631SZbigniew Kurzynski authMethodsConfig.xtoken = *xToken; 96878158631SZbigniew Kurzynski } 96978158631SZbigniew Kurzynski 970501f1e58SZbigniew Kurzynski if (tls) 971501f1e58SZbigniew Kurzynski { 972f16f6263SAlan Kuo #ifndef BMCWEB_ENABLE_MUTUAL_TLS_AUTHENTICATION 973f16f6263SAlan Kuo messages::actionNotSupported( 974f16f6263SAlan Kuo asyncResp->res, "Setting TLS when mutual-tls-auth feature " 975f16f6263SAlan Kuo "is disabled"); 976f16f6263SAlan Kuo return; 977f16f6263SAlan Kuo #endif 978501f1e58SZbigniew Kurzynski authMethodsConfig.tls = *tls; 979501f1e58SZbigniew Kurzynski } 980501f1e58SZbigniew Kurzynski 98178158631SZbigniew Kurzynski if (!authMethodsConfig.basic && !authMethodsConfig.cookie && 982501f1e58SZbigniew Kurzynski !authMethodsConfig.sessionToken && !authMethodsConfig.xtoken && 983501f1e58SZbigniew Kurzynski !authMethodsConfig.tls) 98478158631SZbigniew Kurzynski { 98578158631SZbigniew Kurzynski // Do not allow user to disable everything 98678158631SZbigniew Kurzynski messages::actionNotSupported(asyncResp->res, 98778158631SZbigniew Kurzynski "of disabling all available methods"); 98878158631SZbigniew Kurzynski return; 98978158631SZbigniew Kurzynski } 99078158631SZbigniew Kurzynski 99152cc112dSEd Tanous persistent_data::SessionStore::getInstance().updateAuthMethodsConfig( 99252cc112dSEd Tanous authMethodsConfig); 99378158631SZbigniew Kurzynski // Save configuration immediately 99452cc112dSEd Tanous persistent_data::getConfig().writeData(); 99578158631SZbigniew Kurzynski 99678158631SZbigniew Kurzynski messages::success(asyncResp->res); 99778158631SZbigniew Kurzynski } 99878158631SZbigniew Kurzynski 9998a07d286SRatan Gupta /** 10008a07d286SRatan Gupta * @brief Get the required values from the given JSON, validates the 10018a07d286SRatan Gupta * value and create the LDAP config object. 10028a07d286SRatan Gupta * @param input JSON data 10038a07d286SRatan Gupta * @param asyncResp pointer to the JSON response 10048a07d286SRatan Gupta * @param serverType Type of LDAP server(openLDAP/ActiveDirectory) 10058a07d286SRatan Gupta */ 10068a07d286SRatan Gupta 10078a07d286SRatan Gupta void handleLDAPPatch(nlohmann::json& input, 1008*8d1b46d7Szhanghch05 const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 10098a07d286SRatan Gupta const std::string& serverType) 10108a07d286SRatan Gupta { 1011eb2bbe56SRatan Gupta std::string dbusObjectPath; 1012eb2bbe56SRatan Gupta if (serverType == "ActiveDirectory") 1013eb2bbe56SRatan Gupta { 10142c70f800SEd Tanous dbusObjectPath = adConfigObject; 1015eb2bbe56SRatan Gupta } 1016eb2bbe56SRatan Gupta else if (serverType == "LDAP") 1017eb2bbe56SRatan Gupta { 101823a21a1cSEd Tanous dbusObjectPath = ldapConfigObjectName; 1019eb2bbe56SRatan Gupta } 1020cb13a392SEd Tanous else 1021cb13a392SEd Tanous { 1022cb13a392SEd Tanous return; 1023cb13a392SEd Tanous } 1024eb2bbe56SRatan Gupta 10258a07d286SRatan Gupta std::optional<nlohmann::json> authentication; 10268a07d286SRatan Gupta std::optional<nlohmann::json> ldapService; 10278a07d286SRatan Gupta std::optional<std::vector<std::string>> serviceAddressList; 10288a07d286SRatan Gupta std::optional<bool> serviceEnabled; 10298a07d286SRatan Gupta std::optional<std::vector<std::string>> baseDNList; 10308a07d286SRatan Gupta std::optional<std::string> userNameAttribute; 10318a07d286SRatan Gupta std::optional<std::string> groupsAttribute; 10328a07d286SRatan Gupta std::optional<std::string> userName; 10338a07d286SRatan Gupta std::optional<std::string> password; 103406785244SRatan Gupta std::optional<std::vector<nlohmann::json>> remoteRoleMapData; 10358a07d286SRatan Gupta 10368a07d286SRatan Gupta if (!json_util::readJson(input, asyncResp->res, "Authentication", 10378a07d286SRatan Gupta authentication, "LDAPService", ldapService, 10388a07d286SRatan Gupta "ServiceAddresses", serviceAddressList, 103906785244SRatan Gupta "ServiceEnabled", serviceEnabled, 104006785244SRatan Gupta "RemoteRoleMapping", remoteRoleMapData)) 10418a07d286SRatan Gupta { 10428a07d286SRatan Gupta return; 10438a07d286SRatan Gupta } 10448a07d286SRatan Gupta 10458a07d286SRatan Gupta if (authentication) 10468a07d286SRatan Gupta { 10478a07d286SRatan Gupta parseLDAPAuthenticationJson(*authentication, asyncResp, userName, 10488a07d286SRatan Gupta password); 10498a07d286SRatan Gupta } 10508a07d286SRatan Gupta if (ldapService) 10518a07d286SRatan Gupta { 10528a07d286SRatan Gupta parseLDAPServiceJson(*ldapService, asyncResp, baseDNList, 10538a07d286SRatan Gupta userNameAttribute, groupsAttribute); 10548a07d286SRatan Gupta } 10558a07d286SRatan Gupta if (serviceAddressList) 10568a07d286SRatan Gupta { 10578a07d286SRatan Gupta if ((*serviceAddressList).size() == 0) 10588a07d286SRatan Gupta { 10598a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, "[]", 10608a07d286SRatan Gupta "ServiceAddress"); 10618a07d286SRatan Gupta return; 10628a07d286SRatan Gupta } 10638a07d286SRatan Gupta } 10648a07d286SRatan Gupta if (baseDNList) 10658a07d286SRatan Gupta { 10668a07d286SRatan Gupta if ((*baseDNList).size() == 0) 10678a07d286SRatan Gupta { 10688a07d286SRatan Gupta messages::propertyValueNotInList(asyncResp->res, "[]", 10698a07d286SRatan Gupta "BaseDistinguishedNames"); 10708a07d286SRatan Gupta return; 10718a07d286SRatan Gupta } 10728a07d286SRatan Gupta } 10738a07d286SRatan Gupta 10748a07d286SRatan Gupta // nothing to update, then return 10758a07d286SRatan Gupta if (!userName && !password && !serviceAddressList && !baseDNList && 107606785244SRatan Gupta !userNameAttribute && !groupsAttribute && !serviceEnabled && 107706785244SRatan Gupta !remoteRoleMapData) 10788a07d286SRatan Gupta { 10798a07d286SRatan Gupta return; 10808a07d286SRatan Gupta } 10818a07d286SRatan Gupta 10828a07d286SRatan Gupta // Get the existing resource first then keep modifying 10838a07d286SRatan Gupta // whenever any property gets updated. 1084b5a76932SEd Tanous getLDAPConfigData( 1085b5a76932SEd Tanous serverType, [this, asyncResp, userName, password, baseDNList, 1086b5a76932SEd Tanous userNameAttribute, groupsAttribute, serviceAddressList, 1087b5a76932SEd Tanous serviceEnabled, dbusObjectPath, remoteRoleMapData]( 1088b5a76932SEd Tanous bool success, const LDAPConfigData& confData, 108923a21a1cSEd Tanous const std::string& serverT) { 10908a07d286SRatan Gupta if (!success) 10918a07d286SRatan Gupta { 10928a07d286SRatan Gupta messages::internalError(asyncResp->res); 10938a07d286SRatan Gupta return; 10948a07d286SRatan Gupta } 1095b5a76932SEd Tanous parseLDAPConfigData(asyncResp->res.jsonValue, confData, 1096b5a76932SEd Tanous serverT); 10978a07d286SRatan Gupta if (confData.serviceEnabled) 10988a07d286SRatan Gupta { 10998a07d286SRatan Gupta // Disable the service first and update the rest of 11008a07d286SRatan Gupta // the properties. 110123a21a1cSEd Tanous handleServiceEnablePatch(false, asyncResp, serverT, 1102eb2bbe56SRatan Gupta dbusObjectPath); 11038a07d286SRatan Gupta } 11048a07d286SRatan Gupta 11058a07d286SRatan Gupta if (serviceAddressList) 11068a07d286SRatan Gupta { 11078a07d286SRatan Gupta handleServiceAddressPatch(*serviceAddressList, asyncResp, 110823a21a1cSEd Tanous serverT, dbusObjectPath); 11098a07d286SRatan Gupta } 11108a07d286SRatan Gupta if (userName) 11118a07d286SRatan Gupta { 111223a21a1cSEd Tanous handleUserNamePatch(*userName, asyncResp, serverT, 1113eb2bbe56SRatan Gupta dbusObjectPath); 11148a07d286SRatan Gupta } 11158a07d286SRatan Gupta if (password) 11168a07d286SRatan Gupta { 111723a21a1cSEd Tanous handlePasswordPatch(*password, asyncResp, serverT, 1118eb2bbe56SRatan Gupta dbusObjectPath); 11198a07d286SRatan Gupta } 11208a07d286SRatan Gupta 11218a07d286SRatan Gupta if (baseDNList) 11228a07d286SRatan Gupta { 112323a21a1cSEd Tanous handleBaseDNPatch(*baseDNList, asyncResp, serverT, 1124eb2bbe56SRatan Gupta dbusObjectPath); 11258a07d286SRatan Gupta } 11268a07d286SRatan Gupta if (userNameAttribute) 11278a07d286SRatan Gupta { 1128b5a76932SEd Tanous handleUserNameAttrPatch(*userNameAttribute, asyncResp, 1129b5a76932SEd Tanous serverT, dbusObjectPath); 11308a07d286SRatan Gupta } 11318a07d286SRatan Gupta if (groupsAttribute) 11328a07d286SRatan Gupta { 1133b5a76932SEd Tanous handleGroupNameAttrPatch(*groupsAttribute, asyncResp, 1134b5a76932SEd Tanous serverT, dbusObjectPath); 11358a07d286SRatan Gupta } 11368a07d286SRatan Gupta if (serviceEnabled) 11378a07d286SRatan Gupta { 11388a07d286SRatan Gupta // if user has given the value as true then enable 11398a07d286SRatan Gupta // the service. if user has given false then no-op 11408a07d286SRatan Gupta // as service is already stopped. 11418a07d286SRatan Gupta if (*serviceEnabled) 11428a07d286SRatan Gupta { 11438a07d286SRatan Gupta handleServiceEnablePatch(*serviceEnabled, asyncResp, 114423a21a1cSEd Tanous serverT, dbusObjectPath); 11458a07d286SRatan Gupta } 11468a07d286SRatan Gupta } 11478a07d286SRatan Gupta else 11488a07d286SRatan Gupta { 11498a07d286SRatan Gupta // if user has not given the service enabled value 11508a07d286SRatan Gupta // then revert it to the same state as it was 11518a07d286SRatan Gupta // before. 11528a07d286SRatan Gupta handleServiceEnablePatch(confData.serviceEnabled, asyncResp, 115323a21a1cSEd Tanous serverT, dbusObjectPath); 11548a07d286SRatan Gupta } 115506785244SRatan Gupta 115606785244SRatan Gupta if (remoteRoleMapData) 115706785244SRatan Gupta { 1158b5a76932SEd Tanous handleRoleMapPatch(asyncResp, confData.groupRoleList, 1159f23b7296SEd Tanous serverT, *remoteRoleMapData); 116006785244SRatan Gupta } 11618a07d286SRatan Gupta }); 11628a07d286SRatan Gupta } 1163d4b5443fSEd Tanous 1164*8d1b46d7Szhanghch05 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1165*8d1b46d7Szhanghch05 const crow::Request&, const std::vector<std::string>&) override 11661abe55efSEd Tanous { 116752cc112dSEd Tanous const persistent_data::AuthConfigMethods& authMethodsConfig = 116852cc112dSEd Tanous persistent_data::SessionStore::getInstance().getAuthMethodsConfig(); 116978158631SZbigniew Kurzynski 1170*8d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 11713d958bbcSAppaRao Puli {"@odata.id", "/redfish/v1/AccountService"}, 11723d958bbcSAppaRao Puli {"@odata.type", "#AccountService." 1173ba9dd4a8SGunnar Mills "v1_5_0.AccountService"}, 11743d958bbcSAppaRao Puli {"Id", "AccountService"}, 11753d958bbcSAppaRao Puli {"Name", "Account Service"}, 11763d958bbcSAppaRao Puli {"Description", "Account Service"}, 11773d958bbcSAppaRao Puli {"ServiceEnabled", true}, 1178343ff2e1SAppaRao Puli {"MaxPasswordLength", 20}, 11793d958bbcSAppaRao Puli {"Accounts", 11803d958bbcSAppaRao Puli {{"@odata.id", "/redfish/v1/AccountService/Accounts"}}}, 118137cce918SMarri Devender Rao {"Roles", {{"@odata.id", "/redfish/v1/AccountService/Roles"}}}, 118278158631SZbigniew Kurzynski {"Oem", 118378158631SZbigniew Kurzynski {{"OpenBMC", 118478158631SZbigniew Kurzynski {{"@odata.type", "#OemAccountService.v1_0_0.AccountService"}, 118578158631SZbigniew Kurzynski {"AuthMethods", 118678158631SZbigniew Kurzynski { 118778158631SZbigniew Kurzynski {"BasicAuth", authMethodsConfig.basic}, 118878158631SZbigniew Kurzynski {"SessionToken", authMethodsConfig.sessionToken}, 118978158631SZbigniew Kurzynski {"XToken", authMethodsConfig.xtoken}, 119078158631SZbigniew Kurzynski {"Cookie", authMethodsConfig.cookie}, 1191501f1e58SZbigniew Kurzynski {"TLS", authMethodsConfig.tls}, 119278158631SZbigniew Kurzynski }}}}}}, 119337cce918SMarri Devender Rao {"LDAP", 119437cce918SMarri Devender Rao {{"Certificates", 119537cce918SMarri Devender Rao {{"@odata.id", 119637cce918SMarri Devender Rao "/redfish/v1/AccountService/LDAP/Certificates"}}}}}}; 11973d958bbcSAppaRao Puli crow::connections::systemBus->async_method_call( 11983d958bbcSAppaRao Puli [asyncResp]( 11993d958bbcSAppaRao Puli const boost::system::error_code ec, 12003d958bbcSAppaRao Puli const std::vector<std::pair< 1201abf2add6SEd Tanous std::string, std::variant<uint32_t, uint16_t, uint8_t>>>& 12023d958bbcSAppaRao Puli propertiesList) { 12033d958bbcSAppaRao Puli if (ec) 12043d958bbcSAppaRao Puli { 12053d958bbcSAppaRao Puli messages::internalError(asyncResp->res); 12063d958bbcSAppaRao Puli return; 12073d958bbcSAppaRao Puli } 12083d958bbcSAppaRao Puli BMCWEB_LOG_DEBUG << "Got " << propertiesList.size() 12093d958bbcSAppaRao Puli << "properties for AccountService"; 12103d958bbcSAppaRao Puli for (const std::pair<std::string, 1211abf2add6SEd Tanous std::variant<uint32_t, uint16_t, uint8_t>>& 12123d958bbcSAppaRao Puli property : propertiesList) 12133d958bbcSAppaRao Puli { 12143d958bbcSAppaRao Puli if (property.first == "MinPasswordLength") 12153d958bbcSAppaRao Puli { 12163d958bbcSAppaRao Puli const uint8_t* value = 1217abf2add6SEd Tanous std::get_if<uint8_t>(&property.second); 12183d958bbcSAppaRao Puli if (value != nullptr) 12193d958bbcSAppaRao Puli { 12203d958bbcSAppaRao Puli asyncResp->res.jsonValue["MinPasswordLength"] = 12213d958bbcSAppaRao Puli *value; 12223d958bbcSAppaRao Puli } 12233d958bbcSAppaRao Puli } 12243d958bbcSAppaRao Puli if (property.first == "AccountUnlockTimeout") 12253d958bbcSAppaRao Puli { 12263d958bbcSAppaRao Puli const uint32_t* value = 1227abf2add6SEd Tanous std::get_if<uint32_t>(&property.second); 12283d958bbcSAppaRao Puli if (value != nullptr) 12293d958bbcSAppaRao Puli { 12303d958bbcSAppaRao Puli asyncResp->res.jsonValue["AccountLockoutDuration"] = 12313d958bbcSAppaRao Puli *value; 12323d958bbcSAppaRao Puli } 12333d958bbcSAppaRao Puli } 12343d958bbcSAppaRao Puli if (property.first == "MaxLoginAttemptBeforeLockout") 12353d958bbcSAppaRao Puli { 12363d958bbcSAppaRao Puli const uint16_t* value = 1237abf2add6SEd Tanous std::get_if<uint16_t>(&property.second); 12383d958bbcSAppaRao Puli if (value != nullptr) 12393d958bbcSAppaRao Puli { 12403d958bbcSAppaRao Puli asyncResp->res 12413d958bbcSAppaRao Puli .jsonValue["AccountLockoutThreshold"] = *value; 12423d958bbcSAppaRao Puli } 12433d958bbcSAppaRao Puli } 12443d958bbcSAppaRao Puli } 12453d958bbcSAppaRao Puli }, 12463d958bbcSAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 12473d958bbcSAppaRao Puli "org.freedesktop.DBus.Properties", "GetAll", 12483d958bbcSAppaRao Puli "xyz.openbmc_project.User.AccountPolicy"); 12496973a582SRatan Gupta 1250ab828d7cSRatan Gupta auto callback = [asyncResp](bool success, LDAPConfigData& confData, 1251ab828d7cSRatan Gupta const std::string& ldapType) { 1252cb13a392SEd Tanous if (!success) 1253cb13a392SEd Tanous { 1254cb13a392SEd Tanous return; 1255cb13a392SEd Tanous } 1256ab828d7cSRatan Gupta parseLDAPConfigData(asyncResp->res.jsonValue, confData, ldapType); 1257ab828d7cSRatan Gupta }; 1258ab828d7cSRatan Gupta 1259ab828d7cSRatan Gupta getLDAPConfigData("LDAP", callback); 1260ab828d7cSRatan Gupta getLDAPConfigData("ActiveDirectory", callback); 12613d958bbcSAppaRao Puli } 12626973a582SRatan Gupta 1263*8d1b46d7Szhanghch05 void doPatch(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1264*8d1b46d7Szhanghch05 const crow::Request& req, 1265cb13a392SEd Tanous const std::vector<std::string>&) override 12663d958bbcSAppaRao Puli { 12673d958bbcSAppaRao Puli std::optional<uint32_t> unlockTimeout; 12683d958bbcSAppaRao Puli std::optional<uint16_t> lockoutThreshold; 126919fb6e71SRatan Gupta std::optional<uint16_t> minPasswordLength; 127019fb6e71SRatan Gupta std::optional<uint16_t> maxPasswordLength; 12718a07d286SRatan Gupta std::optional<nlohmann::json> ldapObject; 1272eb2bbe56SRatan Gupta std::optional<nlohmann::json> activeDirectoryObject; 127378158631SZbigniew Kurzynski std::optional<nlohmann::json> oemObject; 127419fb6e71SRatan Gupta 127578158631SZbigniew Kurzynski if (!json_util::readJson( 1276*8d1b46d7Szhanghch05 req, asyncResp->res, "AccountLockoutDuration", unlockTimeout, 127778158631SZbigniew Kurzynski "AccountLockoutThreshold", lockoutThreshold, 127878158631SZbigniew Kurzynski "MaxPasswordLength", maxPasswordLength, "MinPasswordLength", 127978158631SZbigniew Kurzynski minPasswordLength, "LDAP", ldapObject, "ActiveDirectory", 128078158631SZbigniew Kurzynski activeDirectoryObject, "Oem", oemObject)) 12813d958bbcSAppaRao Puli { 12823d958bbcSAppaRao Puli return; 12833d958bbcSAppaRao Puli } 128419fb6e71SRatan Gupta 128519fb6e71SRatan Gupta if (minPasswordLength) 128619fb6e71SRatan Gupta { 128719fb6e71SRatan Gupta messages::propertyNotWritable(asyncResp->res, "MinPasswordLength"); 128819fb6e71SRatan Gupta } 128919fb6e71SRatan Gupta 129019fb6e71SRatan Gupta if (maxPasswordLength) 129119fb6e71SRatan Gupta { 129219fb6e71SRatan Gupta messages::propertyNotWritable(asyncResp->res, "MaxPasswordLength"); 129319fb6e71SRatan Gupta } 129419fb6e71SRatan Gupta 12958a07d286SRatan Gupta if (ldapObject) 12968a07d286SRatan Gupta { 1297cb13a392SEd Tanous handleLDAPPatch(*ldapObject, asyncResp, "LDAP"); 12988a07d286SRatan Gupta } 12998a07d286SRatan Gupta 130078158631SZbigniew Kurzynski if (std::optional<nlohmann::json> oemOpenBMCObject; 1301*8d1b46d7Szhanghch05 oemObject && json_util::readJson(*oemObject, asyncResp->res, 1302*8d1b46d7Szhanghch05 "OpenBMC", oemOpenBMCObject)) 130378158631SZbigniew Kurzynski { 130478158631SZbigniew Kurzynski if (std::optional<nlohmann::json> authMethodsObject; 130578158631SZbigniew Kurzynski oemOpenBMCObject && 1306*8d1b46d7Szhanghch05 json_util::readJson(*oemOpenBMCObject, asyncResp->res, 1307*8d1b46d7Szhanghch05 "AuthMethods", authMethodsObject)) 130878158631SZbigniew Kurzynski { 130978158631SZbigniew Kurzynski if (authMethodsObject) 131078158631SZbigniew Kurzynski { 131178158631SZbigniew Kurzynski handleAuthMethodsPatch(*authMethodsObject, asyncResp); 131278158631SZbigniew Kurzynski } 131378158631SZbigniew Kurzynski } 131478158631SZbigniew Kurzynski } 131578158631SZbigniew Kurzynski 1316eb2bbe56SRatan Gupta if (activeDirectoryObject) 1317eb2bbe56SRatan Gupta { 1318cb13a392SEd Tanous handleLDAPPatch(*activeDirectoryObject, asyncResp, 1319eb2bbe56SRatan Gupta "ActiveDirectory"); 1320eb2bbe56SRatan Gupta } 1321eb2bbe56SRatan Gupta 13223d958bbcSAppaRao Puli if (unlockTimeout) 13233d958bbcSAppaRao Puli { 13243d958bbcSAppaRao Puli crow::connections::systemBus->async_method_call( 13253d958bbcSAppaRao Puli [asyncResp](const boost::system::error_code ec) { 13263d958bbcSAppaRao Puli if (ec) 13273d958bbcSAppaRao Puli { 13283d958bbcSAppaRao Puli messages::internalError(asyncResp->res); 13293d958bbcSAppaRao Puli return; 13303d958bbcSAppaRao Puli } 1331add6133bSRatan Gupta messages::success(asyncResp->res); 13323d958bbcSAppaRao Puli }, 13333d958bbcSAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 13343d958bbcSAppaRao Puli "org.freedesktop.DBus.Properties", "Set", 13353d958bbcSAppaRao Puli "xyz.openbmc_project.User.AccountPolicy", 1336abf2add6SEd Tanous "AccountUnlockTimeout", std::variant<uint32_t>(*unlockTimeout)); 13373d958bbcSAppaRao Puli } 13383d958bbcSAppaRao Puli if (lockoutThreshold) 13393d958bbcSAppaRao Puli { 13403d958bbcSAppaRao Puli crow::connections::systemBus->async_method_call( 13413d958bbcSAppaRao Puli [asyncResp](const boost::system::error_code ec) { 13423d958bbcSAppaRao Puli if (ec) 13433d958bbcSAppaRao Puli { 13443d958bbcSAppaRao Puli messages::internalError(asyncResp->res); 13453d958bbcSAppaRao Puli return; 13463d958bbcSAppaRao Puli } 1347add6133bSRatan Gupta messages::success(asyncResp->res); 13483d958bbcSAppaRao Puli }, 13493d958bbcSAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 13503d958bbcSAppaRao Puli "org.freedesktop.DBus.Properties", "Set", 13513d958bbcSAppaRao Puli "xyz.openbmc_project.User.AccountPolicy", 13523d958bbcSAppaRao Puli "MaxLoginAttemptBeforeLockout", 1353abf2add6SEd Tanous std::variant<uint16_t>(*lockoutThreshold)); 13543d958bbcSAppaRao Puli } 135588d16c9aSLewanczyk, Dawid } 135688d16c9aSLewanczyk, Dawid }; 1357f00032dbSTanous 1358b9b2e0b2SEd Tanous class AccountsCollection : public Node 1359b9b2e0b2SEd Tanous { 1360b9b2e0b2SEd Tanous public: 136152cc112dSEd Tanous AccountsCollection(App& app) : 1362b9b2e0b2SEd Tanous Node(app, "/redfish/v1/AccountService/Accounts/") 1363b9b2e0b2SEd Tanous { 1364b9b2e0b2SEd Tanous entityPrivileges = { 1365f365910cSGunnar Mills // According to the PrivilegeRegistry, GET should actually be 1366f365910cSGunnar Mills // "Login". A "Login" only privilege would return an empty "Members" 1367f365910cSGunnar Mills // list. Not going to worry about this since none of the defined 1368f365910cSGunnar Mills // roles are just "Login". E.g. Readonly is {"Login", 1369f365910cSGunnar Mills // "ConfigureSelf"}. In the rare event anyone defines a role that 1370f365910cSGunnar Mills // has Login but not ConfigureSelf, implement this. 1371b9b2e0b2SEd Tanous {boost::beast::http::verb::get, 1372f365910cSGunnar Mills {{"ConfigureUsers"}, {"ConfigureSelf"}}}, 1373b9b2e0b2SEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 1374b9b2e0b2SEd Tanous {boost::beast::http::verb::patch, {{"ConfigureUsers"}}}, 1375b9b2e0b2SEd Tanous {boost::beast::http::verb::put, {{"ConfigureUsers"}}}, 1376b9b2e0b2SEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}}, 1377b9b2e0b2SEd Tanous {boost::beast::http::verb::post, {{"ConfigureUsers"}}}}; 1378b9b2e0b2SEd Tanous } 1379b9b2e0b2SEd Tanous 1380b9b2e0b2SEd Tanous private: 1381*8d1b46d7Szhanghch05 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1382*8d1b46d7Szhanghch05 const crow::Request& req, 1383cb13a392SEd Tanous const std::vector<std::string>&) override 1384b9b2e0b2SEd Tanous { 1385*8d1b46d7Szhanghch05 asyncResp->res.jsonValue = { 1386*8d1b46d7Szhanghch05 {"@odata.id", "/redfish/v1/AccountService/Accounts"}, 13870f74e643SEd Tanous {"@odata.type", "#ManagerAccountCollection." 13880f74e643SEd Tanous "ManagerAccountCollection"}, 13890f74e643SEd Tanous {"Name", "Accounts Collection"}, 13900f74e643SEd Tanous {"Description", "BMC User Accounts"}}; 13910f74e643SEd Tanous 1392b9b2e0b2SEd Tanous crow::connections::systemBus->async_method_call( 1393f365910cSGunnar Mills [asyncResp, &req, this](const boost::system::error_code ec, 1394b9b2e0b2SEd Tanous const ManagedObjectType& users) { 1395b9b2e0b2SEd Tanous if (ec) 1396b9b2e0b2SEd Tanous { 1397f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1398b9b2e0b2SEd Tanous return; 1399b9b2e0b2SEd Tanous } 1400b9b2e0b2SEd Tanous 1401b9b2e0b2SEd Tanous nlohmann::json& memberArray = 1402b9b2e0b2SEd Tanous asyncResp->res.jsonValue["Members"]; 1403b9b2e0b2SEd Tanous memberArray = nlohmann::json::array(); 1404b9b2e0b2SEd Tanous 14052dfd18efSEd Tanous for (auto& userpath : users) 1406b9b2e0b2SEd Tanous { 14072dfd18efSEd Tanous std::string user = userpath.first.filename(); 14082dfd18efSEd Tanous if (user.empty()) 1409b9b2e0b2SEd Tanous { 14102dfd18efSEd Tanous messages::internalError(asyncResp->res); 14112dfd18efSEd Tanous BMCWEB_LOG_ERROR << "Invalid firmware ID"; 14122dfd18efSEd Tanous 14132dfd18efSEd Tanous return; 1414b9b2e0b2SEd Tanous } 1415f365910cSGunnar Mills 1416f365910cSGunnar Mills // As clarified by Redfish here: 1417f365910cSGunnar Mills // https://redfishforum.com/thread/281/manageraccountcollection-change-allows-account-enumeration 1418f365910cSGunnar Mills // Users without ConfigureUsers, only see their own account. 1419f365910cSGunnar Mills // Users with ConfigureUsers, see all accounts. 14202dfd18efSEd Tanous if (req.session->username == user || 1421f365910cSGunnar Mills isAllowedWithoutConfigureSelf(req)) 1422f365910cSGunnar Mills { 1423b9b2e0b2SEd Tanous memberArray.push_back( 1424f365910cSGunnar Mills {{"@odata.id", 14252dfd18efSEd Tanous "/redfish/v1/AccountService/Accounts/" + user}}); 1426b9b2e0b2SEd Tanous } 1427f365910cSGunnar Mills } 1428f365910cSGunnar Mills asyncResp->res.jsonValue["Members@odata.count"] = 1429f365910cSGunnar Mills memberArray.size(); 1430b9b2e0b2SEd Tanous }, 1431b9b2e0b2SEd Tanous "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1432b9b2e0b2SEd Tanous "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); 1433b9b2e0b2SEd Tanous } 1434*8d1b46d7Szhanghch05 void doPost(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1435*8d1b46d7Szhanghch05 const crow::Request& req, 1436cb13a392SEd Tanous const std::vector<std::string>&) override 143704ae99ecSEd Tanous { 14389712f8acSEd Tanous std::string username; 14399712f8acSEd Tanous std::string password; 1440a24526dcSEd Tanous std::optional<std::string> roleId("User"); 1441a24526dcSEd Tanous std::optional<bool> enabled = true; 1442*8d1b46d7Szhanghch05 if (!json_util::readJson(req, asyncResp->res, "UserName", username, 1443*8d1b46d7Szhanghch05 "Password", password, "RoleId", roleId, 1444*8d1b46d7Szhanghch05 "Enabled", enabled)) 144504ae99ecSEd Tanous { 144604ae99ecSEd Tanous return; 144704ae99ecSEd Tanous } 144804ae99ecSEd Tanous 144954fc587aSNagaraju Goruganti std::string priv = getPrivilegeFromRoleId(*roleId); 145084e12cb7SAppaRao Puli if (priv.empty()) 145104ae99ecSEd Tanous { 1452f12894f8SJason M. Bills messages::propertyValueNotInList(asyncResp->res, *roleId, "RoleId"); 145304ae99ecSEd Tanous return; 145404ae99ecSEd Tanous } 145596200606Sjayaprakash Mutyala // TODO: Following override will be reverted once support in 145696200606Sjayaprakash Mutyala // phosphor-user-manager is added. In order to avoid dependency issues, 145796200606Sjayaprakash Mutyala // this is added in bmcweb, which will removed, once 145896200606Sjayaprakash Mutyala // phosphor-user-manager supports priv-noaccess. 145996200606Sjayaprakash Mutyala if (priv == "priv-noaccess") 146096200606Sjayaprakash Mutyala { 146196200606Sjayaprakash Mutyala roleId = ""; 146296200606Sjayaprakash Mutyala } 146396200606Sjayaprakash Mutyala else 146496200606Sjayaprakash Mutyala { 14659712f8acSEd Tanous roleId = priv; 146696200606Sjayaprakash Mutyala } 146704ae99ecSEd Tanous 1468599c71d8SAyushi Smriti // Reading AllGroups property 1469599c71d8SAyushi Smriti crow::connections::systemBus->async_method_call( 1470599c71d8SAyushi Smriti [asyncResp, username, password{std::move(password)}, roleId, 1471599c71d8SAyushi Smriti enabled](const boost::system::error_code ec, 1472599c71d8SAyushi Smriti const std::variant<std::vector<std::string>>& allGroups) { 1473599c71d8SAyushi Smriti if (ec) 1474599c71d8SAyushi Smriti { 1475599c71d8SAyushi Smriti BMCWEB_LOG_DEBUG << "ERROR with async_method_call"; 1476599c71d8SAyushi Smriti messages::internalError(asyncResp->res); 1477599c71d8SAyushi Smriti return; 1478599c71d8SAyushi Smriti } 1479599c71d8SAyushi Smriti 1480599c71d8SAyushi Smriti const std::vector<std::string>* allGroupsList = 1481599c71d8SAyushi Smriti std::get_if<std::vector<std::string>>(&allGroups); 1482599c71d8SAyushi Smriti 1483599c71d8SAyushi Smriti if (allGroupsList == nullptr || allGroupsList->empty()) 1484599c71d8SAyushi Smriti { 1485599c71d8SAyushi Smriti messages::internalError(asyncResp->res); 1486599c71d8SAyushi Smriti return; 1487599c71d8SAyushi Smriti } 1488599c71d8SAyushi Smriti 148904ae99ecSEd Tanous crow::connections::systemBus->async_method_call( 1490f23b7296SEd Tanous [asyncResp, username, 1491f23b7296SEd Tanous password](const boost::system::error_code ec2, 14920d4197e0Sanil kumar appana sdbusplus::message::message& m) { 149323a21a1cSEd Tanous if (ec2) 149404ae99ecSEd Tanous { 14950d4197e0Sanil kumar appana userErrorMessageHandler(m.get_error(), asyncResp, 14960d4197e0Sanil kumar appana username, ""); 149704ae99ecSEd Tanous return; 149804ae99ecSEd Tanous } 149904ae99ecSEd Tanous 150066b5ca76Sjayaprakash Mutyala if (pamUpdatePassword(username, password) != 150166b5ca76Sjayaprakash Mutyala PAM_SUCCESS) 150204ae99ecSEd Tanous { 1503599c71d8SAyushi Smriti // At this point we have a user that's been created, 1504599c71d8SAyushi Smriti // but the password set failed.Something is wrong, 1505599c71d8SAyushi Smriti // so delete the user that we've already created 150604ae99ecSEd Tanous crow::connections::systemBus->async_method_call( 150723a21a1cSEd Tanous [asyncResp, password]( 150823a21a1cSEd Tanous const boost::system::error_code ec3) { 150923a21a1cSEd Tanous if (ec3) 151004ae99ecSEd Tanous { 1511f12894f8SJason M. Bills messages::internalError(asyncResp->res); 151204ae99ecSEd Tanous return; 151304ae99ecSEd Tanous } 151404ae99ecSEd Tanous 15150d4197e0Sanil kumar appana // If password is invalid 15160d4197e0Sanil kumar appana messages::propertyValueFormatError( 15170d4197e0Sanil kumar appana asyncResp->res, password, "Password"); 151804ae99ecSEd Tanous }, 151904ae99ecSEd Tanous "xyz.openbmc_project.User.Manager", 152004ae99ecSEd Tanous "/xyz/openbmc_project/user/" + username, 152104ae99ecSEd Tanous "xyz.openbmc_project.Object.Delete", "Delete"); 152204ae99ecSEd Tanous 152304ae99ecSEd Tanous BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; 152404ae99ecSEd Tanous return; 152504ae99ecSEd Tanous } 152604ae99ecSEd Tanous 1527f12894f8SJason M. Bills messages::created(asyncResp->res); 152804ae99ecSEd Tanous asyncResp->res.addHeader( 152904ae99ecSEd Tanous "Location", 153004ae99ecSEd Tanous "/redfish/v1/AccountService/Accounts/" + username); 153104ae99ecSEd Tanous }, 1532599c71d8SAyushi Smriti "xyz.openbmc_project.User.Manager", 1533599c71d8SAyushi Smriti "/xyz/openbmc_project/user", 15349712f8acSEd Tanous "xyz.openbmc_project.User.Manager", "CreateUser", username, 1535599c71d8SAyushi Smriti *allGroupsList, *roleId, *enabled); 1536599c71d8SAyushi Smriti }, 1537599c71d8SAyushi Smriti "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1538599c71d8SAyushi Smriti "org.freedesktop.DBus.Properties", "Get", 1539599c71d8SAyushi Smriti "xyz.openbmc_project.User.Manager", "AllGroups"); 154004ae99ecSEd Tanous } 1541b9b2e0b2SEd Tanous }; 1542b9b2e0b2SEd Tanous 1543b9b2e0b2SEd Tanous class ManagerAccount : public Node 1544b9b2e0b2SEd Tanous { 1545b9b2e0b2SEd Tanous public: 154652cc112dSEd Tanous ManagerAccount(App& app) : 1547b9b2e0b2SEd Tanous Node(app, "/redfish/v1/AccountService/Accounts/<str>/", std::string()) 1548b9b2e0b2SEd Tanous { 1549b9b2e0b2SEd Tanous entityPrivileges = { 1550b9b2e0b2SEd Tanous {boost::beast::http::verb::get, 1551b9b2e0b2SEd Tanous {{"ConfigureUsers"}, {"ConfigureManager"}, {"ConfigureSelf"}}}, 1552b9b2e0b2SEd Tanous {boost::beast::http::verb::head, {{"Login"}}}, 1553900f9497SJoseph Reynolds {boost::beast::http::verb::patch, 1554900f9497SJoseph Reynolds {{"ConfigureUsers"}, {"ConfigureSelf"}}}, 1555b9b2e0b2SEd Tanous {boost::beast::http::verb::put, {{"ConfigureUsers"}}}, 1556b9b2e0b2SEd Tanous {boost::beast::http::verb::delete_, {{"ConfigureUsers"}}}, 1557b9b2e0b2SEd Tanous {boost::beast::http::verb::post, {{"ConfigureUsers"}}}}; 1558b9b2e0b2SEd Tanous } 1559b9b2e0b2SEd Tanous 1560b9b2e0b2SEd Tanous private: 1561*8d1b46d7Szhanghch05 void doGet(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1562*8d1b46d7Szhanghch05 const crow::Request& req, 1563b9b2e0b2SEd Tanous const std::vector<std::string>& params) override 1564b9b2e0b2SEd Tanous { 1565b9b2e0b2SEd Tanous if (params.size() != 1) 1566b9b2e0b2SEd Tanous { 1567f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1568b9b2e0b2SEd Tanous return; 1569b9b2e0b2SEd Tanous } 1570b9b2e0b2SEd Tanous 1571900f9497SJoseph Reynolds // Perform a proper ConfigureSelf authority check. If the 1572900f9497SJoseph Reynolds // user is operating on an account not their own, then their 1573900f9497SJoseph Reynolds // ConfigureSelf privilege does not apply. In this case, 1574900f9497SJoseph Reynolds // perform the authority check again without the user's 1575900f9497SJoseph Reynolds // ConfigureSelf privilege. 1576900f9497SJoseph Reynolds if (req.session->username != params[0]) 1577900f9497SJoseph Reynolds { 1578900f9497SJoseph Reynolds if (!isAllowedWithoutConfigureSelf(req)) 1579900f9497SJoseph Reynolds { 1580900f9497SJoseph Reynolds BMCWEB_LOG_DEBUG << "GET Account denied access"; 1581900f9497SJoseph Reynolds messages::insufficientPrivilege(asyncResp->res); 1582900f9497SJoseph Reynolds return; 1583900f9497SJoseph Reynolds } 1584900f9497SJoseph Reynolds } 1585900f9497SJoseph Reynolds 1586b9b2e0b2SEd Tanous crow::connections::systemBus->async_method_call( 1587b9b2e0b2SEd Tanous [asyncResp, accountName{std::string(params[0])}]( 1588b9b2e0b2SEd Tanous const boost::system::error_code ec, 1589b9b2e0b2SEd Tanous const ManagedObjectType& users) { 1590b9b2e0b2SEd Tanous if (ec) 1591b9b2e0b2SEd Tanous { 1592f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1593b9b2e0b2SEd Tanous return; 1594b9b2e0b2SEd Tanous } 159584e12cb7SAppaRao Puli auto userIt = users.begin(); 1596b9b2e0b2SEd Tanous 159784e12cb7SAppaRao Puli for (; userIt != users.end(); userIt++) 1598b9b2e0b2SEd Tanous { 159984e12cb7SAppaRao Puli if (boost::ends_with(userIt->first.str, "/" + accountName)) 1600b9b2e0b2SEd Tanous { 160184e12cb7SAppaRao Puli break; 1602b9b2e0b2SEd Tanous } 1603b9b2e0b2SEd Tanous } 160484e12cb7SAppaRao Puli if (userIt == users.end()) 1605b9b2e0b2SEd Tanous { 160684e12cb7SAppaRao Puli messages::resourceNotFound(asyncResp->res, "ManagerAccount", 160784e12cb7SAppaRao Puli accountName); 160884e12cb7SAppaRao Puli return; 160984e12cb7SAppaRao Puli } 16104e68c45bSAyushi Smriti 16114e68c45bSAyushi Smriti asyncResp->res.jsonValue = { 16128114bd4dSGunnar Mills {"@odata.type", "#ManagerAccount.v1_4_0.ManagerAccount"}, 16134e68c45bSAyushi Smriti {"Name", "User Account"}, 16144e68c45bSAyushi Smriti {"Description", "User Account"}, 16158114bd4dSGunnar Mills {"Password", nullptr}, 16168114bd4dSGunnar Mills {"AccountTypes", {"Redfish"}}}; 16174e68c45bSAyushi Smriti 161884e12cb7SAppaRao Puli for (const auto& interface : userIt->second) 161965b0dc32SEd Tanous { 162065b0dc32SEd Tanous if (interface.first == 162165b0dc32SEd Tanous "xyz.openbmc_project.User.Attributes") 162265b0dc32SEd Tanous { 162365b0dc32SEd Tanous for (const auto& property : interface.second) 162465b0dc32SEd Tanous { 162565b0dc32SEd Tanous if (property.first == "UserEnabled") 162665b0dc32SEd Tanous { 162765b0dc32SEd Tanous const bool* userEnabled = 1628abf2add6SEd Tanous std::get_if<bool>(&property.second); 162965b0dc32SEd Tanous if (userEnabled == nullptr) 163065b0dc32SEd Tanous { 163165b0dc32SEd Tanous BMCWEB_LOG_ERROR 163265b0dc32SEd Tanous << "UserEnabled wasn't a bool"; 163384e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 163484e12cb7SAppaRao Puli return; 163565b0dc32SEd Tanous } 163665b0dc32SEd Tanous asyncResp->res.jsonValue["Enabled"] = 163765b0dc32SEd Tanous *userEnabled; 163865b0dc32SEd Tanous } 163965b0dc32SEd Tanous else if (property.first == 164065b0dc32SEd Tanous "UserLockedForFailedAttempt") 164165b0dc32SEd Tanous { 164265b0dc32SEd Tanous const bool* userLocked = 1643abf2add6SEd Tanous std::get_if<bool>(&property.second); 164465b0dc32SEd Tanous if (userLocked == nullptr) 164565b0dc32SEd Tanous { 164684e12cb7SAppaRao Puli BMCWEB_LOG_ERROR << "UserLockedForF" 164784e12cb7SAppaRao Puli "ailedAttempt " 164884e12cb7SAppaRao Puli "wasn't a bool"; 164984e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 165084e12cb7SAppaRao Puli return; 165165b0dc32SEd Tanous } 165265b0dc32SEd Tanous asyncResp->res.jsonValue["Locked"] = 165365b0dc32SEd Tanous *userLocked; 165424c8542dSRatan Gupta asyncResp->res.jsonValue 165524c8542dSRatan Gupta ["Locked@Redfish.AllowableValues"] = { 16563bf4e632SJoseph Reynolds "false"}; // can only unlock accounts 165765b0dc32SEd Tanous } 165884e12cb7SAppaRao Puli else if (property.first == "UserPrivilege") 165984e12cb7SAppaRao Puli { 166054fc587aSNagaraju Goruganti const std::string* userPrivPtr = 1661abf2add6SEd Tanous std::get_if<std::string>(&property.second); 166254fc587aSNagaraju Goruganti if (userPrivPtr == nullptr) 166384e12cb7SAppaRao Puli { 166484e12cb7SAppaRao Puli BMCWEB_LOG_ERROR 166584e12cb7SAppaRao Puli << "UserPrivilege wasn't a " 166684e12cb7SAppaRao Puli "string"; 166784e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 166884e12cb7SAppaRao Puli return; 166984e12cb7SAppaRao Puli } 167054fc587aSNagaraju Goruganti std::string role = 167154fc587aSNagaraju Goruganti getRoleIdFromPrivilege(*userPrivPtr); 167254fc587aSNagaraju Goruganti if (role.empty()) 167384e12cb7SAppaRao Puli { 167484e12cb7SAppaRao Puli BMCWEB_LOG_ERROR << "Invalid user role"; 167584e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 167684e12cb7SAppaRao Puli return; 167784e12cb7SAppaRao Puli } 167854fc587aSNagaraju Goruganti asyncResp->res.jsonValue["RoleId"] = role; 167984e12cb7SAppaRao Puli 168084e12cb7SAppaRao Puli asyncResp->res.jsonValue["Links"]["Role"] = { 168184e12cb7SAppaRao Puli {"@odata.id", "/redfish/v1/AccountService/" 168284e12cb7SAppaRao Puli "Roles/" + 168354fc587aSNagaraju Goruganti role}}; 168484e12cb7SAppaRao Puli } 16853bf4e632SJoseph Reynolds else if (property.first == "UserPasswordExpired") 16863bf4e632SJoseph Reynolds { 16873bf4e632SJoseph Reynolds const bool* userPasswordExpired = 16883bf4e632SJoseph Reynolds std::get_if<bool>(&property.second); 16893bf4e632SJoseph Reynolds if (userPasswordExpired == nullptr) 16903bf4e632SJoseph Reynolds { 16913bf4e632SJoseph Reynolds BMCWEB_LOG_ERROR << "UserPassword" 16923bf4e632SJoseph Reynolds "Expired " 16933bf4e632SJoseph Reynolds "wasn't a bool"; 16943bf4e632SJoseph Reynolds messages::internalError(asyncResp->res); 16953bf4e632SJoseph Reynolds return; 16963bf4e632SJoseph Reynolds } 16973bf4e632SJoseph Reynolds asyncResp->res 16983bf4e632SJoseph Reynolds .jsonValue["PasswordChangeRequired"] = 16993bf4e632SJoseph Reynolds *userPasswordExpired; 17003bf4e632SJoseph Reynolds } 170165b0dc32SEd Tanous } 170265b0dc32SEd Tanous } 170365b0dc32SEd Tanous } 170465b0dc32SEd Tanous 1705b9b2e0b2SEd Tanous asyncResp->res.jsonValue["@odata.id"] = 170684e12cb7SAppaRao Puli "/redfish/v1/AccountService/Accounts/" + accountName; 1707b9b2e0b2SEd Tanous asyncResp->res.jsonValue["Id"] = accountName; 1708b9b2e0b2SEd Tanous asyncResp->res.jsonValue["UserName"] = accountName; 1709b9b2e0b2SEd Tanous }, 1710b9b2e0b2SEd Tanous "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 1711b9b2e0b2SEd Tanous "org.freedesktop.DBus.ObjectManager", "GetManagedObjects"); 1712b9b2e0b2SEd Tanous } 1713a840879dSEd Tanous 1714*8d1b46d7Szhanghch05 void doPatch(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1715*8d1b46d7Szhanghch05 const crow::Request& req, 1716a840879dSEd Tanous const std::vector<std::string>& params) override 1717a840879dSEd Tanous { 1718*8d1b46d7Szhanghch05 1719a840879dSEd Tanous if (params.size() != 1) 1720a840879dSEd Tanous { 1721f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1722a840879dSEd Tanous return; 1723a840879dSEd Tanous } 1724a840879dSEd Tanous 1725a24526dcSEd Tanous std::optional<std::string> newUserName; 1726a24526dcSEd Tanous std::optional<std::string> password; 1727a24526dcSEd Tanous std::optional<bool> enabled; 1728a24526dcSEd Tanous std::optional<std::string> roleId; 172924c8542dSRatan Gupta std::optional<bool> locked; 1730*8d1b46d7Szhanghch05 if (!json_util::readJson(req, asyncResp->res, "UserName", newUserName, 1731*8d1b46d7Szhanghch05 "Password", password, "RoleId", roleId, 1732*8d1b46d7Szhanghch05 "Enabled", enabled, "Locked", locked)) 1733a840879dSEd Tanous { 1734a840879dSEd Tanous return; 1735a840879dSEd Tanous } 1736a840879dSEd Tanous 173784e12cb7SAppaRao Puli const std::string& username = params[0]; 173884e12cb7SAppaRao Puli 1739900f9497SJoseph Reynolds // Perform a proper ConfigureSelf authority check. If the 1740900f9497SJoseph Reynolds // session is being used to PATCH a property other than 1741900f9497SJoseph Reynolds // Password, then the ConfigureSelf privilege does not apply. 1742900f9497SJoseph Reynolds // If the user is operating on an account not their own, then 1743900f9497SJoseph Reynolds // their ConfigureSelf privilege does not apply. In either 1744900f9497SJoseph Reynolds // case, perform the authority check again without the user's 1745900f9497SJoseph Reynolds // ConfigureSelf privilege. 1746900f9497SJoseph Reynolds if ((username != req.session->username) || 1747900f9497SJoseph Reynolds (newUserName || enabled || roleId || locked)) 1748900f9497SJoseph Reynolds { 1749900f9497SJoseph Reynolds if (!isAllowedWithoutConfigureSelf(req)) 1750900f9497SJoseph Reynolds { 1751900f9497SJoseph Reynolds BMCWEB_LOG_WARNING << "PATCH Password denied access"; 1752900f9497SJoseph Reynolds asyncResp->res.clear(); 1753900f9497SJoseph Reynolds messages::insufficientPrivilege(asyncResp->res); 1754900f9497SJoseph Reynolds return; 1755900f9497SJoseph Reynolds } 1756900f9497SJoseph Reynolds } 1757900f9497SJoseph Reynolds 175866b5ca76Sjayaprakash Mutyala // if user name is not provided in the patch method or if it 175966b5ca76Sjayaprakash Mutyala // matches the user name in the URI, then we are treating it as updating 176066b5ca76Sjayaprakash Mutyala // user properties other then username. If username provided doesn't 176166b5ca76Sjayaprakash Mutyala // match the URI, then we are treating this as user rename request. 176266b5ca76Sjayaprakash Mutyala if (!newUserName || (newUserName.value() == username)) 1763a840879dSEd Tanous { 176424c8542dSRatan Gupta updateUserProperties(asyncResp, username, password, enabled, roleId, 176524c8542dSRatan Gupta locked); 176684e12cb7SAppaRao Puli return; 176784e12cb7SAppaRao Puli } 176884e12cb7SAppaRao Puli crow::connections::systemBus->async_method_call( 176984e12cb7SAppaRao Puli [this, asyncResp, username, password(std::move(password)), 1770f23b7296SEd Tanous roleId(std::move(roleId)), enabled, 177166b5ca76Sjayaprakash Mutyala newUser{std::string(*newUserName)}, 1772f23b7296SEd Tanous locked](const boost::system::error_code ec, 177366b5ca76Sjayaprakash Mutyala sdbusplus::message::message& m) { 177484e12cb7SAppaRao Puli if (ec) 177584e12cb7SAppaRao Puli { 17763174e4dfSEd Tanous userErrorMessageHandler(m.get_error(), asyncResp, newUser, 17773174e4dfSEd Tanous username); 1778a840879dSEd Tanous return; 1779a840879dSEd Tanous } 1780a840879dSEd Tanous 178184e12cb7SAppaRao Puli updateUserProperties(asyncResp, newUser, password, enabled, 178224c8542dSRatan Gupta roleId, locked); 178384e12cb7SAppaRao Puli }, 178484e12cb7SAppaRao Puli "xyz.openbmc_project.User.Manager", "/xyz/openbmc_project/user", 178584e12cb7SAppaRao Puli "xyz.openbmc_project.User.Manager", "RenameUser", username, 178684e12cb7SAppaRao Puli *newUserName); 178784e12cb7SAppaRao Puli } 178884e12cb7SAppaRao Puli 1789*8d1b46d7Szhanghch05 void updateUserProperties(std::shared_ptr<bmcweb::AsyncResp> asyncResp, 179084e12cb7SAppaRao Puli const std::string& username, 1791a24526dcSEd Tanous std::optional<std::string> password, 1792a24526dcSEd Tanous std::optional<bool> enabled, 179324c8542dSRatan Gupta std::optional<std::string> roleId, 179424c8542dSRatan Gupta std::optional<bool> locked) 179584e12cb7SAppaRao Puli { 179624c8542dSRatan Gupta std::string dbusObjectPath = "/xyz/openbmc_project/user/" + username; 179724c8542dSRatan Gupta dbus::utility::escapePathForDbus(dbusObjectPath); 179824c8542dSRatan Gupta 179922c33710SRatan Gupta dbus::utility::checkDbusPathExists( 180024c8542dSRatan Gupta dbusObjectPath, 180124c8542dSRatan Gupta [dbusObjectPath(std::move(dbusObjectPath)), username, 1802f23b7296SEd Tanous password(std::move(password)), roleId(std::move(roleId)), enabled, 1803f23b7296SEd Tanous locked, asyncResp{std::move(asyncResp)}](int rc) { 180424c8542dSRatan Gupta if (!rc) 180524c8542dSRatan Gupta { 180666b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 18078114bd4dSGunnar Mills asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", 180866b5ca76Sjayaprakash Mutyala username); 180924c8542dSRatan Gupta return; 181024c8542dSRatan Gupta } 181166b5ca76Sjayaprakash Mutyala 181266b5ca76Sjayaprakash Mutyala if (password) 181366b5ca76Sjayaprakash Mutyala { 181466b5ca76Sjayaprakash Mutyala int retval = pamUpdatePassword(username, *password); 181566b5ca76Sjayaprakash Mutyala 181666b5ca76Sjayaprakash Mutyala if (retval == PAM_USER_UNKNOWN) 181766b5ca76Sjayaprakash Mutyala { 181866b5ca76Sjayaprakash Mutyala messages::resourceNotFound( 181966b5ca76Sjayaprakash Mutyala asyncResp->res, 18208114bd4dSGunnar Mills "#ManagerAccount.v1_4_0.ManagerAccount", username); 182166b5ca76Sjayaprakash Mutyala } 182266b5ca76Sjayaprakash Mutyala else if (retval == PAM_AUTHTOK_ERR) 182366b5ca76Sjayaprakash Mutyala { 182466b5ca76Sjayaprakash Mutyala // If password is invalid 182566b5ca76Sjayaprakash Mutyala messages::propertyValueFormatError( 182666b5ca76Sjayaprakash Mutyala asyncResp->res, *password, "Password"); 182766b5ca76Sjayaprakash Mutyala BMCWEB_LOG_ERROR << "pamUpdatePassword Failed"; 182866b5ca76Sjayaprakash Mutyala } 182966b5ca76Sjayaprakash Mutyala else if (retval != PAM_SUCCESS) 183066b5ca76Sjayaprakash Mutyala { 183166b5ca76Sjayaprakash Mutyala messages::internalError(asyncResp->res); 183266b5ca76Sjayaprakash Mutyala return; 183366b5ca76Sjayaprakash Mutyala } 183466b5ca76Sjayaprakash Mutyala } 183566b5ca76Sjayaprakash Mutyala 18369712f8acSEd Tanous if (enabled) 1837a840879dSEd Tanous { 1838a840879dSEd Tanous crow::connections::systemBus->async_method_call( 1839a840879dSEd Tanous [asyncResp](const boost::system::error_code ec) { 1840a840879dSEd Tanous if (ec) 1841a840879dSEd Tanous { 184224c8542dSRatan Gupta BMCWEB_LOG_ERROR << "D-Bus responses error: " 184324c8542dSRatan Gupta << ec; 1844f12894f8SJason M. Bills messages::internalError(asyncResp->res); 1845a840879dSEd Tanous return; 1846a840879dSEd Tanous } 184784e12cb7SAppaRao Puli messages::success(asyncResp->res); 184884e12cb7SAppaRao Puli return; 184984e12cb7SAppaRao Puli }, 185084e12cb7SAppaRao Puli "xyz.openbmc_project.User.Manager", 185124c8542dSRatan Gupta dbusObjectPath.c_str(), 185284e12cb7SAppaRao Puli "org.freedesktop.DBus.Properties", "Set", 185384e12cb7SAppaRao Puli "xyz.openbmc_project.User.Attributes", "UserEnabled", 1854abf2add6SEd Tanous std::variant<bool>{*enabled}); 185584e12cb7SAppaRao Puli } 185684e12cb7SAppaRao Puli 185784e12cb7SAppaRao Puli if (roleId) 185884e12cb7SAppaRao Puli { 185954fc587aSNagaraju Goruganti std::string priv = getPrivilegeFromRoleId(*roleId); 186084e12cb7SAppaRao Puli if (priv.empty()) 186184e12cb7SAppaRao Puli { 186224c8542dSRatan Gupta messages::propertyValueNotInList(asyncResp->res, 186324c8542dSRatan Gupta *roleId, "RoleId"); 186484e12cb7SAppaRao Puli return; 186584e12cb7SAppaRao Puli } 186696200606Sjayaprakash Mutyala if (priv == "priv-noaccess") 186796200606Sjayaprakash Mutyala { 186896200606Sjayaprakash Mutyala priv = ""; 186996200606Sjayaprakash Mutyala } 187084e12cb7SAppaRao Puli 187184e12cb7SAppaRao Puli crow::connections::systemBus->async_method_call( 187284e12cb7SAppaRao Puli [asyncResp](const boost::system::error_code ec) { 187384e12cb7SAppaRao Puli if (ec) 187484e12cb7SAppaRao Puli { 187524c8542dSRatan Gupta BMCWEB_LOG_ERROR << "D-Bus responses error: " 187624c8542dSRatan Gupta << ec; 187784e12cb7SAppaRao Puli messages::internalError(asyncResp->res); 187884e12cb7SAppaRao Puli return; 187984e12cb7SAppaRao Puli } 1880f12894f8SJason M. Bills messages::success(asyncResp->res); 1881a840879dSEd Tanous }, 1882a840879dSEd Tanous "xyz.openbmc_project.User.Manager", 188324c8542dSRatan Gupta dbusObjectPath.c_str(), 1884a840879dSEd Tanous "org.freedesktop.DBus.Properties", "Set", 188584e12cb7SAppaRao Puli "xyz.openbmc_project.User.Attributes", "UserPrivilege", 1886abf2add6SEd Tanous std::variant<std::string>{priv}); 1887a840879dSEd Tanous } 188824c8542dSRatan Gupta 188924c8542dSRatan Gupta if (locked) 189024c8542dSRatan Gupta { 189124c8542dSRatan Gupta // admin can unlock the account which is locked by 189254fc587aSNagaraju Goruganti // successive authentication failures but admin should 189354fc587aSNagaraju Goruganti // not be allowed to lock an account. 189424c8542dSRatan Gupta if (*locked) 189524c8542dSRatan Gupta { 189624c8542dSRatan Gupta messages::propertyValueNotInList(asyncResp->res, "true", 189724c8542dSRatan Gupta "Locked"); 189824c8542dSRatan Gupta return; 189924c8542dSRatan Gupta } 190024c8542dSRatan Gupta 190124c8542dSRatan Gupta crow::connections::systemBus->async_method_call( 190224c8542dSRatan Gupta [asyncResp](const boost::system::error_code ec) { 190324c8542dSRatan Gupta if (ec) 190424c8542dSRatan Gupta { 190524c8542dSRatan Gupta BMCWEB_LOG_ERROR << "D-Bus responses error: " 190624c8542dSRatan Gupta << ec; 190724c8542dSRatan Gupta messages::internalError(asyncResp->res); 190824c8542dSRatan Gupta return; 190924c8542dSRatan Gupta } 191024c8542dSRatan Gupta messages::success(asyncResp->res); 191124c8542dSRatan Gupta return; 191224c8542dSRatan Gupta }, 191324c8542dSRatan Gupta "xyz.openbmc_project.User.Manager", 191424c8542dSRatan Gupta dbusObjectPath.c_str(), 191524c8542dSRatan Gupta "org.freedesktop.DBus.Properties", "Set", 191624c8542dSRatan Gupta "xyz.openbmc_project.User.Attributes", 191724c8542dSRatan Gupta "UserLockedForFailedAttempt", 191819bd78d9SPatrick Williams std::variant<bool>{*locked}); 191924c8542dSRatan Gupta } 192024c8542dSRatan Gupta }); 1921a840879dSEd Tanous } 192206e086d9SEd Tanous 1923*8d1b46d7Szhanghch05 void doDelete(const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, 1924*8d1b46d7Szhanghch05 const crow::Request&, 192506e086d9SEd Tanous const std::vector<std::string>& params) override 192606e086d9SEd Tanous { 192706e086d9SEd Tanous 192806e086d9SEd Tanous if (params.size() != 1) 192906e086d9SEd Tanous { 1930f12894f8SJason M. Bills messages::internalError(asyncResp->res); 193106e086d9SEd Tanous return; 193206e086d9SEd Tanous } 193306e086d9SEd Tanous 193406e086d9SEd Tanous const std::string userPath = "/xyz/openbmc_project/user/" + params[0]; 193506e086d9SEd Tanous 193606e086d9SEd Tanous crow::connections::systemBus->async_method_call( 1937f23b7296SEd Tanous [asyncResp, 1938f23b7296SEd Tanous username{params[0]}](const boost::system::error_code ec) { 193906e086d9SEd Tanous if (ec) 194006e086d9SEd Tanous { 194106e086d9SEd Tanous messages::resourceNotFound( 19428114bd4dSGunnar Mills asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", 1943f12894f8SJason M. Bills username); 194406e086d9SEd Tanous return; 194506e086d9SEd Tanous } 194606e086d9SEd Tanous 1947f12894f8SJason M. Bills messages::accountRemoved(asyncResp->res); 194806e086d9SEd Tanous }, 194906e086d9SEd Tanous "xyz.openbmc_project.User.Manager", userPath, 195006e086d9SEd Tanous "xyz.openbmc_project.Object.Delete", "Delete"); 195106e086d9SEd Tanous } 195284e12cb7SAppaRao Puli }; 195388d16c9aSLewanczyk, Dawid 195488d16c9aSLewanczyk, Dawid } // namespace redfish 1955