1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 18 #include <logging.h> 19 20 #include <array> 21 #include <bitset> 22 #include <boost/beast/http/verb.hpp> 23 #include <boost/container/flat_map.hpp> 24 #include <cstdint> 25 #include <vector> 26 27 namespace redfish 28 { 29 30 enum class PrivilegeType 31 { 32 BASE, 33 OEM 34 }; 35 36 /** @brief A fixed array of compile time privileges */ 37 constexpr std::array<const char*, 5> basePrivileges{ 38 "Login", "ConfigureManager", "ConfigureComponents", "ConfigureSelf", 39 "ConfigureUsers"}; 40 41 constexpr const size_t basePrivilegeCount = basePrivileges.size(); 42 43 /** @brief Max number of privileges per type */ 44 constexpr const size_t maxPrivilegeCount = 32; 45 46 /** @brief A vector of all privilege names and their indexes */ 47 static const std::vector<std::string> privilegeNames{basePrivileges.begin(), 48 basePrivileges.end()}; 49 50 /** 51 * @brief Redfish privileges 52 * 53 * This implements a set of Redfish privileges. These directly represent 54 * user privileges and help represent entity privileges. 55 * 56 * Each incoming Connection requires a comparison between privileges held 57 * by the user issuing a request and the target entity's privileges. 58 * 59 * To ensure best runtime performance of this comparison, privileges 60 * are represented as bitsets. Each bit in the bitset corresponds to a 61 * unique privilege name. 62 * 63 * A bit is set if the privilege is required (entity domain) or granted 64 * (user domain) and false otherwise. 65 * 66 */ 67 class Privileges 68 { 69 public: 70 /** 71 * @brief Constructs object without any privileges active 72 * 73 */ 74 Privileges() = default; 75 76 /** 77 * @brief Constructs object with given privileges active 78 * 79 * @param[in] privilegeList List of privileges to be activated 80 * 81 */ 82 Privileges(std::initializer_list<const char*> privilegeList) 83 { 84 for (const char* privilege : privilegeList) 85 { 86 if (!setSinglePrivilege(privilege)) 87 { 88 BMCWEB_LOG_CRITICAL << "Unable to set privilege " << privilege 89 << "in constructor"; 90 } 91 } 92 } 93 94 /** 95 * @brief Sets given privilege in the bitset 96 * 97 * @param[in] privilege Privilege to be set 98 * 99 * @return None 100 * 101 */ 102 bool setSinglePrivilege(const char* privilege) 103 { 104 for (size_t searchIndex = 0; searchIndex < privilegeNames.size(); 105 searchIndex++) 106 { 107 if (privilege == privilegeNames[searchIndex]) 108 { 109 privilegeBitset.set(searchIndex); 110 return true; 111 } 112 } 113 114 return false; 115 } 116 117 /** 118 * @brief Sets given privilege in the bitset 119 * 120 * @param[in] privilege Privilege to be set 121 * 122 * @return None 123 * 124 */ 125 bool setSinglePrivilege(const std::string& privilege) 126 { 127 return setSinglePrivilege(privilege.c_str()); 128 } 129 130 /** 131 * @brief Resets the given privilege in the bitset 132 * 133 * @param[in] privilege Privilege to be reset 134 * 135 * @return None 136 * 137 */ 138 bool resetSinglePrivilege(const char* privilege) 139 { 140 for (size_t searchIndex = 0; searchIndex < privilegeNames.size(); 141 searchIndex++) 142 { 143 if (privilege == privilegeNames[searchIndex]) 144 { 145 privilegeBitset.reset(searchIndex); 146 return true; 147 } 148 } 149 return false; 150 } 151 152 /** 153 * @brief Retrieves names of all active privileges for a given type 154 * 155 * @param[in] type Base or OEM 156 * 157 * @return Vector of active privileges. Pointers are valid until 158 * the setSinglePrivilege is called, or the Privilege structure is destroyed 159 * 160 */ 161 std::vector<const std::string*> 162 getActivePrivilegeNames(const PrivilegeType type) const 163 { 164 std::vector<const std::string*> activePrivileges; 165 166 size_t searchIndex = 0; 167 size_t endIndex = basePrivilegeCount; 168 if (type == PrivilegeType::OEM) 169 { 170 searchIndex = basePrivilegeCount - 1; 171 endIndex = privilegeNames.size(); 172 } 173 174 for (; searchIndex < endIndex; searchIndex++) 175 { 176 if (privilegeBitset.test(searchIndex)) 177 { 178 activePrivileges.emplace_back(&privilegeNames[searchIndex]); 179 } 180 } 181 182 return activePrivileges; 183 } 184 185 /** 186 * @brief Determines if this Privilege set is a superset of the given 187 * privilege set 188 * 189 * @param[in] privilege Privilege to be checked 190 * 191 * @return None 192 * 193 */ 194 bool isSupersetOf(const Privileges& p) const 195 { 196 return (privilegeBitset & p.privilegeBitset) == p.privilegeBitset; 197 } 198 199 private: 200 std::bitset<maxPrivilegeCount> privilegeBitset = 0; 201 }; 202 203 inline const Privileges& getUserPrivileges(const std::string& userRole) 204 { 205 // Redfish privilege : Administrator 206 if (userRole == "priv-admin") 207 { 208 static Privileges admin{"Login", "ConfigureManager", "ConfigureSelf", 209 "ConfigureUsers", "ConfigureComponents"}; 210 return admin; 211 } 212 else if (userRole == "priv-operator") 213 { 214 // Redfish privilege : Operator 215 static Privileges op{"Login", "ConfigureSelf", "ConfigureComponents"}; 216 return op; 217 } 218 else if (userRole == "priv-user") 219 { 220 // Redfish privilege : Readonly 221 static Privileges readOnly{"Login", "ConfigureSelf"}; 222 return readOnly; 223 } 224 else 225 { 226 // Redfish privilege : NoAccess 227 static Privileges noaccess; 228 return noaccess; 229 } 230 } 231 232 /** 233 * @brief The OperationMap represents the privileges required for a 234 * single entity (URI). It maps from the allowable verbs to the 235 * privileges required to use that operation. 236 * 237 * This represents the Redfish "Privilege AND and OR syntax" as given 238 * in the spec and shown in the Privilege Registry. This does not 239 * implement any Redfish property overrides, subordinate overrides, or 240 * resource URI overrides. This does not implement the limitation of 241 * the ConfigureSelf privilege to operate only on your own account or 242 * session. 243 **/ 244 using OperationMap = boost::container::flat_map<boost::beast::http::verb, 245 std::vector<Privileges>>; 246 247 /* @brief Checks if user is allowed to call an operation 248 * 249 * @param[in] operationPrivilegesRequired Privileges required 250 * @param[in] userPrivileges Privileges the user has 251 * 252 * @return True if operation is allowed, false otherwise 253 */ 254 inline bool isOperationAllowedWithPrivileges( 255 const std::vector<Privileges>& operationPrivilegesRequired, 256 const Privileges& userPrivileges) 257 { 258 // If there are no privileges assigned, there are no privileges required 259 if (operationPrivilegesRequired.empty()) 260 { 261 return true; 262 } 263 for (auto& requiredPrivileges : operationPrivilegesRequired) 264 { 265 BMCWEB_LOG_ERROR << "Checking operation privileges..."; 266 if (userPrivileges.isSupersetOf(requiredPrivileges)) 267 { 268 BMCWEB_LOG_ERROR << "...success"; 269 return true; 270 } 271 } 272 return false; 273 } 274 275 /** 276 * @brief Checks if given privileges allow to call an HTTP method 277 * 278 * @param[in] method HTTP method 279 * @param[in] user Privileges 280 * 281 * @return True if method allowed, false otherwise 282 * 283 */ 284 inline bool isMethodAllowedWithPrivileges(const boost::beast::http::verb method, 285 const OperationMap& operationMap, 286 const Privileges& userPrivileges) 287 { 288 const auto& it = operationMap.find(method); 289 if (it == operationMap.end()) 290 { 291 return false; 292 } 293 294 return isOperationAllowedWithPrivileges(it->second, userPrivileges); 295 } 296 297 /** 298 * @brief Checks if a user is allowed to call an HTTP method 299 * 300 * @param[in] method HTTP method 301 * @param[in] user Username 302 * 303 * @return True if method allowed, false otherwise 304 * 305 */ 306 inline bool isMethodAllowedForUser(const boost::beast::http::verb method, 307 const OperationMap& operationMap, 308 const std::string& user) 309 { 310 // TODO: load user privileges from configuration as soon as its available 311 // now we are granting all privileges to everyone. 312 Privileges userPrivileges{"Login", "ConfigureManager", "ConfigureSelf", 313 "ConfigureUsers", "ConfigureComponents"}; 314 315 return isMethodAllowedWithPrivileges(method, operationMap, userPrivileges); 316 } 317 318 } // namespace redfish 319