1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 18 #include <logging.h> 19 20 #include <boost/beast/http/verb.hpp> 21 #include <boost/container/flat_map.hpp> 22 23 #include <array> 24 #include <bitset> 25 #include <cstdint> 26 #include <vector> 27 28 namespace redfish 29 { 30 31 enum class PrivilegeType 32 { 33 BASE, 34 OEM 35 }; 36 37 /** @brief A fixed array of compile time privileges */ 38 constexpr std::array<const char*, 5> basePrivileges{ 39 "Login", "ConfigureManager", "ConfigureComponents", "ConfigureSelf", 40 "ConfigureUsers"}; 41 42 constexpr const size_t basePrivilegeCount = basePrivileges.size(); 43 44 /** @brief Max number of privileges per type */ 45 constexpr const size_t maxPrivilegeCount = 32; 46 47 /** @brief A vector of all privilege names and their indexes */ 48 static const std::vector<std::string> privilegeNames{basePrivileges.begin(), 49 basePrivileges.end()}; 50 51 /** 52 * @brief Redfish privileges 53 * 54 * This implements a set of Redfish privileges. These directly represent 55 * user privileges and help represent entity privileges. 56 * 57 * Each incoming Connection requires a comparison between privileges held 58 * by the user issuing a request and the target entity's privileges. 59 * 60 * To ensure best runtime performance of this comparison, privileges 61 * are represented as bitsets. Each bit in the bitset corresponds to a 62 * unique privilege name. 63 * 64 * A bit is set if the privilege is required (entity domain) or granted 65 * (user domain) and false otherwise. 66 * 67 */ 68 class Privileges 69 { 70 public: 71 /** 72 * @brief Constructs object without any privileges active 73 * 74 */ 75 Privileges() = default; 76 77 /** 78 * @brief Constructs object with given privileges active 79 * 80 * @param[in] privilegeList List of privileges to be activated 81 * 82 */ 83 Privileges(std::initializer_list<const char*> privilegeList) 84 { 85 for (const char* privilege : privilegeList) 86 { 87 if (!setSinglePrivilege(privilege)) 88 { 89 BMCWEB_LOG_CRITICAL << "Unable to set privilege " << privilege 90 << "in constructor"; 91 } 92 } 93 } 94 95 /** 96 * @brief Sets given privilege in the bitset 97 * 98 * @param[in] privilege Privilege to be set 99 * 100 * @return None 101 * 102 */ 103 bool setSinglePrivilege(const char* privilege) 104 { 105 for (size_t searchIndex = 0; searchIndex < privilegeNames.size(); 106 searchIndex++) 107 { 108 if (privilege == privilegeNames[searchIndex]) 109 { 110 privilegeBitset.set(searchIndex); 111 return true; 112 } 113 } 114 115 return false; 116 } 117 118 /** 119 * @brief Sets given privilege in the bitset 120 * 121 * @param[in] privilege Privilege to be set 122 * 123 * @return None 124 * 125 */ 126 bool setSinglePrivilege(const std::string& privilege) 127 { 128 return setSinglePrivilege(privilege.c_str()); 129 } 130 131 /** 132 * @brief Resets the given privilege in the bitset 133 * 134 * @param[in] privilege Privilege to be reset 135 * 136 * @return None 137 * 138 */ 139 bool resetSinglePrivilege(const char* privilege) 140 { 141 for (size_t searchIndex = 0; searchIndex < privilegeNames.size(); 142 searchIndex++) 143 { 144 if (privilege == privilegeNames[searchIndex]) 145 { 146 privilegeBitset.reset(searchIndex); 147 return true; 148 } 149 } 150 return false; 151 } 152 153 /** 154 * @brief Retrieves names of all active privileges for a given type 155 * 156 * @param[in] type Base or OEM 157 * 158 * @return Vector of active privileges. Pointers are valid until 159 * the setSinglePrivilege is called, or the Privilege structure is destroyed 160 * 161 */ 162 std::vector<const std::string*> 163 getActivePrivilegeNames(const PrivilegeType type) const 164 { 165 std::vector<const std::string*> activePrivileges; 166 167 size_t searchIndex = 0; 168 size_t endIndex = basePrivilegeCount; 169 if (type == PrivilegeType::OEM) 170 { 171 searchIndex = basePrivilegeCount - 1; 172 endIndex = privilegeNames.size(); 173 } 174 175 for (; searchIndex < endIndex; searchIndex++) 176 { 177 if (privilegeBitset.test(searchIndex)) 178 { 179 activePrivileges.emplace_back(&privilegeNames[searchIndex]); 180 } 181 } 182 183 return activePrivileges; 184 } 185 186 /** 187 * @brief Determines if this Privilege set is a superset of the given 188 * privilege set 189 * 190 * @param[in] privilege Privilege to be checked 191 * 192 * @return None 193 * 194 */ 195 bool isSupersetOf(const Privileges& p) const 196 { 197 return (privilegeBitset & p.privilegeBitset) == p.privilegeBitset; 198 } 199 200 /** 201 * @brief Returns the intersection of two Privilege sets. 202 * 203 * @param[in] privilege Privilege set to intersect with. 204 * 205 * @return The new Privilege set. 206 * 207 */ 208 Privileges intersection(const Privileges& p) const 209 { 210 return Privileges{privilegeBitset & p.privilegeBitset}; 211 } 212 213 private: 214 Privileges(const std::bitset<maxPrivilegeCount>& p) : privilegeBitset{p} 215 {} 216 std::bitset<maxPrivilegeCount> privilegeBitset = 0; 217 }; 218 219 inline const Privileges& getUserPrivileges(const std::string& userRole) 220 { 221 // Redfish privilege : Administrator 222 if (userRole == "priv-admin") 223 { 224 static Privileges admin{"Login", "ConfigureManager", "ConfigureSelf", 225 "ConfigureUsers", "ConfigureComponents"}; 226 return admin; 227 } 228 else if (userRole == "priv-operator") 229 { 230 // Redfish privilege : Operator 231 static Privileges op{"Login", "ConfigureSelf", "ConfigureComponents"}; 232 return op; 233 } 234 else if (userRole == "priv-user") 235 { 236 // Redfish privilege : Readonly 237 static Privileges readOnly{"Login", "ConfigureSelf"}; 238 return readOnly; 239 } 240 else 241 { 242 // Redfish privilege : NoAccess 243 static Privileges noaccess; 244 return noaccess; 245 } 246 } 247 248 /** 249 * @brief The OperationMap represents the privileges required for a 250 * single entity (URI). It maps from the allowable verbs to the 251 * privileges required to use that operation. 252 * 253 * This represents the Redfish "Privilege AND and OR syntax" as given 254 * in the spec and shown in the Privilege Registry. This does not 255 * implement any Redfish property overrides, subordinate overrides, or 256 * resource URI overrides. This does not implement the limitation of 257 * the ConfigureSelf privilege to operate only on your own account or 258 * session. 259 **/ 260 using OperationMap = boost::container::flat_map<boost::beast::http::verb, 261 std::vector<Privileges>>; 262 263 /* @brief Checks if user is allowed to call an operation 264 * 265 * @param[in] operationPrivilegesRequired Privileges required 266 * @param[in] userPrivileges Privileges the user has 267 * 268 * @return True if operation is allowed, false otherwise 269 */ 270 inline bool isOperationAllowedWithPrivileges( 271 const std::vector<Privileges>& operationPrivilegesRequired, 272 const Privileges& userPrivileges) 273 { 274 // If there are no privileges assigned, there are no privileges required 275 if (operationPrivilegesRequired.empty()) 276 { 277 return true; 278 } 279 for (auto& requiredPrivileges : operationPrivilegesRequired) 280 { 281 BMCWEB_LOG_ERROR << "Checking operation privileges..."; 282 if (userPrivileges.isSupersetOf(requiredPrivileges)) 283 { 284 BMCWEB_LOG_ERROR << "...success"; 285 return true; 286 } 287 } 288 return false; 289 } 290 291 /** 292 * @brief Checks if given privileges allow to call an HTTP method 293 * 294 * @param[in] method HTTP method 295 * @param[in] user Privileges 296 * 297 * @return True if method allowed, false otherwise 298 * 299 */ 300 inline bool isMethodAllowedWithPrivileges(const boost::beast::http::verb method, 301 const OperationMap& operationMap, 302 const Privileges& userPrivileges) 303 { 304 const auto& it = operationMap.find(method); 305 if (it == operationMap.end()) 306 { 307 return false; 308 } 309 310 return isOperationAllowedWithPrivileges(it->second, userPrivileges); 311 } 312 313 /** 314 * @brief Checks if a user is allowed to call an HTTP method 315 * 316 * @param[in] method HTTP method 317 * @param[in] user Username 318 * 319 * @return True if method allowed, false otherwise 320 * 321 */ 322 inline bool isMethodAllowedForUser(const boost::beast::http::verb method, 323 const OperationMap& operationMap, 324 const std::string& user) 325 { 326 // TODO: load user privileges from configuration as soon as its available 327 // now we are granting all privileges to everyone. 328 Privileges userPrivileges{"Login", "ConfigureManager", "ConfigureSelf", 329 "ConfigureUsers", "ConfigureComponents"}; 330 331 return isMethodAllowedWithPrivileges(method, operationMap, userPrivileges); 332 } 333 334 } // namespace redfish 335