diff options
-rw-r--r-- | redfish-core/lib/account_service.hpp | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 19352e8d57..8d537995b0 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -1708,13 +1708,26 @@ inline void requestAccountServiceRoutes(App& app) .privileges(redfish::privileges::getManagerAccount) .methods( boost::beast::http::verb:: - get)([&app](const crow::Request& req, + get)([&app]([[maybe_unused]] const crow::Request& req, const std::shared_ptr<bmcweb::AsyncResp>& asyncResp, const std::string& accountName) -> void { if (!redfish::setUpRedfishRoute(app, req, asyncResp->res)) { return; } +#ifdef BMCWEB_INSECURE_DISABLE_AUTHENTICATION + // If authentication is disabled, there are no user accounts + messages::resourceNotFound(asyncResp->res, + "#ManagerAccount.v1_4_0.ManagerAccount", + accountName); + return; + +#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION + if (req.session == nullptr) + { + messages::internalError(asyncResp->res); + return; + } if (req.session->username != accountName) { // At this point we've determined that the user is trying to @@ -1877,12 +1890,26 @@ inline void requestAccountServiceRoutes(App& app) { return; } +#ifdef BMCWEB_INSECURE_DISABLE_AUTHENTICATION + // If authentication is disabled, there are no user accounts + messages::resourceNotFound( + asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", + username); + return; + +#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION std::optional<std::string> newUserName; std::optional<std::string> password; std::optional<bool> enabled; std::optional<std::string> roleId; std::optional<bool> locked; + if (req.session == nullptr) + { + messages::internalError(asyncResp->res); + return; + } + Privileges effectiveUserPrivileges = redfish::getUserPrivileges(req.userRole); Privileges configureUsers = {"ConfigureUsers"}; @@ -1907,6 +1934,7 @@ inline void requestAccountServiceRoutes(App& app) messages::insufficientPrivilege(asyncResp->res); return; } + // ConfigureSelf accounts can only modify their password if (!json_util::readJsonPatch(req, asyncResp->res, "Password", password)) @@ -1958,6 +1986,15 @@ inline void requestAccountServiceRoutes(App& app) { return; } + +#ifdef BMCWEB_INSECURE_DISABLE_AUTHENTICATION + // If authentication is disabled, there are no user accounts + messages::resourceNotFound( + asyncResp->res, "#ManagerAccount.v1_4_0.ManagerAccount", + username); + return; + +#endif // BMCWEB_INSECURE_DISABLE_AUTHENTICATION sdbusplus::message::object_path tempObjPath(rootUserDbusPath); tempObjPath /= username; const std::string userPath(tempObjPath); |