Add CreateUser2 method to create a new local user

This method is identical to the existing CreateUser method with only
addition which allows to specify Epoch time when a password of the user
being c

Add CreateUser2 method to create a new local user

This method is identical to the existing CreateUser method with only
addition which allows to specify Epoch time when a password of the user
being created expires. The idea to introduce new method creating a user
alongside with a password expiration was suggested in a comment [1] in
the corresponding review in bmcweb [2].

To make password not to expire, uint64_t maximum should be provided as
a password expiration argument value.

Not to set password expiration, zero should be provided as a password
expiration argument. This value is required to create a user without
password expiration specified, to unify calls from the bmcweb. Moreover,
this value is required to further extend CreateUser2 method to allow
create a user with password and account expiration but to use it in a
situation, for example, when account expiration is specified but
password expiration is not.

Local user password management was implemented to reflect changes in the
corresponding PasswordExpiration attribute in the
xyz.openbmc_project.User.Attributes interface.

Functionality is implemented via calls to 'chage' utility. It is worth
to mention, that 'chage' utility operates on the password last change
date and password age in days, hence date time password expiration date
time is rounded to fit into integer number of days. Also, because of
'chage' specifics it is not possible to set password expiration to a
timepoint which happened before the last password change date, because
this makes password not to expire.

GetUserInfo implementation was changed accordingly to report user
password expiration.

Unit tests were implemented as well.

This change depends on the corresponding change in
phosphos-dbus-interfaces [3].

Tested:
1. created user 'user1' via a call to CreateUser2 with password
expiration value set to zero, verified that correct value is set in
PasswordExpiration attribute on D-Bus, verified via 'chage' utility
that user's password expiration is left intact
2. created user 'user2' via a call to CreateUser2 with password
expiration value set to maximum, verified that correct value is set
in PasswordExpiration attribute on D-Bus, verified via 'chage'
utility that password does not expire
3. created user 'user2' via a call to CreateUser2 without password
expiration value, verified that default value is set
in PasswordExpiration attribute on D-Bus, verified via 'chage'
utility that password does not expire
4. created user 'user3' via a call to CreateUser2 with password
expiration value set to make password expire in 5 days, verified that
correct value is set in PasswordExpiration attribute on D-Bus,
verified via 'chage' utility that password expiration date is correct
5. created user 'user4' via a call to CreateUser2 with password
expiration value set to zero,
5.1 changed PasswordExpiration attribute to maximum value via `busctl`
call, verified that the attribute is correct on D-Bus, verified via
'chage' that user's password does not expire
5.2 changed PasswordExpiration attribute to a value to make password
expiration happen in 5 days, verified that the attribute is correct
on D-Bus, verified via 'chage' utility that password expires in 5
days,
5.3 renamed the user to 'user5' via RenameUser call, verified that
'user5' had the same value of PasswordExpirtion attribute as 'user4'
had had
6. tried to create a new user with invalid password expiration value set
to a time point in the past, got appropriate error
7. tried to set PasswordExpiration attribute to a time point which
happened before the last password change, got appropriate error

[1] ```https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75372/comment/d35c832d_e769bf9c/```
[2] ```https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75372```
[3] ```https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/75236```

Change-Id: Iccfb0c91c3b5ec353c59cc4f3abe66e5d9817b5a
Signed-off-by: Ivan Moiseev <moiseev.ivan4w@yandex.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>

show more ...

Remove default LDAP privilege role

Currently when there is no privilege role map matching to the ldap user,
ldap user gets priv-user(read-only) privilege for redfish sessions which
is considered as

Remove default LDAP privilege role

Currently when there is no privilege role map matching to the ldap user,
ldap user gets priv-user(read-only) privilege for redfish sessions which
is considered as security concern since by default all ldap users able
to login to BMC GUI and redfish sessions.

This commit removes default priv-user(read-only) privilege for LDAP
users when there is no matching privilege role.

Tested By:
Redfish session creation fails for ldap users when there is no matching
privilege role map

Change-Id: I5247ce53577ecdf27f41bc4e2a3d1947d093874b
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

json_serializer: handled corrupted files

When the `/var/lib/usr_mgr.conf` file is either empty or corrupted
JSON, the daemon will crash and not recover. Handle this by catching
JSON load exceptions

json_serializer: handled corrupted files

When the `/var/lib/usr_mgr.conf` file is either empty or corrupted
JSON, the daemon will crash and not recover. Handle this by catching
JSON load exceptions and deleting the corrupted file.

Fixes openbmc/phosphor-user-manager#19.

Tested: Added additional test cases to cover the corruption case and
update the test case to cover the non-throwing behavior.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I2be787771ea3d72af924615a6eee17cf2f393e9a

show more ...

test: user_mgr: convert mktemp to mkstemp

`mktemp` is consider deprecated and should no longer be used. Switch
the test case calls to use `mkstemp` instead.

Signed-off-by: Patrick Williams <patric

test: user_mgr: convert mktemp to mkstemp

`mktemp` is consider deprecated and should no longer be used. Switch
the test case calls to use `mkstemp` instead.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ia9318eff88e403422fc8d40fb6b09b60cd226c76

show more ...

json_serializer: add tests

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I717b01ac4f69b9b086a4853cb28bb4c27d1f784b

user-mgr: convert boost::process::child to fork/execv

Boost process v1 is deprecated and removed in the next version
of Boost. process v2 is async-only and cannot easily be replaced
with the curren

user-mgr: convert boost::process::child to fork/execv

Boost process v1 is deprecated and removed in the next version
of Boost. process v2 is async-only and cannot easily be replaced
with the current usages. Switch to use raw fork/execv calls instead,
which is what boost would have done internally.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ia802cc5428b37dbe428bf1f8befcac168ff3262b

show more ...

user-mgr: add unit test for executeCmd

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I0a7110c12504b547192e186db334e4b62eaaea4e

meson: handle missing ldap dependency

Adjust the meson.build so that ldap can be an optional dependency.
This allows out-of-docker builds for environments which might not have
the LDAP libraries ins

meson: handle missing ldap dependency

Adjust the meson.build so that ldap can be an optional dependency.
This allows out-of-docker builds for environments which might not have
the LDAP libraries installed. In the future this could also be
leveraged by a meson.option that would disable LDAP support.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I214b7e69580bd11432f88a85fa760a5e07f7fad2

show more ...

Add support for MAX PASSWORD LENGTH

As per NIST Guideline https://pages.nist.gov/800-63-4/sp800-63b.html

Verifiers and CSPs SHOULD permit a MaxPasswordLength must be at least
64 characters therefo

Add support for MAX PASSWORD LENGTH

As per NIST Guideline https://pages.nist.gov/800-63-4/sp800-63b.html

Verifiers and CSPs SHOULD permit a MaxPasswordLength must be at least
64 characters therefore added this support. Added this as a meson option
each organization can configure their own MAX PASSWORD LENGTH. Default
value is as per NIST guideline recommendation

Testing:

Validated MinPasswordLangth > MaxPasswordLength test cases and worked
as expected.

Change-Id: I75b0056a0acc038d3103016ebbdaa6be08df74a1
Signed-off-by: Chandramohan Harkude <chandramohan.harkude@gmail.com>

show more ...

Revert "Unit Test: Adding unit test cases UsrMgr"

This reverts commit 0e427be810a3233f23186cce599e8bf680ae3f62.

Change-Id: I01478d33b2d9d413fab5d7e548e7312de4f07f6b
Signed-off-by: Ravi Teja <ravite

Revert "Unit Test: Adding unit test cases UsrMgr"

This reverts commit 0e427be810a3233f23186cce599e8bf680ae3f62.

Change-Id: I01478d33b2d9d413fab5d7e548e7312de4f07f6b
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

Unit Test: Adding unit test cases UsrMgr

This changes set will add needed unit test cases for User Manager

Change-Id: I848cdbde528d41c2a09abcf35527044b6084f023
Signed-off-by: Abhilash Raju <abhilas

Unit Test: Adding unit test cases UsrMgr

This changes set will add needed unit test cases for User Manager

Change-Id: I848cdbde528d41c2a09abcf35527044b6084f023
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>

show more ...

increase maximum username length

This commit is intended to increase the maximum username length.
Currently we set the maximum username length as 30 characters. However
we have usecases where our us

increase maximum username length

This commit is intended to increase the maximum username length.
Currently we set the maximum username length as 30 characters. However
we have usecases where our username are exceeding the limit
(eg: `obmc.svc_openbmc__central_proxy`, length=31). This limitation
prohibit us to create a new account using this username. By increasing
the limit, we now allow creating an account with longer username.

Tested
- Create an account (post request to `/AccountService/Accounts`)
with 31-100 characters -> expect to be success
- Create an account (post request to `/AccountService/Accounts`)
with 101 characters -> expect to be failed

Change-Id: I15c66d2817eb48aea6b3b47be3d5ab85e08b12d0
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

meson: reformat with meson formatter

Apply the `meson format` results.

Change-Id: I73471b8ae6b57b537b4879f52f5db3c7c06f30f0
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: I75bbf0de40859a5e507455a52ceaef9be5b686c7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Remove web user group

This 'web' group is currently not doing anything and is considered to be
equivalent to 'redfish'.

Change-Id: I20a0a7e3a0bff3128e8e391317045a71038d119b
Signed-off-by: Ravi Teja

Remove web user group

This 'web' group is currently not doing anything and is considered to be
equivalent to 'redfish'.

Change-Id: I20a0a7e3a0bff3128e8e391317045a71038d119b
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"
BTW: Group name has the same issue, fix it by the way.

Tested: Cr

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"
BTW: Group name has the same issue, fix it by the way.

Tested: Create a username contains invalid characters like: ^, [, or ].

Before: invalid character can be added as username
ipmitool user list 1
ID Name Callin
4 ^test true
5 [test true
7 ]test true
8 _test true

After: error will be returned once user name has invalid character.
ipmitool user set name 4 ^test4
Set User Name command failed (user 4, name ^test4): Unspecified error

UnitTest is added.

Change-Id: I86b062faea84906dde7cf37a0d51631d78526cb1
Signed-off-by: nichanghao.nch <nichanghao@linux.alibaba.com>
Signed-off-by: Kwin Wang <wangkuiying.wky@alibaba-inc.com>

show more ...

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer retur

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer return true for auto features. Instead, the
expectation is to use `allowed()` which is true for both enabled and auto.

Switch all uses of `enabled` to `allowed`.

Change-Id: I50f949d6323c4ff17e48901a56f7e34a76ca46db
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I094854676307faf5395459925ff0750f1402e578
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix user account status for manually blocked users

User account status in web interface is displayed incorrectly
if account is disabled (or enabled) via ssh.

Test manually:
1. Create new user using

Fix user account status for manually blocked users

User account status in web interface is displayed incorrectly
if account is disabled (or enabled) via ssh.

Test manually:
1. Create new user using web interface
2. Change user account expiration date via ssh
chage -E 1970-01-01 <new user>
User account is blocked
3. Check user status in web interface.
Blocked user account status should be displayed as "Disabled".

Change-Id: I15e93a87653289b5ba76313895da0cf7e5dd2c7c
Signed-off-by: Denis Zlobin <zlobin.d.al@gmail.com>

show more ...

Update pam_pwhistory to use pwhistory.conf

With libpam 1.5.3, pam_pwhistory added support to get configuration
options from pwhistory.conf similar to faillock and pwquality.

This updates pam_pwhist

Update pam_pwhistory to use pwhistory.conf

With libpam 1.5.3, pam_pwhistory added support to get configuration
options from pwhistory.conf similar to faillock and pwquality.

This updates pam_pwhistory to use pwhistory.conf for the remember
setting.

pwhistory remember was the last setting directly using the
common-password file, so this also removes the two functions to get and
set PAM module arg values which resolves #16.

Tested:
Confirmed that getting and setting the RememberOldPasswordTimes D-Bus
property gets and sets the remember value in pwhistory.conf.

Change-Id: If8f90720c120c5c49e2b8b4a840a427d46ffc7d9
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found,

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found, the temp file is left in the file
system. This deletes the temp file in that case.

This updates the tests to cover these two conditions and confirm that
the temp file is not present.

Tested:
Corrupted the faillock.conf deny parameter and the pwquality.conf minlen
parameter and confirmed that after attempting to modify them through
Redfish, the _tmp files are not left in the /etc/security folder.

Change-Id: I59e543d12f7e509533182339d224c4e8dc9b580d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, pa

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, password will locked out for same
name account creation. This issues is due to missing authentication
failure record files clear in the account user delete path.

Added function for deleting authentication failure record files
in the account delete api to fix this issue.

faillock command --reset option is used to clear user's failure
records. Refer https://linux.die.net/man/8/faillock for details.

Tested: Created user and perform multiple failed authentication to
lock the account. After Account delete, and recreate a user with
same name , worked as expected.

Change-Id: I63a1becafa30035ac549166a1d70ee58baee86b4
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>

show more ...

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to int

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group.

Note: The changes are spread across multiple repositories listed under
"Related commits:"

The phosphor-user-manager changes are as follows:
- Added new pre-defined user group called "hostconsole"
- Added CI tests to validate the new group.

Tested:
Loaded on system and qemu eumulator. Made sure that user is only
allowed to access host console if it is member of hostconsole group.

Related commits:
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580

Change-Id: I700a295c99c429b42e6db667c9726792a351e71d
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>

show more ...

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters in a given configuration file.

The output from the 'faillock' command differs from 'pam_tally2', so
this commit adds a new function to parse the output from 'faillock' to
determine if the user is currently locked.

pam_cracklib is being replaced by pam_pwquality. The parameters in
common-password have moved to pwquality.conf.

I referenced the work done by Joseph Reynolds in this commit [1] to know
what changes were required.

[1]: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/39853

Tested:
Confirmed that the AccountLockoutDuration and AccountLockoutThreshold
parameters under /redfish/v1/AccountService both return the correct
value from common-auth.

Set deny to 10 and unlock_time to 30 seconds and confirmed that a user
account will correctly show as locked after 10 failed login attempts,
and that user will show as unlocked 30 seconds later.

Used Redfish to PATCH both AccountLockoutDuration and
AccountLockoutThreshold and confirmed that the updated values are
correctly reported in Redfish and that the correct lines in
faillock.conf are modified.

Confirmed that the MinPasswordLength parameter under
/redfish/v1/AccountService returns the correct value from
common-password.

Set minlen to 9 and confirmed that a user password could not be set with
a length of 8.

Used Redfish to PATCH MinPasswordLength and confirmed that the updated
value is correctly reported in Redfish and that the correct line in
pwquality.conf is modified.

Change-Id: I0701e4148c0b8333c6b8889d4695e61ce7f5366d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I913685cddaf9a2256b3edcd3ced8e89a32386394
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...