clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: I75bbf0de40859a5e507455a52ceaef9be5b686c7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Remove web user group

This 'web' group is currently not doing anything and is considered to be
equivalent to 'redfish'.

Change-Id: I20a0a7e3a0bff3128e8e391317045a71038d119b
Signed-off-by: Ravi Teja

Remove web user group

This 'web' group is currently not doing anything and is considered to be
equivalent to 'redfish'.

Change-Id: I20a0a7e3a0bff3128e8e391317045a71038d119b
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"
BTW: Group name has the same issue, fix it by the way.

Tested: Cr

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"
BTW: Group name has the same issue, fix it by the way.

Tested: Create a username contains invalid characters like: ^, [, or ].

Before: invalid character can be added as username
ipmitool user list 1
ID Name Callin
4 ^test true
5 [test true
7 ]test true
8 _test true

After: error will be returned once user name has invalid character.
ipmitool user set name 4 ^test4
Set User Name command failed (user 4, name ^test4): Unspecified error

UnitTest is added.

Change-Id: I86b062faea84906dde7cf37a0d51631d78526cb1
Signed-off-by: nichanghao.nch <nichanghao@linux.alibaba.com>
Signed-off-by: Kwin Wang <wangkuiying.wky@alibaba-inc.com>

show more ...

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer retur

build: use allowed over enabled

Meson feature options are typically in a tri-state of enabled, disabled,
or auto. The enabled and disabled functions on an option (from
`get_option`) no longer return true for auto features. Instead, the
expectation is to use `allowed()` which is true for both enabled and auto.

Switch all uses of `enabled` to `allowed`.

Change-Id: I50f949d6323c4ff17e48901a56f7e34a76ca46db
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I094854676307faf5395459925ff0750f1402e578
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix user account status for manually blocked users

User account status in web interface is displayed incorrectly
if account is disabled (or enabled) via ssh.

Test manually:
1. Create new user using

Fix user account status for manually blocked users

User account status in web interface is displayed incorrectly
if account is disabled (or enabled) via ssh.

Test manually:
1. Create new user using web interface
2. Change user account expiration date via ssh
chage -E 1970-01-01 <new user>
User account is blocked
3. Check user status in web interface.
Blocked user account status should be displayed as "Disabled".

Change-Id: I15e93a87653289b5ba76313895da0cf7e5dd2c7c
Signed-off-by: Denis Zlobin <zlobin.d.al@gmail.com>

show more ...

Update pam_pwhistory to use pwhistory.conf

With libpam 1.5.3, pam_pwhistory added support to get configuration
options from pwhistory.conf similar to faillock and pwquality.

This updates pam_pwhist

Update pam_pwhistory to use pwhistory.conf

With libpam 1.5.3, pam_pwhistory added support to get configuration
options from pwhistory.conf similar to faillock and pwquality.

This updates pam_pwhistory to use pwhistory.conf for the remember
setting.

pwhistory remember was the last setting directly using the
common-password file, so this also removes the two functions to get and
set PAM module arg values which resolves #16.

Tested:
Confirmed that getting and setting the RememberOldPasswordTimes D-Bus
property gets and sets the remember value in pwhistory.conf.

Change-Id: If8f90720c120c5c49e2b8b4a840a427d46ffc7d9
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found,

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found, the temp file is left in the file
system. This deletes the temp file in that case.

This updates the tests to cover these two conditions and confirm that
the temp file is not present.

Tested:
Corrupted the faillock.conf deny parameter and the pwquality.conf minlen
parameter and confirmed that after attempting to modify them through
Redfish, the _tmp files are not left in the /etc/security folder.

Change-Id: I59e543d12f7e509533182339d224c4e8dc9b580d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, pa

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, password will locked out for same
name account creation. This issues is due to missing authentication
failure record files clear in the account user delete path.

Added function for deleting authentication failure record files
in the account delete api to fix this issue.

faillock command --reset option is used to clear user's failure
records. Refer https://linux.die.net/man/8/faillock for details.

Tested: Created user and perform multiple failed authentication to
lock the account. After Account delete, and recreate a user with
same name , worked as expected.

Change-Id: I63a1becafa30035ac549166a1d70ee58baee86b4
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>

show more ...

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to int

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group.

Note: The changes are spread across multiple repositories listed under
"Related commits:"

The phosphor-user-manager changes are as follows:
- Added new pre-defined user group called "hostconsole"
- Added CI tests to validate the new group.

Tested:
Loaded on system and qemu eumulator. Made sure that user is only
allowed to access host console if it is member of hostconsole group.

Related commits:
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580

Change-Id: I700a295c99c429b42e6db667c9726792a351e71d
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>

show more ...

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters in a given configuration file.

The output from the 'faillock' command differs from 'pam_tally2', so
this commit adds a new function to parse the output from 'faillock' to
determine if the user is currently locked.

pam_cracklib is being replaced by pam_pwquality. The parameters in
common-password have moved to pwquality.conf.

I referenced the work done by Joseph Reynolds in this commit [1] to know
what changes were required.

[1]: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/39853

Tested:
Confirmed that the AccountLockoutDuration and AccountLockoutThreshold
parameters under /redfish/v1/AccountService both return the correct
value from common-auth.

Set deny to 10 and unlock_time to 30 seconds and confirmed that a user
account will correctly show as locked after 10 failed login attempts,
and that user will show as unlocked 30 seconds later.

Used Redfish to PATCH both AccountLockoutDuration and
AccountLockoutThreshold and confirmed that the updated values are
correctly reported in Redfish and that the correct lines in
faillock.conf are modified.

Confirmed that the MinPasswordLength parameter under
/redfish/v1/AccountService returns the correct value from
common-password.

Set minlen to 9 and confirmed that a user password could not be set with
a length of 8.

Used Redfish to PATCH MinPasswordLength and confirmed that the updated
value is correctly reported in Redfish and that the correct line in
pwquality.conf is modified.

Change-Id: I0701e4148c0b8333c6b8889d4695e61ce7f5366d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I913685cddaf9a2256b3edcd3ced8e89a32386394
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

ldap-config: Include phosphor-logging in source files

It is recommendded to include the phosphor-logging and related headers
in source files instead of header files.

Tested:
Build and unit test pas

ldap-config: Include phosphor-logging in source files

It is recommendded to include the phosphor-logging and related headers
in source files instead of header files.

Tested:
Build and unit test pass.

Change-Id: I880d8a3bf8dd850af300806da0d17357407632fd
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Switch to lg2 for logging

After enabling C++20, lg2 is preferred for logging. This patch replaces
all phosphor::logging::log calls to lg2 calls.

Tested:
Build pass.

Change-Id: Ic37bc36f43c2b3a1c61

Switch to lg2 for logging

After enabling C++20, lg2 is preferred for logging. This patch replaces
all phosphor::logging::log calls to lg2 calls.

Tested:
Build pass.

Change-Id: Ic37bc36f43c2b3a1c61b1328af95e3a41c8d6d40
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that L

Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that LDAP users should have "priv-user" assigned
when there is no mapping entry matched.

[1] https://github.com/openbmc/docs/blob/master/architecture/user-management.md#authorization-flow

Tested:
* Configure LDAP with empty RemoteRoleMapping in redfish, then login
BMC with an LDAP account, verified it has User privilege.
* Change the primary group of user from a grop without mapping to one
mapped to Admin privilege on remote LDAP server, confirmed the user
is mapped to priv-admin in BMC.

Change-Id: I374732f2895f40a671225ec0d1fafd7e4ae27dea
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Implement createGroup/deleteGroup

This commit adds the implementation for CreateGroup and DeleteGroup.

These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dy

Implement createGroup/deleteGroup

This commit adds the implementation for CreateGroup and DeleteGroup.

These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dynamic Redfish Authz design.
[1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md

Since now secondary groups will change at runtime, this commit made the
|groupsMgr| non-constant. When the service starts up, it will load all
the groups in the system, and recover its |groupsMgr| in memory.
Currently, only groups with certain prefixes are allowed to change
(creation or deletion). The only use case now is Redfish previleges and
roles so the current prefixes only cover that.

Similar to user creation, this commit also added limits and checks to
make sure these interfaces are safe.

Coverage:
lines......: 84.1% (2197 of 2613 lines)
functions..: 94.3% (492 of 522 functions)
branches...: 31.1% (3506 of 11263 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I245017afda909a0bfa594ef112d7b0d40045f80d

show more ...

UserMgr: Fix the privilege determination

By default, all users in Active Directory have the primary group
`users`. Giving the full access to the BMC to all users from the such
group is a bad idea. A

UserMgr: Fix the privilege determination

By default, all users in Active Directory have the primary group
`users`. Giving the full access to the BMC to all users from the such
group is a bad idea. And changing the primary group in
Active Directory/LDAP can be inadvisable.

This fix allows to use in the role mapping the group that isn't the
primary group. All members of the such group will get the role,
according with the role mapping.

Tested by:
- Configure LDAP
- Add non primary LDAP group to the role map
- Verify `GetUserInfo` reply for the member of the group used in the
previous step. It should contain corresponding privilege.
- Add primary LDAP group to the role map and verify `GetUserInfo` for
its member. It also should contain corresponding role.

Change-Id: I61a87a21446577c0bf059f50139c7b4c711059c7
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

user manager test: remove no-access

The change [1] was submitted without rebasing to the master, which
causes test failures at HEAD.
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/

user manager test: remove no-access

The change [1] was submitted without rebasing to the master, which
causes test failures at HEAD.
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/52363

This commit fixed the issue.

Tested: unit test passed

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I5b71e3a3dfe70448c1741f21a06ad3486b84863e

show more ...

userLockedForFailedAttempt: add unit test

This commit adds unit test for the |userLockedForFailedAttempt|
function. In order to do so, this commits adds a new virtual function
which reads the failed

userLockedForFailedAttempt: add unit test

This commit adds unit test for the |userLockedForFailedAttempt|
function. In order to do so, this commits adds a new virtual function
which reads the failed attempt. The function is overridden in unit test.

Tested: unit test passed.

Coverage:
lines......: 83.1% (2007 of 2415 lines)
functions..: 94.1% (430 of 457 functions)
branches...: 32.3% (3181 of 9855 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I940ec42936c8b1c387fc0f19db13bc90a61c9852

show more ...

userEnable: fix bug and add unit test

This commit adds unit tests for the |userEnable| function. To make it
happen, a new overload of |executeUserModify| is introduced. The idea
is the same as previ

userEnable: fix bug and add unit test

This commit adds unit tests for the |userEnable| function. To make it
happen, a new overload of |executeUserModify| is introduced. The idea
is the same as previous commits where we add sudo in unit tests.

Thanks to this unit test, this commit fixes an existing bug where the
corresponding user's |userEnabled| attribute isn't updated.

Tested: unit test passed

Coverage:
lines......: 81.3% (1918 of 2359 lines)
functions..: 93.9% (400 of 426 functions)
branches...: 32.0% (3029 of 9469 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I89752e5fcfc1aabb4090b0b2e8faf5f1b5ee5e76

show more ...

accountUnlockTimeout: add unit test

This commit added several unit tests for the |accountUnlockTimeout|
function.

Tested: unit test passed

Coverage:
lines......: 80.7% (1874 of 2323 lines)
fun

accountUnlockTimeout: add unit test

This commit added several unit tests for the |accountUnlockTimeout|
function.

Tested: unit test passed

Coverage:
lines......: 80.7% (1874 of 2323 lines)
functions..: 93.7% (387 of 413 functions)
branches...: 32.2% (2930 of 9096 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I1dfb134d54f4086920f41c9020104e64af71f1f9

show more ...

MaxLoginAttemptBeforeLockout: add unit test

This commit adds the unit test for |maxLoginAttemptBeforeLockout|.

Tested: unit test passed.

Coverage:
lines......: 80.0% (1843 of 2304 lines)
funct

MaxLoginAttemptBeforeLockout: add unit test

This commit adds the unit test for |maxLoginAttemptBeforeLockout|.

Tested: unit test passed.

Coverage:
lines......: 80.0% (1843 of 2304 lines)
functions..: 93.3% (374 of 401 functions)
branches...: 32.3% (2893 of 8961 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I840dc472d6ac9d58273aaf754195e33276ea139f

show more ...

rememberOldPasswordTimes: add unit test

This commit adds several test cases for |rememberOldPasswordTimes|.

Tested: unit test passed.

Overall coverage rate:
lines......: 79.2% (1809 of 2283 line

rememberOldPasswordTimes: add unit test

This commit adds several test cases for |rememberOldPasswordTimes|.

Tested: unit test passed.

Overall coverage rate:
lines......: 79.2% (1809 of 2283 lines)
functions..: 92.8% (361 of 389 functions)
branches...: 32.4% (2852 of 8814 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Iea033026b79a81d67dfb3d513eb951b0b6cb21b6

show more ...

MinPasswordLength: add unit test

Add unit test for the |minPasswordLength| function.

It can be shown that the test coverage increased.

Tested: unit test passed.

Coverage data:
lines......: 78.7

MinPasswordLength: add unit test

Add unit test for the |minPasswordLength| function.

It can be shown that the test coverage increased.

Tested: unit test passed.

Coverage data:
lines......: 78.7% (1779 of 2261 lines)
functions..: 92.3% (348 of 377 functions)
branches...: 32.5% (2812 of 8655 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I85d309ac2cf1467ee1c56c6ecb076d82c5082e28

show more ...

updateGroupsAndPriv: fix bugs and add tests

This commit adds a unit test for the |updateGroupsAndPriv| function.
Thanks to the test case, I found a bug that the exsting codes don't
updat the groups

updateGroupsAndPriv: fix bugs and add tests

This commit adds a unit test for the |updateGroupsAndPriv| function.
Thanks to the test case, I found a bug that the exsting codes don't
updat the groups and privilege of the user after updating.

Added several neccessary functions to add unit test and fix bugs.

Tested: unit test passed.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ifcf88505f10b6bfdcca2de31a29ce055153463e8

show more ...