Remove Richard

Richard has left the project and asked that I remove him from the OWNERS
file.

Change-Id: I891f3711d5852b96319c73be0954f18ed7a3c956
Signed-off-by: Jason M. Bills <jason.m.bills@intel

Remove Richard

Richard has left the project and asked that I remove him from the OWNERS
file.

Change-Id: I891f3711d5852b96319c73be0954f18ed7a3c956
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

user-delete: swap delete and faillock clear

The latest faillock won't accept clearing for a user that does not
exist, so we need to swap the order to clear the faillock values
before deleting the us

user-delete: swap delete and faillock clear

The latest faillock won't accept clearing for a user that does not
exist, so we need to swap the order to clear the faillock values
before deleting the user.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I175d82a5a5d30048aab4056acf080f3f2fe74d78

show more ...

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found,

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found, the temp file is left in the file
system. This deletes the temp file in that case.

This updates the tests to cover these two conditions and confirm that
the temp file is not present.

Tested:
Corrupted the faillock.conf deny parameter and the pwquality.conf minlen
parameter and confirmed that after attempting to modify them through
Redfish, the _tmp files are not left in the /etc/security folder.

Change-Id: I59e543d12f7e509533182339d224c4e8dc9b580d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, pa

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, password will locked out for same
name account creation. This issues is due to missing authentication
failure record files clear in the account user delete path.

Added function for deleting authentication failure record files
in the account delete api to fix this issue.

faillock command --reset option is used to clear user's failure
records. Refer https://linux.die.net/man/8/faillock for details.

Tested: Created user and perform multiple failed authentication to
lock the account. After Account delete, and recreate a user with
same name , worked as expected.

Change-Id: I63a1becafa30035ac549166a1d70ee58baee86b4
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>

show more ...

Remove IBM copyright

This copyright isn't needed and is not in any other file.
It is not being updated. Just remove it.

Similar changes were done at
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/41

Remove IBM copyright

This copyright isn't needed and is not in any other file.
It is not being updated. Just remove it.

Similar changes were done at
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/41139.

This was added in the original commit of this repo:
https://github.com/openbmc/phosphor-user-manager/commit/8a89b53bf014d0844dfd85b2327853037d1e2cb7

Tested: None. Document change only.

Change-Id: Ifc9f73a430af8c5da6174e4c48b318b1bbc41ee5
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

meson: remove cppfs dependency

The dependency on the c++fs library is something very old from the C++14
era and is no longer necessary with a modern compiler. Remove the
explicit dependency from th

meson: remove cppfs dependency

The dependency on the c++fs library is something very old from the C++14
era and is no longer necessary with a modern compiler. Remove the
explicit dependency from the meson setup.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I524ff9db3e47255ced0526b65e04b0512c1d6d59

show more ...

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to int

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group.

Note: The changes are spread across multiple repositories listed under
"Related commits:"

The phosphor-user-manager changes are as follows:
- Added new pre-defined user group called "hostconsole"
- Added CI tests to validate the new group.

Tested:
Loaded on system and qemu eumulator. Made sure that user is only
allowed to access host console if it is member of hostconsole group.

Related commits:
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580

Change-Id: I700a295c99c429b42e6db667c9726792a351e71d
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>

show more ...

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters in a given configuration file.

The output from the 'faillock' command differs from 'pam_tally2', so
this commit adds a new function to parse the output from 'faillock' to
determine if the user is currently locked.

pam_cracklib is being replaced by pam_pwquality. The parameters in
common-password have moved to pwquality.conf.

I referenced the work done by Joseph Reynolds in this commit [1] to know
what changes were required.

[1]: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/39853

Tested:
Confirmed that the AccountLockoutDuration and AccountLockoutThreshold
parameters under /redfish/v1/AccountService both return the correct
value from common-auth.

Set deny to 10 and unlock_time to 30 seconds and confirmed that a user
account will correctly show as locked after 10 failed login attempts,
and that user will show as unlocked 30 seconds later.

Used Redfish to PATCH both AccountLockoutDuration and
AccountLockoutThreshold and confirmed that the updated values are
correctly reported in Redfish and that the correct lines in
faillock.conf are modified.

Confirmed that the MinPasswordLength parameter under
/redfish/v1/AccountService returns the correct value from
common-password.

Set minlen to 9 and confirmed that a user password could not be set with
a length of 8.

Used Redfish to PATCH MinPasswordLength and confirmed that the updated
value is correctly reported in Redfish and that the correct line in
pwquality.conf is modified.

Change-Id: I0701e4148c0b8333c6b8889d4695e61ce7f5366d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I913685cddaf9a2256b3edcd3ced8e89a32386394
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

meson: remove deprecated get_pkgconfig_variable

Since meson 0.56, the `get_pkgconfig_variable` has been deprecated. In
meson 0.58 the `get_variable` was enhanced to no longer require the
`pkgconfig

meson: remove deprecated get_pkgconfig_variable

Since meson 0.56, the `get_pkgconfig_variable` has been deprecated. In
meson 0.58 the `get_variable` was enhanced to no longer require the
`pkgconfig` keyword argument. Ensure meson 0.58 is required and update
the usage of all `get_pkgconfig_variable` and `get_variable` to be the
modern variant.

Change-Id: Icfc9a4ff0929cfe33ff5773988016e5ee39337ac
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

ldap-config: Include phosphor-logging in source files

It is recommendded to include the phosphor-logging and related headers
in source files instead of header files.

Tested:
Build and unit test pas

ldap-config: Include phosphor-logging in source files

It is recommendded to include the phosphor-logging and related headers
in source files instead of header files.

Tested:
Build and unit test pass.

Change-Id: I880d8a3bf8dd850af300806da0d17357407632fd
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Switch to lg2 for logging

After enabling C++20, lg2 is preferred for logging. This patch replaces
all phosphor::logging::log calls to lg2 calls.

Tested:
Build pass.

Change-Id: Ic37bc36f43c2b3a1c61

Switch to lg2 for logging

After enabling C++20, lg2 is preferred for logging. This patch replaces
all phosphor::logging::log calls to lg2 calls.

Tested:
Build pass.

Change-Id: Ic37bc36f43c2b3a1c61b1328af95e3a41c8d6d40
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that L

Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that LDAP users should have "priv-user" assigned
when there is no mapping entry matched.

[1] https://github.com/openbmc/docs/blob/master/architecture/user-management.md#authorization-flow

Tested:
* Configure LDAP with empty RemoteRoleMapping in redfish, then login
BMC with an LDAP account, verified it has User privilege.
* Change the primary group of user from a grop without mapping to one
mapped to Admin privilege on remote LDAP server, confirmed the user
is mapped to priv-admin in BMC.

Change-Id: I374732f2895f40a671225ec0d1fafd7e4ae27dea
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Implement createGroup/deleteGroup

This commit adds the implementation for CreateGroup and DeleteGroup.

These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dy

Implement createGroup/deleteGroup

This commit adds the implementation for CreateGroup and DeleteGroup.

These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dynamic Redfish Authz design.
[1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md

Since now secondary groups will change at runtime, this commit made the
|groupsMgr| non-constant. When the service starts up, it will load all
the groups in the system, and recover its |groupsMgr| in memory.
Currently, only groups with certain prefixes are allowed to change
(creation or deletion). The only use case now is Redfish previleges and
roles so the current prefixes only cover that.

Similar to user creation, this commit also added limits and checks to
make sure these interfaces are safe.

Coverage:
lines......: 84.1% (2197 of 2613 lines)
functions..: 94.3% (492 of 522 functions)
branches...: 31.1% (3506 of 11263 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I245017afda909a0bfa594ef112d7b0d40045f80d

show more ...

prettier: re-format

Prettier is enabled in openbmc-build-scripts on Markdown, JSON, and YAML
files to have consistent formatting for these file types. Re-run the
formatter on the whole repository.

prettier: re-format

Prettier is enabled in openbmc-build-scripts on Markdown, JSON, and YAML
files to have consistent formatting for these file types. Re-run the
formatter on the whole repository.

Change-Id: I4d84d2c5b03d005b66fabe13980539154cac162d
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

UserMgr: Fix the privilege determination

By default, all users in Active Directory have the primary group
`users`. Giving the full access to the BMC to all users from the such
group is a bad idea. A

UserMgr: Fix the privilege determination

By default, all users in Active Directory have the primary group
`users`. Giving the full access to the BMC to all users from the such
group is a bad idea. And changing the primary group in
Active Directory/LDAP can be inadvisable.

This fix allows to use in the role mapping the group that isn't the
primary group. All members of the such group will get the role,
according with the role mapping.

Tested by:
- Configure LDAP
- Add non primary LDAP group to the role map
- Verify `GetUserInfo` reply for the member of the group used in the
previous step. It should contain corresponding privilege.
- Add primary LDAP group to the role map and verify `GetUserInfo` for
its member. It also should contain corresponding role.

Change-Id: I61a87a21446577c0bf059f50139c7b4c711059c7
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

Change /bin/nologin to /sbin/nologin

Tested:
root@romulus:~# ls /sbin/nologin
/sbin/nologin
root@romulus:~# ls /bin/nologin
ls: /bin/nologin: No such file or directory

Signed-off-by: Tang Yiwei <ta

Change /bin/nologin to /sbin/nologin

Tested:
root@romulus:~# ls /sbin/nologin
/sbin/nologin
root@romulus:~# ls /bin/nologin
ls: /bin/nologin: No such file or directory

Signed-off-by: Tang Yiwei <tangyiwei.2022@bytedance.com>
Change-Id: Ic1f74d32230436f9e7e530779357e67b8d7a3464

show more ...

Add Nan Zhou as a reviewer

As requested by current maintainers in the following change,
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/58675

Add myself to the reviewer list so I c

Add Nan Zhou as a reviewer

As requested by current maintainers in the following change,
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/58675

Add myself to the reviewer list so I can become a maintainer one day.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Ie2102487873df88c28dedb3e4daaff8a345b9e11

show more ...

user manager test: remove no-access

The change [1] was submitted without rebasing to the master, which
causes test failures at HEAD.
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/

user manager test: remove no-access

The change [1] was submitted without rebasing to the master, which
causes test failures at HEAD.
[1] https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/52363

This commit fixed the issue.

Tested: unit test passed

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I5b71e3a3dfe70448c1741f21a06ad3486b84863e

show more ...

User manager: implement dummy group APIs

This is needed to unblock the SRCREV bump in
[1] https://gerrit.openbmc.org/c/openbmc/openbmc/+/58690

Tested:
the daemon compiles. Romolus QEMU testing also

User manager: implement dummy group APIs

This is needed to unblock the SRCREV bump in
[1] https://gerrit.openbmc.org/c/openbmc/openbmc/+/58690

Tested:
the daemon compiles. Romolus QEMU testing also passed.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I530dcb2e19b47872c985d8273bc41f7ff6d5d62d

show more ...

Remove support for priv-noaccess role

This change is made w.r.t the discussions in:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/49295

An authenticated user with the NoAccess role can logi

Remove support for priv-noaccess role

This change is made w.r.t the discussions in:
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/49295

An authenticated user with the NoAccess role can login but they cannot
logout.

This commit is to block the login for a user with priv-noaccess
Details are at https://github.com/openbmc/bmcweb/issues/227

Tested By:
1. Create an LDAP user with priv-noaccess. Verify the login attempt
fails with accessDenied error
2. Verified the other role users can login

Signed-off-by: Asmitha Karunanithi <asmitk01@in.ibm.com>
Change-Id: I86f554460e224d6d6e70652c08b32f994194494d

show more ...

userLockedForFailedAttempt: add unit test

This commit adds unit test for the |userLockedForFailedAttempt|
function. In order to do so, this commits adds a new virtual function
which reads the failed

userLockedForFailedAttempt: add unit test

This commit adds unit test for the |userLockedForFailedAttempt|
function. In order to do so, this commits adds a new virtual function
which reads the failed attempt. The function is overridden in unit test.

Tested: unit test passed.

Coverage:
lines......: 83.1% (2007 of 2415 lines)
functions..: 94.1% (430 of 457 functions)
branches...: 32.3% (3181 of 9855 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I940ec42936c8b1c387fc0f19db13bc90a61c9852

show more ...

userEnable: fix bug and add unit test

This commit adds unit tests for the |userEnable| function. To make it
happen, a new overload of |executeUserModify| is introduced. The idea
is the same as previ

userEnable: fix bug and add unit test

This commit adds unit tests for the |userEnable| function. To make it
happen, a new overload of |executeUserModify| is introduced. The idea
is the same as previous commits where we add sudo in unit tests.

Thanks to this unit test, this commit fixes an existing bug where the
corresponding user's |userEnabled| attribute isn't updated.

Tested: unit test passed

Coverage:
lines......: 81.3% (1918 of 2359 lines)
functions..: 93.9% (400 of 426 functions)
branches...: 32.0% (3029 of 9469 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I89752e5fcfc1aabb4090b0b2e8faf5f1b5ee5e76

show more ...

accountUnlockTimeout: add unit test

This commit added several unit tests for the |accountUnlockTimeout|
function.

Tested: unit test passed

Coverage:
lines......: 80.7% (1874 of 2323 lines)
fun

accountUnlockTimeout: add unit test

This commit added several unit tests for the |accountUnlockTimeout|
function.

Tested: unit test passed

Coverage:
lines......: 80.7% (1874 of 2323 lines)
functions..: 93.7% (387 of 413 functions)
branches...: 32.2% (2930 of 9096 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I1dfb134d54f4086920f41c9020104e64af71f1f9

show more ...

MaxLoginAttemptBeforeLockout: add unit test

This commit adds the unit test for |maxLoginAttemptBeforeLockout|.

Tested: unit test passed.

Coverage:
lines......: 80.0% (1843 of 2304 lines)
funct

MaxLoginAttemptBeforeLockout: add unit test

This commit adds the unit test for |maxLoginAttemptBeforeLockout|.

Tested: unit test passed.

Coverage:
lines......: 80.0% (1843 of 2304 lines)
functions..: 93.3% (374 of 401 functions)
branches...: 32.3% (2893 of 8961 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I840dc472d6ac9d58273aaf754195e33276ea139f

show more ...