1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 #include "json_serializer.hpp" 18 19 #include <sdbusplus/bus.hpp> 20 #include <sdbusplus/server/object.hpp> 21 #include <xyz/openbmc_project/Object/Delete/server.hpp> 22 #include <xyz/openbmc_project/User/Attributes/server.hpp> 23 #include <xyz/openbmc_project/User/MultiFactorAuthConfiguration/server.hpp> 24 #include <xyz/openbmc_project/User/TOTPAuthenticator/server.hpp> 25 26 #include <optional> 27 28 namespace phosphor 29 { 30 namespace user 31 { 32 33 namespace base = sdbusplus::xyz::openbmc_project; 34 using UsersIface = base::User::server::Attributes; 35 36 using TOTPAuthenticatorIface = base::User::server::TOTPAuthenticator; 37 using DeleteIface = base::Object::server::Delete; 38 using Interfaces = sdbusplus::server::object_t<UsersIface, DeleteIface, 39 TOTPAuthenticatorIface>; 40 using MultiFactorAuthType = sdbusplus::common::xyz::openbmc_project::user:: 41 MultiFactorAuthConfiguration::Type; 42 using MultiFactorAuthConfiguration = 43 sdbusplus::common::xyz::openbmc_project::user::MultiFactorAuthConfiguration; 44 // Place where all user objects has to be created 45 constexpr auto usersObjPath = "/xyz/openbmc_project/user"; 46 47 class UserMgr; // Forward declaration for UserMgr. 48 49 /** @class Users 50 * @brief Lists User objects and it's properties 51 */ 52 class Users : public Interfaces 53 { 54 public: 55 Users() = delete; 56 ~Users(); 57 Users(const Users&) = delete; 58 Users& operator=(const Users&) = delete; 59 Users(Users&&) = delete; 60 Users& operator=(Users&&) = delete; 61 62 /** @brief Constructs Users object. 63 * 64 * @param[in] bus - sdbusplus handler 65 * @param[in] path - D-Bus path 66 * @param[in] groups - users group list 67 * @param[in] priv - users privilege 68 * @param[in] enabled - user enabled state 69 * @param[in] passwordExpiration - user password expiration Epoch time 70 * @param[in] parent - user manager - parent object 71 */ 72 Users(sdbusplus::bus_t& bus, const char* path, 73 std::vector<std::string> groups, std::string priv, bool enabled, 74 std::optional<uint64_t> passwordExpiration, UserMgr& parent); 75 76 /** @brief delete user method. 77 * This method deletes the user as requested 78 * 79 */ 80 void delete_(void) override; 81 82 /** @brief update user privilege 83 * 84 * @param[in] value - User privilege 85 */ 86 std::string userPrivilege(std::string value) override; 87 88 void setUserPrivilege(const std::string& value); 89 90 void setUserGroups(const std::vector<std::string>& groups); 91 92 /** @brief lists user privilege 93 * 94 */ 95 std::string userPrivilege(void) const override; 96 97 /** @brief update user groups 98 * 99 * @param[in] value - User groups 100 */ 101 std::vector<std::string> userGroups( 102 std::vector<std::string> value) override; 103 104 /** @brief list user groups 105 * 106 */ 107 std::vector<std::string> userGroups(void) const override; 108 109 /** @brief lists user enabled state 110 * 111 */ 112 bool userEnabled(void) const override; 113 114 void setUserEnabled(bool value); 115 116 /** @brief update user enabled state 117 * 118 * @param[in] value - bool value 119 */ 120 bool userEnabled(bool value) override; 121 122 /** @brief lists user locked state for failed attempt 123 * 124 **/ 125 bool userLockedForFailedAttempt(void) const override; 126 127 /** @brief unlock user locked state for failed attempt 128 * 129 * @param[in]: value - false - unlock user account, true - no action taken 130 **/ 131 bool userLockedForFailedAttempt(bool value) override; 132 133 /** @brief indicates if the user's password is expired 134 * 135 **/ 136 bool userPasswordExpired(void) const override; 137 138 std::string getUserName() const 139 { 140 return userName; 141 } 142 bool secretKeyIsValid() const override; 143 std::string createSecretKey() override; 144 bool verifyOTP(std::string otp) override; 145 bool secretKeyGenerationRequired() const override; 146 void clearSecretKey() override; 147 MultiFactorAuthType bypassedProtocol(MultiFactorAuthType value, 148 bool skipSignal) override; 149 void enableMultiFactorAuth(MultiFactorAuthType type, bool value); 150 void load(JsonSerializer& serializer); 151 152 /** @brief user password expiration 153 * 154 * Password expiration is date time when the user password expires. The time 155 * is the Epoch time, number of seconds since 1 Jan 1970 00::00::00 UTC. 156 * When zero value is returned, it means that password does not expire. When 157 * maximum value is returned, it means that password expiration is not set. 158 * 159 **/ 160 uint64_t passwordExpiration() const override; 161 162 /** @brief update user password expiration 163 * 164 * Password expiration is date time when the user password expires. The time 165 * is the Epoch time, number of seconds since 1 Jan 1970 00::00::00 UTC. 166 * When zero value is provided, it means that password does not expire. 167 * 168 **/ 169 uint64_t passwordExpiration(uint64_t value) override; 170 171 private: 172 bool checkMfaStatus() const; 173 std::string userName; 174 UserMgr& manager; 175 }; 176 177 } // namespace user 178 } // namespace phosphor 179