Serialization: Adding Serialization for MFA

This commit will add the persistency of Dbus properties related to MFA.
The configuration file will be stored under
/var/lib/usr_mgr.conf.

Change-Id: Ib7

Serialization: Adding Serialization for MFA

This commit will add the persistency of Dbus properties related to MFA.
The configuration file will be stored under
/var/lib/usr_mgr.conf.

Change-Id: Ib7fdc467c7cb094d328ae670df3bb4352e4a7b91
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>

show more ...

increase maximum username length

This commit is intended to increase the maximum username length.
Currently we set the maximum username length as 30 characters. However
we have usecases where our us

increase maximum username length

This commit is intended to increase the maximum username length.
Currently we set the maximum username length as 30 characters. However
we have usecases where our username are exceeding the limit
(eg: `obmc.svc_openbmc__central_proxy`, length=31). This limitation
prohibit us to create a new account using this username. By increasing
the limit, we now allow creating an account with longer username.

Tested
- Create an account (post request to `/AccountService/Accounts`)
with 31-100 characters -> expect to be success
- Create an account (post request to `/AccountService/Accounts`)
with 101 characters -> expect to be failed

Change-Id: I15c66d2817eb48aea6b3b47be3d5ab85e08b12d0
Signed-off-by: Malik Akbar Hashemi Rafsanjani <malikrafsan@meta.com>

show more ...

MFA feature: Enable google authenticator

Enabling multi-factor authentication for BMC. This feature enables
google authenticator using TOTP method.
This commit implements interface published [here][

MFA feature: Enable google authenticator

Enabling multi-factor authentication for BMC. This feature enables
google authenticator using TOTP method.
This commit implements interface published [here][1]
and [here][2]

The implementation supports features such as create secret key,verify
TOTP token, enable system level MFA, and enable bypass options.

Currently the support is only for GoogleAuthenticator.

[1]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/User/MultiFactorAuthConfiguration.interface.yaml

[2]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/User/TOTPAuthenticator.interface.yaml

Tested By:
Unit test
https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/78583/1

Change-Id: I053095763c65963ff865b487ab08f05039d2fc3a
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>

show more ...

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I295ded87d74037b2f4a6c4b85d82af20d49ae4a7
Signed-off-by: Patrick Williams <p

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I295ded87d74037b2f4a6c4b85d82af20d49ae4a7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

clang-format: re-format for clang-19

clang-format-19 isn't compatible with the clang-format-18 output, so we
need to reformat the code with the latest version. A few parameters
in clang-tidy have b

clang-format: re-format for clang-19

clang-format-19 isn't compatible with the clang-format-18 output, so we
need to reformat the code with the latest version. A few parameters
in clang-tidy have been deprecated, so adjust the style file
accordingly.

See Ie2f6eb3b043f2d655c9df806815afd7971fd0947 for updated style.
See I88192b41ab7a95599a90915013579608af7bc56f for clang-19 enablement.

Change-Id: I73ef7ee6dc13498d3fcbee4e5971028e61031ad0
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

user_mgr: Fix potential out-of-bounds access

If the sysconf method returns -1, an out-of-bounds access problem
will occur when declaring the following vector:
```
std::vector<char> buffer(buflen);
`

user_mgr: Fix potential out-of-bounds access

If the sysconf method returns -1, an out-of-bounds access problem
will occur when declaring the following vector:
```
std::vector<char> buffer(buflen);
```

Signed-off-by: George Liu <liuxiwei@ieisystem.com>
Change-Id: I1887cc418c40b01d839f9c0e25bef09a2605973b

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: I75bbf0de40859a5e507455a52ceaef9be5b686c7
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Fix spelling mistakes using codespell

This commit corrects various spelling mistakes throughout the
repository. The corrections were made automatically using `codespell`[1]
tool.

[1]: https://githu

Fix spelling mistakes using codespell

This commit corrects various spelling mistakes throughout the
repository. The corrections were made automatically using `codespell`[1]
tool.

[1]: https://github.com/codespell-project/codespell

Change-Id: I6959d908cd7b216568963488ead0f3d6ed4a6611
Signed-off-by: Manojkiran Eda <manojkiran.eda@gmail.com>

show more ...

Remove web user group

This 'web' group is currently not doing anything and is considered to be
equivalent to 'redfish'.

Change-Id: I20a0a7e3a0bff3128e8e391317045a71038d119b
Signed-off-by: Ravi Teja

Remove web user group

This 'web' group is currently not doing anything and is considered to be
equivalent to 'redfish'.

Change-Id: I20a0a7e3a0bff3128e8e391317045a71038d119b
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>

show more ...

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"
BTW: Group name has the same issue, fix it by the way.

Tested: Cr

BugFix: user name contains invalid characters

There is an typo in the policy "[a-zA-z_]" configuration.
It it should be "[a-zA-Z_]"
BTW: Group name has the same issue, fix it by the way.

Tested: Create a username contains invalid characters like: ^, [, or ].

Before: invalid character can be added as username
ipmitool user list 1
ID Name Callin
4 ^test true
5 [test true
7 ]test true
8 _test true

After: error will be returned once user name has invalid character.
ipmitool user set name 4 ^test4
Set User Name command failed (user 4, name ^test4): Unspecified error

UnitTest is added.

Change-Id: I86b062faea84906dde7cf37a0d51631d78526cb1
Signed-off-by: nichanghao.nch <nichanghao@linux.alibaba.com>
Signed-off-by: Kwin Wang <wangkuiying.wky@alibaba-inc.com>

show more ...

Update pam_pwhistory to use pwhistory.conf

With libpam 1.5.3, pam_pwhistory added support to get configuration
options from pwhistory.conf similar to faillock and pwquality.

This updates pam_pwhist

Update pam_pwhistory to use pwhistory.conf

With libpam 1.5.3, pam_pwhistory added support to get configuration
options from pwhistory.conf similar to faillock and pwquality.

This updates pam_pwhistory to use pwhistory.conf for the remember
setting.

pwhistory remember was the last setting directly using the
common-password file, so this also removes the two functions to get and
set PAM module arg values which resolves #16.

Tested:
Confirmed that getting and setting the RememberOldPasswordTimes D-Bus
property gets and sets the remember value in pwhistory.conf.

Change-Id: If8f90720c120c5c49e2b8b4a840a427d46ffc7d9
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

user-delete: swap delete and faillock clear

The latest faillock won't accept clearing for a user that does not
exist, so we need to swap the order to clear the faillock values
before deleting the us

user-delete: swap delete and faillock clear

The latest faillock won't accept clearing for a user that does not
exist, so we need to swap the order to clear the faillock values
before deleting the user.

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I175d82a5a5d30048aab4056acf080f3f2fe74d78

show more ...

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found,

Remove temp file on failure

If the parameter is not found, the temp file is left in the file system
since it isn't renamed. This deletes the temp file in that case.

If the source file is not found, the temp file is left in the file
system. This deletes the temp file in that case.

This updates the tests to cover these two conditions and confirm that
the temp file is not present.

Tested:
Corrupted the faillock.conf deny parameter and the pwquality.conf minlen
parameter and confirmed that after attempting to modify them through
Redfish, the _tmp files are not left in the /etc/security folder.

Change-Id: I59e543d12f7e509533182339d224c4e8dc9b580d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, pa

Add support for deleting authentication failure record files

Added fix for #phosphor-user-manager/issues/4

If a user account locked due to user's password with too many
failed attempts use case, password will locked out for same
name account creation. This issues is due to missing authentication
failure record files clear in the account user delete path.

Added function for deleting authentication failure record files
in the account delete api to fix this issue.

faillock command --reset option is used to clear user's failure
records. Refer https://linux.die.net/man/8/faillock for details.

Tested: Created user and perform multiple failed authentication to
lock the account. After Account delete, and recreate a user with
same name , worked as expected.

Change-Id: I63a1becafa30035ac549166a1d70ee58baee86b4
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>

show more ...

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to int

Added new pre-defined usergroup hostconsole

The new pre-defined usergroup named "hostconsole" is added to
differentiate access between host console and manager console.
The only users allowed to interact with host console are part of the
"hostconsole" group.

Note: The changes are spread across multiple repositories listed under
"Related commits:"

The phosphor-user-manager changes are as follows:
- Added new pre-defined user group called "hostconsole"
- Added CI tests to validate the new group.

Tested:
Loaded on system and qemu eumulator. Made sure that user is only
allowed to access host console if it is member of hostconsole group.

Related commits:
docs: https://gerrit.openbmc.org/c/openbmc/docs/+/60968
phosphor-user-manager: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/61583
openbmc: https://gerrit.openbmc.org/c/openbmc/openbmc/+/61582
obmc-console: https://gerrit.openbmc.org/c/openbmc/obmc-console/+/61581
bmcweb: https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61580

Change-Id: I700a295c99c429b42e6db667c9726792a351e71d
Signed-off-by: Ninad Palsule <ninadpalsule@us.ibm.com>

show more ...

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters

Change to pam_faillock and pam pwquality

pam_tally2 is being replaced by pam_faillock. The parameters in
common-auth have moved to faillock.conf, so this commit adds a new
method to modify paramters in a given configuration file.

The output from the 'faillock' command differs from 'pam_tally2', so
this commit adds a new function to parse the output from 'faillock' to
determine if the user is currently locked.

pam_cracklib is being replaced by pam_pwquality. The parameters in
common-password have moved to pwquality.conf.

I referenced the work done by Joseph Reynolds in this commit [1] to know
what changes were required.

[1]: https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/39853

Tested:
Confirmed that the AccountLockoutDuration and AccountLockoutThreshold
parameters under /redfish/v1/AccountService both return the correct
value from common-auth.

Set deny to 10 and unlock_time to 30 seconds and confirmed that a user
account will correctly show as locked after 10 failed login attempts,
and that user will show as unlocked 30 seconds later.

Used Redfish to PATCH both AccountLockoutDuration and
AccountLockoutThreshold and confirmed that the updated values are
correctly reported in Redfish and that the correct lines in
faillock.conf are modified.

Confirmed that the MinPasswordLength parameter under
/redfish/v1/AccountService returns the correct value from
common-password.

Set minlen to 9 and confirmed that a user password could not be set with
a length of 8.

Used Redfish to PATCH MinPasswordLength and confirmed that the updated
value is correctly reported in Redfish and that the correct line in
pwquality.conf is modified.

Change-Id: I0701e4148c0b8333c6b8889d4695e61ce7f5366d
Signed-off-by: Jason M. Bills <jason.m.bills@intel.com>

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I913685cddaf9a2256b3edcd3ced8e89a32386394
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Switch to lg2 for logging

After enabling C++20, lg2 is preferred for logging. This patch replaces
all phosphor::logging::log calls to lg2 calls.

Tested:
Build pass.

Change-Id: Ic37bc36f43c2b3a1c61

Switch to lg2 for logging

After enabling C++20, lg2 is preferred for logging. This patch replaces
all phosphor::logging::log calls to lg2 calls.

Tested:
Build pass.

Change-Id: Ic37bc36f43c2b3a1c61b1328af95e3a41c8d6d40
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that L

Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that LDAP users should have "priv-user" assigned
when there is no mapping entry matched.

[1] https://github.com/openbmc/docs/blob/master/architecture/user-management.md#authorization-flow

Tested:
* Configure LDAP with empty RemoteRoleMapping in redfish, then login
BMC with an LDAP account, verified it has User privilege.
* Change the primary group of user from a grop without mapping to one
mapped to Admin privilege on remote LDAP server, confirmed the user
is mapped to priv-admin in BMC.

Change-Id: I374732f2895f40a671225ec0d1fafd7e4ae27dea
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

show more ...

Implement createGroup/deleteGroup

This commit adds the implementation for CreateGroup and DeleteGroup.

These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dy

Implement createGroup/deleteGroup

This commit adds the implementation for CreateGroup and DeleteGroup.

These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dynamic Redfish Authz design.
[1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md

Since now secondary groups will change at runtime, this commit made the
|groupsMgr| non-constant. When the service starts up, it will load all
the groups in the system, and recover its |groupsMgr| in memory.
Currently, only groups with certain prefixes are allowed to change
(creation or deletion). The only use case now is Redfish previleges and
roles so the current prefixes only cover that.

Similar to user creation, this commit also added limits and checks to
make sure these interfaces are safe.

Coverage:
lines......: 84.1% (2197 of 2613 lines)
functions..: 94.3% (492 of 522 functions)
branches...: 31.1% (3506 of 11263 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I245017afda909a0bfa594ef112d7b0d40045f80d

show more ...

UserMgr: Fix the privilege determination

By default, all users in Active Directory have the primary group
`users`. Giving the full access to the BMC to all users from the such
group is a bad idea. A

UserMgr: Fix the privilege determination

By default, all users in Active Directory have the primary group
`users`. Giving the full access to the BMC to all users from the such
group is a bad idea. And changing the primary group in
Active Directory/LDAP can be inadvisable.

This fix allows to use in the role mapping the group that isn't the
primary group. All members of the such group will get the role,
according with the role mapping.

Tested by:
- Configure LDAP
- Add non primary LDAP group to the role map
- Verify `GetUserInfo` reply for the member of the group used in the
previous step. It should contain corresponding privilege.
- Add primary LDAP group to the role map and verify `GetUserInfo` for
its member. It also should contain corresponding role.

Change-Id: I61a87a21446577c0bf059f50139c7b4c711059c7
Signed-off-by: Alexander Filippov <a.filippov@yadro.com>

show more ...

Change /bin/nologin to /sbin/nologin

Tested:
root@romulus:~# ls /sbin/nologin
/sbin/nologin
root@romulus:~# ls /bin/nologin
ls: /bin/nologin: No such file or directory

Signed-off-by: Tang Yiwei <ta

Change /bin/nologin to /sbin/nologin

Tested:
root@romulus:~# ls /sbin/nologin
/sbin/nologin
root@romulus:~# ls /bin/nologin
ls: /bin/nologin: No such file or directory

Signed-off-by: Tang Yiwei <tangyiwei.2022@bytedance.com>
Change-Id: Ic1f74d32230436f9e7e530779357e67b8d7a3464

show more ...

User manager: implement dummy group APIs

This is needed to unblock the SRCREV bump in
[1] https://gerrit.openbmc.org/c/openbmc/openbmc/+/58690

Tested:
the daemon compiles. Romolus QEMU testing also

User manager: implement dummy group APIs

This is needed to unblock the SRCREV bump in
[1] https://gerrit.openbmc.org/c/openbmc/openbmc/+/58690

Tested:
the daemon compiles. Romolus QEMU testing also passed.

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I530dcb2e19b47872c985d8273bc41f7ff6d5d62d

show more ...

userLockedForFailedAttempt: add unit test

This commit adds unit test for the |userLockedForFailedAttempt|
function. In order to do so, this commits adds a new virtual function
which reads the failed

userLockedForFailedAttempt: add unit test

This commit adds unit test for the |userLockedForFailedAttempt|
function. In order to do so, this commits adds a new virtual function
which reads the failed attempt. The function is overridden in unit test.

Tested: unit test passed.

Coverage:
lines......: 83.1% (2007 of 2415 lines)
functions..: 94.1% (430 of 457 functions)
branches...: 32.3% (3181 of 9855 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I940ec42936c8b1c387fc0f19db13bc90a61c9852

show more ...

userEnable: fix bug and add unit test

This commit adds unit tests for the |userEnable| function. To make it
happen, a new overload of |executeUserModify| is introduced. The idea
is the same as previ

userEnable: fix bug and add unit test

This commit adds unit tests for the |userEnable| function. To make it
happen, a new overload of |executeUserModify| is introduced. The idea
is the same as previous commits where we add sudo in unit tests.

Thanks to this unit test, this commit fixes an existing bug where the
corresponding user's |userEnabled| attribute isn't updated.

Tested: unit test passed

Coverage:
lines......: 81.3% (1918 of 2359 lines)
functions..: 93.9% (400 of 426 functions)
branches...: 32.0% (3029 of 9469 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I89752e5fcfc1aabb4090b0b2e8faf5f1b5ee5e76

show more ...