1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16
17 #include "user_layer.hpp"
18
19 #include "passwd_mgr.hpp"
20 #include "user_mgmt.hpp"
21
22 namespace
23 {
24 ipmi::PasswdMgr passwdMgr;
25 }
26
27 namespace ipmi
28 {
29
ipmiUserInit()30 Cc ipmiUserInit()
31 {
32 getUserAccessObject();
33 return ccSuccess;
34 }
35
ipmiUserGetPassword(const std::string & userName)36 SecureString ipmiUserGetPassword(const std::string& userName)
37 {
38 return passwdMgr.getPasswdByUserName(userName);
39 }
40
ipmiClearUserEntryPassword(const std::string & userName)41 Cc ipmiClearUserEntryPassword(const std::string& userName)
42 {
43 if (passwdMgr.updateUserEntry(userName, "") != 0)
44 {
45 return ccUnspecifiedError;
46 }
47 return ccSuccess;
48 }
49
ipmiRenameUserEntryPassword(const std::string & userName,const std::string & newUserName)50 Cc ipmiRenameUserEntryPassword(const std::string& userName,
51 const std::string& newUserName)
52 {
53 if (passwdMgr.updateUserEntry(userName, newUserName) != 0)
54 {
55 return ccUnspecifiedError;
56 }
57 return ccSuccess;
58 }
59
ipmiUserIsValidUserId(const uint8_t userId)60 bool ipmiUserIsValidUserId(const uint8_t userId)
61 {
62 return UserAccess::isValidUserId(userId);
63 }
64
ipmiUserIsValidPrivilege(const uint8_t priv)65 bool ipmiUserIsValidPrivilege(const uint8_t priv)
66 {
67 return UserAccess::isValidPrivilege(priv);
68 }
69
ipmiUserGetUserId(const std::string & userName)70 uint8_t ipmiUserGetUserId(const std::string& userName)
71 {
72 return getUserAccessObject().getUserId(userName);
73 }
74
ipmiUserSetUserName(const uint8_t userId,const char * userName)75 Cc ipmiUserSetUserName(const uint8_t userId, const char* userName)
76 {
77 std::string newUser(userName, 0, ipmiMaxUserName);
78 return getUserAccessObject().setUserName(userId, newUser);
79 }
80
ipmiUserSetUserName(const uint8_t userId,const std::string & userName)81 Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName)
82 {
83 std::string newUser(userName, 0, ipmiMaxUserName);
84 return getUserAccessObject().setUserName(userId, newUser);
85 }
86
ipmiUserGetUserName(const uint8_t userId,std::string & userName)87 Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName)
88 {
89 return getUserAccessObject().getUserName(userId, userName);
90 }
91
ipmiUserSetUserPassword(const uint8_t userId,const char * userPassword)92 Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword)
93 {
94 return getUserAccessObject().setUserPassword(userId, userPassword);
95 }
96
ipmiSetSpecialUserPassword(const std::string & userName,const SecureString & userPassword)97 Cc ipmiSetSpecialUserPassword(const std::string& userName,
98 const SecureString& userPassword)
99 {
100 return getUserAccessObject().setSpecialUserPassword(userName, userPassword);
101 }
102
ipmiUserGetAllCounts(uint8_t & maxChUsers,uint8_t & enabledUsers,uint8_t & fixedUsers)103 Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
104 uint8_t& fixedUsers)
105 {
106 maxChUsers = ipmiMaxUsers;
107 UsersTbl* userData = getUserAccessObject().getUsersTblPtr();
108 enabledUsers = 0;
109 fixedUsers = 0;
110 // user index 0 is reserved, starts with 1
111 for (size_t count = 1; count <= ipmiMaxUsers; ++count)
112 {
113 if (userData->user[count].userEnabled)
114 {
115 enabledUsers++;
116 }
117 if (userData->user[count].fixedUserName)
118 {
119 fixedUsers++;
120 }
121 }
122 return ccSuccess;
123 }
124
ipmiUserUpdateEnabledState(const uint8_t userId,const bool & state)125 Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state)
126 {
127 return getUserAccessObject().setUserEnabledState(userId, state);
128 }
129
ipmiUserCheckEnabled(const uint8_t userId,bool & state)130 Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state)
131 {
132 if (!UserAccess::isValidUserId(userId))
133 {
134 return ccParmOutOfRange;
135 }
136 UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
137 state = userInfo->userEnabled;
138 return ccSuccess;
139 }
140
ipmiUserGetPrivilegeAccess(const uint8_t userId,const uint8_t chNum,PrivAccess & privAccess)141 Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
142 PrivAccess& privAccess)
143 {
144 if (!UserAccess::isValidChannel(chNum))
145 {
146 lg2::error("Get Privilege access - Invalid channel number: {CHANNEL}",
147 "CHANNEL", chNum);
148 return ccInvalidFieldRequest;
149 }
150 if (!UserAccess::isValidUserId(userId))
151 {
152 return ccParmOutOfRange;
153 }
154 UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
155 privAccess.privilege = userInfo->userPrivAccess[chNum].privilege;
156 privAccess.ipmiEnabled = userInfo->userPrivAccess[chNum].ipmiEnabled;
157 privAccess.linkAuthEnabled =
158 userInfo->userPrivAccess[chNum].linkAuthEnabled;
159 privAccess.accessCallback = userInfo->userPrivAccess[chNum].accessCallback;
160 return ccSuccess;
161 }
162
ipmiUserSetPrivilegeAccess(const uint8_t userId,const uint8_t chNum,const PrivAccess & privAccess,const bool & otherPrivUpdates)163 Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
164 const PrivAccess& privAccess,
165 const bool& otherPrivUpdates)
166 {
167 UserPrivAccess userPrivAccess;
168 userPrivAccess.privilege = privAccess.privilege;
169 if (otherPrivUpdates)
170 {
171 userPrivAccess.ipmiEnabled = privAccess.ipmiEnabled;
172 userPrivAccess.linkAuthEnabled = privAccess.linkAuthEnabled;
173 userPrivAccess.accessCallback = privAccess.accessCallback;
174 }
175 return getUserAccessObject().setUserPrivilegeAccess(
176 userId, chNum, userPrivAccess, otherPrivUpdates);
177 }
178
ipmiUserPamAuthenticate(std::string_view userName,std::string_view userPassword)179 bool ipmiUserPamAuthenticate(std::string_view userName,
180 std::string_view userPassword)
181 {
182 return pamUserCheckAuthenticate(userName, userPassword);
183 }
184
ipmiUserSetUserPayloadAccess(const uint8_t chNum,const uint8_t operation,const uint8_t userId,const PayloadAccess & payloadAccess)185 Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation,
186 const uint8_t userId,
187 const PayloadAccess& payloadAccess)
188 {
189 if (!UserAccess::isValidChannel(chNum))
190 {
191 lg2::error(
192 "Set user payload access - Invalid channel number: {CHANNEL}",
193 "CHANNEL", chNum);
194 return ccInvalidFieldRequest;
195 }
196 if (!UserAccess::isValidUserId(userId))
197 {
198 return ccParmOutOfRange;
199 }
200
201 return getUserAccessObject().setUserPayloadAccess(chNum, operation, userId,
202 payloadAccess);
203 }
204
ipmiUserGetUserPayloadAccess(const uint8_t chNum,const uint8_t userId,PayloadAccess & payloadAccess)205 Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId,
206 PayloadAccess& payloadAccess)
207 {
208 if (!UserAccess::isValidChannel(chNum))
209 {
210 lg2::error(
211 "Get user payload access - Invalid channel number: {CHANNEL}",
212 "CHANNEL", chNum);
213 return ccInvalidFieldRequest;
214 }
215 if (!UserAccess::isValidUserId(userId))
216 {
217 return ccParmOutOfRange;
218 }
219
220 UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
221
222 payloadAccess.stdPayloadEnables1 =
223 userInfo->payloadAccess[chNum].stdPayloadEnables1;
224 payloadAccess.stdPayloadEnables2Reserved =
225 userInfo->payloadAccess[chNum].stdPayloadEnables2Reserved;
226 payloadAccess.oemPayloadEnables1 =
227 userInfo->payloadAccess[chNum].oemPayloadEnables1;
228 payloadAccess.oemPayloadEnables2Reserved =
229 userInfo->payloadAccess[chNum].oemPayloadEnables2Reserved;
230
231 return ccSuccess;
232 }
233
234 } // namespace ipmi
235