xref: /openbmc/phosphor-host-ipmid/user_channel/usercommands.cpp (revision 1c2d36d3bc641afb01558562cbe4673a01815559) 
15a6b6369SRichard Marian Thomaiyar /*
25a6b6369SRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation
35a6b6369SRichard Marian Thomaiyar //
45a6b6369SRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License");
55a6b6369SRichard Marian Thomaiyar // you may not use this file except in compliance with the License.
65a6b6369SRichard Marian Thomaiyar // You may obtain a copy of the License at
75a6b6369SRichard Marian Thomaiyar //
85a6b6369SRichard Marian Thomaiyar //      http://www.apache.org/licenses/LICENSE-2.0
95a6b6369SRichard Marian Thomaiyar //
105a6b6369SRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software
115a6b6369SRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS,
125a6b6369SRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
135a6b6369SRichard Marian Thomaiyar // See the License for the specific language governing permissions and
145a6b6369SRichard Marian Thomaiyar // limitations under the License.
155a6b6369SRichard Marian Thomaiyar */
165a6b6369SRichard Marian Thomaiyar 
175a6b6369SRichard Marian Thomaiyar #include "usercommands.hpp"
185a6b6369SRichard Marian Thomaiyar 
1906df8765SRichard Marian Thomaiyar #include "channel_layer.hpp"
205a6b6369SRichard Marian Thomaiyar #include "user_layer.hpp"
215a6b6369SRichard Marian Thomaiyar 
225a6b6369SRichard Marian Thomaiyar #include <security/pam_appl.h>
235a6b6369SRichard Marian Thomaiyar 
24e08fbffcSVernon Mauery #include <ipmid/api.hpp>
2582844ef6SGeorge Liu #include <phosphor-logging/lg2.hpp>
26fbc6c9d7SPatrick Williams 
275a6b6369SRichard Marian Thomaiyar #include <regex>
285a6b6369SRichard Marian Thomaiyar 
295a6b6369SRichard Marian Thomaiyar namespace ipmi
305a6b6369SRichard Marian Thomaiyar {
315a6b6369SRichard Marian Thomaiyar 
3277381f15SSaravanan Palanisamy static constexpr uint8_t enableOperation = 0x00;
3377381f15SSaravanan Palanisamy static constexpr uint8_t disableOperation = 0x01;
345a6b6369SRichard Marian Thomaiyar 
355b2535f8SRichard Marian Thomaiyar /** @brief implements the set user access command
365b2535f8SRichard Marian Thomaiyar  *  @param ctx - IPMI context pointer (for channel)
375b2535f8SRichard Marian Thomaiyar  *  @param channel - channel number
385b2535f8SRichard Marian Thomaiyar  *  @param ipmiEnabled - indicates ipmi messaging state
395b2535f8SRichard Marian Thomaiyar  *  @param linkAuthEnabled - indicates link authentication state
405b2535f8SRichard Marian Thomaiyar  *  @param accessCallback - indicates callback state
415b2535f8SRichard Marian Thomaiyar  *  @param bitsUpdate - indicates update request
425b2535f8SRichard Marian Thomaiyar  *  @param userId - user id
435b2535f8SRichard Marian Thomaiyar  *  @param reserved1 - skip 2 bits
445b2535f8SRichard Marian Thomaiyar  *  @param privilege - user privilege
455b2535f8SRichard Marian Thomaiyar  *  @param reserved2 - skip 4 bits
465b2535f8SRichard Marian Thomaiyar  *  @param sessionLimit - optional - unused for now
475b2535f8SRichard Marian Thomaiyar  *
485b2535f8SRichard Marian Thomaiyar  *  @returns ipmi completion code
495b2535f8SRichard Marian Thomaiyar  */
ipmiSetUserAccess(ipmi::Context::ptr ctx,uint4_t channel,uint1_t ipmiEnabled,uint1_t linkAuthEnabled,uint1_t accessCallback,uint1_t bitsUpdate,uint6_t userId,uint2_t reserved1,uint4_t privilege,uint4_t reserved2,std::optional<uint8_t> sessionLimit)50*1318a5edSPatrick Williams ipmi::RspType<> ipmiSetUserAccess(
51*1318a5edSPatrick Williams     ipmi::Context::ptr ctx, uint4_t channel, uint1_t ipmiEnabled,
52*1318a5edSPatrick Williams     uint1_t linkAuthEnabled, uint1_t accessCallback, uint1_t bitsUpdate,
535a6b6369SRichard Marian Thomaiyar 
545b2535f8SRichard Marian Thomaiyar     uint6_t userId, uint2_t reserved1,
555b2535f8SRichard Marian Thomaiyar 
565b2535f8SRichard Marian Thomaiyar     uint4_t privilege, uint4_t reserved2,
575b2535f8SRichard Marian Thomaiyar 
585b2535f8SRichard Marian Thomaiyar     std::optional<uint8_t> sessionLimit)
595a6b6369SRichard Marian Thomaiyar {
605b2535f8SRichard Marian Thomaiyar     uint8_t sessLimit = sessionLimit.value_or(0);
610e2dbee2Sjayaprakash Mutyala     if (reserved1 || reserved2 || sessLimit ||
620e2dbee2Sjayaprakash Mutyala         !ipmiUserIsValidPrivilege(static_cast<uint8_t>(privilege)))
635a6b6369SRichard Marian Thomaiyar     {
6482844ef6SGeorge Liu         lg2::debug("Set user access - Invalid field in request");
655b2535f8SRichard Marian Thomaiyar         return ipmi::responseInvalidFieldRequest();
665a6b6369SRichard Marian Thomaiyar     }
670e2dbee2Sjayaprakash Mutyala 
68*1318a5edSPatrick Williams     uint8_t chNum =
69*1318a5edSPatrick Williams         convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
700e2dbee2Sjayaprakash Mutyala     if (!isValidChannel(chNum))
710e2dbee2Sjayaprakash Mutyala     {
7282844ef6SGeorge Liu         lg2::debug("Set user access - Invalid channel request");
730e2dbee2Sjayaprakash Mutyala         return ipmi::response(invalidChannel);
740e2dbee2Sjayaprakash Mutyala     }
750e2dbee2Sjayaprakash Mutyala     if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
760e2dbee2Sjayaprakash Mutyala     {
7782844ef6SGeorge Liu         lg2::debug("Set user access - No support on channel");
780e2dbee2Sjayaprakash Mutyala         return ipmi::response(ccActionNotSupportedForChannel);
790e2dbee2Sjayaprakash Mutyala     }
805b2535f8SRichard Marian Thomaiyar     if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
815a6b6369SRichard Marian Thomaiyar     {
8282844ef6SGeorge Liu         lg2::debug("Set user access - Parameter out of range");
835b2535f8SRichard Marian Thomaiyar         return ipmi::responseParmOutOfRange();
845a6b6369SRichard Marian Thomaiyar     }
8506df8765SRichard Marian Thomaiyar 
8611d68897SWilly Tu     PrivAccess privAccess = {};
875b2535f8SRichard Marian Thomaiyar     if (bitsUpdate)
885a6b6369SRichard Marian Thomaiyar     {
895b2535f8SRichard Marian Thomaiyar         privAccess.ipmiEnabled = static_cast<uint8_t>(ipmiEnabled);
905b2535f8SRichard Marian Thomaiyar         privAccess.linkAuthEnabled = static_cast<uint8_t>(linkAuthEnabled);
915b2535f8SRichard Marian Thomaiyar         privAccess.accessCallback = static_cast<uint8_t>(accessCallback);
925a6b6369SRichard Marian Thomaiyar     }
935b2535f8SRichard Marian Thomaiyar     privAccess.privilege = static_cast<uint8_t>(privilege);
945b2535f8SRichard Marian Thomaiyar     return ipmi::response(
955b2535f8SRichard Marian Thomaiyar         ipmiUserSetPrivilegeAccess(static_cast<uint8_t>(userId), chNum,
965b2535f8SRichard Marian Thomaiyar                                    privAccess, static_cast<bool>(bitsUpdate)));
975a6b6369SRichard Marian Thomaiyar }
985a6b6369SRichard Marian Thomaiyar 
995b2535f8SRichard Marian Thomaiyar /** @brief implements the set user access command
1005b2535f8SRichard Marian Thomaiyar  *  @param ctx - IPMI context pointer (for channel)
1015b2535f8SRichard Marian Thomaiyar  *  @param channel - channel number
1025b2535f8SRichard Marian Thomaiyar  *  @param reserved1 - skip 4 bits
1035b2535f8SRichard Marian Thomaiyar  *  @param userId - user id
1045b2535f8SRichard Marian Thomaiyar  *  @param reserved2 - skip 2 bits
1055b2535f8SRichard Marian Thomaiyar  *
1065b2535f8SRichard Marian Thomaiyar  *  @returns ipmi completion code plus response data
1075b2535f8SRichard Marian Thomaiyar  *   - maxChUsers - max channel users
1085b2535f8SRichard Marian Thomaiyar  *   - reserved1 - skip 2 bits
1095b2535f8SRichard Marian Thomaiyar  *   - enabledUsers - enabled users count
1105b2535f8SRichard Marian Thomaiyar  *   - enabledStatus - enabled status
1115b2535f8SRichard Marian Thomaiyar  *   - fixedUsers - fixed users count
1125b2535f8SRichard Marian Thomaiyar  *   - reserved2 - skip 2 bits
1135b2535f8SRichard Marian Thomaiyar  *   - privilege - user privilege
1145b2535f8SRichard Marian Thomaiyar  *   - ipmiEnabled - ipmi messaging state
1155b2535f8SRichard Marian Thomaiyar  *   - linkAuthEnabled - link authenticatin state
1165b2535f8SRichard Marian Thomaiyar  *   - accessCallback - callback state
1175b2535f8SRichard Marian Thomaiyar  *   - reserved - skip 1 bit
1185b2535f8SRichard Marian Thomaiyar  */
1195b2535f8SRichard Marian Thomaiyar ipmi::RspType<uint6_t, // max channel users
1205b2535f8SRichard Marian Thomaiyar               uint2_t, // reserved1
1215a6b6369SRichard Marian Thomaiyar 
1225b2535f8SRichard Marian Thomaiyar               uint6_t, // enabled users count
1235b2535f8SRichard Marian Thomaiyar               uint2_t, // enabled status
1245a6b6369SRichard Marian Thomaiyar 
1255b2535f8SRichard Marian Thomaiyar               uint6_t, // fixed users count
1265b2535f8SRichard Marian Thomaiyar               uint2_t, // reserved2
1275b2535f8SRichard Marian Thomaiyar 
1285b2535f8SRichard Marian Thomaiyar               uint4_t, // privilege
1295b2535f8SRichard Marian Thomaiyar               uint1_t, // ipmi messaging state
1305b2535f8SRichard Marian Thomaiyar               uint1_t, // link authentication state
1315b2535f8SRichard Marian Thomaiyar               uint1_t, // access callback state
1325b2535f8SRichard Marian Thomaiyar               uint1_t  // reserved3
1335b2535f8SRichard Marian Thomaiyar               >
ipmiGetUserAccess(ipmi::Context::ptr ctx,uint4_t channel,uint4_t reserved1,uint6_t userId,uint2_t reserved2)1345b2535f8SRichard Marian Thomaiyar     ipmiGetUserAccess(ipmi::Context::ptr ctx, uint4_t channel,
1355b2535f8SRichard Marian Thomaiyar                       uint4_t reserved1,
1365b2535f8SRichard Marian Thomaiyar 
1375b2535f8SRichard Marian Thomaiyar                       uint6_t userId, uint2_t reserved2)
1385a6b6369SRichard Marian Thomaiyar {
139*1318a5edSPatrick Williams     uint8_t chNum =
140*1318a5edSPatrick Williams         convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
1410e2dbee2Sjayaprakash Mutyala 
1420e2dbee2Sjayaprakash Mutyala     if (reserved1 || reserved2 || !isValidChannel(chNum))
1435a6b6369SRichard Marian Thomaiyar     {
14482844ef6SGeorge Liu         lg2::debug("Get user access - Invalid field in request");
1455b2535f8SRichard Marian Thomaiyar         return ipmi::responseInvalidFieldRequest();
1465a6b6369SRichard Marian Thomaiyar     }
1470e2dbee2Sjayaprakash Mutyala 
1480e2dbee2Sjayaprakash Mutyala     if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
1490e2dbee2Sjayaprakash Mutyala     {
15082844ef6SGeorge Liu         lg2::debug("Get user access - No support on channel");
1510e2dbee2Sjayaprakash Mutyala         return ipmi::response(ccActionNotSupportedForChannel);
1520e2dbee2Sjayaprakash Mutyala     }
1535b2535f8SRichard Marian Thomaiyar     if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
1545a6b6369SRichard Marian Thomaiyar     {
15582844ef6SGeorge Liu         lg2::debug("Get user access - Parameter out of range");
1565b2535f8SRichard Marian Thomaiyar         return ipmi::responseParmOutOfRange();
1575a6b6369SRichard Marian Thomaiyar     }
1585a6b6369SRichard Marian Thomaiyar 
1595a6b6369SRichard Marian Thomaiyar     uint8_t maxChUsers = 0, enabledUsers = 0, fixedUsers = 0;
1605b2535f8SRichard Marian Thomaiyar     ipmi::Cc retStatus;
161b6771e0fSRichard Marian Thomaiyar     retStatus = ipmiUserGetAllCounts(maxChUsers, enabledUsers, fixedUsers);
162b541a5a5SNITIN SHARMA     if (retStatus != ccSuccess)
163b6771e0fSRichard Marian Thomaiyar     {
1645b2535f8SRichard Marian Thomaiyar         return ipmi::response(retStatus);
165b6771e0fSRichard Marian Thomaiyar     }
166b6771e0fSRichard Marian Thomaiyar 
1675b2535f8SRichard Marian Thomaiyar     bool enabledState = false;
168*1318a5edSPatrick Williams     retStatus =
169*1318a5edSPatrick Williams         ipmiUserCheckEnabled(static_cast<uint8_t>(userId), enabledState);
170b541a5a5SNITIN SHARMA     if (retStatus != ccSuccess)
171b6771e0fSRichard Marian Thomaiyar     {
1725b2535f8SRichard Marian Thomaiyar         return ipmi::response(retStatus);
173b6771e0fSRichard Marian Thomaiyar     }
174b6771e0fSRichard Marian Thomaiyar 
1755b2535f8SRichard Marian Thomaiyar     uint2_t enabledStatus = enabledState ? userIdEnabledViaSetPassword
1765a6b6369SRichard Marian Thomaiyar                                          : userIdDisabledViaSetPassword;
1775b2535f8SRichard Marian Thomaiyar     PrivAccess privAccess{};
1785b2535f8SRichard Marian Thomaiyar     retStatus = ipmiUserGetPrivilegeAccess(static_cast<uint8_t>(userId), chNum,
1795b2535f8SRichard Marian Thomaiyar                                            privAccess);
180b541a5a5SNITIN SHARMA     if (retStatus != ccSuccess)
1815b2535f8SRichard Marian Thomaiyar     {
1825b2535f8SRichard Marian Thomaiyar         return ipmi::response(retStatus);
1835b2535f8SRichard Marian Thomaiyar     }
1845b2535f8SRichard Marian Thomaiyar     constexpr uint2_t res2Bits = 0;
1855b2535f8SRichard Marian Thomaiyar     return ipmi::responseSuccess(
1865b2535f8SRichard Marian Thomaiyar         static_cast<uint6_t>(maxChUsers), res2Bits,
1875b2535f8SRichard Marian Thomaiyar 
1885b2535f8SRichard Marian Thomaiyar         static_cast<uint6_t>(enabledUsers), enabledStatus,
1895b2535f8SRichard Marian Thomaiyar 
1905b2535f8SRichard Marian Thomaiyar         static_cast<uint6_t>(fixedUsers), res2Bits,
1915b2535f8SRichard Marian Thomaiyar 
1925b2535f8SRichard Marian Thomaiyar         static_cast<uint4_t>(privAccess.privilege),
1935b2535f8SRichard Marian Thomaiyar         static_cast<uint1_t>(privAccess.ipmiEnabled),
1945b2535f8SRichard Marian Thomaiyar         static_cast<uint1_t>(privAccess.linkAuthEnabled),
1955b2535f8SRichard Marian Thomaiyar         static_cast<uint1_t>(privAccess.accessCallback),
1965b2535f8SRichard Marian Thomaiyar         static_cast<uint1_t>(privAccess.reserved));
1975a6b6369SRichard Marian Thomaiyar }
1985a6b6369SRichard Marian Thomaiyar 
199ac30b39bSVernon Mauery /** @brief implementes the get user name command
200ac30b39bSVernon Mauery  *  @param[in] ctx - ipmi command context
201ac30b39bSVernon Mauery  *  @param[in] userId - 6-bit user ID
202ac30b39bSVernon Mauery  *  @param[in] reserved - 2-bits reserved
203ac30b39bSVernon Mauery  *  @param[in] name - 16-byte array for username
2045a6b6369SRichard Marian Thomaiyar 
205ac30b39bSVernon Mauery  *  @returns ipmi response
206ac30b39bSVernon Mauery  */
ipmiSetUserName(ipmi::Context::ptr ctx,uint6_t id,uint2_t reserved,const std::array<uint8_t,ipmi::ipmiMaxUserName> & name)207*1318a5edSPatrick Williams ipmi::RspType<> ipmiSetUserName(
208*1318a5edSPatrick Williams     [[maybe_unused]] ipmi::Context::ptr ctx, uint6_t id, uint2_t reserved,
209ac30b39bSVernon Mauery     const std::array<uint8_t, ipmi::ipmiMaxUserName>& name)
2105a6b6369SRichard Marian Thomaiyar {
211ac30b39bSVernon Mauery     if (reserved)
2125a6b6369SRichard Marian Thomaiyar     {
213ac30b39bSVernon Mauery         return ipmi::responseInvalidFieldRequest();
2145a6b6369SRichard Marian Thomaiyar     }
215ac30b39bSVernon Mauery     uint8_t userId = static_cast<uint8_t>(id);
216ac30b39bSVernon Mauery     if (!ipmiUserIsValidUserId(userId))
2175a6b6369SRichard Marian Thomaiyar     {
21882844ef6SGeorge Liu         lg2::debug("Set user name - Invalid user id");
219ac30b39bSVernon Mauery         return ipmi::responseParmOutOfRange();
2205a6b6369SRichard Marian Thomaiyar     }
2215a6b6369SRichard Marian Thomaiyar 
222ac30b39bSVernon Mauery     size_t nameLen = strnlen(reinterpret_cast<const char*>(name.data()),
223ac30b39bSVernon Mauery                              ipmi::ipmiMaxUserName);
224ac30b39bSVernon Mauery     const std::string strUserName(reinterpret_cast<const char*>(name.data()),
225cdcdf2b7Sjayaprakash Mutyala                                   nameLen);
226cdcdf2b7Sjayaprakash Mutyala 
227ac30b39bSVernon Mauery     ipmi::Cc res = ipmiUserSetUserName(userId, strUserName);
228ac30b39bSVernon Mauery     return ipmi::response(res);
2295a6b6369SRichard Marian Thomaiyar }
2305a6b6369SRichard Marian Thomaiyar 
2315a6b6369SRichard Marian Thomaiyar /** @brief implementes the get user name command
2323c89de15SVernon Mauery  *  @param[in] ctx - ipmi command context
2333c89de15SVernon Mauery  *  @param[in] userId - 6-bit user ID
2343c89de15SVernon Mauery  *  @param[in] reserved - 2-bits reserved
2353c89de15SVernon Mauery 
2363c89de15SVernon Mauery  *  @returns ipmi response with 16-byte username
2375a6b6369SRichard Marian Thomaiyar  */
2383c89de15SVernon Mauery ipmi::RspType<std::array<uint8_t, ipmi::ipmiMaxUserName>> // user name
ipmiGetUserName(ipmi::Context::ptr ctx,uint6_t id,uint2_t reserved)23911d68897SWilly Tu     ipmiGetUserName([[maybe_unused]] ipmi::Context::ptr ctx, uint6_t id,
24011d68897SWilly Tu                     uint2_t reserved)
2415a6b6369SRichard Marian Thomaiyar {
2423c89de15SVernon Mauery     if (reserved)
2435a6b6369SRichard Marian Thomaiyar     {
2443c89de15SVernon Mauery         return ipmi::responseInvalidFieldRequest();
2455a6b6369SRichard Marian Thomaiyar     }
2465a6b6369SRichard Marian Thomaiyar 
2473c89de15SVernon Mauery     uint8_t userId = static_cast<uint8_t>(id);
2485a6b6369SRichard Marian Thomaiyar     std::string userName;
2493c89de15SVernon Mauery     if (ipmiUserGetUserName(userId, userName) != ccSuccess)
2505a6b6369SRichard Marian Thomaiyar     { // Invalid User ID
25182844ef6SGeorge Liu         lg2::debug("User Name not found, user Id: {USER_ID}", "USER_ID",
25282844ef6SGeorge Liu                    userId);
2533c89de15SVernon Mauery         return ipmi::responseParmOutOfRange();
2545a6b6369SRichard Marian Thomaiyar     }
2553c89de15SVernon Mauery     // copy the std::string into a fixed array
2563c89de15SVernon Mauery     if (userName.size() > ipmi::ipmiMaxUserName)
2573c89de15SVernon Mauery     {
2583c89de15SVernon Mauery         return ipmi::responseUnspecifiedError();
2593c89de15SVernon Mauery     }
2603c89de15SVernon Mauery     std::array<uint8_t, ipmi::ipmiMaxUserName> userNameFixed;
2613c89de15SVernon Mauery     std::fill(userNameFixed.begin(), userNameFixed.end(), 0);
2623c89de15SVernon Mauery     std::copy(userName.begin(), userName.end(), userNameFixed.begin());
2633c89de15SVernon Mauery     return ipmi::responseSuccess(std::move(userNameFixed));
2645a6b6369SRichard Marian Thomaiyar }
2655a6b6369SRichard Marian Thomaiyar 
2667a3296dfSVernon Mauery /** @brief implementes the get user name command
2677a3296dfSVernon Mauery  *  @param[in] ctx - ipmi command context
2687a3296dfSVernon Mauery  *  @param[in] userId - 6-bit user ID
2697a3296dfSVernon Mauery  *  @param[in] reserved - 2-bits reserved
2707a3296dfSVernon Mauery 
2717a3296dfSVernon Mauery  *  @returns ipmi response with 16-byte username
2725a6b6369SRichard Marian Thomaiyar  */
2737a3296dfSVernon Mauery ipmi::RspType<> // user name
ipmiSetUserPassword(ipmi::Context::ptr ctx,uint6_t id,bool reserved1,bool pwLen20,uint2_t operation,uint6_t reserved2,SecureBuffer & userPassword)27411d68897SWilly Tu     ipmiSetUserPassword([[maybe_unused]] ipmi::Context::ptr ctx, uint6_t id,
27511d68897SWilly Tu                         bool reserved1, bool pwLen20, uint2_t operation,
27611d68897SWilly Tu                         uint6_t reserved2, SecureBuffer& userPassword)
2775a6b6369SRichard Marian Thomaiyar {
2787a3296dfSVernon Mauery     if (reserved1 || reserved2)
27937b1d1aeSSnehalatha Venkatesh     {
28082844ef6SGeorge Liu         lg2::debug("Invalid data field in request");
2817a3296dfSVernon Mauery         return ipmi::responseInvalidFieldRequest();
28237b1d1aeSSnehalatha Venkatesh     }
2835a6b6369SRichard Marian Thomaiyar 
28429b9f31dSAyushi Smriti     static constexpr uint2_t opDisableUser = 0x00;
28529b9f31dSAyushi Smriti     static constexpr uint2_t opEnableUser = 0x01;
28629b9f31dSAyushi Smriti     static constexpr uint2_t opSetPassword = 0x02;
28729b9f31dSAyushi Smriti     static constexpr uint2_t opTestPassword = 0x03;
28829b9f31dSAyushi Smriti 
28929b9f31dSAyushi Smriti     // If set / test password operation then password size has to be 16 or 20
29029b9f31dSAyushi Smriti     // bytes based on the password size bit
29129b9f31dSAyushi Smriti     if (((operation == opSetPassword) || (operation == opTestPassword)) &&
29229b9f31dSAyushi Smriti         ((pwLen20 && (userPassword.size() != maxIpmi20PasswordSize)) ||
29329b9f31dSAyushi Smriti          (!pwLen20 && (userPassword.size() != maxIpmi15PasswordSize))))
2945a6b6369SRichard Marian Thomaiyar     {
29582844ef6SGeorge Liu         lg2::debug("Invalid Length");
2967a3296dfSVernon Mauery         return ipmi::responseReqDataLenInvalid();
2975a6b6369SRichard Marian Thomaiyar     }
29829b9f31dSAyushi Smriti 
2997a3296dfSVernon Mauery     size_t passwordLength = userPassword.size();
3005a6b6369SRichard Marian Thomaiyar 
3017a3296dfSVernon Mauery     uint8_t userId = static_cast<uint8_t>(id);
3025a6b6369SRichard Marian Thomaiyar     std::string userName;
3037a3296dfSVernon Mauery     if (ipmiUserGetUserName(userId, userName) != ccSuccess)
3045a6b6369SRichard Marian Thomaiyar     {
30582844ef6SGeorge Liu         lg2::debug("User Name not found, user Id: {USER_ID}", "USER_ID",
30682844ef6SGeorge Liu                    userId);
3077a3296dfSVernon Mauery         return ipmi::responseParmOutOfRange();
3085a6b6369SRichard Marian Thomaiyar     }
3097a3296dfSVernon Mauery 
3107a3296dfSVernon Mauery     if (operation == opSetPassword)
3115a6b6369SRichard Marian Thomaiyar     {
3127a3296dfSVernon Mauery         // turn the non-nul terminated SecureBuffer into a SecureString
3137a3296dfSVernon Mauery         SecureString password(
3147a3296dfSVernon Mauery             reinterpret_cast<const char*>(userPassword.data()), passwordLength);
3157a3296dfSVernon Mauery         ipmi::Cc res = ipmiUserSetUserPassword(userId, password.data());
3167a3296dfSVernon Mauery         return ipmi::response(res);
3175a6b6369SRichard Marian Thomaiyar     }
3187a3296dfSVernon Mauery     else if (operation == opEnableUser || operation == opDisableUser)
319282e79b4SRichard Marian Thomaiyar     {
320*1318a5edSPatrick Williams         ipmi::Cc res =
321*1318a5edSPatrick Williams             ipmiUserUpdateEnabledState(userId, static_cast<bool>(operation));
3227a3296dfSVernon Mauery         return ipmi::response(res);
323282e79b4SRichard Marian Thomaiyar     }
3247a3296dfSVernon Mauery     else if (operation == opTestPassword)
325282e79b4SRichard Marian Thomaiyar     {
3261e22a0f1SVernon Mauery         SecureString password = ipmiUserGetPassword(userName);
3277a3296dfSVernon Mauery         // extend with zeros, if needed
3287a3296dfSVernon Mauery         if (password.size() < passwordLength)
3297a3296dfSVernon Mauery         {
3307a3296dfSVernon Mauery             password.resize(passwordLength, '\0');
3317a3296dfSVernon Mauery         }
3321e22a0f1SVernon Mauery         SecureString testPassword(
3337a3296dfSVernon Mauery             reinterpret_cast<const char*>(userPassword.data()), passwordLength);
3341e22a0f1SVernon Mauery         // constant time string compare: always compare exactly as many bytes
3351e22a0f1SVernon Mauery         // as the length of the input, resizing the actual password to match,
3361e22a0f1SVernon Mauery         // maintaining a knowledge if the sizes differed originally
3371e22a0f1SVernon Mauery         static const std::array<char, maxIpmi20PasswordSize> empty = {'\0'};
3381e22a0f1SVernon Mauery         size_t cmpLen = testPassword.size();
3391e22a0f1SVernon Mauery         bool pwLenDiffers = password.size() != cmpLen;
3401e22a0f1SVernon Mauery         const char* cmpPassword = nullptr;
3411e22a0f1SVernon Mauery         if (pwLenDiffers)
3421e22a0f1SVernon Mauery         {
3431e22a0f1SVernon Mauery             cmpPassword = empty.data();
3441e22a0f1SVernon Mauery         }
3451e22a0f1SVernon Mauery         else
3461e22a0f1SVernon Mauery         {
3471e22a0f1SVernon Mauery             cmpPassword = password.data();
3481e22a0f1SVernon Mauery         }
3491e22a0f1SVernon Mauery         bool pwBad = CRYPTO_memcmp(cmpPassword, testPassword.data(), cmpLen);
3501e22a0f1SVernon Mauery         pwBad |= pwLenDiffers;
3511e22a0f1SVernon Mauery         if (pwBad)
352282e79b4SRichard Marian Thomaiyar         {
35382844ef6SGeorge Liu             lg2::debug("Test password failed, user Id: {USER_ID}", "USER_ID",
35482844ef6SGeorge Liu                        userId);
3557a3296dfSVernon Mauery             return ipmi::response(ipmiCCPasswdFailMismatch);
356282e79b4SRichard Marian Thomaiyar         }
3577a3296dfSVernon Mauery         return ipmi::responseSuccess();
358282e79b4SRichard Marian Thomaiyar     }
3597a3296dfSVernon Mauery     return ipmi::responseInvalidFieldRequest();
360282e79b4SRichard Marian Thomaiyar }
3615a6b6369SRichard Marian Thomaiyar 
362c46f6cd7Ssmriti /** @brief implements the get channel authentication command
363c46f6cd7Ssmriti  *  @param ctx - IPMI context pointer (for channel)
364c46f6cd7Ssmriti  *  @param extData - get IPMI 2.0 extended data
365c46f6cd7Ssmriti  *  @param reserved1 - skip 3 bits
366c46f6cd7Ssmriti  *  @param chNum - channel number to get info about
367c46f6cd7Ssmriti  *  @param reserved2 - skip 4 bits
368c46f6cd7Ssmriti  *  @param privLevel - requested privilege level
369c46f6cd7Ssmriti 
370c46f6cd7Ssmriti  *  @returns ipmi completion code plus response data
371c46f6cd7Ssmriti  *   - channel number
372c46f6cd7Ssmriti  *   - rmcpAuthTypes - RMCP auth types (IPMI 1.5)
373c46f6cd7Ssmriti  *   - reserved1
374c46f6cd7Ssmriti  *   - extDataSupport - true for IPMI 2.0 extensions
375c46f6cd7Ssmriti  *   - anonymousLogin - true for anonymous login enabled
376c46f6cd7Ssmriti  *   - nullUsers - true for null user names enabled
377c46f6cd7Ssmriti  *   - nonNullUsers - true for non-null usernames enabled
378c46f6cd7Ssmriti  *   - userAuth - false for user authentication enabled
379c46f6cd7Ssmriti  *   - perMessageAuth - false for per message authentication enabled
380c46f6cd7Ssmriti  *   - KGStatus - true for Kg required for authentication
381c46f6cd7Ssmriti  *   - reserved2
382c46f6cd7Ssmriti  *   - rmcp - RMCP (IPMI 1.5) connection support
383c46f6cd7Ssmriti  *   - rmcpp - RMCP+ (IPMI 2.0) connection support
384c46f6cd7Ssmriti  *   - reserved3
385c46f6cd7Ssmriti  *   - oemID - OEM IANA of any OEM auth support
386c46f6cd7Ssmriti  *   - oemAuxillary - OEM data for auth
387c46f6cd7Ssmriti  */
388c46f6cd7Ssmriti ipmi::RspType<uint8_t,  // channel number
389c46f6cd7Ssmriti               uint6_t,  // rmcpAuthTypes
390c46f6cd7Ssmriti               bool,     // reserved1
391c46f6cd7Ssmriti               bool,     // extDataSupport
392c46f6cd7Ssmriti               bool,     // anonymousLogin
393c46f6cd7Ssmriti               bool,     // nullUsers
394c46f6cd7Ssmriti               bool,     // nonNullUsers
395c46f6cd7Ssmriti               bool,     // userAuth
396c46f6cd7Ssmriti               bool,     // perMessageAuth
397c46f6cd7Ssmriti               bool,     // KGStatus
398c46f6cd7Ssmriti               uint2_t,  // reserved2
399c46f6cd7Ssmriti               bool,     // rmcp
400c46f6cd7Ssmriti               bool,     // rmcpp
401c46f6cd7Ssmriti               uint6_t,  // reserved3
402c46f6cd7Ssmriti               uint24_t, // oemID
403c46f6cd7Ssmriti               uint8_t   // oemAuxillary
404c46f6cd7Ssmriti               >
ipmiGetChannelAuthenticationCapabilities(ipmi::Context::ptr ctx,uint4_t chNum,uint3_t reserved1,bool extData,uint4_t privLevel,uint4_t reserved2)405*1318a5edSPatrick Williams     ipmiGetChannelAuthenticationCapabilities(
406*1318a5edSPatrick Williams         ipmi::Context::ptr ctx, uint4_t chNum, uint3_t reserved1,
407*1318a5edSPatrick Williams         [[maybe_unused]] bool extData, uint4_t privLevel, uint4_t reserved2)
408c46f6cd7Ssmriti {
409*1318a5edSPatrick Williams     uint8_t channel =
410*1318a5edSPatrick Williams         convertCurrentChannelNum(static_cast<uint8_t>(chNum), ctx->channel);
411c46f6cd7Ssmriti 
412c46f6cd7Ssmriti     if (reserved1 || reserved2 || !isValidChannel(channel) ||
4130e2dbee2Sjayaprakash Mutyala         !isValidPrivLimit(static_cast<uint8_t>(privLevel)))
414c46f6cd7Ssmriti     {
41582844ef6SGeorge Liu         lg2::debug("Get channel auth capabilities - Invalid field in request");
4160e2dbee2Sjayaprakash Mutyala         return ipmi::responseInvalidFieldRequest();
4170e2dbee2Sjayaprakash Mutyala     }
4180e2dbee2Sjayaprakash Mutyala 
4190e2dbee2Sjayaprakash Mutyala     if (getChannelSessionSupport(channel) == EChannelSessSupported::none)
4200e2dbee2Sjayaprakash Mutyala     {
42182844ef6SGeorge Liu         lg2::debug("Get channel auth capabilities - No support on channel");
4220e2dbee2Sjayaprakash Mutyala         return ipmi::response(ccActionNotSupportedForChannel);
423c46f6cd7Ssmriti     }
424c46f6cd7Ssmriti 
425c46f6cd7Ssmriti     constexpr bool extDataSupport = true; // true for IPMI 2.0 extensions
426c46f6cd7Ssmriti     constexpr bool reserved3 = false;
427c46f6cd7Ssmriti     constexpr uint6_t rmcpAuthTypes = 0;  // IPMI 1.5 auth types - not supported
428c46f6cd7Ssmriti     constexpr uint2_t reserved4 = 0;
429c46f6cd7Ssmriti     constexpr bool KGStatus = false;      // Not supporting now.
430c46f6cd7Ssmriti     constexpr bool perMessageAuth = false; // Per message auth - enabled
431c46f6cd7Ssmriti     constexpr bool userAuth = false;       // User authentication - enabled
432c46f6cd7Ssmriti     constexpr bool nullUsers = false;      // Null user names - not supported
433c46f6cd7Ssmriti     constexpr bool anonymousLogin = false; // Anonymous login - not supported
434c46f6cd7Ssmriti     constexpr uint6_t reserved5 = 0;
435c46f6cd7Ssmriti     constexpr bool rmcpp = true;           // IPMI 2.0 - supported
436c46f6cd7Ssmriti     constexpr bool rmcp = false;           // IPMI 1.5 - not supported
437c46f6cd7Ssmriti     constexpr uint24_t oemID = 0;
438c46f6cd7Ssmriti     constexpr uint8_t oemAuxillary = 0;
439c46f6cd7Ssmriti 
440c46f6cd7Ssmriti     bool nonNullUsers = 0;
441c46f6cd7Ssmriti     uint8_t maxChUsers = 0, enabledUsers = 0, fixedUsers = 0;
442c46f6cd7Ssmriti     ipmi::ipmiUserGetAllCounts(maxChUsers, enabledUsers, fixedUsers);
443c46f6cd7Ssmriti     nonNullUsers = enabledUsers > 0;
444c46f6cd7Ssmriti 
445c46f6cd7Ssmriti     return ipmi::responseSuccess(
446c46f6cd7Ssmriti         channel, rmcpAuthTypes, reserved3, extDataSupport, anonymousLogin,
447c46f6cd7Ssmriti         nullUsers, nonNullUsers, userAuth, perMessageAuth, KGStatus, reserved4,
448c46f6cd7Ssmriti         rmcp, rmcpp, reserved5, oemID, oemAuxillary);
449c46f6cd7Ssmriti }
450c46f6cd7Ssmriti 
45177381f15SSaravanan Palanisamy /** @brief implements the set user payload access command.
45277381f15SSaravanan Palanisamy  *  @param ctx - IPMI context pointer (for channel)
45377381f15SSaravanan Palanisamy  *  @param channel - channel number (4 bits)
45477381f15SSaravanan Palanisamy  *  @param reserved1 - skip 4 bits
45577381f15SSaravanan Palanisamy  *  @param userId - user id (6 bits)
45677381f15SSaravanan Palanisamy  *  @param operation - access ENABLE /DISABLE. (2 bits)
45777381f15SSaravanan Palanisamy  *  @param stdPayload0 - IPMI - reserved. (1 bit)
45877381f15SSaravanan Palanisamy  *  @param stdPayload1 - SOL.             (1 bit)
45977381f15SSaravanan Palanisamy  *  @param stdPayload2 -                  (1 bit)
46077381f15SSaravanan Palanisamy  *  @param stdPayload3 -                  (1 bit)
46177381f15SSaravanan Palanisamy  *  @param stdPayload4 -                  (1 bit)
46277381f15SSaravanan Palanisamy  *  @param stdPayload5 -                  (1 bit)
46377381f15SSaravanan Palanisamy  *  @param stdPayload6 -                  (1 bit)
46477381f15SSaravanan Palanisamy  *  @param stdPayload7 -                  (1 bit)
46577381f15SSaravanan Palanisamy  *  @param stdPayloadEnables2Reserved -   (8 bits)
46677381f15SSaravanan Palanisamy  *  @param oemPayload0 -                  (1 bit)
46777381f15SSaravanan Palanisamy  *  @param oemPayload1 -                  (1 bit)
46877381f15SSaravanan Palanisamy  *  @param oemPayload2 -                  (1 bit)
46977381f15SSaravanan Palanisamy  *  @param oemPayload3 -                  (1 bit)
47077381f15SSaravanan Palanisamy  *  @param oemPayload4 -                  (1 bit)
47177381f15SSaravanan Palanisamy  *  @param oemPayload5 -                  (1 bit)
47277381f15SSaravanan Palanisamy  *  @param oemPayload6 -                  (1 bit)
47377381f15SSaravanan Palanisamy  *  @param oemPayload7 -                  (1 bit)
47477381f15SSaravanan Palanisamy  *  @param oemPayloadEnables2Reserved -   (8 bits)
47577381f15SSaravanan Palanisamy  *
47677381f15SSaravanan Palanisamy  *  @returns IPMI completion code
47777381f15SSaravanan Palanisamy  */
ipmiSetUserPayloadAccess(ipmi::Context::ptr ctx,uint4_t channel,uint4_t reserved,uint6_t userId,uint2_t operation,bool stdPayload0ipmiReserved,bool stdPayload1SOL,bool stdPayload2,bool stdPayload3,bool stdPayload4,bool stdPayload5,bool stdPayload6,bool stdPayload7,uint8_t stdPayloadEnables2Reserved,bool oemPayload0,bool oemPayload1,bool oemPayload2,bool oemPayload3,bool oemPayload4,bool oemPayload5,bool oemPayload6,bool oemPayload7,uint8_t oemPayloadEnables2Reserved)47877381f15SSaravanan Palanisamy ipmi::RspType<> ipmiSetUserPayloadAccess(
47977381f15SSaravanan Palanisamy     ipmi::Context::ptr ctx,
48077381f15SSaravanan Palanisamy 
48177381f15SSaravanan Palanisamy     uint4_t channel, uint4_t reserved,
48277381f15SSaravanan Palanisamy 
48377381f15SSaravanan Palanisamy     uint6_t userId, uint2_t operation,
48477381f15SSaravanan Palanisamy 
48577381f15SSaravanan Palanisamy     bool stdPayload0ipmiReserved, bool stdPayload1SOL, bool stdPayload2,
48677381f15SSaravanan Palanisamy     bool stdPayload3, bool stdPayload4, bool stdPayload5, bool stdPayload6,
48777381f15SSaravanan Palanisamy     bool stdPayload7,
48877381f15SSaravanan Palanisamy 
48977381f15SSaravanan Palanisamy     uint8_t stdPayloadEnables2Reserved,
49077381f15SSaravanan Palanisamy 
49177381f15SSaravanan Palanisamy     bool oemPayload0, bool oemPayload1, bool oemPayload2, bool oemPayload3,
49277381f15SSaravanan Palanisamy     bool oemPayload4, bool oemPayload5, bool oemPayload6, bool oemPayload7,
49377381f15SSaravanan Palanisamy 
49477381f15SSaravanan Palanisamy     uint8_t oemPayloadEnables2Reserved)
49577381f15SSaravanan Palanisamy {
496*1318a5edSPatrick Williams     auto chNum =
497*1318a5edSPatrick Williams         convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
49877381f15SSaravanan Palanisamy     // Validate the reserved args. Only SOL payload is supported as on date.
49977381f15SSaravanan Palanisamy     if (reserved || stdPayload0ipmiReserved || stdPayload2 || stdPayload3 ||
50077381f15SSaravanan Palanisamy         stdPayload4 || stdPayload5 || stdPayload6 || stdPayload7 ||
50177381f15SSaravanan Palanisamy         oemPayload0 || oemPayload1 || oemPayload2 || oemPayload3 ||
50277381f15SSaravanan Palanisamy         oemPayload4 || oemPayload5 || oemPayload6 || oemPayload7 ||
5030e2dbee2Sjayaprakash Mutyala         stdPayloadEnables2Reserved || oemPayloadEnables2Reserved ||
5040e2dbee2Sjayaprakash Mutyala         !isValidChannel(chNum))
50577381f15SSaravanan Palanisamy     {
50677381f15SSaravanan Palanisamy         return ipmi::responseInvalidFieldRequest();
50777381f15SSaravanan Palanisamy     }
50877381f15SSaravanan Palanisamy 
5090e2dbee2Sjayaprakash Mutyala     if ((operation != enableOperation && operation != disableOperation))
51077381f15SSaravanan Palanisamy     {
51177381f15SSaravanan Palanisamy         return ipmi::responseInvalidFieldRequest();
51277381f15SSaravanan Palanisamy     }
5130e2dbee2Sjayaprakash Mutyala     if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
5140e2dbee2Sjayaprakash Mutyala     {
5150e2dbee2Sjayaprakash Mutyala         return ipmi::response(ccActionNotSupportedForChannel);
5160e2dbee2Sjayaprakash Mutyala     }
51777381f15SSaravanan Palanisamy     if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
51877381f15SSaravanan Palanisamy     {
51977381f15SSaravanan Palanisamy         return ipmi::responseParmOutOfRange();
52077381f15SSaravanan Palanisamy     }
52177381f15SSaravanan Palanisamy 
52211d68897SWilly Tu     PayloadAccess payloadAccess = {};
52377381f15SSaravanan Palanisamy     payloadAccess.stdPayloadEnables1[1] = stdPayload1SOL;
52477381f15SSaravanan Palanisamy 
52577381f15SSaravanan Palanisamy     return ipmi::response(ipmiUserSetUserPayloadAccess(
52677381f15SSaravanan Palanisamy         chNum, static_cast<uint8_t>(operation), static_cast<uint8_t>(userId),
52777381f15SSaravanan Palanisamy         payloadAccess));
52877381f15SSaravanan Palanisamy }
52977381f15SSaravanan Palanisamy 
53077381f15SSaravanan Palanisamy /** @brief implements the get user payload access command
53177381f15SSaravanan Palanisamy  *  This command returns information about user payload enable settings
53277381f15SSaravanan Palanisamy  *  that were set using the 'Set User Payload Access' Command.
53377381f15SSaravanan Palanisamy  *
53477381f15SSaravanan Palanisamy  *  @param ctx - IPMI context pointer (for channel)
53577381f15SSaravanan Palanisamy  *  @param channel - channel number
53677381f15SSaravanan Palanisamy  *  @param reserved1 - skip 4 bits
53777381f15SSaravanan Palanisamy  *  @param userId - user id
53877381f15SSaravanan Palanisamy  *  @param reserved2 - skip 2 bits
53977381f15SSaravanan Palanisamy  *
54077381f15SSaravanan Palanisamy  *  @returns IPMI completion code plus response data
54177381f15SSaravanan Palanisamy  *   - stdPayload0ipmiReserved - IPMI payload (reserved).
54277381f15SSaravanan Palanisamy  *   - stdPayload1SOL - SOL payload
54377381f15SSaravanan Palanisamy  *   - stdPayload2
54477381f15SSaravanan Palanisamy  *   - stdPayload3
54577381f15SSaravanan Palanisamy  *   - stdPayload4
54677381f15SSaravanan Palanisamy  *   - stdPayload5
54777381f15SSaravanan Palanisamy  *   - stdPayload6
54877381f15SSaravanan Palanisamy  *   - stdPayload7
54977381f15SSaravanan Palanisamy 
55077381f15SSaravanan Palanisamy  *   - stdPayloadEnables2Reserved - Reserved.
55177381f15SSaravanan Palanisamy 
55277381f15SSaravanan Palanisamy  *   - oemPayload0
55377381f15SSaravanan Palanisamy  *   - oemPayload1
55477381f15SSaravanan Palanisamy  *   - oemPayload2
55577381f15SSaravanan Palanisamy  *   - oemPayload3
55677381f15SSaravanan Palanisamy  *   - oemPayload4
55777381f15SSaravanan Palanisamy  *   - oemPayload5
55877381f15SSaravanan Palanisamy  *   - oemPayload6
55977381f15SSaravanan Palanisamy  *   - oemPayload7
56077381f15SSaravanan Palanisamy 
56177381f15SSaravanan Palanisamy  *  - oemPayloadEnables2Reserved - Reserved
56277381f15SSaravanan Palanisamy  */
56377381f15SSaravanan Palanisamy ipmi::RspType<bool,    // stdPayload0ipmiReserved
56477381f15SSaravanan Palanisamy               bool,    // stdPayload1SOL
56577381f15SSaravanan Palanisamy               bool,    // stdPayload2
56677381f15SSaravanan Palanisamy               bool,    // stdPayload3
56777381f15SSaravanan Palanisamy               bool,    // stdPayload4
56877381f15SSaravanan Palanisamy               bool,    // stdPayload5
56977381f15SSaravanan Palanisamy               bool,    // stdPayload6
57077381f15SSaravanan Palanisamy               bool,    // stdPayload7
57177381f15SSaravanan Palanisamy 
57277381f15SSaravanan Palanisamy               uint8_t, // stdPayloadEnables2Reserved
57377381f15SSaravanan Palanisamy 
57477381f15SSaravanan Palanisamy               bool,    // oemPayload0
57577381f15SSaravanan Palanisamy               bool,    // oemPayload1
57677381f15SSaravanan Palanisamy               bool,    // oemPayload2
57777381f15SSaravanan Palanisamy               bool,    // oemPayload3
57877381f15SSaravanan Palanisamy               bool,    // oemPayload4
57977381f15SSaravanan Palanisamy               bool,    // oemPayload5
58077381f15SSaravanan Palanisamy               bool,    // oemPayload6
58177381f15SSaravanan Palanisamy               bool,    // oemPayload7
58277381f15SSaravanan Palanisamy 
58377381f15SSaravanan Palanisamy               uint8_t  // oemPayloadEnables2Reserved
58477381f15SSaravanan Palanisamy               >
ipmiGetUserPayloadAccess(ipmi::Context::ptr ctx,uint4_t channel,uint4_t reserved1,uint6_t userId,uint2_t reserved2)58577381f15SSaravanan Palanisamy     ipmiGetUserPayloadAccess(ipmi::Context::ptr ctx,
58677381f15SSaravanan Palanisamy 
58777381f15SSaravanan Palanisamy                              uint4_t channel, uint4_t reserved1,
58877381f15SSaravanan Palanisamy 
58977381f15SSaravanan Palanisamy                              uint6_t userId, uint2_t reserved2)
59077381f15SSaravanan Palanisamy {
591*1318a5edSPatrick Williams     uint8_t chNum =
592*1318a5edSPatrick Williams         convertCurrentChannelNum(static_cast<uint8_t>(channel), ctx->channel);
5930e2dbee2Sjayaprakash Mutyala 
5940e2dbee2Sjayaprakash Mutyala     if (reserved1 || reserved2 || !isValidChannel(chNum))
59577381f15SSaravanan Palanisamy     {
59677381f15SSaravanan Palanisamy         return ipmi::responseInvalidFieldRequest();
59777381f15SSaravanan Palanisamy     }
5980e2dbee2Sjayaprakash Mutyala     if (getChannelSessionSupport(chNum) == EChannelSessSupported::none)
5990e2dbee2Sjayaprakash Mutyala     {
6000e2dbee2Sjayaprakash Mutyala         return ipmi::response(ccActionNotSupportedForChannel);
6010e2dbee2Sjayaprakash Mutyala     }
60277381f15SSaravanan Palanisamy     if (!ipmiUserIsValidUserId(static_cast<uint8_t>(userId)))
60377381f15SSaravanan Palanisamy     {
60477381f15SSaravanan Palanisamy         return ipmi::responseParmOutOfRange();
60577381f15SSaravanan Palanisamy     }
60677381f15SSaravanan Palanisamy 
60777381f15SSaravanan Palanisamy     ipmi::Cc retStatus;
60877381f15SSaravanan Palanisamy     PayloadAccess payloadAccess = {};
60977381f15SSaravanan Palanisamy     retStatus = ipmiUserGetUserPayloadAccess(
61077381f15SSaravanan Palanisamy         chNum, static_cast<uint8_t>(userId), payloadAccess);
611b541a5a5SNITIN SHARMA     if (retStatus != ccSuccess)
61277381f15SSaravanan Palanisamy     {
61377381f15SSaravanan Palanisamy         return ipmi::response(retStatus);
61477381f15SSaravanan Palanisamy     }
61577381f15SSaravanan Palanisamy     constexpr uint8_t res8bits = 0;
616*1318a5edSPatrick Williams     return ipmi::responseSuccess(
617*1318a5edSPatrick Williams         payloadAccess.stdPayloadEnables1.test(0),
61877381f15SSaravanan Palanisamy         payloadAccess.stdPayloadEnables1.test(1),
61977381f15SSaravanan Palanisamy         payloadAccess.stdPayloadEnables1.test(2),
62077381f15SSaravanan Palanisamy         payloadAccess.stdPayloadEnables1.test(3),
62177381f15SSaravanan Palanisamy         payloadAccess.stdPayloadEnables1.test(4),
62277381f15SSaravanan Palanisamy         payloadAccess.stdPayloadEnables1.test(5),
62377381f15SSaravanan Palanisamy         payloadAccess.stdPayloadEnables1.test(6),
62477381f15SSaravanan Palanisamy         payloadAccess.stdPayloadEnables1.test(7),
62577381f15SSaravanan Palanisamy 
62677381f15SSaravanan Palanisamy         res8bits,
62777381f15SSaravanan Palanisamy 
62877381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(0),
62977381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(1),
63077381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(2),
63177381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(3),
63277381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(4),
63377381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(5),
63477381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(6),
63577381f15SSaravanan Palanisamy         payloadAccess.oemPayloadEnables1.test(7),
63677381f15SSaravanan Palanisamy 
63777381f15SSaravanan Palanisamy         res8bits);
63877381f15SSaravanan Palanisamy }
63977381f15SSaravanan Palanisamy 
640343d0611SWilliam A. Kennington III void registerUserIpmiFunctions() __attribute__((constructor));
registerUserIpmiFunctions()6415a6b6369SRichard Marian Thomaiyar void registerUserIpmiFunctions()
6425a6b6369SRichard Marian Thomaiyar {
6430be80bddSRichard Marian Thomaiyar     post_work([]() { ipmiUserInit(); });
6445b2535f8SRichard Marian Thomaiyar     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
6455b2535f8SRichard Marian Thomaiyar                           ipmi::app::cmdSetUserAccessCommand,
6465b2535f8SRichard Marian Thomaiyar                           ipmi::Privilege::Admin, ipmiSetUserAccess);
6475a6b6369SRichard Marian Thomaiyar 
6485b2535f8SRichard Marian Thomaiyar     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
6495b2535f8SRichard Marian Thomaiyar                           ipmi::app::cmdGetUserAccessCommand,
650bd604760Sankita prasad                           ipmi::Privilege::Admin, ipmiGetUserAccess);
6515a6b6369SRichard Marian Thomaiyar 
6523c89de15SVernon Mauery     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
6533c89de15SVernon Mauery                           ipmi::app::cmdGetUserNameCommand,
654bd604760Sankita prasad                           ipmi::Privilege::Admin, ipmiGetUserName);
6555a6b6369SRichard Marian Thomaiyar 
656ac30b39bSVernon Mauery     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
657ac30b39bSVernon Mauery                           ipmi::app::cmdSetUserName, ipmi::Privilege::Admin,
658ac30b39bSVernon Mauery                           ipmiSetUserName);
6595a6b6369SRichard Marian Thomaiyar 
6607a3296dfSVernon Mauery     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
6617a3296dfSVernon Mauery                           ipmi::app::cmdSetUserPasswordCommand,
6627a3296dfSVernon Mauery                           ipmi::Privilege::Admin, ipmiSetUserPassword);
6635a6b6369SRichard Marian Thomaiyar 
664c46f6cd7Ssmriti     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
665c46f6cd7Ssmriti                           ipmi::app::cmdGetChannelAuthCapabilities,
666c46f6cd7Ssmriti                           ipmi::Privilege::Callback,
667c46f6cd7Ssmriti                           ipmiGetChannelAuthenticationCapabilities);
66877381f15SSaravanan Palanisamy 
66977381f15SSaravanan Palanisamy     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
67077381f15SSaravanan Palanisamy                           ipmi::app::cmdSetUserPayloadAccess,
67177381f15SSaravanan Palanisamy                           ipmi::Privilege::Admin, ipmiSetUserPayloadAccess);
67277381f15SSaravanan Palanisamy 
67377381f15SSaravanan Palanisamy     ipmi::registerHandler(ipmi::prioOpenBmcBase, ipmi::netFnApp,
67477381f15SSaravanan Palanisamy                           ipmi::app::cmdGetUserPayloadAccess,
67577381f15SSaravanan Palanisamy                           ipmi::Privilege::Operator, ipmiGetUserPayloadAccess);
67677381f15SSaravanan Palanisamy 
6775a6b6369SRichard Marian Thomaiyar     return;
6785a6b6369SRichard Marian Thomaiyar }
6795a6b6369SRichard Marian Thomaiyar } // namespace ipmi
680