14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 174654d99fSRichard Marian Thomaiyar #include <openssl/evp.h> 184654d99fSRichard Marian Thomaiyar 191e22a0f1SVernon Mauery #include <ipmid/types.hpp> 20*fbc6c9d7SPatrick Williams 21*fbc6c9d7SPatrick Williams #include <ctime> 22ecc0342aSAndrew Geissler #include <string> 234654d99fSRichard Marian Thomaiyar #include <unordered_map> 24b29b5ab3SAppaRao Puli #include <vector> 254654d99fSRichard Marian Thomaiyar 264654d99fSRichard Marian Thomaiyar namespace ipmi 274654d99fSRichard Marian Thomaiyar { 284654d99fSRichard Marian Thomaiyar 294654d99fSRichard Marian Thomaiyar class PasswdMgr 304654d99fSRichard Marian Thomaiyar { 314654d99fSRichard Marian Thomaiyar public: 324654d99fSRichard Marian Thomaiyar ~PasswdMgr() = default; 334654d99fSRichard Marian Thomaiyar PasswdMgr(const PasswdMgr&) = delete; 344654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(const PasswdMgr&) = delete; 354654d99fSRichard Marian Thomaiyar PasswdMgr(PasswdMgr&&) = delete; 364654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(PasswdMgr&&) = delete; 374654d99fSRichard Marian Thomaiyar 384654d99fSRichard Marian Thomaiyar /** @brief Constructs user password list 394654d99fSRichard Marian Thomaiyar * 404654d99fSRichard Marian Thomaiyar */ 414654d99fSRichard Marian Thomaiyar PasswdMgr(); 424654d99fSRichard Marian Thomaiyar 434654d99fSRichard Marian Thomaiyar /** @brief Get password for the user 444654d99fSRichard Marian Thomaiyar * 454654d99fSRichard Marian Thomaiyar * @param[in] userName - user name 464654d99fSRichard Marian Thomaiyar * 474654d99fSRichard Marian Thomaiyar * @return password string. will return empty string, if unable to locate 484654d99fSRichard Marian Thomaiyar * the user 494654d99fSRichard Marian Thomaiyar */ 501e22a0f1SVernon Mauery SecureString getPasswdByUserName(const std::string& userName); 514654d99fSRichard Marian Thomaiyar 5242bed64dSRichard Marian Thomaiyar /** @brief Update / clear username and password entry for the specified 5342bed64dSRichard Marian Thomaiyar * user 54b29b5ab3SAppaRao Puli * 5542bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 5642bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 5742bed64dSRichard Marian Thomaiyar * deleted. 58b29b5ab3SAppaRao Puli * 59b29b5ab3SAppaRao Puli * @return error response 60b29b5ab3SAppaRao Puli */ 6142bed64dSRichard Marian Thomaiyar int updateUserEntry(const std::string& userName, 6242bed64dSRichard Marian Thomaiyar const std::string& newUserName); 63b29b5ab3SAppaRao Puli 644654d99fSRichard Marian Thomaiyar private: 654654d99fSRichard Marian Thomaiyar using UserName = std::string; 661e22a0f1SVernon Mauery using Password = SecureString; 674654d99fSRichard Marian Thomaiyar std::unordered_map<UserName, Password> passwdMapList; 684654d99fSRichard Marian Thomaiyar std::time_t fileLastUpdatedTime; 696ba8d315SRichard Marian Thomaiyar 706ba8d315SRichard Marian Thomaiyar /** @brief restrict file permission 716ba8d315SRichard Marian Thomaiyar * 726ba8d315SRichard Marian Thomaiyar */ 736ba8d315SRichard Marian Thomaiyar void restrictFilesPermission(void); 744654d99fSRichard Marian Thomaiyar /** @brief check timestamp and reload password map if required 754654d99fSRichard Marian Thomaiyar * 764654d99fSRichard Marian Thomaiyar */ 774654d99fSRichard Marian Thomaiyar void checkAndReload(void); 784654d99fSRichard Marian Thomaiyar /** @brief initializes passwdMapList by reading the encrypted file 794654d99fSRichard Marian Thomaiyar * 804654d99fSRichard Marian Thomaiyar * Initializes the passwordMapList members after decrypting the 814654d99fSRichard Marian Thomaiyar * password file. passwordMapList will be used further in IPMI 824654d99fSRichard Marian Thomaiyar * authentication. 834654d99fSRichard Marian Thomaiyar */ 844654d99fSRichard Marian Thomaiyar void initPasswordMap(void); 85b29b5ab3SAppaRao Puli 86b29b5ab3SAppaRao Puli /** @brief Function to read the encrypted password file data 874654d99fSRichard Marian Thomaiyar * 88b29b5ab3SAppaRao Puli * @param[out] outBytes - vector to hold decrypted password file data 89b29b5ab3SAppaRao Puli * 90b29b5ab3SAppaRao Puli * @return error response 91b29b5ab3SAppaRao Puli */ 921e22a0f1SVernon Mauery int readPasswdFileData(SecureString& outBytes); 93b29b5ab3SAppaRao Puli /** @brief Updates special password file by clearing the password entry 94b29b5ab3SAppaRao Puli * for the user specified. 95b29b5ab3SAppaRao Puli * 9642bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 9742bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 9842bed64dSRichard Marian Thomaiyar * deleted. 99b29b5ab3SAppaRao Puli * 100b29b5ab3SAppaRao Puli * @return error response 101b29b5ab3SAppaRao Puli */ 10242bed64dSRichard Marian Thomaiyar int updatePasswdSpecialFile(const std::string& userName, 10342bed64dSRichard Marian Thomaiyar const std::string& newUserName); 104b29b5ab3SAppaRao Puli /** @brief encrypts or decrypt the data provided 105b29b5ab3SAppaRao Puli * 106b29b5ab3SAppaRao Puli * @param[in] doEncrypt - do encrypt if set to true, else do decrypt. 1074654d99fSRichard Marian Thomaiyar * @param[in] cipher - cipher to be used 1084654d99fSRichard Marian Thomaiyar * @param[in] key - pointer to the key 1094654d99fSRichard Marian Thomaiyar * @param[in] keyLen - Length of the key to be used 1104654d99fSRichard Marian Thomaiyar * @param[in] iv - pointer to initialization vector 1114654d99fSRichard Marian Thomaiyar * @param[in] ivLen - Length of the iv 1124654d99fSRichard Marian Thomaiyar * @param[in] inBytes - input data to be encrypted / decrypted 113b29b5ab3SAppaRao Puli * @param[in] inBytesLen - input size to be encrypted / decrypted 1144654d99fSRichard Marian Thomaiyar * @param[in] mac - message authentication code - to figure out corruption 1154654d99fSRichard Marian Thomaiyar * @param[in] macLen - size of MAC 1164654d99fSRichard Marian Thomaiyar * @param[in] outBytes - ptr to store output bytes 1174654d99fSRichard Marian Thomaiyar * @param[in] outBytesLen - outbut data length. 1184654d99fSRichard Marian Thomaiyar * 1194654d99fSRichard Marian Thomaiyar * @return error response 1204654d99fSRichard Marian Thomaiyar */ 121b29b5ab3SAppaRao Puli int encryptDecryptData(bool doEncrypt, const EVP_CIPHER* cipher, 122b29b5ab3SAppaRao Puli uint8_t* key, size_t keyLen, uint8_t* iv, 123b29b5ab3SAppaRao Puli size_t ivLen, uint8_t* inBytes, size_t inBytesLen, 124b29b5ab3SAppaRao Puli uint8_t* mac, size_t* macLen, uint8_t* outBytes, 1254654d99fSRichard Marian Thomaiyar size_t* outBytesLen); 126b29b5ab3SAppaRao Puli 127b29b5ab3SAppaRao Puli /** @brief returns updated file time of passwd file entry. 128b29b5ab3SAppaRao Puli * 129b29b5ab3SAppaRao Puli * @return timestamp or -1 for error. 130b29b5ab3SAppaRao Puli */ 131b29b5ab3SAppaRao Puli std::time_t getUpdatedFileTime(); 1324654d99fSRichard Marian Thomaiyar }; 1334654d99fSRichard Marian Thomaiyar 1344654d99fSRichard Marian Thomaiyar } // namespace ipmi 135