14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 174654d99fSRichard Marian Thomaiyar #include <openssl/evp.h> 184654d99fSRichard Marian Thomaiyar 194654d99fSRichard Marian Thomaiyar #include <ctime> 20*1e22a0f1SVernon Mauery #include <ipmid/types.hpp> 21ecc0342aSAndrew Geissler #include <string> 224654d99fSRichard Marian Thomaiyar #include <unordered_map> 23b29b5ab3SAppaRao Puli #include <vector> 244654d99fSRichard Marian Thomaiyar 254654d99fSRichard Marian Thomaiyar namespace ipmi 264654d99fSRichard Marian Thomaiyar { 274654d99fSRichard Marian Thomaiyar 284654d99fSRichard Marian Thomaiyar class PasswdMgr 294654d99fSRichard Marian Thomaiyar { 304654d99fSRichard Marian Thomaiyar public: 314654d99fSRichard Marian Thomaiyar ~PasswdMgr() = default; 324654d99fSRichard Marian Thomaiyar PasswdMgr(const PasswdMgr&) = delete; 334654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(const PasswdMgr&) = delete; 344654d99fSRichard Marian Thomaiyar PasswdMgr(PasswdMgr&&) = delete; 354654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(PasswdMgr&&) = delete; 364654d99fSRichard Marian Thomaiyar 374654d99fSRichard Marian Thomaiyar /** @brief Constructs user password list 384654d99fSRichard Marian Thomaiyar * 394654d99fSRichard Marian Thomaiyar */ 404654d99fSRichard Marian Thomaiyar PasswdMgr(); 414654d99fSRichard Marian Thomaiyar 424654d99fSRichard Marian Thomaiyar /** @brief Get password for the user 434654d99fSRichard Marian Thomaiyar * 444654d99fSRichard Marian Thomaiyar * @param[in] userName - user name 454654d99fSRichard Marian Thomaiyar * 464654d99fSRichard Marian Thomaiyar * @return password string. will return empty string, if unable to locate 474654d99fSRichard Marian Thomaiyar * the user 484654d99fSRichard Marian Thomaiyar */ 49*1e22a0f1SVernon Mauery SecureString getPasswdByUserName(const std::string& userName); 504654d99fSRichard Marian Thomaiyar 5142bed64dSRichard Marian Thomaiyar /** @brief Update / clear username and password entry for the specified 5242bed64dSRichard Marian Thomaiyar * user 53b29b5ab3SAppaRao Puli * 5442bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 5542bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 5642bed64dSRichard Marian Thomaiyar * deleted. 57b29b5ab3SAppaRao Puli * 58b29b5ab3SAppaRao Puli * @return error response 59b29b5ab3SAppaRao Puli */ 6042bed64dSRichard Marian Thomaiyar int updateUserEntry(const std::string& userName, 6142bed64dSRichard Marian Thomaiyar const std::string& newUserName); 62b29b5ab3SAppaRao Puli 634654d99fSRichard Marian Thomaiyar private: 644654d99fSRichard Marian Thomaiyar using UserName = std::string; 65*1e22a0f1SVernon Mauery using Password = SecureString; 664654d99fSRichard Marian Thomaiyar std::unordered_map<UserName, Password> passwdMapList; 674654d99fSRichard Marian Thomaiyar std::time_t fileLastUpdatedTime; 686ba8d315SRichard Marian Thomaiyar 696ba8d315SRichard Marian Thomaiyar /** @brief restrict file permission 706ba8d315SRichard Marian Thomaiyar * 716ba8d315SRichard Marian Thomaiyar */ 726ba8d315SRichard Marian Thomaiyar void restrictFilesPermission(void); 734654d99fSRichard Marian Thomaiyar /** @brief check timestamp and reload password map if required 744654d99fSRichard Marian Thomaiyar * 754654d99fSRichard Marian Thomaiyar */ 764654d99fSRichard Marian Thomaiyar void checkAndReload(void); 774654d99fSRichard Marian Thomaiyar /** @brief initializes passwdMapList by reading the encrypted file 784654d99fSRichard Marian Thomaiyar * 794654d99fSRichard Marian Thomaiyar * Initializes the passwordMapList members after decrypting the 804654d99fSRichard Marian Thomaiyar * password file. passwordMapList will be used further in IPMI 814654d99fSRichard Marian Thomaiyar * authentication. 824654d99fSRichard Marian Thomaiyar */ 834654d99fSRichard Marian Thomaiyar void initPasswordMap(void); 84b29b5ab3SAppaRao Puli 85b29b5ab3SAppaRao Puli /** @brief Function to read the encrypted password file data 864654d99fSRichard Marian Thomaiyar * 87b29b5ab3SAppaRao Puli * @param[out] outBytes - vector to hold decrypted password file data 88b29b5ab3SAppaRao Puli * 89b29b5ab3SAppaRao Puli * @return error response 90b29b5ab3SAppaRao Puli */ 91*1e22a0f1SVernon Mauery int readPasswdFileData(SecureString& outBytes); 92b29b5ab3SAppaRao Puli /** @brief Updates special password file by clearing the password entry 93b29b5ab3SAppaRao Puli * for the user specified. 94b29b5ab3SAppaRao Puli * 9542bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 9642bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 9742bed64dSRichard Marian Thomaiyar * deleted. 98b29b5ab3SAppaRao Puli * 99b29b5ab3SAppaRao Puli * @return error response 100b29b5ab3SAppaRao Puli */ 10142bed64dSRichard Marian Thomaiyar int updatePasswdSpecialFile(const std::string& userName, 10242bed64dSRichard Marian Thomaiyar const std::string& newUserName); 103b29b5ab3SAppaRao Puli /** @brief encrypts or decrypt the data provided 104b29b5ab3SAppaRao Puli * 105b29b5ab3SAppaRao Puli * @param[in] doEncrypt - do encrypt if set to true, else do decrypt. 1064654d99fSRichard Marian Thomaiyar * @param[in] cipher - cipher to be used 1074654d99fSRichard Marian Thomaiyar * @param[in] key - pointer to the key 1084654d99fSRichard Marian Thomaiyar * @param[in] keyLen - Length of the key to be used 1094654d99fSRichard Marian Thomaiyar * @param[in] iv - pointer to initialization vector 1104654d99fSRichard Marian Thomaiyar * @param[in] ivLen - Length of the iv 1114654d99fSRichard Marian Thomaiyar * @param[in] inBytes - input data to be encrypted / decrypted 112b29b5ab3SAppaRao Puli * @param[in] inBytesLen - input size to be encrypted / decrypted 1134654d99fSRichard Marian Thomaiyar * @param[in] mac - message authentication code - to figure out corruption 1144654d99fSRichard Marian Thomaiyar * @param[in] macLen - size of MAC 1154654d99fSRichard Marian Thomaiyar * @param[in] outBytes - ptr to store output bytes 1164654d99fSRichard Marian Thomaiyar * @param[in] outBytesLen - outbut data length. 1174654d99fSRichard Marian Thomaiyar * 1184654d99fSRichard Marian Thomaiyar * @return error response 1194654d99fSRichard Marian Thomaiyar */ 120b29b5ab3SAppaRao Puli int encryptDecryptData(bool doEncrypt, const EVP_CIPHER* cipher, 121b29b5ab3SAppaRao Puli uint8_t* key, size_t keyLen, uint8_t* iv, 122b29b5ab3SAppaRao Puli size_t ivLen, uint8_t* inBytes, size_t inBytesLen, 123b29b5ab3SAppaRao Puli uint8_t* mac, size_t* macLen, uint8_t* outBytes, 1244654d99fSRichard Marian Thomaiyar size_t* outBytesLen); 125b29b5ab3SAppaRao Puli 126b29b5ab3SAppaRao Puli /** @brief returns updated file time of passwd file entry. 127b29b5ab3SAppaRao Puli * 128b29b5ab3SAppaRao Puli * @return timestamp or -1 for error. 129b29b5ab3SAppaRao Puli */ 130b29b5ab3SAppaRao Puli std::time_t getUpdatedFileTime(); 1314654d99fSRichard Marian Thomaiyar }; 1324654d99fSRichard Marian Thomaiyar 1334654d99fSRichard Marian Thomaiyar } // namespace ipmi 134