14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 174654d99fSRichard Marian Thomaiyar #include <openssl/evp.h> 184654d99fSRichard Marian Thomaiyar 194654d99fSRichard Marian Thomaiyar #include <ctime> 204654d99fSRichard Marian Thomaiyar #include <unordered_map> 21b29b5ab3SAppaRao Puli #include <vector> 224654d99fSRichard Marian Thomaiyar 234654d99fSRichard Marian Thomaiyar namespace ipmi 244654d99fSRichard Marian Thomaiyar { 254654d99fSRichard Marian Thomaiyar 264654d99fSRichard Marian Thomaiyar class PasswdMgr 274654d99fSRichard Marian Thomaiyar { 284654d99fSRichard Marian Thomaiyar public: 294654d99fSRichard Marian Thomaiyar ~PasswdMgr() = default; 304654d99fSRichard Marian Thomaiyar PasswdMgr(const PasswdMgr&) = delete; 314654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(const PasswdMgr&) = delete; 324654d99fSRichard Marian Thomaiyar PasswdMgr(PasswdMgr&&) = delete; 334654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(PasswdMgr&&) = delete; 344654d99fSRichard Marian Thomaiyar 354654d99fSRichard Marian Thomaiyar /** @brief Constructs user password list 364654d99fSRichard Marian Thomaiyar * 374654d99fSRichard Marian Thomaiyar */ 384654d99fSRichard Marian Thomaiyar PasswdMgr(); 394654d99fSRichard Marian Thomaiyar 404654d99fSRichard Marian Thomaiyar /** @brief Get password for the user 414654d99fSRichard Marian Thomaiyar * 424654d99fSRichard Marian Thomaiyar * @param[in] userName - user name 434654d99fSRichard Marian Thomaiyar * 444654d99fSRichard Marian Thomaiyar * @return password string. will return empty string, if unable to locate 454654d99fSRichard Marian Thomaiyar * the user 464654d99fSRichard Marian Thomaiyar */ 474654d99fSRichard Marian Thomaiyar std::string getPasswdByUserName(const std::string& userName); 484654d99fSRichard Marian Thomaiyar 49*42bed64dSRichard Marian Thomaiyar /** @brief Update / clear username and password entry for the specified 50*42bed64dSRichard Marian Thomaiyar * user 51b29b5ab3SAppaRao Puli * 52*42bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 53*42bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 54*42bed64dSRichard Marian Thomaiyar * deleted. 55b29b5ab3SAppaRao Puli * 56b29b5ab3SAppaRao Puli * @return error response 57b29b5ab3SAppaRao Puli */ 58*42bed64dSRichard Marian Thomaiyar int updateUserEntry(const std::string& userName, 59*42bed64dSRichard Marian Thomaiyar const std::string& newUserName); 60b29b5ab3SAppaRao Puli 614654d99fSRichard Marian Thomaiyar private: 624654d99fSRichard Marian Thomaiyar using UserName = std::string; 634654d99fSRichard Marian Thomaiyar using Password = std::string; 644654d99fSRichard Marian Thomaiyar std::unordered_map<UserName, Password> passwdMapList; 654654d99fSRichard Marian Thomaiyar std::time_t fileLastUpdatedTime; 664654d99fSRichard Marian Thomaiyar /** @brief check timestamp and reload password map if required 674654d99fSRichard Marian Thomaiyar * 684654d99fSRichard Marian Thomaiyar */ 694654d99fSRichard Marian Thomaiyar void checkAndReload(void); 704654d99fSRichard Marian Thomaiyar /** @brief initializes passwdMapList by reading the encrypted file 714654d99fSRichard Marian Thomaiyar * 724654d99fSRichard Marian Thomaiyar * Initializes the passwordMapList members after decrypting the 734654d99fSRichard Marian Thomaiyar * password file. passwordMapList will be used further in IPMI 744654d99fSRichard Marian Thomaiyar * authentication. 754654d99fSRichard Marian Thomaiyar */ 764654d99fSRichard Marian Thomaiyar void initPasswordMap(void); 77b29b5ab3SAppaRao Puli 78b29b5ab3SAppaRao Puli /** @brief Function to read the encrypted password file data 794654d99fSRichard Marian Thomaiyar * 80b29b5ab3SAppaRao Puli * @param[out] outBytes - vector to hold decrypted password file data 81b29b5ab3SAppaRao Puli * 82b29b5ab3SAppaRao Puli * @return error response 83b29b5ab3SAppaRao Puli */ 84b29b5ab3SAppaRao Puli int readPasswdFileData(std::vector<uint8_t>& outBytes); 85b29b5ab3SAppaRao Puli /** @brief Updates special password file by clearing the password entry 86b29b5ab3SAppaRao Puli * for the user specified. 87b29b5ab3SAppaRao Puli * 88*42bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 89*42bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 90*42bed64dSRichard Marian Thomaiyar * deleted. 91b29b5ab3SAppaRao Puli * 92b29b5ab3SAppaRao Puli * @return error response 93b29b5ab3SAppaRao Puli */ 94*42bed64dSRichard Marian Thomaiyar int updatePasswdSpecialFile(const std::string& userName, 95*42bed64dSRichard Marian Thomaiyar const std::string& newUserName); 96b29b5ab3SAppaRao Puli /** @brief encrypts or decrypt the data provided 97b29b5ab3SAppaRao Puli * 98b29b5ab3SAppaRao Puli * @param[in] doEncrypt - do encrypt if set to true, else do decrypt. 994654d99fSRichard Marian Thomaiyar * @param[in] cipher - cipher to be used 1004654d99fSRichard Marian Thomaiyar * @param[in] key - pointer to the key 1014654d99fSRichard Marian Thomaiyar * @param[in] keyLen - Length of the key to be used 1024654d99fSRichard Marian Thomaiyar * @param[in] iv - pointer to initialization vector 1034654d99fSRichard Marian Thomaiyar * @param[in] ivLen - Length of the iv 1044654d99fSRichard Marian Thomaiyar * @param[in] inBytes - input data to be encrypted / decrypted 105b29b5ab3SAppaRao Puli * @param[in] inBytesLen - input size to be encrypted / decrypted 1064654d99fSRichard Marian Thomaiyar * @param[in] mac - message authentication code - to figure out corruption 1074654d99fSRichard Marian Thomaiyar * @param[in] macLen - size of MAC 1084654d99fSRichard Marian Thomaiyar * @param[in] outBytes - ptr to store output bytes 1094654d99fSRichard Marian Thomaiyar * @param[in] outBytesLen - outbut data length. 1104654d99fSRichard Marian Thomaiyar * 1114654d99fSRichard Marian Thomaiyar * @return error response 1124654d99fSRichard Marian Thomaiyar */ 113b29b5ab3SAppaRao Puli int encryptDecryptData(bool doEncrypt, const EVP_CIPHER* cipher, 114b29b5ab3SAppaRao Puli uint8_t* key, size_t keyLen, uint8_t* iv, 115b29b5ab3SAppaRao Puli size_t ivLen, uint8_t* inBytes, size_t inBytesLen, 116b29b5ab3SAppaRao Puli uint8_t* mac, size_t* macLen, uint8_t* outBytes, 1174654d99fSRichard Marian Thomaiyar size_t* outBytesLen); 118b29b5ab3SAppaRao Puli 119b29b5ab3SAppaRao Puli /** @brief returns updated file time of passwd file entry. 120b29b5ab3SAppaRao Puli * 121b29b5ab3SAppaRao Puli * @return timestamp or -1 for error. 122b29b5ab3SAppaRao Puli */ 123b29b5ab3SAppaRao Puli std::time_t getUpdatedFileTime(); 1244654d99fSRichard Marian Thomaiyar }; 1254654d99fSRichard Marian Thomaiyar 1264654d99fSRichard Marian Thomaiyar } // namespace ipmi 127