14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 174654d99fSRichard Marian Thomaiyar #include <openssl/evp.h> 184654d99fSRichard Marian Thomaiyar 194654d99fSRichard Marian Thomaiyar #include <ctime> 204654d99fSRichard Marian Thomaiyar #include <unordered_map> 21b29b5ab3SAppaRao Puli #include <vector> 224654d99fSRichard Marian Thomaiyar 234654d99fSRichard Marian Thomaiyar namespace ipmi 244654d99fSRichard Marian Thomaiyar { 254654d99fSRichard Marian Thomaiyar 264654d99fSRichard Marian Thomaiyar class PasswdMgr 274654d99fSRichard Marian Thomaiyar { 284654d99fSRichard Marian Thomaiyar public: 294654d99fSRichard Marian Thomaiyar ~PasswdMgr() = default; 304654d99fSRichard Marian Thomaiyar PasswdMgr(const PasswdMgr&) = delete; 314654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(const PasswdMgr&) = delete; 324654d99fSRichard Marian Thomaiyar PasswdMgr(PasswdMgr&&) = delete; 334654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(PasswdMgr&&) = delete; 344654d99fSRichard Marian Thomaiyar 354654d99fSRichard Marian Thomaiyar /** @brief Constructs user password list 364654d99fSRichard Marian Thomaiyar * 374654d99fSRichard Marian Thomaiyar */ 384654d99fSRichard Marian Thomaiyar PasswdMgr(); 394654d99fSRichard Marian Thomaiyar 404654d99fSRichard Marian Thomaiyar /** @brief Get password for the user 414654d99fSRichard Marian Thomaiyar * 424654d99fSRichard Marian Thomaiyar * @param[in] userName - user name 434654d99fSRichard Marian Thomaiyar * 444654d99fSRichard Marian Thomaiyar * @return password string. will return empty string, if unable to locate 454654d99fSRichard Marian Thomaiyar * the user 464654d99fSRichard Marian Thomaiyar */ 474654d99fSRichard Marian Thomaiyar std::string getPasswdByUserName(const std::string& userName); 484654d99fSRichard Marian Thomaiyar 4942bed64dSRichard Marian Thomaiyar /** @brief Update / clear username and password entry for the specified 5042bed64dSRichard Marian Thomaiyar * user 51b29b5ab3SAppaRao Puli * 5242bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 5342bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 5442bed64dSRichard Marian Thomaiyar * deleted. 55b29b5ab3SAppaRao Puli * 56b29b5ab3SAppaRao Puli * @return error response 57b29b5ab3SAppaRao Puli */ 5842bed64dSRichard Marian Thomaiyar int updateUserEntry(const std::string& userName, 5942bed64dSRichard Marian Thomaiyar const std::string& newUserName); 60b29b5ab3SAppaRao Puli 614654d99fSRichard Marian Thomaiyar private: 624654d99fSRichard Marian Thomaiyar using UserName = std::string; 634654d99fSRichard Marian Thomaiyar using Password = std::string; 644654d99fSRichard Marian Thomaiyar std::unordered_map<UserName, Password> passwdMapList; 654654d99fSRichard Marian Thomaiyar std::time_t fileLastUpdatedTime; 66*6ba8d315SRichard Marian Thomaiyar 67*6ba8d315SRichard Marian Thomaiyar /** @brief restrict file permission 68*6ba8d315SRichard Marian Thomaiyar * 69*6ba8d315SRichard Marian Thomaiyar */ 70*6ba8d315SRichard Marian Thomaiyar void restrictFilesPermission(void); 714654d99fSRichard Marian Thomaiyar /** @brief check timestamp and reload password map if required 724654d99fSRichard Marian Thomaiyar * 734654d99fSRichard Marian Thomaiyar */ 744654d99fSRichard Marian Thomaiyar void checkAndReload(void); 754654d99fSRichard Marian Thomaiyar /** @brief initializes passwdMapList by reading the encrypted file 764654d99fSRichard Marian Thomaiyar * 774654d99fSRichard Marian Thomaiyar * Initializes the passwordMapList members after decrypting the 784654d99fSRichard Marian Thomaiyar * password file. passwordMapList will be used further in IPMI 794654d99fSRichard Marian Thomaiyar * authentication. 804654d99fSRichard Marian Thomaiyar */ 814654d99fSRichard Marian Thomaiyar void initPasswordMap(void); 82b29b5ab3SAppaRao Puli 83b29b5ab3SAppaRao Puli /** @brief Function to read the encrypted password file data 844654d99fSRichard Marian Thomaiyar * 85b29b5ab3SAppaRao Puli * @param[out] outBytes - vector to hold decrypted password file data 86b29b5ab3SAppaRao Puli * 87b29b5ab3SAppaRao Puli * @return error response 88b29b5ab3SAppaRao Puli */ 89b29b5ab3SAppaRao Puli int readPasswdFileData(std::vector<uint8_t>& outBytes); 90b29b5ab3SAppaRao Puli /** @brief Updates special password file by clearing the password entry 91b29b5ab3SAppaRao Puli * for the user specified. 92b29b5ab3SAppaRao Puli * 9342bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 9442bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 9542bed64dSRichard Marian Thomaiyar * deleted. 96b29b5ab3SAppaRao Puli * 97b29b5ab3SAppaRao Puli * @return error response 98b29b5ab3SAppaRao Puli */ 9942bed64dSRichard Marian Thomaiyar int updatePasswdSpecialFile(const std::string& userName, 10042bed64dSRichard Marian Thomaiyar const std::string& newUserName); 101b29b5ab3SAppaRao Puli /** @brief encrypts or decrypt the data provided 102b29b5ab3SAppaRao Puli * 103b29b5ab3SAppaRao Puli * @param[in] doEncrypt - do encrypt if set to true, else do decrypt. 1044654d99fSRichard Marian Thomaiyar * @param[in] cipher - cipher to be used 1054654d99fSRichard Marian Thomaiyar * @param[in] key - pointer to the key 1064654d99fSRichard Marian Thomaiyar * @param[in] keyLen - Length of the key to be used 1074654d99fSRichard Marian Thomaiyar * @param[in] iv - pointer to initialization vector 1084654d99fSRichard Marian Thomaiyar * @param[in] ivLen - Length of the iv 1094654d99fSRichard Marian Thomaiyar * @param[in] inBytes - input data to be encrypted / decrypted 110b29b5ab3SAppaRao Puli * @param[in] inBytesLen - input size to be encrypted / decrypted 1114654d99fSRichard Marian Thomaiyar * @param[in] mac - message authentication code - to figure out corruption 1124654d99fSRichard Marian Thomaiyar * @param[in] macLen - size of MAC 1134654d99fSRichard Marian Thomaiyar * @param[in] outBytes - ptr to store output bytes 1144654d99fSRichard Marian Thomaiyar * @param[in] outBytesLen - outbut data length. 1154654d99fSRichard Marian Thomaiyar * 1164654d99fSRichard Marian Thomaiyar * @return error response 1174654d99fSRichard Marian Thomaiyar */ 118b29b5ab3SAppaRao Puli int encryptDecryptData(bool doEncrypt, const EVP_CIPHER* cipher, 119b29b5ab3SAppaRao Puli uint8_t* key, size_t keyLen, uint8_t* iv, 120b29b5ab3SAppaRao Puli size_t ivLen, uint8_t* inBytes, size_t inBytesLen, 121b29b5ab3SAppaRao Puli uint8_t* mac, size_t* macLen, uint8_t* outBytes, 1224654d99fSRichard Marian Thomaiyar size_t* outBytesLen); 123b29b5ab3SAppaRao Puli 124b29b5ab3SAppaRao Puli /** @brief returns updated file time of passwd file entry. 125b29b5ab3SAppaRao Puli * 126b29b5ab3SAppaRao Puli * @return timestamp or -1 for error. 127b29b5ab3SAppaRao Puli */ 128b29b5ab3SAppaRao Puli std::time_t getUpdatedFileTime(); 1294654d99fSRichard Marian Thomaiyar }; 1304654d99fSRichard Marian Thomaiyar 1314654d99fSRichard Marian Thomaiyar } // namespace ipmi 132