14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 174654d99fSRichard Marian Thomaiyar #include <openssl/evp.h> 184654d99fSRichard Marian Thomaiyar 194654d99fSRichard Marian Thomaiyar #include <ctime> 20*ecc0342aSAndrew Geissler #include <string> 214654d99fSRichard Marian Thomaiyar #include <unordered_map> 22b29b5ab3SAppaRao Puli #include <vector> 234654d99fSRichard Marian Thomaiyar 244654d99fSRichard Marian Thomaiyar namespace ipmi 254654d99fSRichard Marian Thomaiyar { 264654d99fSRichard Marian Thomaiyar 274654d99fSRichard Marian Thomaiyar class PasswdMgr 284654d99fSRichard Marian Thomaiyar { 294654d99fSRichard Marian Thomaiyar public: 304654d99fSRichard Marian Thomaiyar ~PasswdMgr() = default; 314654d99fSRichard Marian Thomaiyar PasswdMgr(const PasswdMgr&) = delete; 324654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(const PasswdMgr&) = delete; 334654d99fSRichard Marian Thomaiyar PasswdMgr(PasswdMgr&&) = delete; 344654d99fSRichard Marian Thomaiyar PasswdMgr& operator=(PasswdMgr&&) = delete; 354654d99fSRichard Marian Thomaiyar 364654d99fSRichard Marian Thomaiyar /** @brief Constructs user password list 374654d99fSRichard Marian Thomaiyar * 384654d99fSRichard Marian Thomaiyar */ 394654d99fSRichard Marian Thomaiyar PasswdMgr(); 404654d99fSRichard Marian Thomaiyar 414654d99fSRichard Marian Thomaiyar /** @brief Get password for the user 424654d99fSRichard Marian Thomaiyar * 434654d99fSRichard Marian Thomaiyar * @param[in] userName - user name 444654d99fSRichard Marian Thomaiyar * 454654d99fSRichard Marian Thomaiyar * @return password string. will return empty string, if unable to locate 464654d99fSRichard Marian Thomaiyar * the user 474654d99fSRichard Marian Thomaiyar */ 484654d99fSRichard Marian Thomaiyar std::string getPasswdByUserName(const std::string& userName); 494654d99fSRichard Marian Thomaiyar 5042bed64dSRichard Marian Thomaiyar /** @brief Update / clear username and password entry for the specified 5142bed64dSRichard Marian Thomaiyar * user 52b29b5ab3SAppaRao Puli * 5342bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 5442bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 5542bed64dSRichard Marian Thomaiyar * deleted. 56b29b5ab3SAppaRao Puli * 57b29b5ab3SAppaRao Puli * @return error response 58b29b5ab3SAppaRao Puli */ 5942bed64dSRichard Marian Thomaiyar int updateUserEntry(const std::string& userName, 6042bed64dSRichard Marian Thomaiyar const std::string& newUserName); 61b29b5ab3SAppaRao Puli 624654d99fSRichard Marian Thomaiyar private: 634654d99fSRichard Marian Thomaiyar using UserName = std::string; 644654d99fSRichard Marian Thomaiyar using Password = std::string; 654654d99fSRichard Marian Thomaiyar std::unordered_map<UserName, Password> passwdMapList; 664654d99fSRichard Marian Thomaiyar std::time_t fileLastUpdatedTime; 676ba8d315SRichard Marian Thomaiyar 686ba8d315SRichard Marian Thomaiyar /** @brief restrict file permission 696ba8d315SRichard Marian Thomaiyar * 706ba8d315SRichard Marian Thomaiyar */ 716ba8d315SRichard Marian Thomaiyar void restrictFilesPermission(void); 724654d99fSRichard Marian Thomaiyar /** @brief check timestamp and reload password map if required 734654d99fSRichard Marian Thomaiyar * 744654d99fSRichard Marian Thomaiyar */ 754654d99fSRichard Marian Thomaiyar void checkAndReload(void); 764654d99fSRichard Marian Thomaiyar /** @brief initializes passwdMapList by reading the encrypted file 774654d99fSRichard Marian Thomaiyar * 784654d99fSRichard Marian Thomaiyar * Initializes the passwordMapList members after decrypting the 794654d99fSRichard Marian Thomaiyar * password file. passwordMapList will be used further in IPMI 804654d99fSRichard Marian Thomaiyar * authentication. 814654d99fSRichard Marian Thomaiyar */ 824654d99fSRichard Marian Thomaiyar void initPasswordMap(void); 83b29b5ab3SAppaRao Puli 84b29b5ab3SAppaRao Puli /** @brief Function to read the encrypted password file data 854654d99fSRichard Marian Thomaiyar * 86b29b5ab3SAppaRao Puli * @param[out] outBytes - vector to hold decrypted password file data 87b29b5ab3SAppaRao Puli * 88b29b5ab3SAppaRao Puli * @return error response 89b29b5ab3SAppaRao Puli */ 90b29b5ab3SAppaRao Puli int readPasswdFileData(std::vector<uint8_t>& outBytes); 91b29b5ab3SAppaRao Puli /** @brief Updates special password file by clearing the password entry 92b29b5ab3SAppaRao Puli * for the user specified. 93b29b5ab3SAppaRao Puli * 9442bed64dSRichard Marian Thomaiyar * @param[in] userName - user name that has to be renamed / deleted 9542bed64dSRichard Marian Thomaiyar * @param[in] newUserName - new user name. If empty, userName will be 9642bed64dSRichard Marian Thomaiyar * deleted. 97b29b5ab3SAppaRao Puli * 98b29b5ab3SAppaRao Puli * @return error response 99b29b5ab3SAppaRao Puli */ 10042bed64dSRichard Marian Thomaiyar int updatePasswdSpecialFile(const std::string& userName, 10142bed64dSRichard Marian Thomaiyar const std::string& newUserName); 102b29b5ab3SAppaRao Puli /** @brief encrypts or decrypt the data provided 103b29b5ab3SAppaRao Puli * 104b29b5ab3SAppaRao Puli * @param[in] doEncrypt - do encrypt if set to true, else do decrypt. 1054654d99fSRichard Marian Thomaiyar * @param[in] cipher - cipher to be used 1064654d99fSRichard Marian Thomaiyar * @param[in] key - pointer to the key 1074654d99fSRichard Marian Thomaiyar * @param[in] keyLen - Length of the key to be used 1084654d99fSRichard Marian Thomaiyar * @param[in] iv - pointer to initialization vector 1094654d99fSRichard Marian Thomaiyar * @param[in] ivLen - Length of the iv 1104654d99fSRichard Marian Thomaiyar * @param[in] inBytes - input data to be encrypted / decrypted 111b29b5ab3SAppaRao Puli * @param[in] inBytesLen - input size to be encrypted / decrypted 1124654d99fSRichard Marian Thomaiyar * @param[in] mac - message authentication code - to figure out corruption 1134654d99fSRichard Marian Thomaiyar * @param[in] macLen - size of MAC 1144654d99fSRichard Marian Thomaiyar * @param[in] outBytes - ptr to store output bytes 1154654d99fSRichard Marian Thomaiyar * @param[in] outBytesLen - outbut data length. 1164654d99fSRichard Marian Thomaiyar * 1174654d99fSRichard Marian Thomaiyar * @return error response 1184654d99fSRichard Marian Thomaiyar */ 119b29b5ab3SAppaRao Puli int encryptDecryptData(bool doEncrypt, const EVP_CIPHER* cipher, 120b29b5ab3SAppaRao Puli uint8_t* key, size_t keyLen, uint8_t* iv, 121b29b5ab3SAppaRao Puli size_t ivLen, uint8_t* inBytes, size_t inBytesLen, 122b29b5ab3SAppaRao Puli uint8_t* mac, size_t* macLen, uint8_t* outBytes, 1234654d99fSRichard Marian Thomaiyar size_t* outBytesLen); 124b29b5ab3SAppaRao Puli 125b29b5ab3SAppaRao Puli /** @brief returns updated file time of passwd file entry. 126b29b5ab3SAppaRao Puli * 127b29b5ab3SAppaRao Puli * @return timestamp or -1 for error. 128b29b5ab3SAppaRao Puli */ 129b29b5ab3SAppaRao Puli std::time_t getUpdatedFileTime(); 1304654d99fSRichard Marian Thomaiyar }; 1314654d99fSRichard Marian Thomaiyar 1324654d99fSRichard Marian Thomaiyar } // namespace ipmi 133