1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16
17 #include "user_layer.hpp"
18
19 #include "passwd_mgr.hpp"
20 #include "user_mgmt.hpp"
21
22 namespace
23 {
24 ipmi::PasswdMgr passwdMgr;
25 }
26
27 namespace ipmi
28 {
29
ipmiUserInit()30 Cc ipmiUserInit()
31 {
32 getUserAccessObject();
33 return ccSuccess;
34 }
35
ipmiUserGetPassword(const std::string & userName)36 SecureString ipmiUserGetPassword(const std::string& userName)
37 {
38 return passwdMgr.getPasswdByUserName(userName);
39 }
40
ipmiClearUserEntryPassword(const std::string & userName)41 Cc ipmiClearUserEntryPassword(const std::string& userName)
42 {
43 if (passwdMgr.updateUserEntry(userName, "") != 0)
44 {
45 return ccUnspecifiedError;
46 }
47 return ccSuccess;
48 }
49
ipmiRenameUserEntryPassword(const std::string & userName,const std::string & newUserName)50 Cc ipmiRenameUserEntryPassword(const std::string& userName,
51 const std::string& newUserName)
52 {
53 if (passwdMgr.updateUserEntry(userName, newUserName) != 0)
54 {
55 return ccUnspecifiedError;
56 }
57 return ccSuccess;
58 }
59
ipmiUserIsValidUserId(const uint8_t userId)60 bool ipmiUserIsValidUserId(const uint8_t userId)
61 {
62 return UserAccess::isValidUserId(userId);
63 }
64
ipmiUserIsValidPrivilege(const uint8_t priv)65 bool ipmiUserIsValidPrivilege(const uint8_t priv)
66 {
67 return UserAccess::isValidPrivilege(priv);
68 }
69
ipmiUserGetUserId(const std::string & userName)70 uint8_t ipmiUserGetUserId(const std::string& userName)
71 {
72 return getUserAccessObject().getUserId(userName);
73 }
74
ipmiUserSetUserName(const uint8_t userId,const char * userName)75 Cc ipmiUserSetUserName(const uint8_t userId, const char* userName)
76 {
77 size_t len = strnlen(userName, ipmiMaxUserName);
78 std::string newUser(userName, len);
79 return getUserAccessObject().setUserName(userId, newUser);
80 }
81
ipmiUserSetUserName(const uint8_t userId,const std::string & userName)82 Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName)
83 {
84 size_t len =
85 std::min(userName.size(), static_cast<size_t>(ipmiMaxUserName));
86 std::string newUser(userName, 0, len);
87 return getUserAccessObject().setUserName(userId, newUser);
88 }
89
ipmiUserGetUserName(const uint8_t userId,std::string & userName)90 Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName)
91 {
92 return getUserAccessObject().getUserName(userId, userName);
93 }
94
ipmiUserSetUserPassword(const uint8_t userId,const char * userPassword)95 Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword)
96 {
97 return getUserAccessObject().setUserPassword(userId, userPassword);
98 }
99
ipmiSetSpecialUserPassword(const std::string & userName,const SecureString & userPassword)100 Cc ipmiSetSpecialUserPassword(const std::string& userName,
101 const SecureString& userPassword)
102 {
103 return getUserAccessObject().setSpecialUserPassword(userName, userPassword);
104 }
105
ipmiUserGetAllCounts(uint8_t & maxChUsers,uint8_t & enabledUsers,uint8_t & fixedUsers)106 Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
107 uint8_t& fixedUsers)
108 {
109 maxChUsers = ipmiMaxUsers;
110 UsersTbl* userData = getUserAccessObject().getUsersTblPtr();
111 enabledUsers = 0;
112 fixedUsers = 0;
113 // user index 0 is reserved, starts with 1
114 for (size_t count = 1; count <= ipmiMaxUsers; ++count)
115 {
116 if (userData->user[count].userEnabled)
117 {
118 enabledUsers++;
119 }
120 if (userData->user[count].fixedUserName)
121 {
122 fixedUsers++;
123 }
124 }
125 return ccSuccess;
126 }
127
ipmiUserUpdateEnabledState(const uint8_t userId,const bool & state)128 Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state)
129 {
130 return getUserAccessObject().setUserEnabledState(userId, state);
131 }
132
ipmiUserCheckEnabled(const uint8_t userId,bool & state)133 Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state)
134 {
135 if (!UserAccess::isValidUserId(userId))
136 {
137 return ccParmOutOfRange;
138 }
139 UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
140 state = userInfo->userEnabled;
141 return ccSuccess;
142 }
143
ipmiUserGetPrivilegeAccess(const uint8_t userId,const uint8_t chNum,PrivAccess & privAccess)144 Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
145 PrivAccess& privAccess)
146 {
147 if (!UserAccess::isValidChannel(chNum))
148 {
149 lg2::error("Get Privilege access - Invalid channel number: {CHANNEL}",
150 "CHANNEL", chNum);
151 return ccInvalidFieldRequest;
152 }
153 if (!UserAccess::isValidUserId(userId))
154 {
155 return ccParmOutOfRange;
156 }
157 UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
158 privAccess.privilege = userInfo->userPrivAccess[chNum].privilege;
159 privAccess.ipmiEnabled = userInfo->userPrivAccess[chNum].ipmiEnabled;
160 privAccess.linkAuthEnabled =
161 userInfo->userPrivAccess[chNum].linkAuthEnabled;
162 privAccess.accessCallback = userInfo->userPrivAccess[chNum].accessCallback;
163 return ccSuccess;
164 }
165
ipmiUserSetPrivilegeAccess(const uint8_t userId,const uint8_t chNum,const PrivAccess & privAccess,const bool & otherPrivUpdates)166 Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
167 const PrivAccess& privAccess,
168 const bool& otherPrivUpdates)
169 {
170 UserPrivAccess userPrivAccess;
171 userPrivAccess.privilege = privAccess.privilege;
172 if (otherPrivUpdates)
173 {
174 userPrivAccess.ipmiEnabled = privAccess.ipmiEnabled;
175 userPrivAccess.linkAuthEnabled = privAccess.linkAuthEnabled;
176 userPrivAccess.accessCallback = privAccess.accessCallback;
177 }
178 return getUserAccessObject().setUserPrivilegeAccess(
179 userId, chNum, userPrivAccess, otherPrivUpdates);
180 }
181
ipmiUserPamAuthenticate(std::string_view userName,std::string_view userPassword)182 bool ipmiUserPamAuthenticate(std::string_view userName,
183 std::string_view userPassword)
184 {
185 return pamUserCheckAuthenticate(userName, userPassword);
186 }
187
ipmiUserSetUserPayloadAccess(const uint8_t chNum,const uint8_t operation,const uint8_t userId,const PayloadAccess & payloadAccess)188 Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation,
189 const uint8_t userId,
190 const PayloadAccess& payloadAccess)
191 {
192 if (!UserAccess::isValidChannel(chNum))
193 {
194 lg2::error(
195 "Set user payload access - Invalid channel number: {CHANNEL}",
196 "CHANNEL", chNum);
197 return ccInvalidFieldRequest;
198 }
199 if (!UserAccess::isValidUserId(userId))
200 {
201 return ccParmOutOfRange;
202 }
203
204 return getUserAccessObject().setUserPayloadAccess(chNum, operation, userId,
205 payloadAccess);
206 }
207
ipmiUserGetUserPayloadAccess(const uint8_t chNum,const uint8_t userId,PayloadAccess & payloadAccess)208 Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId,
209 PayloadAccess& payloadAccess)
210 {
211 if (!UserAccess::isValidChannel(chNum))
212 {
213 lg2::error(
214 "Get user payload access - Invalid channel number: {CHANNEL}",
215 "CHANNEL", chNum);
216 return ccInvalidFieldRequest;
217 }
218 if (!UserAccess::isValidUserId(userId))
219 {
220 return ccParmOutOfRange;
221 }
222
223 UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
224
225 payloadAccess.stdPayloadEnables1 =
226 userInfo->payloadAccess[chNum].stdPayloadEnables1;
227 payloadAccess.stdPayloadEnables2Reserved =
228 userInfo->payloadAccess[chNum].stdPayloadEnables2Reserved;
229 payloadAccess.oemPayloadEnables1 =
230 userInfo->payloadAccess[chNum].oemPayloadEnables1;
231 payloadAccess.oemPayloadEnables2Reserved =
232 userInfo->payloadAccess[chNum].oemPayloadEnables2Reserved;
233
234 return ccSuccess;
235 }
236
237 } // namespace ipmi
238