1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 
17 #include "user_layer.hpp"
18 
19 #include "passwd_mgr.hpp"
20 #include "user_mgmt.hpp"
21 
22 namespace
23 {
24 ipmi::PasswdMgr passwdMgr;
25 }
26 
27 namespace ipmi
28 {
29 
30 Cc ipmiUserInit()
31 {
32     getUserAccessObject();
33     return ccSuccess;
34 }
35 
36 std::string ipmiUserGetPassword(const std::string& userName)
37 {
38     return passwdMgr.getPasswdByUserName(userName);
39 }
40 
41 Cc ipmiClearUserEntryPassword(const std::string& userName)
42 {
43     if (passwdMgr.updateUserEntry(userName, "") != 0)
44     {
45         return ccUnspecifiedError;
46     }
47     return ccSuccess;
48 }
49 
50 Cc ipmiRenameUserEntryPassword(const std::string& userName,
51                                const std::string& newUserName)
52 {
53     if (passwdMgr.updateUserEntry(userName, newUserName) != 0)
54     {
55         return ccUnspecifiedError;
56     }
57     return ccSuccess;
58 }
59 
60 bool ipmiUserIsValidUserId(const uint8_t userId)
61 {
62     return UserAccess::isValidUserId(userId);
63 }
64 
65 bool ipmiUserIsValidPrivilege(const uint8_t priv)
66 {
67     return UserAccess::isValidPrivilege(priv);
68 }
69 
70 uint8_t ipmiUserGetUserId(const std::string& userName)
71 {
72     return getUserAccessObject().getUserId(userName);
73 }
74 
75 Cc ipmiUserSetUserName(const uint8_t userId, const char* userName)
76 {
77     return getUserAccessObject().setUserName(userId, userName);
78 }
79 
80 Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName)
81 {
82     return getUserAccessObject().getUserName(userId, userName);
83 }
84 
85 Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword)
86 {
87     return getUserAccessObject().setUserPassword(userId, userPassword);
88 }
89 
90 Cc ipmiSetSpecialUserPassword(const std::string& userName,
91                               const std::string& userPassword)
92 {
93     return getUserAccessObject().setSpecialUserPassword(userName, userPassword);
94 }
95 
96 Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
97                         uint8_t& fixedUsers)
98 {
99     maxChUsers = ipmiMaxUsers;
100     UsersTbl* userData = getUserAccessObject().getUsersTblPtr();
101     enabledUsers = 0;
102     fixedUsers = 0;
103     // user index 0 is reserved, starts with 1
104     for (size_t count = 1; count <= ipmiMaxUsers; ++count)
105     {
106         if (userData->user[count].userEnabled)
107         {
108             enabledUsers++;
109         }
110         if (userData->user[count].fixedUserName)
111         {
112             fixedUsers++;
113         }
114     }
115     return ccSuccess;
116 }
117 
118 Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state)
119 {
120     return getUserAccessObject().setUserEnabledState(userId, state);
121 }
122 
123 Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state)
124 {
125     if (!UserAccess::isValidUserId(userId))
126     {
127         return ccParmOutOfRange;
128     }
129     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
130     state = userInfo->userEnabled;
131     return ccSuccess;
132 }
133 
134 Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
135                               PrivAccess& privAccess)
136 {
137 
138     if (!UserAccess::isValidChannel(chNum))
139     {
140         return ccInvalidFieldRequest;
141     }
142     if (!UserAccess::isValidUserId(userId))
143     {
144         return ccParmOutOfRange;
145     }
146     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
147     privAccess.privilege = userInfo->userPrivAccess[chNum].privilege;
148     privAccess.ipmiEnabled = userInfo->userPrivAccess[chNum].ipmiEnabled;
149     privAccess.linkAuthEnabled =
150         userInfo->userPrivAccess[chNum].linkAuthEnabled;
151     privAccess.accessCallback = userInfo->userPrivAccess[chNum].accessCallback;
152     return ccSuccess;
153 }
154 
155 Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
156                               const PrivAccess& privAccess,
157                               const bool& otherPrivUpdates)
158 {
159     UserPrivAccess userPrivAccess;
160     userPrivAccess.privilege = privAccess.privilege;
161     if (otherPrivUpdates)
162     {
163         userPrivAccess.ipmiEnabled = privAccess.ipmiEnabled;
164         userPrivAccess.linkAuthEnabled = privAccess.linkAuthEnabled;
165         userPrivAccess.accessCallback = privAccess.accessCallback;
166     }
167     return getUserAccessObject().setUserPrivilegeAccess(
168         userId, chNum, userPrivAccess, otherPrivUpdates);
169 }
170 
171 bool ipmiUserPamAuthenticate(std::string_view userName,
172                              std::string_view userPassword)
173 {
174     return pamUserCheckAuthenticate(userName, userPassword);
175 }
176 
177 Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation,
178                                 const uint8_t userId,
179                                 const PayloadAccess& payloadAccess)
180 {
181 
182     if (!UserAccess::isValidChannel(chNum))
183     {
184         return ccInvalidFieldRequest;
185     }
186     if (!UserAccess::isValidUserId(userId))
187     {
188         return ccParmOutOfRange;
189     }
190 
191     return getUserAccessObject().setUserPayloadAccess(chNum, operation, userId,
192                                                       payloadAccess);
193 }
194 
195 Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId,
196                                 PayloadAccess& payloadAccess)
197 {
198 
199     if (!UserAccess::isValidChannel(chNum))
200     {
201         return ccInvalidFieldRequest;
202     }
203     if (!UserAccess::isValidUserId(userId))
204     {
205         return ccParmOutOfRange;
206     }
207 
208     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
209 
210     payloadAccess.stdPayloadEnables1 =
211         userInfo->payloadAccess[chNum].stdPayloadEnables1;
212     payloadAccess.stdPayloadEnables2Reserved =
213         userInfo->payloadAccess[chNum].stdPayloadEnables2Reserved;
214     payloadAccess.oemPayloadEnables1 =
215         userInfo->payloadAccess[chNum].oemPayloadEnables1;
216     payloadAccess.oemPayloadEnables2Reserved =
217         userInfo->payloadAccess[chNum].oemPayloadEnables2Reserved;
218 
219     return ccSuccess;
220 }
221 
222 } // namespace ipmi
223