1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 
17 #include "user_layer.hpp"
18 
19 #include "passwd_mgr.hpp"
20 #include "user_mgmt.hpp"
21 
22 namespace
23 {
24 ipmi::PasswdMgr passwdMgr;
25 }
26 
27 namespace ipmi
28 {
29 
30 ipmi_ret_t ipmiUserInit()
31 {
32     getUserAccessObject();
33     return IPMI_CC_OK;
34 }
35 
36 std::string ipmiUserGetPassword(const std::string& userName)
37 {
38     return passwdMgr.getPasswdByUserName(userName);
39 }
40 
41 ipmi_ret_t ipmiClearUserEntryPassword(const std::string& userName)
42 {
43     if (passwdMgr.updateUserEntry(userName, "") != 0)
44     {
45         return IPMI_CC_UNSPECIFIED_ERROR;
46     }
47     return IPMI_CC_OK;
48 }
49 
50 ipmi_ret_t ipmiRenameUserEntryPassword(const std::string& userName,
51                                        const std::string& newUserName)
52 {
53     if (passwdMgr.updateUserEntry(userName, newUserName) != 0)
54     {
55         return IPMI_CC_UNSPECIFIED_ERROR;
56     }
57     return IPMI_CC_OK;
58 }
59 
60 bool ipmiUserIsValidUserId(const uint8_t userId)
61 {
62     return UserAccess::isValidUserId(userId);
63 }
64 
65 bool ipmiUserIsValidPrivilege(const uint8_t priv)
66 {
67     return UserAccess::isValidPrivilege(priv);
68 }
69 
70 uint8_t ipmiUserGetUserId(const std::string& userName)
71 {
72     return getUserAccessObject().getUserId(userName);
73 }
74 
75 ipmi_ret_t ipmiUserSetUserName(const uint8_t userId, const char* userName)
76 {
77     return getUserAccessObject().setUserName(userId, userName);
78 }
79 
80 ipmi_ret_t ipmiUserGetUserName(const uint8_t userId, std::string& userName)
81 {
82     return getUserAccessObject().getUserName(userId, userName);
83 }
84 
85 ipmi_ret_t ipmiUserSetUserPassword(const uint8_t userId,
86                                    const char* userPassword)
87 {
88     return getUserAccessObject().setUserPassword(userId, userPassword);
89 }
90 
91 ipmi_ret_t ipmiSetSpecialUserPassword(const std::string& userName,
92                                       const std::string& userPassword)
93 {
94     return getUserAccessObject().setSpecialUserPassword(userName, userPassword);
95 }
96 
97 ipmi_ret_t ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
98                                 uint8_t& fixedUsers)
99 {
100     maxChUsers = ipmiMaxUsers;
101     UsersTbl* userData = getUserAccessObject().getUsersTblPtr();
102     enabledUsers = 0;
103     fixedUsers = 0;
104     // user index 0 is reserved, starts with 1
105     for (size_t count = 1; count <= ipmiMaxUsers; ++count)
106     {
107         if (userData->user[count].userEnabled)
108         {
109             enabledUsers++;
110         }
111         if (userData->user[count].fixedUserName)
112         {
113             fixedUsers++;
114         }
115     }
116     return IPMI_CC_OK;
117 }
118 
119 ipmi_ret_t ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state)
120 {
121     return getUserAccessObject().setUserEnabledState(userId, state);
122 }
123 
124 ipmi_ret_t ipmiUserCheckEnabled(const uint8_t userId, bool& state)
125 {
126     if (!UserAccess::isValidUserId(userId))
127     {
128         return IPMI_CC_PARM_OUT_OF_RANGE;
129     }
130     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
131     state = userInfo->userEnabled;
132     return IPMI_CC_OK;
133 }
134 
135 ipmi_ret_t ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
136                                       PrivAccess& privAccess)
137 {
138 
139     if (!UserAccess::isValidChannel(chNum))
140     {
141         return IPMI_CC_INVALID_FIELD_REQUEST;
142     }
143     if (!UserAccess::isValidUserId(userId))
144     {
145         return IPMI_CC_PARM_OUT_OF_RANGE;
146     }
147     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
148     privAccess.privilege = userInfo->userPrivAccess[chNum].privilege;
149     privAccess.ipmiEnabled = userInfo->userPrivAccess[chNum].ipmiEnabled;
150     privAccess.linkAuthEnabled =
151         userInfo->userPrivAccess[chNum].linkAuthEnabled;
152     privAccess.accessCallback = userInfo->userPrivAccess[chNum].accessCallback;
153 
154     return IPMI_CC_OK;
155 }
156 
157 ipmi_ret_t ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
158                                       const PrivAccess& privAccess,
159                                       const bool& otherPrivUpdates)
160 {
161     UserPrivAccess userPrivAccess;
162     userPrivAccess.privilege = privAccess.privilege;
163     if (otherPrivUpdates)
164     {
165         userPrivAccess.ipmiEnabled = privAccess.ipmiEnabled;
166         userPrivAccess.linkAuthEnabled = privAccess.linkAuthEnabled;
167         userPrivAccess.accessCallback = privAccess.accessCallback;
168     }
169     return getUserAccessObject().setUserPrivilegeAccess(
170         userId, chNum, userPrivAccess, otherPrivUpdates);
171 }
172 
173 bool ipmiUserPamAuthenticate(std::string_view userName,
174                              std::string_view userPassword)
175 {
176     return pamUserCheckAuthenticate(userName, userPassword);
177 }
178 
179 ipmi_ret_t ipmiUserSetUserPayloadAccess(const uint8_t chNum,
180                                         const uint8_t operation,
181                                         const uint8_t userId,
182                                         const PayloadAccess& payloadAccess)
183 {
184 
185     if (!UserAccess::isValidChannel(chNum))
186     {
187         return IPMI_CC_INVALID_FIELD_REQUEST;
188     }
189     if (!UserAccess::isValidUserId(userId))
190     {
191         return IPMI_CC_PARM_OUT_OF_RANGE;
192     }
193 
194     return getUserAccessObject().setUserPayloadAccess(chNum, operation, userId,
195                                                       payloadAccess);
196 }
197 
198 ipmi_ret_t ipmiUserGetUserPayloadAccess(const uint8_t chNum,
199                                         const uint8_t userId,
200                                         PayloadAccess& payloadAccess)
201 {
202 
203     if (!UserAccess::isValidChannel(chNum))
204     {
205         return IPMI_CC_INVALID_FIELD_REQUEST;
206     }
207     if (!UserAccess::isValidUserId(userId))
208     {
209         return IPMI_CC_PARM_OUT_OF_RANGE;
210     }
211 
212     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
213 
214     payloadAccess.stdPayloadEnables1 =
215         userInfo->payloadAccess[chNum].stdPayloadEnables1;
216     payloadAccess.stdPayloadEnables2Reserved =
217         userInfo->payloadAccess[chNum].stdPayloadEnables2Reserved;
218     payloadAccess.oemPayloadEnables1 =
219         userInfo->payloadAccess[chNum].oemPayloadEnables1;
220     payloadAccess.oemPayloadEnables2Reserved =
221         userInfo->payloadAccess[chNum].oemPayloadEnables2Reserved;
222 
223     return IPMI_CC_OK;
224 }
225 
226 } // namespace ipmi
227