1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 
17 #include "user_layer.hpp"
18 
19 #include "passwd_mgr.hpp"
20 #include "user_mgmt.hpp"
21 
22 namespace
23 {
24 ipmi::PasswdMgr passwdMgr;
25 }
26 
27 namespace ipmi
28 {
29 
30 Cc ipmiUserInit()
31 {
32     getUserAccessObject();
33     return ccSuccess;
34 }
35 
36 SecureString ipmiUserGetPassword(const std::string& userName)
37 {
38     return passwdMgr.getPasswdByUserName(userName);
39 }
40 
41 Cc ipmiClearUserEntryPassword(const std::string& userName)
42 {
43     if (passwdMgr.updateUserEntry(userName, "") != 0)
44     {
45         return ccUnspecifiedError;
46     }
47     return ccSuccess;
48 }
49 
50 Cc ipmiRenameUserEntryPassword(const std::string& userName,
51                                const std::string& newUserName)
52 {
53     if (passwdMgr.updateUserEntry(userName, newUserName) != 0)
54     {
55         return ccUnspecifiedError;
56     }
57     return ccSuccess;
58 }
59 
60 bool ipmiUserIsValidUserId(const uint8_t userId)
61 {
62     return UserAccess::isValidUserId(userId);
63 }
64 
65 bool ipmiUserIsValidPrivilege(const uint8_t priv)
66 {
67     return UserAccess::isValidPrivilege(priv);
68 }
69 
70 uint8_t ipmiUserGetUserId(const std::string& userName)
71 {
72     return getUserAccessObject().getUserId(userName);
73 }
74 
75 Cc ipmiUserSetUserName(const uint8_t userId, const char* userName)
76 {
77     std::string newUser(userName, 0, ipmiMaxUserName);
78     return getUserAccessObject().setUserName(userId, newUser);
79 }
80 
81 Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName)
82 {
83     std::string newUser(userName, 0, ipmiMaxUserName);
84     return getUserAccessObject().setUserName(userId, newUser);
85 }
86 
87 Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName)
88 {
89     return getUserAccessObject().getUserName(userId, userName);
90 }
91 
92 Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword)
93 {
94     return getUserAccessObject().setUserPassword(userId, userPassword);
95 }
96 
97 Cc ipmiSetSpecialUserPassword(const std::string& userName,
98                               const SecureString& userPassword)
99 {
100     return getUserAccessObject().setSpecialUserPassword(userName, userPassword);
101 }
102 
103 Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
104                         uint8_t& fixedUsers)
105 {
106     maxChUsers = ipmiMaxUsers;
107     UsersTbl* userData = getUserAccessObject().getUsersTblPtr();
108     enabledUsers = 0;
109     fixedUsers = 0;
110     // user index 0 is reserved, starts with 1
111     for (size_t count = 1; count <= ipmiMaxUsers; ++count)
112     {
113         if (userData->user[count].userEnabled)
114         {
115             enabledUsers++;
116         }
117         if (userData->user[count].fixedUserName)
118         {
119             fixedUsers++;
120         }
121     }
122     return ccSuccess;
123 }
124 
125 Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state)
126 {
127     return getUserAccessObject().setUserEnabledState(userId, state);
128 }
129 
130 Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state)
131 {
132     if (!UserAccess::isValidUserId(userId))
133     {
134         return ccParmOutOfRange;
135     }
136     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
137     state = userInfo->userEnabled;
138     return ccSuccess;
139 }
140 
141 Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
142                               PrivAccess& privAccess)
143 {
144 
145     if (!UserAccess::isValidChannel(chNum))
146     {
147         return ccInvalidFieldRequest;
148     }
149     if (!UserAccess::isValidUserId(userId))
150     {
151         return ccParmOutOfRange;
152     }
153     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
154     privAccess.privilege = userInfo->userPrivAccess[chNum].privilege;
155     privAccess.ipmiEnabled = userInfo->userPrivAccess[chNum].ipmiEnabled;
156     privAccess.linkAuthEnabled =
157         userInfo->userPrivAccess[chNum].linkAuthEnabled;
158     privAccess.accessCallback = userInfo->userPrivAccess[chNum].accessCallback;
159     return ccSuccess;
160 }
161 
162 Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
163                               const PrivAccess& privAccess,
164                               const bool& otherPrivUpdates)
165 {
166     UserPrivAccess userPrivAccess;
167     userPrivAccess.privilege = privAccess.privilege;
168     if (otherPrivUpdates)
169     {
170         userPrivAccess.ipmiEnabled = privAccess.ipmiEnabled;
171         userPrivAccess.linkAuthEnabled = privAccess.linkAuthEnabled;
172         userPrivAccess.accessCallback = privAccess.accessCallback;
173     }
174     return getUserAccessObject().setUserPrivilegeAccess(
175         userId, chNum, userPrivAccess, otherPrivUpdates);
176 }
177 
178 bool ipmiUserPamAuthenticate(std::string_view userName,
179                              std::string_view userPassword)
180 {
181     return pamUserCheckAuthenticate(userName, userPassword);
182 }
183 
184 Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation,
185                                 const uint8_t userId,
186                                 const PayloadAccess& payloadAccess)
187 {
188 
189     if (!UserAccess::isValidChannel(chNum))
190     {
191         return ccInvalidFieldRequest;
192     }
193     if (!UserAccess::isValidUserId(userId))
194     {
195         return ccParmOutOfRange;
196     }
197 
198     return getUserAccessObject().setUserPayloadAccess(chNum, operation, userId,
199                                                       payloadAccess);
200 }
201 
202 Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId,
203                                 PayloadAccess& payloadAccess)
204 {
205 
206     if (!UserAccess::isValidChannel(chNum))
207     {
208         return ccInvalidFieldRequest;
209     }
210     if (!UserAccess::isValidUserId(userId))
211     {
212         return ccParmOutOfRange;
213     }
214 
215     UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
216 
217     payloadAccess.stdPayloadEnables1 =
218         userInfo->payloadAccess[chNum].stdPayloadEnables1;
219     payloadAccess.stdPayloadEnables2Reserved =
220         userInfo->payloadAccess[chNum].stdPayloadEnables2Reserved;
221     payloadAccess.oemPayloadEnables1 =
222         userInfo->payloadAccess[chNum].oemPayloadEnables1;
223     payloadAccess.oemPayloadEnables2Reserved =
224         userInfo->payloadAccess[chNum].oemPayloadEnables2Reserved;
225 
226     return ccSuccess;
227 }
228 
229 } // namespace ipmi
230