14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 174654d99fSRichard Marian Thomaiyar 18b541a5a5SNITIN SHARMA #include <ipmid/api.hpp> 191e22a0f1SVernon Mauery #include <ipmid/types.hpp> 20*fbc6c9d7SPatrick Williams 21*fbc6c9d7SPatrick Williams #include <bitset> 224654d99fSRichard Marian Thomaiyar #include <string> 234654d99fSRichard Marian Thomaiyar 244654d99fSRichard Marian Thomaiyar namespace ipmi 254654d99fSRichard Marian Thomaiyar { 265a6b6369SRichard Marian Thomaiyar 275a6b6369SRichard Marian Thomaiyar // TODO: Has to be replaced with proper channel number assignment logic 286e1ba9efSRichard Marian Thomaiyar /** 296e1ba9efSRichard Marian Thomaiyar * @enum Channel Id 306e1ba9efSRichard Marian Thomaiyar */ 315a6b6369SRichard Marian Thomaiyar enum class EChannelID : uint8_t 325a6b6369SRichard Marian Thomaiyar { 335a6b6369SRichard Marian Thomaiyar chanLan1 = 0x01 345a6b6369SRichard Marian Thomaiyar }; 355a6b6369SRichard Marian Thomaiyar 365a6b6369SRichard Marian Thomaiyar static constexpr uint8_t invalidUserId = 0xFF; 375a6b6369SRichard Marian Thomaiyar static constexpr uint8_t reservedUserId = 0x0; 385a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxUserName = 16; 395a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxUsers = 15; 405a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxChannels = 16; 4190b00c71SSuryakanth Sekar static constexpr uint8_t maxIpmi20PasswordSize = 20; 4290b00c71SSuryakanth Sekar static constexpr uint8_t maxIpmi15PasswordSize = 16; 4377381f15SSaravanan Palanisamy static constexpr uint8_t payloadsPerByte = 8; 445a6b6369SRichard Marian Thomaiyar 456e1ba9efSRichard Marian Thomaiyar /** @struct PrivAccess 466e1ba9efSRichard Marian Thomaiyar * 476e1ba9efSRichard Marian Thomaiyar * User privilege related access data as per IPMI specification.(refer spec 486e1ba9efSRichard Marian Thomaiyar * sec 22.26) 496e1ba9efSRichard Marian Thomaiyar */ 505a6b6369SRichard Marian Thomaiyar struct PrivAccess 515a6b6369SRichard Marian Thomaiyar { 525a6b6369SRichard Marian Thomaiyar #if BYTE_ORDER == LITTLE_ENDIAN 535a6b6369SRichard Marian Thomaiyar uint8_t privilege:4; 545a6b6369SRichard Marian Thomaiyar uint8_t ipmiEnabled:1; 555a6b6369SRichard Marian Thomaiyar uint8_t linkAuthEnabled:1; 565a6b6369SRichard Marian Thomaiyar uint8_t accessCallback:1; 575a6b6369SRichard Marian Thomaiyar uint8_t reserved:1; 585a6b6369SRichard Marian Thomaiyar #endif 595a6b6369SRichard Marian Thomaiyar #if BYTE_ORDER == BIG_ENDIAN 605a6b6369SRichard Marian Thomaiyar uint8_t reserved:1; 615a6b6369SRichard Marian Thomaiyar uint8_t accessCallback:1; 625a6b6369SRichard Marian Thomaiyar uint8_t linkAuthEnabled:1; 635a6b6369SRichard Marian Thomaiyar uint8_t ipmiEnabled:1; 645a6b6369SRichard Marian Thomaiyar uint8_t privilege:4; 655a6b6369SRichard Marian Thomaiyar #endif 665a6b6369SRichard Marian Thomaiyar } __attribute__((packed)); 675a6b6369SRichard Marian Thomaiyar 6877381f15SSaravanan Palanisamy /** @struct UserPayloadAccess 6977381f15SSaravanan Palanisamy * 7077381f15SSaravanan Palanisamy * Structure to denote payload access restrictions applicable for a 7177381f15SSaravanan Palanisamy * given user and channel. (refer spec sec 24.6) 7277381f15SSaravanan Palanisamy */ 7377381f15SSaravanan Palanisamy struct PayloadAccess 7477381f15SSaravanan Palanisamy { 7577381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> stdPayloadEnables1; 7677381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> stdPayloadEnables2Reserved; 7777381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> oemPayloadEnables1; 7877381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> oemPayloadEnables2Reserved; 7977381f15SSaravanan Palanisamy }; 8077381f15SSaravanan Palanisamy 815a6b6369SRichard Marian Thomaiyar /** @brief initializes user management 825a6b6369SRichard Marian Thomaiyar * 83b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 845a6b6369SRichard Marian Thomaiyar */ 85b541a5a5SNITIN SHARMA Cc ipmiUserInit(); 865a6b6369SRichard Marian Thomaiyar 874654d99fSRichard Marian Thomaiyar /** @brief The ipmi get user password layer call 884654d99fSRichard Marian Thomaiyar * 895a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name 904654d99fSRichard Marian Thomaiyar * 914654d99fSRichard Marian Thomaiyar * @return password or empty string 924654d99fSRichard Marian Thomaiyar */ 931e22a0f1SVernon Mauery SecureString ipmiUserGetPassword(const std::string& userName); 944654d99fSRichard Marian Thomaiyar 95b29b5ab3SAppaRao Puli /** @brief The IPMI call to clear password entry associated with specified 96b29b5ab3SAppaRao Puli * username 97b29b5ab3SAppaRao Puli * 985a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name to be removed 99b29b5ab3SAppaRao Puli * 100b29b5ab3SAppaRao Puli * @return 0 on success, non-zero otherwise. 101b29b5ab3SAppaRao Puli */ 102b541a5a5SNITIN SHARMA Cc ipmiClearUserEntryPassword(const std::string& userName); 10342bed64dSRichard Marian Thomaiyar 10442bed64dSRichard Marian Thomaiyar /** @brief The IPMI call to reuse password entry for the renamed user 10542bed64dSRichard Marian Thomaiyar * to another one 10642bed64dSRichard Marian Thomaiyar * 1075a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name which has to be renamed 1085a6b6369SRichard Marian Thomaiyar * @param[in] newUserName - new user name 10942bed64dSRichard Marian Thomaiyar * 11042bed64dSRichard Marian Thomaiyar * @return 0 on success, non-zero otherwise. 11142bed64dSRichard Marian Thomaiyar */ 112b541a5a5SNITIN SHARMA Cc ipmiRenameUserEntryPassword(const std::string& userName, 11342bed64dSRichard Marian Thomaiyar const std::string& newUserName); 114b29b5ab3SAppaRao Puli 1155a6b6369SRichard Marian Thomaiyar /** @brief determines valid userId 1165a6b6369SRichard Marian Thomaiyar * 1175a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1185a6b6369SRichard Marian Thomaiyar * 1195a6b6369SRichard Marian Thomaiyar * @return true if valid, false otherwise 1205a6b6369SRichard Marian Thomaiyar */ 121a45cb34fSRichard Marian Thomaiyar bool ipmiUserIsValidUserId(const uint8_t userId); 1225a6b6369SRichard Marian Thomaiyar 1235a6b6369SRichard Marian Thomaiyar /** @brief determines valid privilege level 1245a6b6369SRichard Marian Thomaiyar * 1255a6b6369SRichard Marian Thomaiyar * @param[in] priv - privilege level 1265a6b6369SRichard Marian Thomaiyar * 1275a6b6369SRichard Marian Thomaiyar * @return true if valid, false otherwise 1285a6b6369SRichard Marian Thomaiyar */ 129a45cb34fSRichard Marian Thomaiyar bool ipmiUserIsValidPrivilege(const uint8_t priv); 1305a6b6369SRichard Marian Thomaiyar 1315a6b6369SRichard Marian Thomaiyar /** @brief get user id corresponding to the user name 1325a6b6369SRichard Marian Thomaiyar * 1335a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name 1345a6b6369SRichard Marian Thomaiyar * 1355a6b6369SRichard Marian Thomaiyar * @return userid. Will return 0xff if no user id found 1365a6b6369SRichard Marian Thomaiyar */ 1375a6b6369SRichard Marian Thomaiyar uint8_t ipmiUserGetUserId(const std::string& userName); 1385a6b6369SRichard Marian Thomaiyar 1395a6b6369SRichard Marian Thomaiyar /** @brief set's user name 140cdcdf2b7Sjayaprakash Mutyala * This API is deprecated 1415a6b6369SRichard Marian Thomaiyar */ 142cdcdf2b7Sjayaprakash Mutyala Cc ipmiUserSetUserName(const uint8_t userId, const char* userName) 143cdcdf2b7Sjayaprakash Mutyala __attribute__((deprecated)); 1445a6b6369SRichard Marian Thomaiyar 14576363302Sjayaprakash Mutyala /** @brief set's user name 14676363302Sjayaprakash Mutyala * 14776363302Sjayaprakash Mutyala * @param[in] userId - user id 14876363302Sjayaprakash Mutyala * @param[in] userName - user name 14976363302Sjayaprakash Mutyala * 15076363302Sjayaprakash Mutyala * @return ccSuccess for success, others for failure. 15176363302Sjayaprakash Mutyala */ 15276363302Sjayaprakash Mutyala Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName); 15376363302Sjayaprakash Mutyala 15490b00c71SSuryakanth Sekar /** @brief set user password 15590b00c71SSuryakanth Sekar * 15690b00c71SSuryakanth Sekar * @param[in] userId - user id 15790b00c71SSuryakanth Sekar * @param[in] userPassword - New Password 15890b00c71SSuryakanth Sekar * 159b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 16090b00c71SSuryakanth Sekar */ 161b541a5a5SNITIN SHARMA Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword); 16290b00c71SSuryakanth Sekar 163788362ceSRichard Marian Thomaiyar /** @brief set special user password (non-ipmi accounts) 164788362ceSRichard Marian Thomaiyar * 165788362ceSRichard Marian Thomaiyar * @param[in] userName - user name 166788362ceSRichard Marian Thomaiyar * @param[in] userPassword - New Password 167788362ceSRichard Marian Thomaiyar * 168b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 169788362ceSRichard Marian Thomaiyar */ 170b541a5a5SNITIN SHARMA Cc ipmiSetSpecialUserPassword(const std::string& userName, 1711e22a0f1SVernon Mauery const SecureString& userPassword); 172788362ceSRichard Marian Thomaiyar 1735a6b6369SRichard Marian Thomaiyar /** @brief get user name 1745a6b6369SRichard Marian Thomaiyar * 1755a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1765a6b6369SRichard Marian Thomaiyar * @param[out] userName - user name 1775a6b6369SRichard Marian Thomaiyar * 178b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 1795a6b6369SRichard Marian Thomaiyar */ 180b541a5a5SNITIN SHARMA Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName); 1815a6b6369SRichard Marian Thomaiyar 1825a6b6369SRichard Marian Thomaiyar /** @brief provides available fixed, max, and enabled user counts 1835a6b6369SRichard Marian Thomaiyar * 1845a6b6369SRichard Marian Thomaiyar * @param[out] maxChUsers - max channel users 1855a6b6369SRichard Marian Thomaiyar * @param[out] enabledUsers - enabled user count 1865a6b6369SRichard Marian Thomaiyar * @param[out] fixedUsers - fixed user count 1875a6b6369SRichard Marian Thomaiyar * 188b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 1895a6b6369SRichard Marian Thomaiyar */ 190b541a5a5SNITIN SHARMA Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers, 1915a6b6369SRichard Marian Thomaiyar uint8_t& fixedUsers); 1925a6b6369SRichard Marian Thomaiyar 193282e79b4SRichard Marian Thomaiyar /** @brief function to update user enabled state 194282e79b4SRichard Marian Thomaiyar * 195282e79b4SRichard Marian Thomaiyar * @param[in] userId - user id 196282e79b4SRichard Marian Thomaiyar *..@param[in] state - state of the user to be updated, true - user enabled. 197282e79b4SRichard Marian Thomaiyar * 198b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 199282e79b4SRichard Marian Thomaiyar */ 200b541a5a5SNITIN SHARMA Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state); 201282e79b4SRichard Marian Thomaiyar 2025a6b6369SRichard Marian Thomaiyar /** @brief determines whether user is enabled 2035a6b6369SRichard Marian Thomaiyar * 2045a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2055a6b6369SRichard Marian Thomaiyar *..@param[out] state - state of the user 2065a6b6369SRichard Marian Thomaiyar * 207b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 2085a6b6369SRichard Marian Thomaiyar */ 209b541a5a5SNITIN SHARMA Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state); 2105a6b6369SRichard Marian Thomaiyar 2115a6b6369SRichard Marian Thomaiyar /** @brief provides user privilege access data 2125a6b6369SRichard Marian Thomaiyar * 2135a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2145a6b6369SRichard Marian Thomaiyar * @param[in] chNum - channel number 2155a6b6369SRichard Marian Thomaiyar * @param[out] privAccess - privilege access data 2165a6b6369SRichard Marian Thomaiyar * 217b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 2185a6b6369SRichard Marian Thomaiyar */ 219b541a5a5SNITIN SHARMA Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, 2205a6b6369SRichard Marian Thomaiyar PrivAccess& privAccess); 2215a6b6369SRichard Marian Thomaiyar 2225a6b6369SRichard Marian Thomaiyar /** @brief sets user privilege access data 2235a6b6369SRichard Marian Thomaiyar * 2245a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2255a6b6369SRichard Marian Thomaiyar * @param[in] chNum - channel number 2265a6b6369SRichard Marian Thomaiyar * @param[in] privAccess - privilege access data 2275a6b6369SRichard Marian Thomaiyar * @param[in] otherPrivUpdate - flags to indicate other fields update 2285a6b6369SRichard Marian Thomaiyar * 229b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 2305a6b6369SRichard Marian Thomaiyar */ 231b541a5a5SNITIN SHARMA Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, 2325a6b6369SRichard Marian Thomaiyar const PrivAccess& privAccess, 2335a6b6369SRichard Marian Thomaiyar const bool& otherPrivUpdate); 2345a6b6369SRichard Marian Thomaiyar 23502650d53SAyushi Smriti /** @brief check for user pam authentication. This is to determine, whether user 23602650d53SAyushi Smriti * is already locked out for failed login attempt 23702650d53SAyushi Smriti * 23802650d53SAyushi Smriti * @param[in] username - username 23902650d53SAyushi Smriti * @param[in] password - password 24002650d53SAyushi Smriti * 24102650d53SAyushi Smriti * @return status 24202650d53SAyushi Smriti */ 24302650d53SAyushi Smriti bool ipmiUserPamAuthenticate(std::string_view userName, 24402650d53SAyushi Smriti std::string_view userPassword); 24502650d53SAyushi Smriti 24677381f15SSaravanan Palanisamy /** @brief sets user payload access data 24777381f15SSaravanan Palanisamy * 24877381f15SSaravanan Palanisamy * @param[in] chNum - channel number 24977381f15SSaravanan Palanisamy * @param[in] operation - ENABLE / DISABLE operation 25077381f15SSaravanan Palanisamy * @param[in] userId - user id 25177381f15SSaravanan Palanisamy * @param[in] payloadAccess - payload access data 25277381f15SSaravanan Palanisamy * 253b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 25477381f15SSaravanan Palanisamy */ 255b541a5a5SNITIN SHARMA Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation, 25677381f15SSaravanan Palanisamy const uint8_t userId, 25777381f15SSaravanan Palanisamy const PayloadAccess& payloadAccess); 25877381f15SSaravanan Palanisamy 25977381f15SSaravanan Palanisamy /** @brief provides user payload access data 26077381f15SSaravanan Palanisamy * 26177381f15SSaravanan Palanisamy * @param[in] chNum - channel number 26277381f15SSaravanan Palanisamy * @param[in] userId - user id 26377381f15SSaravanan Palanisamy * @param[out] payloadAccess - payload access data 26477381f15SSaravanan Palanisamy * 265b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 26677381f15SSaravanan Palanisamy */ 267b541a5a5SNITIN SHARMA Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId, 26877381f15SSaravanan Palanisamy PayloadAccess& payloadAccess); 26977381f15SSaravanan Palanisamy 2704654d99fSRichard Marian Thomaiyar } // namespace ipmi 271