14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 174654d99fSRichard Marian Thomaiyar 1877381f15SSaravanan Palanisamy #include <bitset> 19b541a5a5SNITIN SHARMA #include <ipmid/api.hpp> 20*1e22a0f1SVernon Mauery #include <ipmid/types.hpp> 214654d99fSRichard Marian Thomaiyar #include <string> 224654d99fSRichard Marian Thomaiyar 234654d99fSRichard Marian Thomaiyar namespace ipmi 244654d99fSRichard Marian Thomaiyar { 255a6b6369SRichard Marian Thomaiyar 265a6b6369SRichard Marian Thomaiyar // TODO: Has to be replaced with proper channel number assignment logic 276e1ba9efSRichard Marian Thomaiyar /** 286e1ba9efSRichard Marian Thomaiyar * @enum Channel Id 296e1ba9efSRichard Marian Thomaiyar */ 305a6b6369SRichard Marian Thomaiyar enum class EChannelID : uint8_t 315a6b6369SRichard Marian Thomaiyar { 325a6b6369SRichard Marian Thomaiyar chanLan1 = 0x01 335a6b6369SRichard Marian Thomaiyar }; 345a6b6369SRichard Marian Thomaiyar 355a6b6369SRichard Marian Thomaiyar static constexpr uint8_t invalidUserId = 0xFF; 365a6b6369SRichard Marian Thomaiyar static constexpr uint8_t reservedUserId = 0x0; 375a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxUserName = 16; 385a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxUsers = 15; 395a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxChannels = 16; 4090b00c71SSuryakanth Sekar static constexpr uint8_t maxIpmi20PasswordSize = 20; 4190b00c71SSuryakanth Sekar static constexpr uint8_t maxIpmi15PasswordSize = 16; 4277381f15SSaravanan Palanisamy static constexpr uint8_t payloadsPerByte = 8; 435a6b6369SRichard Marian Thomaiyar 446e1ba9efSRichard Marian Thomaiyar /** @struct PrivAccess 456e1ba9efSRichard Marian Thomaiyar * 466e1ba9efSRichard Marian Thomaiyar * User privilege related access data as per IPMI specification.(refer spec 476e1ba9efSRichard Marian Thomaiyar * sec 22.26) 486e1ba9efSRichard Marian Thomaiyar */ 495a6b6369SRichard Marian Thomaiyar struct PrivAccess 505a6b6369SRichard Marian Thomaiyar { 515a6b6369SRichard Marian Thomaiyar #if BYTE_ORDER == LITTLE_ENDIAN 525a6b6369SRichard Marian Thomaiyar uint8_t privilege : 4; 535a6b6369SRichard Marian Thomaiyar uint8_t ipmiEnabled : 1; 545a6b6369SRichard Marian Thomaiyar uint8_t linkAuthEnabled : 1; 555a6b6369SRichard Marian Thomaiyar uint8_t accessCallback : 1; 565a6b6369SRichard Marian Thomaiyar uint8_t reserved : 1; 575a6b6369SRichard Marian Thomaiyar #endif 585a6b6369SRichard Marian Thomaiyar #if BYTE_ORDER == BIG_ENDIAN 595a6b6369SRichard Marian Thomaiyar uint8_t reserved : 1; 605a6b6369SRichard Marian Thomaiyar uint8_t accessCallback : 1; 615a6b6369SRichard Marian Thomaiyar uint8_t linkAuthEnabled : 1; 625a6b6369SRichard Marian Thomaiyar uint8_t ipmiEnabled : 1; 635a6b6369SRichard Marian Thomaiyar uint8_t privilege : 4; 645a6b6369SRichard Marian Thomaiyar #endif 655a6b6369SRichard Marian Thomaiyar } __attribute__((packed)); 665a6b6369SRichard Marian Thomaiyar 6777381f15SSaravanan Palanisamy /** @struct UserPayloadAccess 6877381f15SSaravanan Palanisamy * 6977381f15SSaravanan Palanisamy * Structure to denote payload access restrictions applicable for a 7077381f15SSaravanan Palanisamy * given user and channel. (refer spec sec 24.6) 7177381f15SSaravanan Palanisamy */ 7277381f15SSaravanan Palanisamy struct PayloadAccess 7377381f15SSaravanan Palanisamy { 7477381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> stdPayloadEnables1; 7577381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> stdPayloadEnables2Reserved; 7677381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> oemPayloadEnables1; 7777381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> oemPayloadEnables2Reserved; 7877381f15SSaravanan Palanisamy }; 7977381f15SSaravanan Palanisamy 805a6b6369SRichard Marian Thomaiyar /** @brief initializes user management 815a6b6369SRichard Marian Thomaiyar * 82b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 835a6b6369SRichard Marian Thomaiyar */ 84b541a5a5SNITIN SHARMA Cc ipmiUserInit(); 855a6b6369SRichard Marian Thomaiyar 864654d99fSRichard Marian Thomaiyar /** @brief The ipmi get user password layer call 874654d99fSRichard Marian Thomaiyar * 885a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name 894654d99fSRichard Marian Thomaiyar * 904654d99fSRichard Marian Thomaiyar * @return password or empty string 914654d99fSRichard Marian Thomaiyar */ 92*1e22a0f1SVernon Mauery SecureString ipmiUserGetPassword(const std::string& userName); 934654d99fSRichard Marian Thomaiyar 94b29b5ab3SAppaRao Puli /** @brief The IPMI call to clear password entry associated with specified 95b29b5ab3SAppaRao Puli * username 96b29b5ab3SAppaRao Puli * 975a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name to be removed 98b29b5ab3SAppaRao Puli * 99b29b5ab3SAppaRao Puli * @return 0 on success, non-zero otherwise. 100b29b5ab3SAppaRao Puli */ 101b541a5a5SNITIN SHARMA Cc ipmiClearUserEntryPassword(const std::string& userName); 10242bed64dSRichard Marian Thomaiyar 10342bed64dSRichard Marian Thomaiyar /** @brief The IPMI call to reuse password entry for the renamed user 10442bed64dSRichard Marian Thomaiyar * to another one 10542bed64dSRichard Marian Thomaiyar * 1065a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name which has to be renamed 1075a6b6369SRichard Marian Thomaiyar * @param[in] newUserName - new user name 10842bed64dSRichard Marian Thomaiyar * 10942bed64dSRichard Marian Thomaiyar * @return 0 on success, non-zero otherwise. 11042bed64dSRichard Marian Thomaiyar */ 111b541a5a5SNITIN SHARMA Cc ipmiRenameUserEntryPassword(const std::string& userName, 11242bed64dSRichard Marian Thomaiyar const std::string& newUserName); 113b29b5ab3SAppaRao Puli 1145a6b6369SRichard Marian Thomaiyar /** @brief determines valid userId 1155a6b6369SRichard Marian Thomaiyar * 1165a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1175a6b6369SRichard Marian Thomaiyar * 1185a6b6369SRichard Marian Thomaiyar * @return true if valid, false otherwise 1195a6b6369SRichard Marian Thomaiyar */ 120a45cb34fSRichard Marian Thomaiyar bool ipmiUserIsValidUserId(const uint8_t userId); 1215a6b6369SRichard Marian Thomaiyar 1225a6b6369SRichard Marian Thomaiyar /** @brief determines valid privilege level 1235a6b6369SRichard Marian Thomaiyar * 1245a6b6369SRichard Marian Thomaiyar * @param[in] priv - privilege level 1255a6b6369SRichard Marian Thomaiyar * 1265a6b6369SRichard Marian Thomaiyar * @return true if valid, false otherwise 1275a6b6369SRichard Marian Thomaiyar */ 128a45cb34fSRichard Marian Thomaiyar bool ipmiUserIsValidPrivilege(const uint8_t priv); 1295a6b6369SRichard Marian Thomaiyar 1305a6b6369SRichard Marian Thomaiyar /** @brief get user id corresponding to the user name 1315a6b6369SRichard Marian Thomaiyar * 1325a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name 1335a6b6369SRichard Marian Thomaiyar * 1345a6b6369SRichard Marian Thomaiyar * @return userid. Will return 0xff if no user id found 1355a6b6369SRichard Marian Thomaiyar */ 1365a6b6369SRichard Marian Thomaiyar uint8_t ipmiUserGetUserId(const std::string& userName); 1375a6b6369SRichard Marian Thomaiyar 1385a6b6369SRichard Marian Thomaiyar /** @brief set's user name 139cdcdf2b7Sjayaprakash Mutyala * This API is deprecated 1405a6b6369SRichard Marian Thomaiyar */ 141cdcdf2b7Sjayaprakash Mutyala Cc ipmiUserSetUserName(const uint8_t userId, const char* userName) 142cdcdf2b7Sjayaprakash Mutyala __attribute__((deprecated)); 1435a6b6369SRichard Marian Thomaiyar 14476363302Sjayaprakash Mutyala /** @brief set's user name 14576363302Sjayaprakash Mutyala * 14676363302Sjayaprakash Mutyala * @param[in] userId - user id 14776363302Sjayaprakash Mutyala * @param[in] userName - user name 14876363302Sjayaprakash Mutyala * 14976363302Sjayaprakash Mutyala * @return ccSuccess for success, others for failure. 15076363302Sjayaprakash Mutyala */ 15176363302Sjayaprakash Mutyala Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName); 15276363302Sjayaprakash Mutyala 15390b00c71SSuryakanth Sekar /** @brief set user password 15490b00c71SSuryakanth Sekar * 15590b00c71SSuryakanth Sekar * @param[in] userId - user id 15690b00c71SSuryakanth Sekar * @param[in] userPassword - New Password 15790b00c71SSuryakanth Sekar * 158b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 15990b00c71SSuryakanth Sekar */ 160b541a5a5SNITIN SHARMA Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword); 16190b00c71SSuryakanth Sekar 162788362ceSRichard Marian Thomaiyar /** @brief set special user password (non-ipmi accounts) 163788362ceSRichard Marian Thomaiyar * 164788362ceSRichard Marian Thomaiyar * @param[in] userName - user name 165788362ceSRichard Marian Thomaiyar * @param[in] userPassword - New Password 166788362ceSRichard Marian Thomaiyar * 167b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 168788362ceSRichard Marian Thomaiyar */ 169b541a5a5SNITIN SHARMA Cc ipmiSetSpecialUserPassword(const std::string& userName, 170*1e22a0f1SVernon Mauery const SecureString& userPassword); 171788362ceSRichard Marian Thomaiyar 1725a6b6369SRichard Marian Thomaiyar /** @brief get user name 1735a6b6369SRichard Marian Thomaiyar * 1745a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1755a6b6369SRichard Marian Thomaiyar * @param[out] userName - user name 1765a6b6369SRichard Marian Thomaiyar * 177b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 1785a6b6369SRichard Marian Thomaiyar */ 179b541a5a5SNITIN SHARMA Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName); 1805a6b6369SRichard Marian Thomaiyar 1815a6b6369SRichard Marian Thomaiyar /** @brief provides available fixed, max, and enabled user counts 1825a6b6369SRichard Marian Thomaiyar * 1835a6b6369SRichard Marian Thomaiyar * @param[out] maxChUsers - max channel users 1845a6b6369SRichard Marian Thomaiyar * @param[out] enabledUsers - enabled user count 1855a6b6369SRichard Marian Thomaiyar * @param[out] fixedUsers - fixed user count 1865a6b6369SRichard Marian Thomaiyar * 187b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 1885a6b6369SRichard Marian Thomaiyar */ 189b541a5a5SNITIN SHARMA Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers, 1905a6b6369SRichard Marian Thomaiyar uint8_t& fixedUsers); 1915a6b6369SRichard Marian Thomaiyar 192282e79b4SRichard Marian Thomaiyar /** @brief function to update user enabled state 193282e79b4SRichard Marian Thomaiyar * 194282e79b4SRichard Marian Thomaiyar * @param[in] userId - user id 195282e79b4SRichard Marian Thomaiyar *..@param[in] state - state of the user to be updated, true - user enabled. 196282e79b4SRichard Marian Thomaiyar * 197b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 198282e79b4SRichard Marian Thomaiyar */ 199b541a5a5SNITIN SHARMA Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state); 200282e79b4SRichard Marian Thomaiyar 2015a6b6369SRichard Marian Thomaiyar /** @brief determines whether user is enabled 2025a6b6369SRichard Marian Thomaiyar * 2035a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2045a6b6369SRichard Marian Thomaiyar *..@param[out] state - state of the user 2055a6b6369SRichard Marian Thomaiyar * 206b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 2075a6b6369SRichard Marian Thomaiyar */ 208b541a5a5SNITIN SHARMA Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state); 2095a6b6369SRichard Marian Thomaiyar 2105a6b6369SRichard Marian Thomaiyar /** @brief provides user privilege access data 2115a6b6369SRichard Marian Thomaiyar * 2125a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2135a6b6369SRichard Marian Thomaiyar * @param[in] chNum - channel number 2145a6b6369SRichard Marian Thomaiyar * @param[out] privAccess - privilege access data 2155a6b6369SRichard Marian Thomaiyar * 216b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 2175a6b6369SRichard Marian Thomaiyar */ 218b541a5a5SNITIN SHARMA Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, 2195a6b6369SRichard Marian Thomaiyar PrivAccess& privAccess); 2205a6b6369SRichard Marian Thomaiyar 2215a6b6369SRichard Marian Thomaiyar /** @brief sets user privilege access data 2225a6b6369SRichard Marian Thomaiyar * 2235a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2245a6b6369SRichard Marian Thomaiyar * @param[in] chNum - channel number 2255a6b6369SRichard Marian Thomaiyar * @param[in] privAccess - privilege access data 2265a6b6369SRichard Marian Thomaiyar * @param[in] otherPrivUpdate - flags to indicate other fields update 2275a6b6369SRichard Marian Thomaiyar * 228b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 2295a6b6369SRichard Marian Thomaiyar */ 230b541a5a5SNITIN SHARMA Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, 2315a6b6369SRichard Marian Thomaiyar const PrivAccess& privAccess, 2325a6b6369SRichard Marian Thomaiyar const bool& otherPrivUpdate); 2335a6b6369SRichard Marian Thomaiyar 23402650d53SAyushi Smriti /** @brief check for user pam authentication. This is to determine, whether user 23502650d53SAyushi Smriti * is already locked out for failed login attempt 23602650d53SAyushi Smriti * 23702650d53SAyushi Smriti * @param[in] username - username 23802650d53SAyushi Smriti * @param[in] password - password 23902650d53SAyushi Smriti * 24002650d53SAyushi Smriti * @return status 24102650d53SAyushi Smriti */ 24202650d53SAyushi Smriti bool ipmiUserPamAuthenticate(std::string_view userName, 24302650d53SAyushi Smriti std::string_view userPassword); 24402650d53SAyushi Smriti 24577381f15SSaravanan Palanisamy /** @brief sets user payload access data 24677381f15SSaravanan Palanisamy * 24777381f15SSaravanan Palanisamy * @param[in] chNum - channel number 24877381f15SSaravanan Palanisamy * @param[in] operation - ENABLE / DISABLE operation 24977381f15SSaravanan Palanisamy * @param[in] userId - user id 25077381f15SSaravanan Palanisamy * @param[in] payloadAccess - payload access data 25177381f15SSaravanan Palanisamy * 252b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 25377381f15SSaravanan Palanisamy */ 254b541a5a5SNITIN SHARMA Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation, 25577381f15SSaravanan Palanisamy const uint8_t userId, 25677381f15SSaravanan Palanisamy const PayloadAccess& payloadAccess); 25777381f15SSaravanan Palanisamy 25877381f15SSaravanan Palanisamy /** @brief provides user payload access data 25977381f15SSaravanan Palanisamy * 26077381f15SSaravanan Palanisamy * @param[in] chNum - channel number 26177381f15SSaravanan Palanisamy * @param[in] userId - user id 26277381f15SSaravanan Palanisamy * @param[out] payloadAccess - payload access data 26377381f15SSaravanan Palanisamy * 264b541a5a5SNITIN SHARMA * @return ccSuccess for success, others for failure. 26577381f15SSaravanan Palanisamy */ 266b541a5a5SNITIN SHARMA Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId, 26777381f15SSaravanan Palanisamy PayloadAccess& payloadAccess); 26877381f15SSaravanan Palanisamy 2694654d99fSRichard Marian Thomaiyar } // namespace ipmi 270