14654d99fSRichard Marian Thomaiyar /* 24654d99fSRichard Marian Thomaiyar // Copyright (c) 2018 Intel Corporation 34654d99fSRichard Marian Thomaiyar // 44654d99fSRichard Marian Thomaiyar // Licensed under the Apache License, Version 2.0 (the "License"); 54654d99fSRichard Marian Thomaiyar // you may not use this file except in compliance with the License. 64654d99fSRichard Marian Thomaiyar // You may obtain a copy of the License at 74654d99fSRichard Marian Thomaiyar // 84654d99fSRichard Marian Thomaiyar // http://www.apache.org/licenses/LICENSE-2.0 94654d99fSRichard Marian Thomaiyar // 104654d99fSRichard Marian Thomaiyar // Unless required by applicable law or agreed to in writing, software 114654d99fSRichard Marian Thomaiyar // distributed under the License is distributed on an "AS IS" BASIS, 124654d99fSRichard Marian Thomaiyar // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134654d99fSRichard Marian Thomaiyar // See the License for the specific language governing permissions and 144654d99fSRichard Marian Thomaiyar // limitations under the License. 154654d99fSRichard Marian Thomaiyar */ 164654d99fSRichard Marian Thomaiyar #pragma once 17194375f2SWilliam A. Kennington III #include <ipmid/api.h> 184654d99fSRichard Marian Thomaiyar 19*77381f15SSaravanan Palanisamy #include <bitset> 204654d99fSRichard Marian Thomaiyar #include <string> 214654d99fSRichard Marian Thomaiyar 224654d99fSRichard Marian Thomaiyar namespace ipmi 234654d99fSRichard Marian Thomaiyar { 245a6b6369SRichard Marian Thomaiyar 255a6b6369SRichard Marian Thomaiyar // TODO: Has to be replaced with proper channel number assignment logic 266e1ba9efSRichard Marian Thomaiyar /** 276e1ba9efSRichard Marian Thomaiyar * @enum Channel Id 286e1ba9efSRichard Marian Thomaiyar */ 295a6b6369SRichard Marian Thomaiyar enum class EChannelID : uint8_t 305a6b6369SRichard Marian Thomaiyar { 315a6b6369SRichard Marian Thomaiyar chanLan1 = 0x01 325a6b6369SRichard Marian Thomaiyar }; 335a6b6369SRichard Marian Thomaiyar 345a6b6369SRichard Marian Thomaiyar static constexpr uint8_t invalidUserId = 0xFF; 355a6b6369SRichard Marian Thomaiyar static constexpr uint8_t reservedUserId = 0x0; 365a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxUserName = 16; 375a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxUsers = 15; 385a6b6369SRichard Marian Thomaiyar static constexpr uint8_t ipmiMaxChannels = 16; 3990b00c71SSuryakanth Sekar static constexpr uint8_t maxIpmi20PasswordSize = 20; 4090b00c71SSuryakanth Sekar static constexpr uint8_t maxIpmi15PasswordSize = 16; 41*77381f15SSaravanan Palanisamy static constexpr uint8_t payloadsPerByte = 8; 425a6b6369SRichard Marian Thomaiyar 436e1ba9efSRichard Marian Thomaiyar /** @struct PrivAccess 446e1ba9efSRichard Marian Thomaiyar * 456e1ba9efSRichard Marian Thomaiyar * User privilege related access data as per IPMI specification.(refer spec 466e1ba9efSRichard Marian Thomaiyar * sec 22.26) 476e1ba9efSRichard Marian Thomaiyar */ 485a6b6369SRichard Marian Thomaiyar struct PrivAccess 495a6b6369SRichard Marian Thomaiyar { 505a6b6369SRichard Marian Thomaiyar #if BYTE_ORDER == LITTLE_ENDIAN 515a6b6369SRichard Marian Thomaiyar uint8_t privilege : 4; 525a6b6369SRichard Marian Thomaiyar uint8_t ipmiEnabled : 1; 535a6b6369SRichard Marian Thomaiyar uint8_t linkAuthEnabled : 1; 545a6b6369SRichard Marian Thomaiyar uint8_t accessCallback : 1; 555a6b6369SRichard Marian Thomaiyar uint8_t reserved : 1; 565a6b6369SRichard Marian Thomaiyar #endif 575a6b6369SRichard Marian Thomaiyar #if BYTE_ORDER == BIG_ENDIAN 585a6b6369SRichard Marian Thomaiyar uint8_t reserved : 1; 595a6b6369SRichard Marian Thomaiyar uint8_t accessCallback : 1; 605a6b6369SRichard Marian Thomaiyar uint8_t linkAuthEnabled : 1; 615a6b6369SRichard Marian Thomaiyar uint8_t ipmiEnabled : 1; 625a6b6369SRichard Marian Thomaiyar uint8_t privilege : 4; 635a6b6369SRichard Marian Thomaiyar #endif 645a6b6369SRichard Marian Thomaiyar } __attribute__((packed)); 655a6b6369SRichard Marian Thomaiyar 66*77381f15SSaravanan Palanisamy /** @struct UserPayloadAccess 67*77381f15SSaravanan Palanisamy * 68*77381f15SSaravanan Palanisamy * Structure to denote payload access restrictions applicable for a 69*77381f15SSaravanan Palanisamy * given user and channel. (refer spec sec 24.6) 70*77381f15SSaravanan Palanisamy */ 71*77381f15SSaravanan Palanisamy struct PayloadAccess 72*77381f15SSaravanan Palanisamy { 73*77381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> stdPayloadEnables1; 74*77381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> stdPayloadEnables2Reserved; 75*77381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> oemPayloadEnables1; 76*77381f15SSaravanan Palanisamy std::bitset<payloadsPerByte> oemPayloadEnables2Reserved; 77*77381f15SSaravanan Palanisamy }; 78*77381f15SSaravanan Palanisamy 795a6b6369SRichard Marian Thomaiyar /** @brief initializes user management 805a6b6369SRichard Marian Thomaiyar * 815a6b6369SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 825a6b6369SRichard Marian Thomaiyar */ 835a6b6369SRichard Marian Thomaiyar ipmi_ret_t ipmiUserInit(); 845a6b6369SRichard Marian Thomaiyar 854654d99fSRichard Marian Thomaiyar /** @brief The ipmi get user password layer call 864654d99fSRichard Marian Thomaiyar * 875a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name 884654d99fSRichard Marian Thomaiyar * 894654d99fSRichard Marian Thomaiyar * @return password or empty string 904654d99fSRichard Marian Thomaiyar */ 914654d99fSRichard Marian Thomaiyar std::string ipmiUserGetPassword(const std::string& userName); 924654d99fSRichard Marian Thomaiyar 93b29b5ab3SAppaRao Puli /** @brief The IPMI call to clear password entry associated with specified 94b29b5ab3SAppaRao Puli * username 95b29b5ab3SAppaRao Puli * 965a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name to be removed 97b29b5ab3SAppaRao Puli * 98b29b5ab3SAppaRao Puli * @return 0 on success, non-zero otherwise. 99b29b5ab3SAppaRao Puli */ 10042bed64dSRichard Marian Thomaiyar ipmi_ret_t ipmiClearUserEntryPassword(const std::string& userName); 10142bed64dSRichard Marian Thomaiyar 10242bed64dSRichard Marian Thomaiyar /** @brief The IPMI call to reuse password entry for the renamed user 10342bed64dSRichard Marian Thomaiyar * to another one 10442bed64dSRichard Marian Thomaiyar * 1055a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name which has to be renamed 1065a6b6369SRichard Marian Thomaiyar * @param[in] newUserName - new user name 10742bed64dSRichard Marian Thomaiyar * 10842bed64dSRichard Marian Thomaiyar * @return 0 on success, non-zero otherwise. 10942bed64dSRichard Marian Thomaiyar */ 11042bed64dSRichard Marian Thomaiyar ipmi_ret_t ipmiRenameUserEntryPassword(const std::string& userName, 11142bed64dSRichard Marian Thomaiyar const std::string& newUserName); 112b29b5ab3SAppaRao Puli 1135a6b6369SRichard Marian Thomaiyar /** @brief determines valid userId 1145a6b6369SRichard Marian Thomaiyar * 1155a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1165a6b6369SRichard Marian Thomaiyar * 1175a6b6369SRichard Marian Thomaiyar * @return true if valid, false otherwise 1185a6b6369SRichard Marian Thomaiyar */ 119a45cb34fSRichard Marian Thomaiyar bool ipmiUserIsValidUserId(const uint8_t userId); 1205a6b6369SRichard Marian Thomaiyar 1215a6b6369SRichard Marian Thomaiyar /** @brief determines valid privilege level 1225a6b6369SRichard Marian Thomaiyar * 1235a6b6369SRichard Marian Thomaiyar * @param[in] priv - privilege level 1245a6b6369SRichard Marian Thomaiyar * 1255a6b6369SRichard Marian Thomaiyar * @return true if valid, false otherwise 1265a6b6369SRichard Marian Thomaiyar */ 127a45cb34fSRichard Marian Thomaiyar bool ipmiUserIsValidPrivilege(const uint8_t priv); 1285a6b6369SRichard Marian Thomaiyar 1295a6b6369SRichard Marian Thomaiyar /** @brief get user id corresponding to the user name 1305a6b6369SRichard Marian Thomaiyar * 1315a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name 1325a6b6369SRichard Marian Thomaiyar * 1335a6b6369SRichard Marian Thomaiyar * @return userid. Will return 0xff if no user id found 1345a6b6369SRichard Marian Thomaiyar */ 1355a6b6369SRichard Marian Thomaiyar uint8_t ipmiUserGetUserId(const std::string& userName); 1365a6b6369SRichard Marian Thomaiyar 1375a6b6369SRichard Marian Thomaiyar /** @brief set's user name 1385a6b6369SRichard Marian Thomaiyar * 1395a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1405a6b6369SRichard Marian Thomaiyar * @param[in] userName - user name 1415a6b6369SRichard Marian Thomaiyar * 1425a6b6369SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 1435a6b6369SRichard Marian Thomaiyar */ 144a45cb34fSRichard Marian Thomaiyar ipmi_ret_t ipmiUserSetUserName(const uint8_t userId, const char* userName); 1455a6b6369SRichard Marian Thomaiyar 14690b00c71SSuryakanth Sekar /** @brief set user password 14790b00c71SSuryakanth Sekar * 14890b00c71SSuryakanth Sekar * @param[in] userId - user id 14990b00c71SSuryakanth Sekar * @param[in] userPassword - New Password 15090b00c71SSuryakanth Sekar * 15190b00c71SSuryakanth Sekar * @return IPMI_CC_OK for success, others for failure. 15290b00c71SSuryakanth Sekar */ 15390b00c71SSuryakanth Sekar ipmi_ret_t ipmiUserSetUserPassword(const uint8_t userId, 15490b00c71SSuryakanth Sekar const char* userPassword); 15590b00c71SSuryakanth Sekar 156788362ceSRichard Marian Thomaiyar /** @brief set special user password (non-ipmi accounts) 157788362ceSRichard Marian Thomaiyar * 158788362ceSRichard Marian Thomaiyar * @param[in] userName - user name 159788362ceSRichard Marian Thomaiyar * @param[in] userPassword - New Password 160788362ceSRichard Marian Thomaiyar * 161788362ceSRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 162788362ceSRichard Marian Thomaiyar */ 163788362ceSRichard Marian Thomaiyar ipmi_ret_t ipmiSetSpecialUserPassword(const std::string& userName, 164788362ceSRichard Marian Thomaiyar const std::string& userPassword); 165788362ceSRichard Marian Thomaiyar 1665a6b6369SRichard Marian Thomaiyar /** @brief get user name 1675a6b6369SRichard Marian Thomaiyar * 1685a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1695a6b6369SRichard Marian Thomaiyar * @param[out] userName - user name 1705a6b6369SRichard Marian Thomaiyar * 1715a6b6369SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 1725a6b6369SRichard Marian Thomaiyar */ 173a45cb34fSRichard Marian Thomaiyar ipmi_ret_t ipmiUserGetUserName(const uint8_t userId, std::string& userName); 1745a6b6369SRichard Marian Thomaiyar 1755a6b6369SRichard Marian Thomaiyar /** @brief provides available fixed, max, and enabled user counts 1765a6b6369SRichard Marian Thomaiyar * 1775a6b6369SRichard Marian Thomaiyar * @param[out] maxChUsers - max channel users 1785a6b6369SRichard Marian Thomaiyar * @param[out] enabledUsers - enabled user count 1795a6b6369SRichard Marian Thomaiyar * @param[out] fixedUsers - fixed user count 1805a6b6369SRichard Marian Thomaiyar * 1815a6b6369SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 1825a6b6369SRichard Marian Thomaiyar */ 1835a6b6369SRichard Marian Thomaiyar ipmi_ret_t ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers, 1845a6b6369SRichard Marian Thomaiyar uint8_t& fixedUsers); 1855a6b6369SRichard Marian Thomaiyar 186282e79b4SRichard Marian Thomaiyar /** @brief function to update user enabled state 187282e79b4SRichard Marian Thomaiyar * 188282e79b4SRichard Marian Thomaiyar * @param[in] userId - user id 189282e79b4SRichard Marian Thomaiyar *..@param[in] state - state of the user to be updated, true - user enabled. 190282e79b4SRichard Marian Thomaiyar * 191282e79b4SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 192282e79b4SRichard Marian Thomaiyar */ 193a45cb34fSRichard Marian Thomaiyar ipmi_ret_t ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state); 194282e79b4SRichard Marian Thomaiyar 1955a6b6369SRichard Marian Thomaiyar /** @brief determines whether user is enabled 1965a6b6369SRichard Marian Thomaiyar * 1975a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 1985a6b6369SRichard Marian Thomaiyar *..@param[out] state - state of the user 1995a6b6369SRichard Marian Thomaiyar * 2005a6b6369SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 2015a6b6369SRichard Marian Thomaiyar */ 202a45cb34fSRichard Marian Thomaiyar ipmi_ret_t ipmiUserCheckEnabled(const uint8_t userId, bool& state); 2035a6b6369SRichard Marian Thomaiyar 2045a6b6369SRichard Marian Thomaiyar /** @brief provides user privilege access data 2055a6b6369SRichard Marian Thomaiyar * 2065a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2075a6b6369SRichard Marian Thomaiyar * @param[in] chNum - channel number 2085a6b6369SRichard Marian Thomaiyar * @param[out] privAccess - privilege access data 2095a6b6369SRichard Marian Thomaiyar * 2105a6b6369SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 2115a6b6369SRichard Marian Thomaiyar */ 212a45cb34fSRichard Marian Thomaiyar ipmi_ret_t ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, 2135a6b6369SRichard Marian Thomaiyar PrivAccess& privAccess); 2145a6b6369SRichard Marian Thomaiyar 2155a6b6369SRichard Marian Thomaiyar /** @brief sets user privilege access data 2165a6b6369SRichard Marian Thomaiyar * 2175a6b6369SRichard Marian Thomaiyar * @param[in] userId - user id 2185a6b6369SRichard Marian Thomaiyar * @param[in] chNum - channel number 2195a6b6369SRichard Marian Thomaiyar * @param[in] privAccess - privilege access data 2205a6b6369SRichard Marian Thomaiyar * @param[in] otherPrivUpdate - flags to indicate other fields update 2215a6b6369SRichard Marian Thomaiyar * 2225a6b6369SRichard Marian Thomaiyar * @return IPMI_CC_OK for success, others for failure. 2235a6b6369SRichard Marian Thomaiyar */ 224a45cb34fSRichard Marian Thomaiyar ipmi_ret_t ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, 2255a6b6369SRichard Marian Thomaiyar const PrivAccess& privAccess, 2265a6b6369SRichard Marian Thomaiyar const bool& otherPrivUpdate); 2275a6b6369SRichard Marian Thomaiyar 22802650d53SAyushi Smriti /** @brief check for user pam authentication. This is to determine, whether user 22902650d53SAyushi Smriti * is already locked out for failed login attempt 23002650d53SAyushi Smriti * 23102650d53SAyushi Smriti * @param[in] username - username 23202650d53SAyushi Smriti * @param[in] password - password 23302650d53SAyushi Smriti * 23402650d53SAyushi Smriti * @return status 23502650d53SAyushi Smriti */ 23602650d53SAyushi Smriti bool ipmiUserPamAuthenticate(std::string_view userName, 23702650d53SAyushi Smriti std::string_view userPassword); 23802650d53SAyushi Smriti 239*77381f15SSaravanan Palanisamy /** @brief sets user payload access data 240*77381f15SSaravanan Palanisamy * 241*77381f15SSaravanan Palanisamy * @param[in] chNum - channel number 242*77381f15SSaravanan Palanisamy * @param[in] operation - ENABLE / DISABLE operation 243*77381f15SSaravanan Palanisamy * @param[in] userId - user id 244*77381f15SSaravanan Palanisamy * @param[in] payloadAccess - payload access data 245*77381f15SSaravanan Palanisamy * 246*77381f15SSaravanan Palanisamy * @return IPMI_CC_OK for success, others for failure. 247*77381f15SSaravanan Palanisamy */ 248*77381f15SSaravanan Palanisamy ipmi_ret_t ipmiUserSetUserPayloadAccess(const uint8_t chNum, 249*77381f15SSaravanan Palanisamy const uint8_t operation, 250*77381f15SSaravanan Palanisamy const uint8_t userId, 251*77381f15SSaravanan Palanisamy const PayloadAccess& payloadAccess); 252*77381f15SSaravanan Palanisamy 253*77381f15SSaravanan Palanisamy /** @brief provides user payload access data 254*77381f15SSaravanan Palanisamy * 255*77381f15SSaravanan Palanisamy * @param[in] chNum - channel number 256*77381f15SSaravanan Palanisamy * @param[in] userId - user id 257*77381f15SSaravanan Palanisamy * @param[out] payloadAccess - payload access data 258*77381f15SSaravanan Palanisamy * 259*77381f15SSaravanan Palanisamy * @return IPMI_CC_OK for success, others for failure. 260*77381f15SSaravanan Palanisamy */ 261*77381f15SSaravanan Palanisamy ipmi_ret_t ipmiUserGetUserPayloadAccess(const uint8_t chNum, 262*77381f15SSaravanan Palanisamy const uint8_t userId, 263*77381f15SSaravanan Palanisamy PayloadAccess& payloadAccess); 264*77381f15SSaravanan Palanisamy 2654654d99fSRichard Marian Thomaiyar } // namespace ipmi 266