1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 #include <ipmid/api.h>
18 
19 #include <string>
20 
21 namespace ipmi
22 {
23 
24 // TODO: Has to be replaced with proper channel number assignment logic
25 /**
26  * @enum Channel Id
27  */
28 enum class EChannelID : uint8_t
29 {
30     chanLan1 = 0x01
31 };
32 
33 static constexpr uint8_t invalidUserId = 0xFF;
34 static constexpr uint8_t reservedUserId = 0x0;
35 static constexpr uint8_t ipmiMaxUserName = 16;
36 static constexpr uint8_t ipmiMaxUsers = 15;
37 static constexpr uint8_t ipmiMaxChannels = 16;
38 static constexpr uint8_t maxIpmi20PasswordSize = 20;
39 static constexpr uint8_t maxIpmi15PasswordSize = 16;
40 
41 /** @struct PrivAccess
42  *
43  *  User privilege related access data as per IPMI specification.(refer spec
44  * sec 22.26)
45  */
46 struct PrivAccess
47 {
48 #if BYTE_ORDER == LITTLE_ENDIAN
49     uint8_t privilege : 4;
50     uint8_t ipmiEnabled : 1;
51     uint8_t linkAuthEnabled : 1;
52     uint8_t accessCallback : 1;
53     uint8_t reserved : 1;
54 #endif
55 #if BYTE_ORDER == BIG_ENDIAN
56     uint8_t reserved : 1;
57     uint8_t accessCallback : 1;
58     uint8_t linkAuthEnabled : 1;
59     uint8_t ipmiEnabled : 1;
60     uint8_t privilege : 4;
61 #endif
62 } __attribute__((packed));
63 
64 /** @brief initializes user management
65  *
66  *  @return IPMI_CC_OK for success, others for failure.
67  */
68 ipmi_ret_t ipmiUserInit();
69 
70 /** @brief The ipmi get user password layer call
71  *
72  *  @param[in] userName - user name
73  *
74  *  @return password or empty string
75  */
76 std::string ipmiUserGetPassword(const std::string& userName);
77 
78 /** @brief The IPMI call to clear password entry associated with specified
79  * username
80  *
81  *  @param[in] userName - user name to be removed
82  *
83  *  @return 0 on success, non-zero otherwise.
84  */
85 ipmi_ret_t ipmiClearUserEntryPassword(const std::string& userName);
86 
87 /** @brief The IPMI call to reuse password entry for the renamed user
88  *  to another one
89  *
90  *  @param[in] userName - user name which has to be renamed
91  *  @param[in] newUserName - new user name
92  *
93  *  @return 0 on success, non-zero otherwise.
94  */
95 ipmi_ret_t ipmiRenameUserEntryPassword(const std::string& userName,
96                                        const std::string& newUserName);
97 
98 /** @brief determines valid userId
99  *
100  *  @param[in] userId - user id
101  *
102  *  @return true if valid, false otherwise
103  */
104 bool ipmiUserIsValidUserId(const uint8_t userId);
105 
106 /** @brief determines valid privilege level
107  *
108  *  @param[in] priv - privilege level
109  *
110  *  @return true if valid, false otherwise
111  */
112 bool ipmiUserIsValidPrivilege(const uint8_t priv);
113 
114 /** @brief get user id corresponding to the user name
115  *
116  *  @param[in] userName - user name
117  *
118  *  @return userid. Will return 0xff if no user id found
119  */
120 uint8_t ipmiUserGetUserId(const std::string& userName);
121 
122 /** @brief set's user name
123  *
124  *  @param[in] userId - user id
125  *  @param[in] userName - user name
126  *
127  *  @return IPMI_CC_OK for success, others for failure.
128  */
129 ipmi_ret_t ipmiUserSetUserName(const uint8_t userId, const char* userName);
130 
131 /** @brief set user password
132  *
133  *  @param[in] userId - user id
134  *  @param[in] userPassword - New Password
135  *
136  *  @return IPMI_CC_OK for success, others for failure.
137  */
138 ipmi_ret_t ipmiUserSetUserPassword(const uint8_t userId,
139                                    const char* userPassword);
140 
141 /** @brief set special user password (non-ipmi accounts)
142  *
143  *  @param[in] userName - user name
144  *  @param[in] userPassword - New Password
145  *
146  *  @return IPMI_CC_OK for success, others for failure.
147  */
148 ipmi_ret_t ipmiSetSpecialUserPassword(const std::string& userName,
149                                       const std::string& userPassword);
150 
151 /** @brief get user name
152  *
153  *  @param[in] userId - user id
154  *  @param[out] userName - user name
155  *
156  *  @return IPMI_CC_OK for success, others for failure.
157  */
158 ipmi_ret_t ipmiUserGetUserName(const uint8_t userId, std::string& userName);
159 
160 /** @brief provides available fixed, max, and enabled user counts
161  *
162  *  @param[out] maxChUsers - max channel users
163  *  @param[out] enabledUsers - enabled user count
164  *  @param[out] fixedUsers - fixed user count
165  *
166  *  @return IPMI_CC_OK for success, others for failure.
167  */
168 ipmi_ret_t ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
169                                 uint8_t& fixedUsers);
170 
171 /** @brief function to update user enabled state
172  *
173  *  @param[in] userId - user id
174  *..@param[in] state - state of the user to be updated, true - user enabled.
175  *
176  *  @return IPMI_CC_OK for success, others for failure.
177  */
178 ipmi_ret_t ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state);
179 
180 /** @brief determines whether user is enabled
181  *
182  *  @param[in] userId - user id
183  *..@param[out] state - state of the user
184  *
185  *  @return IPMI_CC_OK for success, others for failure.
186  */
187 ipmi_ret_t ipmiUserCheckEnabled(const uint8_t userId, bool& state);
188 
189 /** @brief provides user privilege access data
190  *
191  *  @param[in] userId - user id
192  *  @param[in] chNum - channel number
193  *  @param[out] privAccess - privilege access data
194  *
195  *  @return IPMI_CC_OK for success, others for failure.
196  */
197 ipmi_ret_t ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
198                                       PrivAccess& privAccess);
199 
200 /** @brief sets user privilege access data
201  *
202  *  @param[in] userId - user id
203  *  @param[in] chNum - channel number
204  *  @param[in] privAccess - privilege access data
205  *  @param[in] otherPrivUpdate - flags to indicate other fields update
206  *
207  *  @return IPMI_CC_OK for success, others for failure.
208  */
209 ipmi_ret_t ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
210                                       const PrivAccess& privAccess,
211                                       const bool& otherPrivUpdate);
212 
213 /** @brief check for user pam authentication. This is to determine, whether user
214  * is already locked out for failed login attempt
215  *
216  *  @param[in] username - username
217  *  @param[in] password - password
218  *
219  *  @return status
220  */
221 bool ipmiUserPamAuthenticate(std::string_view userName,
222                              std::string_view userPassword);
223 
224 } // namespace ipmi
225