1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 #pragma once
17 
18 #include <bitset>
19 #include <ipmid/api.hpp>
20 #include <ipmid/types.hpp>
21 #include <string>
22 
23 namespace ipmi
24 {
25 
26 // TODO: Has to be replaced with proper channel number assignment logic
27 /**
28  * @enum Channel Id
29  */
30 enum class EChannelID : uint8_t
31 {
32     chanLan1 = 0x01
33 };
34 
35 static constexpr uint8_t invalidUserId = 0xFF;
36 static constexpr uint8_t reservedUserId = 0x0;
37 static constexpr uint8_t ipmiMaxUserName = 16;
38 static constexpr uint8_t ipmiMaxUsers = 15;
39 static constexpr uint8_t ipmiMaxChannels = 16;
40 static constexpr uint8_t maxIpmi20PasswordSize = 20;
41 static constexpr uint8_t maxIpmi15PasswordSize = 16;
42 static constexpr uint8_t payloadsPerByte = 8;
43 
44 /** @struct PrivAccess
45  *
46  *  User privilege related access data as per IPMI specification.(refer spec
47  * sec 22.26)
48  */
49 struct PrivAccess
50 {
51 #if BYTE_ORDER == LITTLE_ENDIAN
52     uint8_t privilege : 4;
53     uint8_t ipmiEnabled : 1;
54     uint8_t linkAuthEnabled : 1;
55     uint8_t accessCallback : 1;
56     uint8_t reserved : 1;
57 #endif
58 #if BYTE_ORDER == BIG_ENDIAN
59     uint8_t reserved : 1;
60     uint8_t accessCallback : 1;
61     uint8_t linkAuthEnabled : 1;
62     uint8_t ipmiEnabled : 1;
63     uint8_t privilege : 4;
64 #endif
65 } __attribute__((packed));
66 
67 /** @struct UserPayloadAccess
68  *
69  *  Structure to denote payload access restrictions applicable for a
70  *  given user and channel. (refer spec sec 24.6)
71  */
72 struct PayloadAccess
73 {
74     std::bitset<payloadsPerByte> stdPayloadEnables1;
75     std::bitset<payloadsPerByte> stdPayloadEnables2Reserved;
76     std::bitset<payloadsPerByte> oemPayloadEnables1;
77     std::bitset<payloadsPerByte> oemPayloadEnables2Reserved;
78 };
79 
80 /** @brief initializes user management
81  *
82  *  @return ccSuccess for success, others for failure.
83  */
84 Cc ipmiUserInit();
85 
86 /** @brief The ipmi get user password layer call
87  *
88  *  @param[in] userName - user name
89  *
90  *  @return password or empty string
91  */
92 SecureString ipmiUserGetPassword(const std::string& userName);
93 
94 /** @brief The IPMI call to clear password entry associated with specified
95  * username
96  *
97  *  @param[in] userName - user name to be removed
98  *
99  *  @return 0 on success, non-zero otherwise.
100  */
101 Cc ipmiClearUserEntryPassword(const std::string& userName);
102 
103 /** @brief The IPMI call to reuse password entry for the renamed user
104  *  to another one
105  *
106  *  @param[in] userName - user name which has to be renamed
107  *  @param[in] newUserName - new user name
108  *
109  *  @return 0 on success, non-zero otherwise.
110  */
111 Cc ipmiRenameUserEntryPassword(const std::string& userName,
112                                const std::string& newUserName);
113 
114 /** @brief determines valid userId
115  *
116  *  @param[in] userId - user id
117  *
118  *  @return true if valid, false otherwise
119  */
120 bool ipmiUserIsValidUserId(const uint8_t userId);
121 
122 /** @brief determines valid privilege level
123  *
124  *  @param[in] priv - privilege level
125  *
126  *  @return true if valid, false otherwise
127  */
128 bool ipmiUserIsValidPrivilege(const uint8_t priv);
129 
130 /** @brief get user id corresponding to the user name
131  *
132  *  @param[in] userName - user name
133  *
134  *  @return userid. Will return 0xff if no user id found
135  */
136 uint8_t ipmiUserGetUserId(const std::string& userName);
137 
138 /** @brief set's user name
139  *  This API is deprecated
140  */
141 Cc ipmiUserSetUserName(const uint8_t userId, const char* userName)
142     __attribute__((deprecated));
143 
144 /** @brief set's user name
145  *
146  *  @param[in] userId - user id
147  *  @param[in] userName - user name
148  *
149  *  @return ccSuccess for success, others for failure.
150  */
151 Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName);
152 
153 /** @brief set user password
154  *
155  *  @param[in] userId - user id
156  *  @param[in] userPassword - New Password
157  *
158  *  @return ccSuccess for success, others for failure.
159  */
160 Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword);
161 
162 /** @brief set special user password (non-ipmi accounts)
163  *
164  *  @param[in] userName - user name
165  *  @param[in] userPassword - New Password
166  *
167  *  @return ccSuccess for success, others for failure.
168  */
169 Cc ipmiSetSpecialUserPassword(const std::string& userName,
170                               const SecureString& userPassword);
171 
172 /** @brief get user name
173  *
174  *  @param[in] userId - user id
175  *  @param[out] userName - user name
176  *
177  *  @return ccSuccess for success, others for failure.
178  */
179 Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName);
180 
181 /** @brief provides available fixed, max, and enabled user counts
182  *
183  *  @param[out] maxChUsers - max channel users
184  *  @param[out] enabledUsers - enabled user count
185  *  @param[out] fixedUsers - fixed user count
186  *
187  *  @return ccSuccess for success, others for failure.
188  */
189 Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
190                         uint8_t& fixedUsers);
191 
192 /** @brief function to update user enabled state
193  *
194  *  @param[in] userId - user id
195  *..@param[in] state - state of the user to be updated, true - user enabled.
196  *
197  *  @return ccSuccess for success, others for failure.
198  */
199 Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state);
200 
201 /** @brief determines whether user is enabled
202  *
203  *  @param[in] userId - user id
204  *..@param[out] state - state of the user
205  *
206  *  @return ccSuccess for success, others for failure.
207  */
208 Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state);
209 
210 /** @brief provides user privilege access data
211  *
212  *  @param[in] userId - user id
213  *  @param[in] chNum - channel number
214  *  @param[out] privAccess - privilege access data
215  *
216  *  @return ccSuccess for success, others for failure.
217  */
218 Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
219                               PrivAccess& privAccess);
220 
221 /** @brief sets user privilege access data
222  *
223  *  @param[in] userId - user id
224  *  @param[in] chNum - channel number
225  *  @param[in] privAccess - privilege access data
226  *  @param[in] otherPrivUpdate - flags to indicate other fields update
227  *
228  *  @return ccSuccess for success, others for failure.
229  */
230 Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
231                               const PrivAccess& privAccess,
232                               const bool& otherPrivUpdate);
233 
234 /** @brief check for user pam authentication. This is to determine, whether user
235  * is already locked out for failed login attempt
236  *
237  *  @param[in] username - username
238  *  @param[in] password - password
239  *
240  *  @return status
241  */
242 bool ipmiUserPamAuthenticate(std::string_view userName,
243                              std::string_view userPassword);
244 
245 /** @brief sets user payload access data
246  *
247  *  @param[in] chNum - channel number
248  *  @param[in] operation - ENABLE / DISABLE operation
249  *  @param[in] userId - user id
250  *  @param[in] payloadAccess - payload access data
251  *
252  *  @return ccSuccess for success, others for failure.
253  */
254 Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation,
255                                 const uint8_t userId,
256                                 const PayloadAccess& payloadAccess);
257 
258 /** @brief provides user payload access data
259  *
260  *  @param[in] chNum - channel number
261  *  @param[in] userId - user id
262  *  @param[out] payloadAccess - payload access data
263  *
264  *  @return ccSuccess for success, others for failure.
265  */
266 Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId,
267                                 PayloadAccess& payloadAccess);
268 
269 } // namespace ipmi
270