1 /* 2 // Copyright (c) 2018 Intel Corporation 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 */ 16 #pragma once 17 #include <sdbusplus/bus.hpp> 18 #include <sdbusplus/server/object.hpp> 19 #include <xyz/openbmc_project/User/Manager/server.hpp> 20 #include <xyz/openbmc_project/User/AccountPolicy/server.hpp> 21 #include <unordered_map> 22 #include "users.hpp" 23 24 namespace phosphor 25 { 26 namespace user 27 { 28 29 using UserMgrIface = sdbusplus::xyz::openbmc_project::User::server::Manager; 30 using UserSSHLists = 31 std::pair<std::vector<std::string>, std::vector<std::string>>; 32 using AccountPolicyIface = 33 sdbusplus::xyz::openbmc_project::User::server::AccountPolicy; 34 35 /** @class UserMgr 36 * @brief Responsible for managing user accounts over the D-Bus interface. 37 */ 38 class UserMgr : public UserMgrIface, AccountPolicyIface 39 { 40 public: 41 UserMgr() = delete; 42 ~UserMgr() = default; 43 UserMgr(const UserMgr &) = delete; 44 UserMgr &operator=(const UserMgr &) = delete; 45 UserMgr(UserMgr &&) = delete; 46 UserMgr &operator=(UserMgr &&) = delete; 47 48 /** @brief Constructs UserMgr object. 49 * 50 * @param[in] bus - sdbusplus handler 51 * @param[in] path - D-Bus path 52 */ 53 UserMgr(sdbusplus::bus::bus &bus, const char *path); 54 55 /** @brief create user method. 56 * This method creates a new user as requested 57 * 58 * @param[in] userName - Name of the user which has to be created 59 * @param[in] groupNames - Group names list, to which user has to be added. 60 * @param[in] priv - Privilege of the user. 61 * @param[in] enabled - State of the user enabled / disabled. 62 */ 63 void createUser(std::string userName, std::vector<std::string> groupNames, 64 std::string priv, bool enabled) override; 65 66 /** @brief rename user method. 67 * This method renames the user as requested 68 * 69 * @param[in] userName - current name of the user 70 * @param[in] newUserName - new user name to which it has to be renamed. 71 */ 72 void renameUser(std::string userName, std::string newUserName) override; 73 74 /** @brief delete user method. 75 * This method deletes the user as requested 76 * 77 * @param[in] userName - Name of the user which has to be deleted 78 */ 79 void deleteUser(std::string userName); 80 81 /** @brief Update user groups & privilege. 82 * This method updates user groups & privilege 83 * 84 * @param[in] userName - user name, for which update is requested 85 * @param[in] groupName - Group to be updated.. 86 * @param[in] priv - Privilege to be updated. 87 */ 88 void updateGroupsAndPriv(const std::string &userName, 89 const std::vector<std::string> &groups, 90 const std::string &priv); 91 92 /** @brief Update user enabled state. 93 * This method enables / disables user 94 * 95 * @param[in] userName - user name, for which update is requested 96 * @param[in] enabled - enable / disable the user 97 */ 98 void userEnable(const std::string &userName, bool enabled); 99 100 /** @brief update minimum password length requirement 101 * 102 * @param[in] val - minimum password length 103 * @return - minimum password length 104 */ 105 uint8_t minPasswordLength(uint8_t val) override; 106 107 /** @brief update old password history count 108 * 109 * @param[in] val - number of times old passwords has to be avoided 110 * @return - number of times old password has to be avoided 111 */ 112 uint8_t rememberOldPasswordTimes(uint8_t val) override; 113 114 /** @brief update maximum number of failed login attempt before locked 115 * out. 116 * 117 * @param[in] val - number of allowed attempt 118 * @return - number of allowed attempt 119 */ 120 uint16_t maxLoginAttemptBeforeLockout(uint16_t val) override; 121 122 /** @brief update timeout to unlock the account 123 * 124 * @param[in] val - value in seconds 125 * @return - value in seconds 126 */ 127 uint32_t accountUnlockTimeout(uint32_t val) override; 128 129 /** @brief lists user locked state for failed attempt 130 * 131 * @param[in] - user name 132 * @return - true / false indicating user locked / un-locked 133 **/ 134 bool userLockedForFailedAttempt(const std::string &userName); 135 136 /** @brief lists user locked state for failed attempt 137 * 138 * @param[in]: user name 139 * @param[in]: value - false -unlock user account, true - no action taken 140 **/ 141 bool userLockedForFailedAttempt(const std::string &userName, 142 const bool &value); 143 144 private: 145 /** @brief sdbusplus handler */ 146 sdbusplus::bus::bus &bus; 147 148 /** @brief object path */ 149 const std::string path; 150 151 /** @brief privilege manager container */ 152 std::vector<std::string> privMgr = {"priv-admin", "priv-operator", 153 "priv-user", "priv-callback"}; 154 155 /** @brief groups manager container */ 156 std::vector<std::string> groupsMgr = {"web", "redfish", "ipmi", "ssh"}; 157 158 /** @brief map container to hold users object */ 159 using UserName = std::string; 160 std::unordered_map<UserName, std::unique_ptr<phosphor::user::Users>> 161 usersList; 162 163 /** @brief get users in group 164 * method to get group user list 165 * 166 * @param[in] groupName - group name 167 * 168 * @return userList - list of users in the group. 169 */ 170 std::vector<std::string> getUsersInGroup(const std::string &groupName); 171 172 /** @brief get user & SSH users list 173 * method to get the users and ssh users list. 174 * 175 *@return - vector of User & SSH user lists 176 */ 177 UserSSHLists getUserAndSshGrpList(void); 178 179 /** @brief check for user presence 180 * method to check for user existence 181 * 182 * @param[in] userName - name of the user 183 * @return -true if user exists and false if not. 184 */ 185 bool isUserExist(const std::string &userName); 186 187 /** @brief check user exists 188 * method to check whether user exist, and throw if not. 189 * 190 * @param[in] userName - name of the user 191 */ 192 void throwForUserDoesNotExist(const std::string &userName); 193 194 /** @brief check user does not exist 195 * method to check whether does not exist, and throw if exists. 196 * 197 * @param[in] userName - name of the user 198 */ 199 void throwForUserExists(const std::string &userName); 200 201 /** @brief check user name constraints 202 * method to check user name constraints and throw if failed. 203 * 204 * @param[in] userName - name of the user 205 * @param[in] groupNames - user groups 206 */ 207 void 208 throwForUserNameConstraints(const std::string &userName, 209 const std::vector<std::string> &groupNames); 210 211 /** @brief check group user count 212 * method to check max group user count, and throw if limit reached 213 * 214 * @param[in] groupNames - group name 215 */ 216 void throwForMaxGrpUserCount(const std::vector<std::string> &groupNames); 217 218 /** @brief check for valid privielge 219 * method to check valid privilege, and throw if invalid 220 * 221 * @param[in] priv - privilege of the user 222 */ 223 void throwForInvalidPrivilege(const std::string &priv); 224 225 /** @brief check for valid groups 226 * method to check valid groups, and throw if invalid 227 * 228 * @param[in] groupNames - user groups 229 */ 230 void throwForInvalidGroups(const std::vector<std::string> &groupName); 231 232 /** @brief get user enabled state 233 * method to get user enabled state. 234 * 235 * @param[in] userName - name of the user 236 * @return - user enabled status (true/false) 237 */ 238 bool isUserEnabled(const std::string &userName); 239 240 /** @brief initialize the user manager objects 241 * method to initialize the user manager objects accordingly 242 * 243 */ 244 void initUserObjects(void); 245 246 /** @brief get IPMI user count 247 * method to get IPMI user count 248 * 249 * @return - returns user count 250 */ 251 size_t getIpmiUsersCount(void); 252 253 /** @brief get pam argument value 254 * method to get argument value from pam configuration 255 * 256 * @param[in] moduleName - name of the module from where arg has to be read 257 * @param[in] argName - argument name 258 * @param[out] argValue - argument value 259 * 260 * @return 0 - success state of the function 261 */ 262 int getPamModuleArgValue(const std::string &moduleName, 263 const std::string &argName, std::string &argValue); 264 265 /** @brief set pam argument value 266 * method to set argument value in pam configuration 267 * 268 * @param[in] moduleName - name of the module in which argument value has 269 * to be set 270 * @param[in] argName - argument name 271 * @param[out] argValue - argument value 272 * 273 * @return 0 - success state of the function 274 */ 275 int setPamModuleArgValue(const std::string &moduleName, 276 const std::string &argName, 277 const std::string &argValue); 278 }; 279 280 } // namespace user 281 } // namespace phosphor 282