1 /*
2 // Copyright (c) 2018 Intel Corporation
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 */
16 
17 #include "config.h"
18 
19 #include "users.hpp"
20 
21 #include "user_mgr.hpp"
22 
23 #include <sys/types.h>
24 #include <sys/wait.h>
25 #include <unistd.h>
26 
27 #include <phosphor-logging/elog-errors.hpp>
28 #include <phosphor-logging/elog.hpp>
29 #include <phosphor-logging/lg2.hpp>
30 #include <xyz/openbmc_project/Common/error.hpp>
31 #include <xyz/openbmc_project/User/Common/error.hpp>
32 
33 #include <filesystem>
34 
35 namespace phosphor
36 {
37 namespace user
38 {
39 
40 using namespace phosphor::logging;
41 using InsufficientPermission =
42     sdbusplus::xyz::openbmc_project::Common::Error::InsufficientPermission;
43 using InternalFailure =
44     sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure;
45 using InvalidArgument =
46     sdbusplus::xyz::openbmc_project::Common::Error::InvalidArgument;
47 using NoResource =
48     sdbusplus::xyz::openbmc_project::User::Common::Error::NoResource;
49 
50 using Argument = xyz::openbmc_project::Common::InvalidArgument;
51 
52 /** @brief Constructs UserMgr object.
53  *
54  *  @param[in] bus  - sdbusplus handler
55  *  @param[in] path - D-Bus path
56  *  @param[in] groups - users group list
57  *  @param[in] priv - user privilege
58  *  @param[in] enabled - user enabled state
59  *  @param[in] parent - user manager - parent object
60  */
Users(sdbusplus::bus_t & bus,const char * path,std::vector<std::string> groups,std::string priv,bool enabled,UserMgr & parent)61 Users::Users(sdbusplus::bus_t& bus, const char* path,
62              std::vector<std::string> groups, std::string priv, bool enabled,
63              UserMgr& parent) :
64     Interfaces(bus, path, Interfaces::action::defer_emit),
65     userName(sdbusplus::message::object_path(path).filename()), manager(parent)
66 {
67     UsersIface::userPrivilege(priv, true);
68     UsersIface::userGroups(groups, true);
69     UsersIface::userEnabled(enabled, true);
70 
71     this->emit_object_added();
72 }
73 
74 /** @brief delete user method.
75  *  This method deletes the user as requested
76  *
77  */
delete_(void)78 void Users::delete_(void)
79 {
80     manager.deleteUser(userName);
81 }
82 
83 /** @brief update user privilege
84  *
85  *  @param[in] value - User privilege
86  */
userPrivilege(std::string value)87 std::string Users::userPrivilege(std::string value)
88 {
89     if (value == UsersIface::userPrivilege())
90     {
91         return value;
92     }
93     manager.updateGroupsAndPriv(userName, UsersIface::userGroups(), value);
94     return UsersIface::userPrivilege(value);
95 }
96 
setUserPrivilege(const std::string & value)97 void Users::setUserPrivilege(const std::string& value)
98 {
99     UsersIface::userPrivilege(value);
100 }
101 
setUserGroups(const std::vector<std::string> & groups)102 void Users::setUserGroups(const std::vector<std::string>& groups)
103 {
104     UsersIface::userGroups(groups);
105 }
106 
107 /** @brief list user privilege
108  *
109  */
userPrivilege(void) const110 std::string Users::userPrivilege(void) const
111 {
112     return UsersIface::userPrivilege();
113 }
114 
115 /** @brief update user groups
116  *
117  *  @param[in] value - User groups
118  */
userGroups(std::vector<std::string> value)119 std::vector<std::string> Users::userGroups(std::vector<std::string> value)
120 {
121     if (value == UsersIface::userGroups())
122     {
123         return value;
124     }
125     std::sort(value.begin(), value.end());
126     manager.updateGroupsAndPriv(userName, value, UsersIface::userPrivilege());
127     return UsersIface::userGroups(value);
128 }
129 
130 /** @brief list user groups
131  *
132  */
userGroups(void) const133 std::vector<std::string> Users::userGroups(void) const
134 {
135     return UsersIface::userGroups();
136 }
137 
138 /** @brief lists user enabled state
139  *
140  */
userEnabled(void) const141 bool Users::userEnabled(void) const
142 {
143     return manager.isUserEnabled(userName);
144 }
145 
setUserEnabled(bool value)146 void Users::setUserEnabled(bool value)
147 {
148     UsersIface::userEnabled(value);
149 }
150 
151 /** @brief update user enabled state
152  *
153  *  @param[in] value - bool value
154  */
userEnabled(bool value)155 bool Users::userEnabled(bool value)
156 {
157     if (value == UsersIface::userEnabled())
158     {
159         return value;
160     }
161     manager.userEnable(userName, value);
162     return UsersIface::userEnabled(value);
163 }
164 
165 /** @brief lists user locked state for failed attempt
166  *
167  **/
userLockedForFailedAttempt(void) const168 bool Users::userLockedForFailedAttempt(void) const
169 {
170     return manager.userLockedForFailedAttempt(userName);
171 }
172 
173 /** @brief unlock user locked state for failed attempt
174  *
175  * @param[in]: value - false - unlock user account, true - no action taken
176  **/
userLockedForFailedAttempt(bool value)177 bool Users::userLockedForFailedAttempt(bool value)
178 {
179     if (value != false)
180     {
181         return userLockedForFailedAttempt();
182     }
183     else
184     {
185         return manager.userLockedForFailedAttempt(userName, value);
186     }
187 }
188 
189 /** @brief indicates if the user's password is expired
190  *
191  **/
userPasswordExpired(void) const192 bool Users::userPasswordExpired(void) const
193 {
194     return manager.userPasswordExpired(userName);
195 }
196 
197 } // namespace user
198 } // namespace phosphor
199