Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 23f44657333de5e01ba4b78a4b14e57c42188ef8 / . / user_channel / user_layer.cpp
blob: bb9ac38111a95cf3fa4c67b1728d30d4b14da790 [file] [log] [blame]
/*
// Copyright (c) 2018 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
*/
#include "user_layer.hpp"
#include "passwd_mgr.hpp"
#include "user_mgmt.hpp"
namespace
{
ipmi::PasswdMgr passwdMgr;
}
namespace ipmi
{
Cc ipmiUserInit()
{
getUserAccessObject();
return ccSuccess;
}
SecureString ipmiUserGetPassword(const std::string& userName)
{
return passwdMgr.getPasswdByUserName(userName);
}
Cc ipmiClearUserEntryPassword(const std::string& userName)
{
if (passwdMgr.updateUserEntry(userName, "") != 0)
{
return ccUnspecifiedError;
}
return ccSuccess;
}
Cc ipmiRenameUserEntryPassword(const std::string& userName,
const std::string& newUserName)
{
if (passwdMgr.updateUserEntry(userName, newUserName) != 0)
{
return ccUnspecifiedError;
}
return ccSuccess;
}
bool ipmiUserIsValidUserId(const uint8_t userId)
{
return UserAccess::isValidUserId(userId);
}
bool ipmiUserIsValidPrivilege(const uint8_t priv)
{
return UserAccess::isValidPrivilege(priv);
}
uint8_t ipmiUserGetUserId(const std::string& userName)
{
return getUserAccessObject().getUserId(userName);
}
Cc ipmiUserSetUserName(const uint8_t userId, const char* userName)
{
std::string newUser(userName, 0, ipmiMaxUserName);
return getUserAccessObject().setUserName(userId, newUser);
}
Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName)
{
std::string newUser(userName, 0, ipmiMaxUserName);
return getUserAccessObject().setUserName(userId, newUser);
}
Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName)
{
return getUserAccessObject().getUserName(userId, userName);
}
Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword)
{
return getUserAccessObject().setUserPassword(userId, userPassword);
}
Cc ipmiSetSpecialUserPassword(const std::string& userName,
const SecureString& userPassword)
{
return getUserAccessObject().setSpecialUserPassword(userName, userPassword);
}
Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers,
uint8_t& fixedUsers)
{
maxChUsers = ipmiMaxUsers;
UsersTbl* userData = getUserAccessObject().getUsersTblPtr();
enabledUsers = 0;
fixedUsers = 0;
// user index 0 is reserved, starts with 1
for (size_t count = 1; count <= ipmiMaxUsers; ++count)
{
if (userData->user[count].userEnabled)
{
enabledUsers++;
}
if (userData->user[count].fixedUserName)
{
fixedUsers++;
}
}
return ccSuccess;
}
Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state)
{
return getUserAccessObject().setUserEnabledState(userId, state);
}
Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state)
{
if (!UserAccess::isValidUserId(userId))
{
return ccParmOutOfRange;
}
UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
state = userInfo->userEnabled;
return ccSuccess;
}
Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
PrivAccess& privAccess)
{
if (!UserAccess::isValidChannel(chNum))
{
return ccInvalidFieldRequest;
}
if (!UserAccess::isValidUserId(userId))
{
return ccParmOutOfRange;
}
UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
privAccess.privilege = userInfo->userPrivAccess[chNum].privilege;
privAccess.ipmiEnabled = userInfo->userPrivAccess[chNum].ipmiEnabled;
privAccess.linkAuthEnabled =
userInfo->userPrivAccess[chNum].linkAuthEnabled;
privAccess.accessCallback = userInfo->userPrivAccess[chNum].accessCallback;
return ccSuccess;
}
Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
const PrivAccess& privAccess,
const bool& otherPrivUpdates)
{
UserPrivAccess userPrivAccess;
userPrivAccess.privilege = privAccess.privilege;
if (otherPrivUpdates)
{
userPrivAccess.ipmiEnabled = privAccess.ipmiEnabled;
userPrivAccess.linkAuthEnabled = privAccess.linkAuthEnabled;
userPrivAccess.accessCallback = privAccess.accessCallback;
}
return getUserAccessObject().setUserPrivilegeAccess(
userId, chNum, userPrivAccess, otherPrivUpdates);
}
bool ipmiUserPamAuthenticate(std::string_view userName,
std::string_view userPassword)
{
return pamUserCheckAuthenticate(userName, userPassword);
}
Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation,
const uint8_t userId,
const PayloadAccess& payloadAccess)
{
if (!UserAccess::isValidChannel(chNum))
{
return ccInvalidFieldRequest;
}
if (!UserAccess::isValidUserId(userId))
{
return ccParmOutOfRange;
}
return getUserAccessObject().setUserPayloadAccess(chNum, operation, userId,
payloadAccess);
}
Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId,
PayloadAccess& payloadAccess)
{
if (!UserAccess::isValidChannel(chNum))
{
return ccInvalidFieldRequest;
}
if (!UserAccess::isValidUserId(userId))
{
return ccParmOutOfRange;
}
UserInfo* userInfo = getUserAccessObject().getUserInfo(userId);
payloadAccess.stdPayloadEnables1 =
userInfo->payloadAccess[chNum].stdPayloadEnables1;
payloadAccess.stdPayloadEnables2Reserved =
userInfo->payloadAccess[chNum].stdPayloadEnables2Reserved;
payloadAccess.oemPayloadEnables1 =
userInfo->payloadAccess[chNum].oemPayloadEnables1;
payloadAccess.oemPayloadEnables2Reserved =
userInfo->payloadAccess[chNum].oemPayloadEnables2Reserved;
return ccSuccess;
}
} // namespace ipmi