Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 282e79b49e6b36dac304b72ed0e9d065fb5b818c^! / . / user_channel / usercommands.cpp
commit282e79b49e6b36dac304b72ed0e9d065fb5b818c[log] [tgz]
authorRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Tue Nov 13 19:00:58 2018 +0530
committerRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Tue Nov 20 11:33:52 2018 +0530
tree511c6dbe5b5f7cfaed3247f1be5524874f65a828
parentf4b2b090a4c67e132d4c22fdc13ecbb261c6147a [diff] [blame]
Add test & user enabled state in set user password

Support for test password and user enabled state in Set user
password command

Unit Test:
1. Performed user enabled & disabled and verified the state change
2. Performed test user password - both pass & fail condition

Change-Id: I0eb91ad849e43072b1d9e90d777304fabdfb40bc
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

diff --git a/user_channel/usercommands.cpp b/user_channel/usercommands.cpp
index 0ed5b8f..84e9456 100644
--- a/user_channel/usercommands.cpp
+++ b/user_channel/usercommands.cpp

@@ -429,25 +429,42 @@
         if (!std::regex_match(passwd.c_str(),
                               std::regex("[a-zA-z_0-9][a-zA-Z_0-9,?:`!\"]*")))
         {
-            log<level::DEBUG>("Invalid password fields",
-                              entry("USER-ID:%d", (uint8_t)req->userId));
+            log<level::ERR>("Invalid password fields",
+                            entry("USER-ID:%d", (uint8_t)req->userId));
             return IPMI_CC_INVALID_FIELD_REQUEST;
         }
         if (!pamUpdatePasswd(userName.c_str(), passwd.c_str()))
         {
-            log<level::DEBUG>("Failed to update password",
-                              entry("USER-ID:%d", (uint8_t)req->userId));
-            return IPMI_CC_UNSPECIFIED_ERROR;
+            log<level::ERR>("Failed to update password",
+                            entry("USER-ID:%d", (uint8_t)req->userId));
+            return IPMI_CC_INVALID_FIELD_REQUEST;
         }
+        return IPMI_CC_OK;
     }
-    else
+    else if (req->operation == enableUser || req->operation == disableUser)
     {
-        // TODO: test the password by reading the encrypted file
-        log<level::ERR>(
-            "Other operations not implemented - TODO yet to implement");
-        return IPMI_CC_INVALID_FIELD_REQUEST;
+        return ipmiUserUpdateEnabledState(req->userId,
+                                          static_cast<bool>(req->operation));
     }
-    return IPMI_CC_OK;
+    else if (req->operation == testPassword)
+    {
+        auto password = ipmiUserGetPassword(userName);
+        std::string testPassword(
+            reinterpret_cast<const char*>(req->userPassword), 0,
+            passwordLength);
+        // Note: For security reasons password size won't be compared and
+        // wrong password size completion code will not be returned if size
+        // doesn't match as specified in IPMI specification.
+        if (password != testPassword)
+        {
+            log<level::DEBUG>("Test password failed",
+                              entry("USER-ID:%d", (uint8_t)req->userId));
+            return static_cast<ipmi_ret_t>(
+                IPMISetPasswordReturnCodes::ipmiCCPasswdFailMismatch);
+        }
+        return IPMI_CC_OK;
+    }
+    return IPMI_CC_INVALID_FIELD_REQUEST;
 }
 
 void registerUserIpmiFunctions()