|  | /* | 
|  | // Copyright (c) 2018 Intel Corporation | 
|  | // | 
|  | // Licensed under the Apache License, Version 2.0 (the "License"); | 
|  | // you may not use this file except in compliance with the License. | 
|  | // You may obtain a copy of the License at | 
|  | // | 
|  | //      http://www.apache.org/licenses/LICENSE-2.0 | 
|  | // | 
|  | // Unless required by applicable law or agreed to in writing, software | 
|  | // distributed under the License is distributed on an "AS IS" BASIS, | 
|  | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | // See the License for the specific language governing permissions and | 
|  | // limitations under the License. | 
|  | */ | 
|  |  | 
|  | #include "user_layer.hpp" | 
|  |  | 
|  | #include "passwd_mgr.hpp" | 
|  | #include "user_mgmt.hpp" | 
|  |  | 
|  | namespace | 
|  | { | 
|  | ipmi::PasswdMgr passwdMgr; | 
|  | } | 
|  |  | 
|  | namespace ipmi | 
|  | { | 
|  |  | 
|  | Cc ipmiUserInit() | 
|  | { | 
|  | getUserAccessObject(); | 
|  | return ccSuccess; | 
|  | } | 
|  |  | 
|  | SecureString ipmiUserGetPassword(const std::string& userName) | 
|  | { | 
|  | return passwdMgr.getPasswdByUserName(userName); | 
|  | } | 
|  |  | 
|  | Cc ipmiClearUserEntryPassword(const std::string& userName) | 
|  | { | 
|  | if (passwdMgr.updateUserEntry(userName, "") != 0) | 
|  | { | 
|  | return ccUnspecifiedError; | 
|  | } | 
|  | return ccSuccess; | 
|  | } | 
|  |  | 
|  | Cc ipmiRenameUserEntryPassword(const std::string& userName, | 
|  | const std::string& newUserName) | 
|  | { | 
|  | if (passwdMgr.updateUserEntry(userName, newUserName) != 0) | 
|  | { | 
|  | return ccUnspecifiedError; | 
|  | } | 
|  | return ccSuccess; | 
|  | } | 
|  |  | 
|  | bool ipmiUserIsValidUserId(const uint8_t userId) | 
|  | { | 
|  | return UserAccess::isValidUserId(userId); | 
|  | } | 
|  |  | 
|  | bool ipmiUserIsValidPrivilege(const uint8_t priv) | 
|  | { | 
|  | return UserAccess::isValidPrivilege(priv); | 
|  | } | 
|  |  | 
|  | uint8_t ipmiUserGetUserId(const std::string& userName) | 
|  | { | 
|  | return getUserAccessObject().getUserId(userName); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserSetUserName(const uint8_t userId, const char* userName) | 
|  | { | 
|  | std::string newUser(userName, 0, ipmiMaxUserName); | 
|  | return getUserAccessObject().setUserName(userId, newUser); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserSetUserName(const uint8_t userId, const std::string& userName) | 
|  | { | 
|  | std::string newUser(userName, 0, ipmiMaxUserName); | 
|  | return getUserAccessObject().setUserName(userId, newUser); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserGetUserName(const uint8_t userId, std::string& userName) | 
|  | { | 
|  | return getUserAccessObject().getUserName(userId, userName); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserSetUserPassword(const uint8_t userId, const char* userPassword) | 
|  | { | 
|  | return getUserAccessObject().setUserPassword(userId, userPassword); | 
|  | } | 
|  |  | 
|  | Cc ipmiSetSpecialUserPassword(const std::string& userName, | 
|  | const SecureString& userPassword) | 
|  | { | 
|  | return getUserAccessObject().setSpecialUserPassword(userName, userPassword); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserGetAllCounts(uint8_t& maxChUsers, uint8_t& enabledUsers, | 
|  | uint8_t& fixedUsers) | 
|  | { | 
|  | maxChUsers = ipmiMaxUsers; | 
|  | UsersTbl* userData = getUserAccessObject().getUsersTblPtr(); | 
|  | enabledUsers = 0; | 
|  | fixedUsers = 0; | 
|  | // user index 0 is reserved, starts with 1 | 
|  | for (size_t count = 1; count <= ipmiMaxUsers; ++count) | 
|  | { | 
|  | if (userData->user[count].userEnabled) | 
|  | { | 
|  | enabledUsers++; | 
|  | } | 
|  | if (userData->user[count].fixedUserName) | 
|  | { | 
|  | fixedUsers++; | 
|  | } | 
|  | } | 
|  | return ccSuccess; | 
|  | } | 
|  |  | 
|  | Cc ipmiUserUpdateEnabledState(const uint8_t userId, const bool& state) | 
|  | { | 
|  | return getUserAccessObject().setUserEnabledState(userId, state); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserCheckEnabled(const uint8_t userId, bool& state) | 
|  | { | 
|  | if (!UserAccess::isValidUserId(userId)) | 
|  | { | 
|  | return ccParmOutOfRange; | 
|  | } | 
|  | UserInfo* userInfo = getUserAccessObject().getUserInfo(userId); | 
|  | state = userInfo->userEnabled; | 
|  | return ccSuccess; | 
|  | } | 
|  |  | 
|  | Cc ipmiUserGetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, | 
|  | PrivAccess& privAccess) | 
|  | { | 
|  | if (!UserAccess::isValidChannel(chNum)) | 
|  | { | 
|  | lg2::error("Get Privilege access - Invalid channel number: {CHANNEL}", | 
|  | "CHANNEL", chNum); | 
|  | return ccInvalidFieldRequest; | 
|  | } | 
|  | if (!UserAccess::isValidUserId(userId)) | 
|  | { | 
|  | return ccParmOutOfRange; | 
|  | } | 
|  | UserInfo* userInfo = getUserAccessObject().getUserInfo(userId); | 
|  | privAccess.privilege = userInfo->userPrivAccess[chNum].privilege; | 
|  | privAccess.ipmiEnabled = userInfo->userPrivAccess[chNum].ipmiEnabled; | 
|  | privAccess.linkAuthEnabled = | 
|  | userInfo->userPrivAccess[chNum].linkAuthEnabled; | 
|  | privAccess.accessCallback = userInfo->userPrivAccess[chNum].accessCallback; | 
|  | return ccSuccess; | 
|  | } | 
|  |  | 
|  | Cc ipmiUserSetPrivilegeAccess(const uint8_t userId, const uint8_t chNum, | 
|  | const PrivAccess& privAccess, | 
|  | const bool& otherPrivUpdates) | 
|  | { | 
|  | UserPrivAccess userPrivAccess; | 
|  | userPrivAccess.privilege = privAccess.privilege; | 
|  | if (otherPrivUpdates) | 
|  | { | 
|  | userPrivAccess.ipmiEnabled = privAccess.ipmiEnabled; | 
|  | userPrivAccess.linkAuthEnabled = privAccess.linkAuthEnabled; | 
|  | userPrivAccess.accessCallback = privAccess.accessCallback; | 
|  | } | 
|  | return getUserAccessObject().setUserPrivilegeAccess( | 
|  | userId, chNum, userPrivAccess, otherPrivUpdates); | 
|  | } | 
|  |  | 
|  | bool ipmiUserPamAuthenticate(std::string_view userName, | 
|  | std::string_view userPassword) | 
|  | { | 
|  | return pamUserCheckAuthenticate(userName, userPassword); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserSetUserPayloadAccess(const uint8_t chNum, const uint8_t operation, | 
|  | const uint8_t userId, | 
|  | const PayloadAccess& payloadAccess) | 
|  | { | 
|  | if (!UserAccess::isValidChannel(chNum)) | 
|  | { | 
|  | lg2::error( | 
|  | "Set user payload access - Invalid channel number: {CHANNEL}", | 
|  | "CHANNEL", chNum); | 
|  | return ccInvalidFieldRequest; | 
|  | } | 
|  | if (!UserAccess::isValidUserId(userId)) | 
|  | { | 
|  | return ccParmOutOfRange; | 
|  | } | 
|  |  | 
|  | return getUserAccessObject().setUserPayloadAccess(chNum, operation, userId, | 
|  | payloadAccess); | 
|  | } | 
|  |  | 
|  | Cc ipmiUserGetUserPayloadAccess(const uint8_t chNum, const uint8_t userId, | 
|  | PayloadAccess& payloadAccess) | 
|  | { | 
|  | if (!UserAccess::isValidChannel(chNum)) | 
|  | { | 
|  | lg2::error( | 
|  | "Get user payload access - Invalid channel number: {CHANNEL}", | 
|  | "CHANNEL", chNum); | 
|  | return ccInvalidFieldRequest; | 
|  | } | 
|  | if (!UserAccess::isValidUserId(userId)) | 
|  | { | 
|  | return ccParmOutOfRange; | 
|  | } | 
|  |  | 
|  | UserInfo* userInfo = getUserAccessObject().getUserInfo(userId); | 
|  |  | 
|  | payloadAccess.stdPayloadEnables1 = | 
|  | userInfo->payloadAccess[chNum].stdPayloadEnables1; | 
|  | payloadAccess.stdPayloadEnables2Reserved = | 
|  | userInfo->payloadAccess[chNum].stdPayloadEnables2Reserved; | 
|  | payloadAccess.oemPayloadEnables1 = | 
|  | userInfo->payloadAccess[chNum].oemPayloadEnables1; | 
|  | payloadAccess.oemPayloadEnables2Reserved = | 
|  | userInfo->payloadAccess[chNum].oemPayloadEnables2Reserved; | 
|  |  | 
|  | return ccSuccess; | 
|  | } | 
|  |  | 
|  | } // namespace ipmi |