Adding Set Password API support in Userlayer
Moved the pam function from libusercommand to libuserlayer
Added the setPassword API in user layer.
There are modules which requires to use set password functionality
(other ipmi providers-OEM),so it's better to keep the set-password
abstracted in user-layer instead of user-commands.
LIBS macro hold libpam and libmapper.
we want to separate the libpam from lib usercommand.
so,replaced LIBS with libmapper alone.
Tested:Able to set the password in ipmi using userlayer.
ex: ipmitool user set password <userid> <password>
user password should set properly.
Change-Id: I32d55ff5c042613c89805c6b9393d18cbf880461
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
diff --git a/user_channel/usercommands.cpp b/user_channel/usercommands.cpp
index 90aadb1..d0ea29f 100644
--- a/user_channel/usercommands.cpp
+++ b/user_channel/usercommands.cpp
@@ -31,8 +31,6 @@
using namespace phosphor::logging;
-static constexpr uint8_t maxIpmi20PasswordSize = 20;
-static constexpr uint8_t maxIpmi15PasswordSize = 16;
static constexpr uint8_t disableUser = 0x00;
static constexpr uint8_t enableUser = 0x01;
static constexpr uint8_t setPassword = 0x02;
@@ -352,65 +350,6 @@
return IPMI_CC_OK;
}
-int pamFunctionConversation(int numMsg, const struct pam_message** msg,
- struct pam_response** resp, void* appdataPtr)
-{
- if (appdataPtr == nullptr)
- {
- return PAM_AUTH_ERR;
- }
- size_t passSize = std::strlen(reinterpret_cast<char*>(appdataPtr)) + 1;
- char* pass = reinterpret_cast<char*>(malloc(passSize));
- std::strncpy(pass, reinterpret_cast<char*>(appdataPtr), passSize);
-
- *resp = reinterpret_cast<pam_response*>(
- calloc(numMsg, sizeof(struct pam_response)));
-
- for (int i = 0; i < numMsg; ++i)
- {
- if (msg[i]->msg_style != PAM_PROMPT_ECHO_OFF)
- {
- continue;
- }
- resp[i]->resp = pass;
- }
- return PAM_SUCCESS;
-}
-
-bool pamUpdatePasswd(const char* username, const char* password)
-{
- const struct pam_conv localConversation = {pamFunctionConversation,
- const_cast<char*>(password)};
- pam_handle_t* localAuthHandle = NULL; // this gets set by pam_start
-
- if (pam_start("passwd", username, &localConversation, &localAuthHandle) !=
- PAM_SUCCESS)
- {
- return false;
- }
- int retval = pam_chauthtok(localAuthHandle, PAM_SILENT);
-
- if (retval != PAM_SUCCESS)
- {
- if (retval == PAM_AUTHTOK_ERR)
- {
- log<level::DEBUG>("Authentication Failure");
- }
- else
- {
- log<level::DEBUG>("pam_chauthtok returned failure",
- entry("ERROR=%d", retval));
- }
- pam_end(localAuthHandle, retval);
- return false;
- }
- if (pam_end(localAuthHandle, PAM_SUCCESS) != PAM_SUCCESS)
- {
- return false;
- }
- return true;
-}
-
/** @brief implementes the set user password command
* @param[in] netfn - specifies netfn.
* @param[in] cmd - specifies cmd number.
@@ -462,23 +401,8 @@
}
if (req->operation == setPassword)
{
- std::string passwd;
- passwd.assign(reinterpret_cast<const char*>(req->userPassword), 0,
- maxIpmi20PasswordSize);
- if (!std::regex_match(passwd.c_str(),
- std::regex("[a-zA-z_0-9][a-zA-Z_0-9,?:`!\"]*")))
- {
- log<level::ERR>("Invalid password fields",
- entry("USER-ID:%d", (uint8_t)req->userId));
- return IPMI_CC_INVALID_FIELD_REQUEST;
- }
- if (!pamUpdatePasswd(userName.c_str(), passwd.c_str()))
- {
- log<level::ERR>("Failed to update password",
- entry("USER-ID:%d", (uint8_t)req->userId));
- return IPMI_CC_INVALID_FIELD_REQUEST;
- }
- return IPMI_CC_OK;
+ return ipmiUserSetUserPassword(
+ req->userId, reinterpret_cast<const char*>(req->userPassword));
}
else if (req->operation == enableUser || req->operation == disableUser)
{