Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / a67caed71e1553235eb5b2ae0e252e654111a382 / . / user_channel / passwd_mgr.hpp
blob: 4c94480de2a336aa8c017025dc0c3a79955d7066 [file] [log] [blame]
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17#include <openssl/evp.h>
18
19#include <ctime>
Andrew Geisslerecc03422020-05-16 15:08:22 -0500[diff] [blame]20#include <string>
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]21#include <unordered_map>
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]22#include <vector>
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]23
24namespace ipmi
25{
26
27class PasswdMgr
28{
29 public:
30 ~PasswdMgr() = default;
31 PasswdMgr(const PasswdMgr&) = delete;
32 PasswdMgr& operator=(const PasswdMgr&) = delete;
33 PasswdMgr(PasswdMgr&&) = delete;
34 PasswdMgr& operator=(PasswdMgr&&) = delete;
35
36 /** @brief Constructs user password list
37 *
38 */
39 PasswdMgr();
40
41 /** @brief Get password for the user
42 *
43 * @param[in] userName - user name
44 *
45 * @return password string. will return empty string, if unable to locate
46 * the user
47 */
48 std::string getPasswdByUserName(const std::string& userName);
49
Richard Marian Thomaiyar42bed642018-09-21 12:28:57 +0530[diff] [blame]50 /** @brief Update / clear username and password entry for the specified
51 * user
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]52 *
Richard Marian Thomaiyar42bed642018-09-21 12:28:57 +0530[diff] [blame]53 * @param[in] userName - user name that has to be renamed / deleted
54 * @param[in] newUserName - new user name. If empty, userName will be
55 * deleted.
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]56 *
57 * @return error response
58 */
Richard Marian Thomaiyar42bed642018-09-21 12:28:57 +0530[diff] [blame]59 int updateUserEntry(const std::string& userName,
60 const std::string& newUserName);
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]61
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]62 private:
63 using UserName = std::string;
64 using Password = std::string;
65 std::unordered_map<UserName, Password> passwdMapList;
66 std::time_t fileLastUpdatedTime;
Richard Marian Thomaiyar6ba8d312020-04-10 23:52:50 +0530[diff] [blame]67
68 /** @brief restrict file permission
69 *
70 */
71 void restrictFilesPermission(void);
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]72 /** @brief check timestamp and reload password map if required
73 *
74 */
75 void checkAndReload(void);
76 /** @brief initializes passwdMapList by reading the encrypted file
77 *
78 * Initializes the passwordMapList members after decrypting the
79 * password file. passwordMapList will be used further in IPMI
80 * authentication.
81 */
82 void initPasswordMap(void);
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]83
84 /** @brief Function to read the encrypted password file data
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]85 *
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]86 * @param[out] outBytes - vector to hold decrypted password file data
87 *
88 * @return error response
89 */
90 int readPasswdFileData(std::vector<uint8_t>& outBytes);
91 /** @brief Updates special password file by clearing the password entry
92 * for the user specified.
93 *
Richard Marian Thomaiyar42bed642018-09-21 12:28:57 +0530[diff] [blame]94 * @param[in] userName - user name that has to be renamed / deleted
95 * @param[in] newUserName - new user name. If empty, userName will be
96 * deleted.
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]97 *
98 * @return error response
99 */
Richard Marian Thomaiyar42bed642018-09-21 12:28:57 +0530[diff] [blame]100 int updatePasswdSpecialFile(const std::string& userName,
101 const std::string& newUserName);
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]102 /** @brief encrypts or decrypt the data provided
103 *
104 * @param[in] doEncrypt - do encrypt if set to true, else do decrypt.
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]105 * @param[in] cipher - cipher to be used
106 * @param[in] key - pointer to the key
107 * @param[in] keyLen - Length of the key to be used
108 * @param[in] iv - pointer to initialization vector
109 * @param[in] ivLen - Length of the iv
110 * @param[in] inBytes - input data to be encrypted / decrypted
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]111 * @param[in] inBytesLen - input size to be encrypted / decrypted
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]112 * @param[in] mac - message authentication code - to figure out corruption
113 * @param[in] macLen - size of MAC
114 * @param[in] outBytes - ptr to store output bytes
115 * @param[in] outBytesLen - outbut data length.
116 *
117 * @return error response
118 */
AppaRao Pulib29b5ab2018-05-17 10:28:48 +0530[diff] [blame]119 int encryptDecryptData(bool doEncrypt, const EVP_CIPHER* cipher,
120 uint8_t* key, size_t keyLen, uint8_t* iv,
121 size_t ivLen, uint8_t* inBytes, size_t inBytesLen,
122 uint8_t* mac, size_t* macLen, uint8_t* outBytes,
123 size_t* outBytesLen);
124
125 /** @brief returns updated file time of passwd file entry.
126 *
127 * @return timestamp or -1 for error.
128 */
129 std::time_t getUpdatedFileTime();
Richard Marian Thomaiyar4654d992018-04-19 05:38:37 +0530[diff] [blame]130};
131
132} // namespace ipmi