Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / a45cb34ff6e6c778e2d2b86518afb8bc0a54d189 / . / user_channel / user_mgmt.hpp
blob: a54486fc1b016393444d1904c25d3d90cc3a8e58 [file] [log] [blame]
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
17#include "user_layer.hpp"
18
19#include <host-ipmid/ipmid-api.h>
20
21#include <boost/interprocess/sync/file_lock.hpp>
22#include <boost/interprocess/sync/named_recursive_mutex.hpp>
23#include <cstdint>
24#include <ctime>
25#include <sdbusplus/bus.hpp>
26
27namespace ipmi
28{
29
30using DbusUserPropVariant =
31 sdbusplus::message::variant<std::vector<std::string>, std::string, bool>;
32
33using DbusUserObjPath = sdbusplus::message::object_path;
34
35using DbusUserObjProperties =
36 std::vector<std::pair<std::string, DbusUserPropVariant>>;
37
38using DbusUserObjValue = std::map<std::string, DbusUserObjProperties>;
39
40enum class UserUpdateEvent
41{
42 reservedEvent,
43 userCreated,
44 userDeleted,
45 userRenamed,
46 userGrpUpdated,
47 userPrivUpdated,
48 userStateUpdated
49};
50
51struct UserPrivAccess
52{
53 uint8_t privilege;
54 bool ipmiEnabled;
55 bool linkAuthEnabled;
56 bool accessCallback;
57};
58
59struct UserInfo
60{
61 uint8_t userName[ipmiMaxUserName];
62 UserPrivAccess userPrivAccess[ipmiMaxChannels];
63 bool userEnabled;
64 bool userInSystem;
65 bool fixedUserName;
66};
67
68struct UsersTbl
69{
70 //+1 to map with UserId directly. UserId 0 is reserved.
71 UserInfo user[ipmiMaxUsers + 1];
72};
73
74class UserAccess;
75
76UserAccess& getUserAccessObject();
77
78class UserAccess
79{
80 public:
81 UserAccess(const UserAccess&) = delete;
82 UserAccess& operator=(const UserAccess&) = delete;
83 UserAccess(UserAccess&&) = delete;
84 UserAccess& operator=(UserAccess&&) = delete;
85
86 ~UserAccess();
87 UserAccess();
88
89 /** @brief determines valid channel
90 *
91 * @param[in] chNum - channel number
92 *
93 * @return true if valid, false otherwise
94 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]95 static bool isValidChannel(const uint8_t chNum);
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]96
97 /** @brief determines valid userId
98 *
99 * @param[in] userId - user id
100 *
101 * @return true if valid, false otherwise
102 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]103 static bool isValidUserId(const uint8_t userId);
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]104
105 /** @brief determines valid user privilege
106 *
107 * @param[in] priv - Privilege
108 *
109 * @return true if valid, false otherwise
110 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]111 static bool isValidPrivilege(const uint8_t priv);
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]112
113 /** @brief determines sync index to be mapped with common-user-management
114 *
115 * @return Index which will be used as sync index
116 */
117 static uint8_t getUsrMgmtSyncIndex();
118
119 /** @brief Converts system privilege to IPMI privilege
120 *
121 * @param[in] value - Privilege in string
122 *
123 * @return CommandPrivilege - IPMI privilege type
124 */
125 static CommandPrivilege convertToIPMIPrivilege(const std::string& value);
126
127 /** @brief Converts IPMI privilege to system privilege
128 *
129 * @param[in] value - IPMI privilege
130 *
131 * @return System privilege in string
132 */
133 static std::string convertToSystemPrivilege(const CommandPrivilege& value);
134
135 /** @brief determines whether user name is valid
136 *
137 * @param[in] userNameInChar - user name
138 *
139 * @return true if valid, false otherwise
140 */
141 bool isValidUserName(const char* userNameInChar);
142
143 /** @brief provides user id of the user
144 *
145 * @param[in] userName - user name
146 *
147 * @return user id of the user, else invalid user id (0xFF), if user not
148 * found
149 */
150 uint8_t getUserId(const std::string& userName);
151
152 /** @brief provides user information
153 *
154 * @param[in] userId - user id
155 *
156 * @return UserInfo for the specified user id
157 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]158 UserInfo* getUserInfo(const uint8_t userId);
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]159
160 /** @brief sets user information
161 *
162 * @param[in] userId - user id
163 * @param[in] userInfo - user information
164 *
165 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]166 void setUserInfo(const uint8_t userId, UserInfo* userInfo);
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]167
168 /** @brief provides user name
169 *
170 * @param[in] userId - user id
171 * @param[out] userName - user name
172 *
173 * @return IPMI_CC_OK for success, others for failure.
174 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]175 ipmi_ret_t getUserName(const uint8_t userId, std::string& userName);
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]176
177 /** @brief to set user name
178 *
179 * @param[in] userId - user id
180 * @param[in] userNameInChar - user name
181 *
182 * @return IPMI_CC_OK for success, others for failure.
183 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]184 ipmi_ret_t setUserName(const uint8_t userId, const char* userNameInChar);
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]185
Richard Marian Thomaiyar282e79b2018-11-13 19:00:58 +0530[diff] [blame]186 /** @brief to set user enabled state
187 *
188 * @param[in] userId - user id
189 * @param[in] enabledState - enabled state of the user
190 *
191 * @return IPMI_CC_OK for success, others for failure.
192 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]193 ipmi_ret_t setUserEnabledState(const uint8_t userId,
Richard Marian Thomaiyar282e79b2018-11-13 19:00:58 +0530[diff] [blame]194 const bool& enabledState);
195
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]196 /** @brief to set user privilege and access details
197 *
198 * @param[in] userId - user id
199 * @param[in] chNum - channel number
200 * @param[in] privAccess - privilege access
201 * @param[in] otherPrivUpdates - other privilege update flag to update ipmi
202 * enable, link authentication and access callback
203 *
204 * @return IPMI_CC_OK for success, others for failure.
205 */
Richard Marian Thomaiyara45cb342018-12-03 15:08:59 +0530[diff] [blame^]206 ipmi_ret_t setUserPrivilegeAccess(const uint8_t userId, const uint8_t chNum,
Richard Marian Thomaiyar5a6b6362018-03-12 23:42:34 +0530[diff] [blame]207 const UserPrivAccess& privAccess,
208 const bool& otherPrivUpdates);
209
210 /** @brief reads user management related data from configuration file
211 *
212 */
213 void readUserData();
214
215 /** @brief writes user management related data to configuration file
216 *
217 */
218 void writeUserData();
219
220 /** @brief Funtion which checks and reload configuration file data if
221 * needed.
222 *
223 */
224 void checkAndReloadUserData();
225
226 /** @brief provides user details from D-Bus user property data
227 *
228 * @param[in] properties - D-Bus user property
229 * @param[out] usrGrps - user group details
230 * @param[out] usrPriv - user privilege
231 * @param[out] usrEnabled - enabled state of the user.
232 *
233 * @return 0 for success, -errno for failure.
234 */
235 void getUserProperties(const DbusUserObjProperties& properties,
236 std::vector<std::string>& usrGrps,
237 std::string& usrPriv, bool& usrEnabled);
238
239 /** @brief provides user details from D-Bus user object data
240 *
241 * @param[in] userObjs - D-Bus user object
242 * @param[out] usrGrps - user group details
243 * @param[out] usrPriv - user privilege
244 * @param[out] usrEnabled - enabled state of the user.
245 *
246 * @return 0 for success, -errno for failure.
247 */
248 int getUserObjProperties(const DbusUserObjValue& userObjs,
249 std::vector<std::string>& usrGrps,
250 std::string& usrPriv, bool& usrEnabled);
251
252 /** @brief function to add user entry information to the configuration
253 *
254 * @param[in] userName - user name
255 * @param[in] priv - privilege of the user
256 * @param[in] enabled - enabled state of the user
257 *
258 * @return true for success, false for failure
259 */
260 bool addUserEntry(const std::string& userName, const std::string& priv,
261 const bool& enabled);
262
263 /** @brief function to delete user entry based on user index
264 *
265 * @param[in] usrIdx - user index
266 *
267 */
268 void deleteUserIndex(const size_t& usrIdx);
269
270 /** @brief function to get users table
271 *
272 */
273 UsersTbl* getUsersTblPtr();
274
275 std::unique_ptr<boost::interprocess::named_recursive_mutex> userMutex{
276 nullptr};
277
278 private:
279 UsersTbl usersTbl;
280 std::vector<std::string> availablePrivileges;
281 std::vector<std::string> availableGroups;
282 sdbusplus::bus::bus bus;
283 std::time_t fileLastUpdatedTime;
284 bool signalHndlrObject = false;
285 boost::interprocess::file_lock sigHndlrLock;
286 boost::interprocess::file_lock mutexCleanupLock;
287
288 /** @brief function to get user configuration file timestamp
289 *
290 * @return time stamp or -EIO for failure
291 */
292 std::time_t getUpdatedFileTime();
293
294 /** @brief function to available system privileges and groups
295 *
296 */
297 void getSystemPrivAndGroups();
298
299 /** @brief function to init user data from configuration & D-Bus objects
300 *
301 */
302 void initUserDataFile();
303};
304} // namespace ipmi