Support for password & security configuration
Support for password & security enforcement configuration added.
Implements the D-Bus interface properties to read and configure
minimum password length, old password remember history, unlock
timeout and maximum login attempt.
Change-Id: I1a462a8a5d1f5dd07f3b594d62bd9c61bbdddb9c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/user_mgr.hpp b/user_mgr.hpp
index 44e14f7..b599724 100644
--- a/user_mgr.hpp
+++ b/user_mgr.hpp
@@ -17,6 +17,7 @@
#include <sdbusplus/bus.hpp>
#include <sdbusplus/server/object.hpp>
#include <xyz/openbmc_project/User/Manager/server.hpp>
+#include <xyz/openbmc_project/User/AccountPolicy/server.hpp>
#include <unordered_map>
#include "users.hpp"
@@ -28,10 +29,13 @@
using UserMgrIface = sdbusplus::xyz::openbmc_project::User::server::Manager;
using UserSSHLists =
std::pair<std::vector<std::string>, std::vector<std::string>>;
+using AccountPolicyIface =
+ sdbusplus::xyz::openbmc_project::User::server::AccountPolicy;
+
/** @class UserMgr
* @brief Responsible for managing user accounts over the D-Bus interface.
*/
-class UserMgr : public UserMgrIface
+class UserMgr : public UserMgrIface, AccountPolicyIface
{
public:
UserMgr() = delete;
@@ -93,6 +97,35 @@
*/
void userEnable(const std::string &userName, bool enabled);
+ /** @brief update minimum password length requirement
+ *
+ * @param[in] val - minimum password length
+ * @return - minimum password length
+ */
+ uint8_t minPasswordLength(uint8_t val) override;
+
+ /** @brief update old password history count
+ *
+ * @param[in] val - number of times old passwords has to be avoided
+ * @return - number of times old password has to be avoided
+ */
+ uint8_t rememberOldPasswordTimes(uint8_t val) override;
+
+ /** @brief update maximum number of failed login attempt before locked
+ * out.
+ *
+ * @param[in] val - number of allowed attempt
+ * @return - number of allowed attempt
+ */
+ uint16_t maxLoginAttemptBeforeLockout(uint16_t val) override;
+
+ /** @brief update timeout to unlock the account
+ *
+ * @param[in] val - value in seconds
+ * @return - value in seconds
+ */
+ uint32_t accountUnlockTimeout(uint32_t val) override;
+
private:
/** @brief sdbusplus handler */
sdbusplus::bus::bus &bus;
@@ -201,6 +234,32 @@
* @return - returns user count
*/
size_t getIpmiUsersCount(void);
+
+ /** @brief get pam argument value
+ * method to get argument value from pam configuration
+ *
+ * @param[in] moduleName - name of the module from where arg has to be read
+ * @param[in] argName - argument name
+ * @param[out] argValue - argument value
+ *
+ * @return 0 - success state of the function
+ */
+ int getPamModuleArgValue(const std::string &moduleName,
+ const std::string &argName, std::string &argValue);
+
+ /** @brief set pam argument value
+ * method to set argument value in pam configuration
+ *
+ * @param[in] moduleName - name of the module in which argument value has
+ * to be set
+ * @param[in] argName - argument name
+ * @param[out] argValue - argument value
+ *
+ * @return 0 - success state of the function
+ */
+ int setPamModuleArgValue(const std::string &moduleName,
+ const std::string &argName,
+ const std::string &argValue);
};
} // namespace user