Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / a1a754c22305421e859b4ffeeee49909cf11a2fa^! / . / user_mgr.cpp
commita1a754c22305421e859b4ffeeee49909cf11a2fa[log] [tgz]
authorAbhilash Raju <abhilash.kollam@gmail.com>Thu Jul 25 05:43:40 2024 -0500
committerAbhilash Raju <abhilash.kollam@gmail.com>Wed Mar 05 03:11:22 2025 -0600
tree5c17ccc2adc9e821098a0cb6932190f10816c9f0
parentd4d22b04f18df2214d75527890bae00ca9ddaa0a [diff] [blame]
MFA feature: Enable google authenticator

Enabling multi-factor authentication for BMC. This feature enables
google authenticator using TOTP method.
This commit implements interface published [here][1]
and [here][2]

The implementation supports features such as create secret key,verify
TOTP token, enable system level MFA, and enable bypass options.

Currently the support is only for GoogleAuthenticator.

[1]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/User/MultiFactorAuthConfiguration.interface.yaml

[2]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/User/TOTPAuthenticator.interface.yaml

Tested By:
Unit test
https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/78583/1

Change-Id: I053095763c65963ff865b487ab08f05039d2fc3a
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>

diff --git a/user_mgr.cpp b/user_mgr.cpp
index d1c525b..129e4b4 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp

@@ -1207,6 +1207,8 @@
                          user.get()->userLockedForFailedAttempt());
         userInfo.emplace("UserPasswordExpired",
                          user.get()->userPasswordExpired());
+        userInfo.emplace("TOTPSecretkeyRequired",
+                         user.get()->secretKeyGenerationRequired());
         userInfo.emplace("RemoteUser", false);
     }
     else
@@ -1539,5 +1541,39 @@
     return executeCmd("/usr/sbin/faillock", "--user", userName);
 }
 
+MultiFactorAuthType UserMgr::enabled(MultiFactorAuthType value, bool skipSignal)
+{
+    if (value == enabled())
+    {
+        return value;
+    }
+    switch (value)
+    {
+        case MultiFactorAuthType::None:
+            for (auto type : {MultiFactorAuthType::GoogleAuthenticator})
+            {
+                for (auto& u : usersList)
+                {
+                    u.second->enableMultiFactorAuth(type, false);
+                }
+            }
+            break;
+        default:
+            for (auto& u : usersList)
+            {
+                u.second->enableMultiFactorAuth(value, true);
+            }
+            break;
+    }
+    return MultiFactorAuthConfigurationIface::enabled(value, skipSignal);
+}
+bool UserMgr::secretKeyRequired(std::string userName)
+{
+    if (usersList.contains(userName))
+    {
+        return usersList[userName]->secretKeyGenerationRequired();
+    }
+    return false;
+}
 } // namespace user
 } // namespace phosphor