Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / a1a754c22305421e859b4ffeeee49909cf11a2fa^! / . / users.hpp
commita1a754c22305421e859b4ffeeee49909cf11a2fa[log] [tgz]
authorAbhilash Raju <abhilash.kollam@gmail.com>Thu Jul 25 05:43:40 2024 -0500
committerAbhilash Raju <abhilash.kollam@gmail.com>Wed Mar 05 03:11:22 2025 -0600
tree5c17ccc2adc9e821098a0cb6932190f10816c9f0
parentd4d22b04f18df2214d75527890bae00ca9ddaa0a [diff] [blame]
MFA feature: Enable google authenticator

Enabling multi-factor authentication for BMC. This feature enables
google authenticator using TOTP method.
This commit implements interface published [here][1]
and [here][2]

The implementation supports features such as create secret key,verify
TOTP token, enable system level MFA, and enable bypass options.

Currently the support is only for GoogleAuthenticator.

[1]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/User/MultiFactorAuthConfiguration.interface.yaml

[2]: https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/yaml/xyz/openbmc_project/User/TOTPAuthenticator.interface.yaml

Tested By:
Unit test
https://gerrit.openbmc.org/c/openbmc/phosphor-user-manager/+/78583/1

Change-Id: I053095763c65963ff865b487ab08f05039d2fc3a
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>

diff --git a/users.hpp b/users.hpp
index 3e0a891..a5ff131 100644
--- a/users.hpp
+++ b/users.hpp

@@ -18,7 +18,8 @@
 #include <sdbusplus/server/object.hpp>
 #include <xyz/openbmc_project/Object/Delete/server.hpp>
 #include <xyz/openbmc_project/User/Attributes/server.hpp>
-
+#include <xyz/openbmc_project/User/MultiFactorAuthConfiguration/server.hpp>
+#include <xyz/openbmc_project/User/TOTPAuthenticator/server.hpp>
 namespace phosphor
 {
 namespace user
@@ -26,8 +27,13 @@
 
 namespace Base = sdbusplus::xyz::openbmc_project;
 using UsersIface = Base::User::server::Attributes;
+
+using TOTPAuthenticatorIface = Base::User::server::TOTPAuthenticator;
 using DeleteIface = Base::Object::server::Delete;
-using Interfaces = sdbusplus::server::object_t<UsersIface, DeleteIface>;
+using Interfaces = sdbusplus::server::object_t<UsersIface, DeleteIface,
+                                               TOTPAuthenticatorIface>;
+using MultiFactorAuthType = sdbusplus::common::xyz::openbmc_project::user::
+    MultiFactorAuthConfiguration::Type;
 // Place where all user objects has to be created
 constexpr auto usersObjPath = "/xyz/openbmc_project/user";
 
@@ -121,7 +127,21 @@
      **/
     bool userPasswordExpired(void) const override;
 
+    std::string getUserName() const
+    {
+        return userName;
+    }
+    bool secretKeyIsValid() const override;
+    std::string createSecretKey() override;
+    bool verifyOTP(std::string otp) override;
+    bool secretKeyGenerationRequired() const override;
+    void clearSecretKey() override;
+    MultiFactorAuthType bypassedProtocol(MultiFactorAuthType value,
+                                         bool skipSignal) override;
+    void enableMultiFactorAuth(MultiFactorAuthType type, bool value);
+
   private:
+    bool checkMfaStatus() const;
     std::string userName;
     UserMgr& manager;
 };