Implement createGroup/deleteGroup

This commit adds the implementation for CreateGroup and DeleteGroup.

These interfaces give the possibility to create OEMRole and OEMPrivilege
as proposed in the Dynamic Redfish Authz design.
[1] https://github.com/openbmc/docs/blob/master/designs/redfish-authorization.md

Since now secondary groups will change at runtime, this commit made the
|groupsMgr| non-constant. When the service starts up, it will load all
the groups in the system, and recover its |groupsMgr| in memory.
Currently, only groups with certain prefixes are allowed to change
(creation or deletion). The only use case now is Redfish previleges and
roles so the current prefixes only cover that.

Similar to user creation, this commit also added limits and checks to
make sure these interfaces are safe.

Coverage:
  lines......: 84.1% (2197 of 2613 lines)
  functions..: 94.3% (492 of 522 functions)
  branches...: 31.1% (3506 of 11263 branches)

Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: I245017afda909a0bfa594ef112d7b0d40045f80d
diff --git a/user_mgr.hpp b/user_mgr.hpp
index d2dcb62..ec205e4 100644
--- a/user_mgr.hpp
+++ b/user_mgr.hpp
@@ -41,6 +41,8 @@
 inline constexpr size_t ipmiMaxUsers = 15;
 inline constexpr size_t maxSystemUsers = 30;
 inline constexpr uint8_t minPasswdLength = 8;
+inline constexpr size_t maxSystemGroupNameLength = 32;
+inline constexpr size_t maxSystemGroupCount = 64;
 
 using UserMgrIface = sdbusplus::xyz::openbmc_project::User::server::Manager;
 using UserSSHLists =
@@ -240,6 +242,12 @@
      */
     virtual size_t getIpmiUsersCount(void);
 
+    void createGroup(std::string groupName) override;
+
+    void deleteGroup(std::string groupName) override;
+
+    static std::vector<std::string> readAllGroupsOnSystem();
+
   protected:
     /** @brief get pam argument value
      *  method to get argument value from pam configuration
@@ -322,9 +330,9 @@
     virtual void executeUserModifyUserEnable(const char* userName,
                                              bool enabled);
 
-    void createGroup(std::string groupName) override;
+    virtual void executeGroupCreation(const char* groupName);
 
-    void deleteGroup(std::string groupName) override;
+    virtual void executeGroupDeletion(const char* groupName);
 
     virtual std::vector<std::string> getFailedAttempt(const char* userName);
 
@@ -344,6 +352,22 @@
 
     void initializeAccountPolicy();
 
+    /** @brief checks if the group creation meets all constraints
+     * @param groupName - group to check
+     */
+    void checkCreateGroupConstraints(const std::string& groupName);
+
+    /** @brief checks if the group deletion meets all constraints
+     * @param groupName - group to check
+     */
+    void checkDeleteGroupConstraints(const std::string& groupName);
+
+    /** @brief checks if the group name is legal and whether it's allowed to
+     * change. The daemon doesn't allow arbitrary group to be created
+     * @param groupName - group to check
+     */
+    void checkAndThrowForDisallowedGroupCreation(const std::string& groupName);
+
   private:
     /** @brief sdbusplus handler */
     sdbusplus::bus_t& bus;
@@ -352,11 +376,11 @@
     const std::string path;
 
     /** @brief privilege manager container */
-    std::vector<std::string> privMgr = {"priv-admin", "priv-operator",
-                                        "priv-user"};
+    const std::vector<std::string> privMgr = {"priv-admin", "priv-operator",
+                                              "priv-user"};
 
     /** @brief groups manager container */
-    std::vector<std::string> groupsMgr = {"web", "redfish", "ipmi", "ssh"};
+    std::vector<std::string> groupsMgr;
 
     /** @brief map container to hold users object */
     using UserName = std::string;