Add CreateUser2 method to create a new local user
This method is identical to the existing CreateUser method with only
addition which allows to specify Epoch time when a password of the user
being created expires. The idea to introduce new method creating a user
alongside with a password expiration was suggested in a comment [1] in
the corresponding review in bmcweb [2].
To make password not to expire, uint64_t maximum should be provided as
a password expiration argument value.
Not to set password expiration, zero should be provided as a password
expiration argument. This value is required to create a user without
password expiration specified, to unify calls from the bmcweb. Moreover,
this value is required to further extend CreateUser2 method to allow
create a user with password and account expiration but to use it in a
situation, for example, when account expiration is specified but
password expiration is not.
Local user password management was implemented to reflect changes in the
corresponding PasswordExpiration attribute in the
xyz.openbmc_project.User.Attributes interface.
Functionality is implemented via calls to 'chage' utility. It is worth
to mention, that 'chage' utility operates on the password last change
date and password age in days, hence date time password expiration date
time is rounded to fit into integer number of days. Also, because of
'chage' specifics it is not possible to set password expiration to a
timepoint which happened before the last password change date, because
this makes password not to expire.
GetUserInfo implementation was changed accordingly to report user
password expiration.
Unit tests were implemented as well.
This change depends on the corresponding change in
phosphos-dbus-interfaces [3].
Tested:
1. created user 'user1' via a call to CreateUser2 with password
expiration value set to zero, verified that correct value is set in
PasswordExpiration attribute on D-Bus, verified via 'chage' utility
that user's password expiration is left intact
2. created user 'user2' via a call to CreateUser2 with password
expiration value set to maximum, verified that correct value is set
in PasswordExpiration attribute on D-Bus, verified via 'chage'
utility that password does not expire
3. created user 'user2' via a call to CreateUser2 without password
expiration value, verified that default value is set
in PasswordExpiration attribute on D-Bus, verified via 'chage'
utility that password does not expire
4. created user 'user3' via a call to CreateUser2 with password
expiration value set to make password expire in 5 days, verified that
correct value is set in PasswordExpiration attribute on D-Bus,
verified via 'chage' utility that password expiration date is correct
5. created user 'user4' via a call to CreateUser2 with password
expiration value set to zero,
5.1 changed PasswordExpiration attribute to maximum value via `busctl`
call, verified that the attribute is correct on D-Bus, verified via
'chage' that user's password does not expire
5.2 changed PasswordExpiration attribute to a value to make password
expiration happen in 5 days, verified that the attribute is correct
on D-Bus, verified via 'chage' utility that password expires in 5
days,
5.3 renamed the user to 'user5' via RenameUser call, verified that
'user5' had the same value of PasswordExpirtion attribute as 'user4'
had had
6. tried to create a new user with invalid password expiration value set
to a time point in the past, got appropriate error
7. tried to set PasswordExpiration attribute to a time point which
happened before the last password change, got appropriate error
[1] ```https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75372/comment/d35c832d_e769bf9c/```
[2] ```https://gerrit.openbmc.org/c/openbmc/bmcweb/+/75372```
[3] ```https://gerrit.openbmc.org/c/openbmc/phosphor-dbus-interfaces/+/75236```
Change-Id: Iccfb0c91c3b5ec353c59cc4f3abe66e5d9817b5a
Signed-off-by: Ivan Moiseev <moiseev.ivan4w@yandex.com>
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
6 files changed