Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / c4183b84ba512735b5b32c88f81b77091b0fd5cd / . / user_mgr.hpp
blob: b69cb87533f62c35df2263144457c61afd74b52a [file] [log] [blame]
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]1/*
2// Copyright (c) 2018 Intel Corporation
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15*/
16#pragma once
Abhilash Raju93804eb2024-10-01 00:24:43 -0500[diff] [blame]17#include "json_serializer.hpp"
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]18#include "users.hpp"
19
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]20#include <boost/process/child.hpp>
21#include <boost/process/io.hpp>
22#include <phosphor-logging/elog-errors.hpp>
23#include <phosphor-logging/elog.hpp>
Jiaqing Zhao11ec6662022-07-05 20:55:34 +0800[diff] [blame]24#include <phosphor-logging/lg2.hpp>
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]25#include <sdbusplus/bus.hpp>
26#include <sdbusplus/server/object.hpp>
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]27#include <xyz/openbmc_project/Common/error.hpp>
Richard Marian Thomaiyar9164fd92018-06-13 16:51:00 +0530[diff] [blame]28#include <xyz/openbmc_project/User/AccountPolicy/server.hpp>
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]29#include <xyz/openbmc_project/User/Manager/server.hpp>
Abhilash Rajua1a754c2024-07-25 05:43:40 -0500[diff] [blame]30#include <xyz/openbmc_project/User/MultiFactorAuthConfiguration/server.hpp>
31#include <xyz/openbmc_project/User/TOTPState/server.hpp>
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]32
Nan Zhoue47c09d2022-10-25 00:06:41 +0000[diff] [blame]33#include <span>
34#include <string>
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]35#include <unordered_map>
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]36#include <variant>
Nan Zhoue47c09d2022-10-25 00:06:41 +0000[diff] [blame]37#include <vector>
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]38
39namespace phosphor
40{
41namespace user
42{
43
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]44inline constexpr size_t ipmiMaxUsers = 15;
45inline constexpr size_t maxSystemUsers = 30;
Nan Zhou4bc69812022-10-25 00:07:13 +0000[diff] [blame]46inline constexpr uint8_t minPasswdLength = 8;
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]47inline constexpr size_t maxSystemGroupNameLength = 32;
48inline constexpr size_t maxSystemGroupCount = 64;
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]49
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]50using UserMgrIface = sdbusplus::xyz::openbmc_project::User::server::Manager;
51using UserSSHLists =
52 std::pair<std::vector<std::string>, std::vector<std::string>>;
Richard Marian Thomaiyar9164fd92018-06-13 16:51:00 +0530[diff] [blame]53using AccountPolicyIface =
54 sdbusplus::xyz::openbmc_project::User::server::AccountPolicy;
55
Abhilash Rajua1a754c2024-07-25 05:43:40 -0500[diff] [blame]56using MultiFactorAuthConfigurationIface =
57 sdbusplus::xyz::openbmc_project::User::server::MultiFactorAuthConfiguration;
58
59using TOTPStateIface = sdbusplus::xyz::openbmc_project::User::server::TOTPState;
60
61using Ifaces = sdbusplus::server::object_t<UserMgrIface, AccountPolicyIface,
62 MultiFactorAuthConfigurationIface,
63 TOTPStateIface>;
Ratan Gupta1af12232018-11-03 00:35:38 +0530[diff] [blame]64
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]65using Privilege = std::string;
66using GroupList = std::vector<std::string>;
67using UserEnabled = bool;
68using PropertyName = std::string;
Ravi Teja5fe724a2019-05-07 05:14:42 -0500[diff] [blame]69using ServiceEnabled = bool;
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]70
71using UserInfo = std::variant<Privilege, GroupList, UserEnabled>;
72using UserInfoMap = std::map<PropertyName, UserInfo>;
73
74using DbusUserObjPath = sdbusplus::message::object_path;
75
Patrick Williamsfdf09372020-05-13 18:01:45 -0500[diff] [blame]76using DbusUserPropVariant = std::variant<Privilege, ServiceEnabled>;
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]77
Alexander Filippov75626582022-02-09 18:42:37 +0300[diff] [blame]78using DbusUserObjProperties = std::map<PropertyName, DbusUserPropVariant>;
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]79
80using Interface = std::string;
81
82using DbusUserObjValue = std::map<Interface, DbusUserObjProperties>;
83
84using DbusUserObj = std::map<DbusUserObjPath, DbusUserObjValue>;
85
Abhilash Rajua1a754c2024-07-25 05:43:40 -0500[diff] [blame]86using MultiFactorAuthType = sdbusplus::common::xyz::openbmc_project::user::
87 MultiFactorAuthConfiguration::Type;
Nan Zhoue47c09d2022-10-25 00:06:41 +0000[diff] [blame]88std::string getCSVFromVector(std::span<const std::string> vec);
89
Nan Zhou332fb9d2022-10-25 00:07:03 +0000[diff] [blame]90bool removeStringFromCSV(std::string& csvStr, const std::string& delStr);
91
Nan Zhou8a11d992022-10-25 00:07:06 +0000[diff] [blame]92template <typename... ArgTypes>
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]93std::vector<std::string> executeCmd(const char* path, ArgTypes&&... tArgs)
94{
95 std::vector<std::string> stdOutput;
96 boost::process::ipstream stdOutStream;
97 boost::process::child execProg(path, const_cast<char*>(tArgs)...,
98 boost::process::std_out > stdOutStream);
99 std::string stdOutLine;
100
101 while (stdOutStream && std::getline(stdOutStream, stdOutLine) &&
102 !stdOutLine.empty())
103 {
104 stdOutput.emplace_back(stdOutLine);
105 }
106
107 execProg.wait();
108
109 int retCode = execProg.exit_code();
110 if (retCode)
111 {
Jiaqing Zhao11ec6662022-07-05 20:55:34 +0800[diff] [blame]112 lg2::error("Command {PATH} execution failed, return code {RETCODE}",
113 "PATH", path, "RETCODE", retCode);
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]114 phosphor::logging::elog<
115 sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure>();
116 }
117
118 return stdOutput;
119}
Nan Zhou8a11d992022-10-25 00:07:06 +0000[diff] [blame]120
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]121/** @class UserMgr
122 * @brief Responsible for managing user accounts over the D-Bus interface.
123 */
Ratan Gupta1af12232018-11-03 00:35:38 +0530[diff] [blame]124class UserMgr : public Ifaces
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]125{
126 public:
127 UserMgr() = delete;
128 ~UserMgr() = default;
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]129 UserMgr(const UserMgr&) = delete;
130 UserMgr& operator=(const UserMgr&) = delete;
131 UserMgr(UserMgr&&) = delete;
132 UserMgr& operator=(UserMgr&&) = delete;
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]133
134 /** @brief Constructs UserMgr object.
135 *
136 * @param[in] bus - sdbusplus handler
137 * @param[in] path - D-Bus path
138 */
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]139 UserMgr(sdbusplus::bus_t& bus, const char* path);
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]140
141 /** @brief create user method.
142 * This method creates a new user as requested
143 *
144 * @param[in] userName - Name of the user which has to be created
145 * @param[in] groupNames - Group names list, to which user has to be added.
146 * @param[in] priv - Privilege of the user.
147 * @param[in] enabled - State of the user enabled / disabled.
148 */
149 void createUser(std::string userName, std::vector<std::string> groupNames,
150 std::string priv, bool enabled) override;
151
152 /** @brief rename user method.
153 * This method renames the user as requested
154 *
155 * @param[in] userName - current name of the user
156 * @param[in] newUserName - new user name to which it has to be renamed.
157 */
158 void renameUser(std::string userName, std::string newUserName) override;
159
160 /** @brief delete user method.
161 * This method deletes the user as requested
162 *
163 * @param[in] userName - Name of the user which has to be deleted
164 */
165 void deleteUser(std::string userName);
166
167 /** @brief Update user groups & privilege.
168 * This method updates user groups & privilege
169 *
170 * @param[in] userName - user name, for which update is requested
171 * @param[in] groupName - Group to be updated..
172 * @param[in] priv - Privilege to be updated.
173 */
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]174 void updateGroupsAndPriv(const std::string& userName,
Nan Zhoufef63032022-10-25 00:07:12 +0000[diff] [blame]175 std::vector<std::string> groups,
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]176 const std::string& priv);
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]177
178 /** @brief Update user enabled state.
179 * This method enables / disables user
180 *
181 * @param[in] userName - user name, for which update is requested
182 * @param[in] enabled - enable / disable the user
183 */
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]184 void userEnable(const std::string& userName, bool enabled);
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]185
Denis Zlobine8edab52023-09-06 12:26:45 +0000[diff] [blame]186 /** @brief get user enabled state
187 * method to get user enabled state.
188 *
189 * @param[in] userName - name of the user
190 * @return - user enabled status (true/false)
191 */
192 virtual bool isUserEnabled(const std::string& userName);
193
Richard Marian Thomaiyar9164fd92018-06-13 16:51:00 +0530[diff] [blame]194 /** @brief update minimum password length requirement
195 *
196 * @param[in] val - minimum password length
197 * @return - minimum password length
198 */
199 uint8_t minPasswordLength(uint8_t val) override;
200
201 /** @brief update old password history count
202 *
203 * @param[in] val - number of times old passwords has to be avoided
204 * @return - number of times old password has to be avoided
205 */
206 uint8_t rememberOldPasswordTimes(uint8_t val) override;
207
208 /** @brief update maximum number of failed login attempt before locked
209 * out.
210 *
211 * @param[in] val - number of allowed attempt
212 * @return - number of allowed attempt
213 */
214 uint16_t maxLoginAttemptBeforeLockout(uint16_t val) override;
215
216 /** @brief update timeout to unlock the account
217 *
218 * @param[in] val - value in seconds
219 * @return - value in seconds
220 */
221 uint32_t accountUnlockTimeout(uint32_t val) override;
222
Jason M. Bills2d042d12023-03-28 15:32:45 -0700[diff] [blame]223 /** @brief parses the faillock output for locked user status
224 *
225 * @param[in] - output from faillock for the user
226 * @return - true / false indicating user locked / un-locked
227 **/
Patrick Williams88a82db2025-02-01 08:22:37 -0500[diff] [blame]228 bool parseFaillockForLockout(
229 const std::vector<std::string>& faillockOutput);
Jason M. Bills2d042d12023-03-28 15:32:45 -0700[diff] [blame]230
Richard Marian Thomaiyarc7045192018-06-13 16:51:00 +0530[diff] [blame]231 /** @brief lists user locked state for failed attempt
232 *
233 * @param[in] - user name
234 * @return - true / false indicating user locked / un-locked
235 **/
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]236 virtual bool userLockedForFailedAttempt(const std::string& userName);
Richard Marian Thomaiyarc7045192018-06-13 16:51:00 +0530[diff] [blame]237
238 /** @brief lists user locked state for failed attempt
239 *
240 * @param[in]: user name
241 * @param[in]: value - false -unlock user account, true - no action taken
242 **/
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]243 bool userLockedForFailedAttempt(const std::string& userName,
244 const bool& value);
Richard Marian Thomaiyarc7045192018-06-13 16:51:00 +0530[diff] [blame]245
Joseph Reynolds3ab6cc22020-03-03 14:09:03 -0600[diff] [blame]246 /** @brief shows if the user's password is expired
247 *
248 * @param[in]: user name
249 * @return - true / false indicating user password expired
250 **/
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]251 virtual bool userPasswordExpired(const std::string& userName);
Joseph Reynolds3ab6cc22020-03-03 14:09:03 -0600[diff] [blame]252
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]253 /** @brief returns user info
254 * Checks if user is local user, then returns map of properties of user.
255 * like user privilege, list of user groups, user enabled state and user
256 * locked state. If its not local user, then it checks if its a ldap user,
257 * then it gets the privilege mapping of the LDAP group.
258 *
259 * @param[in] - user name
260 * @return - map of user properties
261 **/
262 UserInfoMap getUserInfo(std::string userName) override;
263
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]264 /** @brief get IPMI user count
265 * method to get IPMI user count
266 *
267 * @return - returns user count
268 */
269 virtual size_t getIpmiUsersCount(void);
270
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]271 void createGroup(std::string groupName) override;
272
273 void deleteGroup(std::string groupName) override;
Abhilash Rajua1a754c2024-07-25 05:43:40 -0500[diff] [blame]274 MultiFactorAuthType enabled() const override
275 {
276 return MultiFactorAuthConfigurationIface::enabled();
277 }
278 MultiFactorAuthType enabled(MultiFactorAuthType value,
279 bool skipSignal) override;
280 bool secretKeyRequired(std::string userName) override;
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]281 static std::vector<std::string> readAllGroupsOnSystem();
Abhilash Raju93804eb2024-10-01 00:24:43 -0500[diff] [blame]282 void load();
283 JsonSerializer& getSerializer()
284 {
285 return serializer;
286 }
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]287
Nan Zhoue48085d2022-10-25 00:07:04 +0000[diff] [blame]288 protected:
289 /** @brief get pam argument value
290 * method to get argument value from pam configuration
291 *
292 * @param[in] moduleName - name of the module from where arg has to be read
293 * @param[in] argName - argument name
294 * @param[out] argValue - argument value
295 *
296 * @return 0 - success state of the function
297 */
298 int getPamModuleArgValue(const std::string& moduleName,
299 const std::string& argName, std::string& argValue);
300
Jason M. Bills2d042d12023-03-28 15:32:45 -0700[diff] [blame]301 /** @brief get pam argument value
302 * method to get argument value from pam configuration
303 *
304 * @param[in] confFile - path of the module config file from where arg has
305 * to be read
306 * @param[in] argName - argument name
307 * @param[out] argValue - argument value
308 *
309 * @return 0 - success state of the function
310 */
311 int getPamModuleConfValue(const std::string& confFile,
312 const std::string& argName,
313 std::string& argValue);
314
Nan Zhoue48085d2022-10-25 00:07:04 +0000[diff] [blame]315 /** @brief set pam argument value
316 * method to set argument value in pam configuration
317 *
318 * @param[in] moduleName - name of the module in which argument value has
319 * to be set
320 * @param[in] argName - argument name
321 * @param[out] argValue - argument value
322 *
323 * @return 0 - success state of the function
324 */
325 int setPamModuleArgValue(const std::string& moduleName,
326 const std::string& argName,
327 const std::string& argValue);
328
Jason M. Bills2d042d12023-03-28 15:32:45 -0700[diff] [blame]329 /** @brief set pam argument value
330 * method to set argument value in pam configuration
331 *
332 * @param[in] confFile - path of the module config file in which argument
333 * value has to be set
334 * @param[in] argName - argument name
335 * @param[out] argValue - argument value
336 *
337 * @return 0 - success state of the function
338 */
339 int setPamModuleConfValue(const std::string& confFile,
340 const std::string& argName,
341 const std::string& argValue);
342
Nan Zhou8a11d992022-10-25 00:07:06 +0000[diff] [blame]343 /** @brief check for user presence
344 * method to check for user existence
345 *
346 * @param[in] userName - name of the user
347 * @return -true if user exists and false if not.
348 */
349 bool isUserExist(const std::string& userName);
350
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]351 size_t getNonIpmiUsersCount();
352
Nan Zhou8a11d992022-10-25 00:07:06 +0000[diff] [blame]353 /** @brief check user exists
354 * method to check whether user exist, and throw if not.
355 *
356 * @param[in] userName - name of the user
357 */
358 void throwForUserDoesNotExist(const std::string& userName);
359
360 /** @brief check user does not exist
361 * method to check whether does not exist, and throw if exists.
362 *
363 * @param[in] userName - name of the user
364 */
365 void throwForUserExists(const std::string& userName);
366
Nan Zhou40e44972022-10-25 00:07:07 +0000[diff] [blame]367 /** @brief check user name constraints
368 * method to check user name constraints and throw if failed.
369 *
370 * @param[in] userName - name of the user
371 * @param[in] groupNames - user groups
372 */
Patrick Williams88a82db2025-02-01 08:22:37 -0500[diff] [blame]373 void throwForUserNameConstraints(
374 const std::string& userName,
375 const std::vector<std::string>& groupNames);
Nan Zhou40e44972022-10-25 00:07:07 +0000[diff] [blame]376
Nan Zhou49c81362022-10-25 00:07:08 +0000[diff] [blame]377 /** @brief check group user count
378 * method to check max group user count, and throw if limit reached
379 *
380 * @param[in] groupNames - group name
381 */
382 void throwForMaxGrpUserCount(const std::vector<std::string>& groupNames);
383
384 virtual void executeUserAdd(const char* userName, const char* groups,
385 bool sshRequested, bool enabled);
386
387 virtual void executeUserDelete(const char* userName);
388
Jayanth Othayothac921a52023-07-21 03:48:55 -0500[diff] [blame]389 /** @brief clear user's failure records
390 * method to clear user fail records and throw if failed.
391 *
392 * @param[in] userName - name of the user
393 */
394 virtual void executeUserClearFailRecords(const char* userName);
395
Nan Zhouf25443e2022-10-25 00:07:11 +0000[diff] [blame]396 virtual void executeUserRename(const char* userName,
397 const char* newUserName);
398
Nan Zhoufef63032022-10-25 00:07:12 +0000[diff] [blame]399 virtual void executeUserModify(const char* userName, const char* newGroups,
400 bool sshRequested);
401
Nan Zhou6b6f2d82022-10-25 00:07:17 +0000[diff] [blame]402 virtual void executeUserModifyUserEnable(const char* userName,
403 bool enabled);
404
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]405 virtual void executeGroupCreation(const char* groupName);
Nan Zhou86040c22022-11-17 02:08:24 +0000[diff] [blame]406
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]407 virtual void executeGroupDeletion(const char* groupName);
Nan Zhou86040c22022-11-17 02:08:24 +0000[diff] [blame]408
Nan Zhoua2953032022-11-11 21:50:32 +0000[diff] [blame]409 virtual std::vector<std::string> getFailedAttempt(const char* userName);
410
Nan Zhou589aeb42022-10-25 00:07:09 +0000[diff] [blame]411 /** @brief check for valid privielge
412 * method to check valid privilege, and throw if invalid
413 *
414 * @param[in] priv - privilege of the user
415 */
416 void throwForInvalidPrivilege(const std::string& priv);
417
Nan Zhouecf88762022-10-25 00:07:10 +0000[diff] [blame]418 /** @brief check for valid groups
419 * method to check valid groups, and throw if invalid
420 *
421 * @param[in] groupNames - user groups
422 */
423 void throwForInvalidGroups(const std::vector<std::string>& groupName);
424
Nan Zhou4bc69812022-10-25 00:07:13 +0000[diff] [blame]425 void initializeAccountPolicy();
426
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]427 /** @brief checks if the group creation meets all constraints
428 * @param groupName - group to check
429 */
430 void checkCreateGroupConstraints(const std::string& groupName);
431
432 /** @brief checks if the group deletion meets all constraints
433 * @param groupName - group to check
434 */
435 void checkDeleteGroupConstraints(const std::string& groupName);
436
437 /** @brief checks if the group name is legal and whether it's allowed to
438 * change. The daemon doesn't allow arbitrary group to be created
439 * @param groupName - group to check
440 */
441 void checkAndThrowForDisallowedGroupCreation(const std::string& groupName);
442
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]443 private:
444 /** @brief sdbusplus handler */
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]445 sdbusplus::bus_t& bus;
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]446
447 /** @brief object path */
448 const std::string path;
449
Abhilash Raju93804eb2024-10-01 00:24:43 -0500[diff] [blame]450 /** @brief serializer for mfa */
451 JsonSerializer serializer;
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]452 /** @brief privilege manager container */
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]453 const std::vector<std::string> privMgr = {"priv-admin", "priv-operator",
454 "priv-user"};
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]455
456 /** @brief groups manager container */
Nan Zhouda401fe2022-10-25 00:07:18 +0000[diff] [blame]457 std::vector<std::string> groupsMgr;
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]458
459 /** @brief map container to hold users object */
Abhilash Raju93804eb2024-10-01 00:24:43 -0500[diff] [blame]460
461 std::unordered_map<std::string, std::unique_ptr<phosphor::user::Users>>
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]462 usersList;
463
464 /** @brief get users in group
465 * method to get group user list
466 *
467 * @param[in] groupName - group name
468 *
469 * @return userList - list of users in the group.
470 */
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]471 std::vector<std::string> getUsersInGroup(const std::string& groupName);
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]472
473 /** @brief get user & SSH users list
474 * method to get the users and ssh users list.
475 *
476 *@return - vector of User & SSH user lists
477 */
478 UserSSHLists getUserAndSshGrpList(void);
479
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]480 /** @brief initialize the user manager objects
481 * method to initialize the user manager objects accordingly
482 *
483 */
484 void initUserObjects(void);
485
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]486 /** @brief get service name
487 * method to get dbus service name
488 *
489 * @param[in] path - object path
490 * @param[in] intf - interface
491 * @return - service name
492 */
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]493 std::string getServiceName(std::string&& path, std::string&& intf);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]494
Alexander Filippov75626582022-02-09 18:42:37 +0300[diff] [blame]495 /** @brief get primary group ID of specified user
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]496 *
Alexander Filippov75626582022-02-09 18:42:37 +0300[diff] [blame]497 * @param[in] - userName
498 * @return - primary group ID
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]499 */
Alexander Filippov75626582022-02-09 18:42:37 +0300[diff] [blame]500 virtual gid_t getPrimaryGroup(const std::string& userName) const;
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]501
Alexander Filippov75626582022-02-09 18:42:37 +0300[diff] [blame]502 /** @brief check whether if the user is a member of the group
503 *
504 * @param[in] - userName
505 * @param[in] - ID of the user's primary group
506 * @param[in] - groupName
507 * @return - true if the user is a member of the group
508 */
509 virtual bool isGroupMember(const std::string& userName, gid_t primaryGid,
510 const std::string& groupName) const;
511
512 protected:
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]513 /** @brief get privilege mapper object
514 * method to get dbus privilege mapper object
515 *
516 * @return - map of user object
517 */
raviteja-b8cc44052019-02-27 23:29:36 -0600[diff] [blame]518 virtual DbusUserObj getPrivilegeMapperObject(void);
519
520 friend class TestUserMgr;
Nan Zhoue48085d2022-10-25 00:07:04 +0000[diff] [blame]521
Jason M. Bills2d042d12023-03-28 15:32:45 -0700[diff] [blame]522 std::string faillockConfigFile;
Jason M. Bills3b280ec2023-08-15 16:15:48 -0700[diff] [blame]523 std::string pwHistoryConfigFile;
Jason M. Bills2d042d12023-03-28 15:32:45 -0700[diff] [blame]524 std::string pwQualityConfigFile;
Richard Marian Thomaiyar9f630d92018-05-24 10:49:10 +0530[diff] [blame]525};
526
527} // namespace user
528} // namespace phosphor