Config service manager implementation.

Added new service for managing the service(RMCP+, ssh, web)
properties like state, port, channel etc. This is common
service supports both systemctl and iptables.

Example usage: Blocking specific service port and restricting
network traffic on specific channels etc.

Unit Test:
 - Changed port of RMCP+ service and validated.
 - Restricted network traffic on specific channel(eth0)
    and cross validated functionality.

Change-Id: I835a4723bc5d5a65efb6ec329f74f3932e841522
Signed-off-by: AppaRao Puli <>
diff --git a/src/main.cpp b/src/main.cpp
new file mode 100644
index 0000000..ffb0e11
--- /dev/null
+++ b/src/main.cpp
@@ -0,0 +1,45 @@

+// Copyright (c) 2018 Intel Corporation


+// Licensed under the Apache License, Version 2.0 (the "License");

+// you may not use this file except in compliance with the License.

+// You may obtain a copy of the License at




+// Unless required by applicable law or agreed to in writing, software

+// distributed under the License is distributed on an "AS IS" BASIS,

+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+// See the License for the specific language governing permissions and

+// limitations under the License.


+#include "srvcfg_manager.hpp"


+std::shared_ptr<boost::asio::deadline_timer> timer = nullptr;

+std::map<std::string, std::shared_ptr<phosphor::service::ServiceConfig>>

+    srvMgrObjects;


+static std::map<std::string, std::string> serviceList = {

+    {"netipmid", "phosphor-ipmi-net"}, {"web", "bmcweb"}, {"ssh", "dropbear"}};


+int main()


+    // setup connection to dbus

+    boost::asio::io_service io;

+    auto conn = std::make_shared<sdbusplus::asio::connection>(io);

+    timer = std::make_shared<boost::asio::deadline_timer>(io);

+    conn->request_name(phosphor::service::serviceConfigSrvName);

+    auto server = sdbusplus::asio::object_server(conn);

+    for (const auto &service : serviceList)

+    {

+        std::string objPath("/xyz/openbmc_project/control/service/" +

+                            service.first);

+        auto srvCfgObj = std::make_unique<phosphor::service::ServiceConfig>(

+            server, conn, objPath, service.second);

+        srvMgrObjects.emplace(

+            std::make_pair(std::move(service.first), std::move(srvCfgObj)));

+    }



+    return 0;


diff --git a/src/srvcfg_manager.cpp b/src/srvcfg_manager.cpp
new file mode 100644
index 0000000..04d41ca
--- /dev/null
+++ b/src/srvcfg_manager.cpp
@@ -0,0 +1,387 @@

+// Copyright (c) 2018 Intel Corporation


+// Licensed under the Apache License, Version 2.0 (the "License");

+// you may not use this file except in compliance with the License.

+// You may obtain a copy of the License at




+// Unless required by applicable law or agreed to in writing, software

+// distributed under the License is distributed on an "AS IS" BASIS,

+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+// See the License for the specific language governing permissions and

+// limitations under the License.


+#include <fstream>

+#include <regex>

+#include "srvcfg_manager.hpp"


+extern std::shared_ptr<boost::asio::deadline_timer> timer;

+extern std::map<std::string, std::shared_ptr<phosphor::service::ServiceConfig>>

+    srvMgrObjects;


+namespace phosphor


+namespace service



+static constexpr const char *overrideConfFileName = "override.conf";

+static constexpr const size_t restartTimeout = 15; // seconds


+static constexpr const char *systemd1UnitBasePath =

+    "/org/freedesktop/systemd1/unit/";

+static constexpr const char *systemdOverrideUnitBasePath =

+    "/etc/systemd/system/";


+void ServiceConfig::syncWithSystemD1Properties()


+    // Read systemd1 socket/service property and load.

+    conn->async_method_call(

+        [this](boost::system::error_code ec,

+               const sdbusplus::message::variant<

+                   std::vector<std::tuple<std::string, std::string>>> &value) {

+            if (ec)

+            {

+                phosphor::logging::log<phosphor::logging::level::ERR>(

+                    "async_method_call error: Failed to get property");

+                return;

+            }


+            try

+            {

+                auto listenVal = sdbusplus::message::variant_ns::get<

+                    std::vector<std::tuple<std::string, std::string>>>(value);

+                protocol = std::get<0>(listenVal[0]);

+                std::string port = std::get<1>(listenVal[0]);

+                auto tmp = std::stoul(port.substr(port.find_last_of(":") + 1),

+                                      nullptr, 10);

+                if (tmp > std::numeric_limits<uint16_t>::max())

+                {

+                    throw std::out_of_range("Out of range");

+                }

+                portNum = tmp;

+            }

+            catch (const std::exception &e)

+            {

+                phosphor::logging::log<phosphor::logging::level::ERR>(

+                    "Exception for port number",

+                    phosphor::logging::entry("WHAT=%s", e.what()));

+                return;

+            }

+            conn->async_method_call(

+                [](boost::system::error_code ec) {

+                    if (ec)

+                    {

+                        phosphor::logging::log<phosphor::logging::level::ERR>(

+                            "async_method_call error: Failed to set property");

+                        return;

+                    }

+                },

+                serviceConfigSrvName, objPath.c_str(),

+                "org.freedesktop.DBus.Properties", "Set", serviceConfigIntfName,

+                "Port", sdbusplus::message::variant<uint16_t>(portNum));

+        },

+        "org.freedesktop.systemd1", sysDSockObjPath.c_str(),

+        "org.freedesktop.DBus.Properties", "Get",

+        "org.freedesktop.systemd1.Socket", "Listen");


+    conn->async_method_call(

+        [this](boost::system::error_code ec,

+               const sdbusplus::message::variant<std::string> &pValue) {

+            if (ec)

+            {

+                phosphor::logging::log<phosphor::logging::level::ERR>(

+                    "async_method_call error: Failed to get property");

+                return;

+            }


+            channelList.clear();

+            std::istringstream stm(

+                sdbusplus::message::variant_ns::get<std::string>(pValue));

+            std::string token;

+            while (std::getline(stm, token, ','))

+            {

+                channelList.push_back(token);

+            }

+            conn->async_method_call(

+                [](boost::system::error_code ec) {

+                    if (ec)

+                    {

+                        phosphor::logging::log<phosphor::logging::level::ERR>(

+                            "async_method_call error: Failed to set property");

+                        return;

+                    }

+                },

+                serviceConfigSrvName, objPath.c_str(),

+                "org.freedesktop.DBus.Properties", "Set", serviceConfigIntfName,

+                "Channel",

+                sdbusplus::message::variant<std::vector<std::string>>(

+                    channelList));

+        },

+        "org.freedesktop.systemd1", sysDSockObjPath.c_str(),

+        "org.freedesktop.DBus.Properties", "Get",

+        "org.freedesktop.systemd1.Socket", "BindToDevice");


+    std::string srvUnitName(sysDUnitName);

+    if (srvUnitName == "dropbear")

+    {

+        srvUnitName.append("@");

+    }

+    srvUnitName.append(".service");

+    conn->async_method_call(

+        [this](boost::system::error_code ec, const std::string &pValue) {

+            if (ec)

+            {

+                phosphor::logging::log<phosphor::logging::level::ERR>(

+                    "async_method_call error: Failed to get property");

+                return;

+            }

+            stateValue = pValue;

+            conn->async_method_call(

+                [](boost::system::error_code ec) {

+                    if (ec)

+                    {

+                        phosphor::logging::log<phosphor::logging::level::ERR>(

+                            "async_method_call error: Failed to set property");

+                        return;

+                    }

+                },

+                serviceConfigSrvName, objPath.c_str(),

+                "org.freedesktop.DBus.Properties", "Set", serviceConfigIntfName,

+                "State", sdbusplus::message::variant<std::string>(stateValue));

+        },

+        "org.freedesktop.systemd1", "/org/freedesktop/systemd1",

+        "org.freedesktop.systemd1.Manager", "GetUnitFileState", srvUnitName);


+    return;




+    sdbusplus::asio::object_server &srv_,

+    std::shared_ptr<sdbusplus::asio::connection> &conn_, std::string objPath_,

+    std::string unitName) :

+    server(srv_),

+    conn(conn_), objPath(objPath_), sysDUnitName(unitName)


+    std::string socketUnitName(sysDUnitName + ".socket");

+    // .socket systemd service files are handled.

+    // Regular .service only files are ignored.

+    if (!checkSystemdUnitExist(socketUnitName))

+    {

+        phosphor::logging::log<phosphor::logging::level::ERR>(

+            "Unit doesn't exist.",

+            phosphor::logging::entry("UNITNAME=%s", socketUnitName.c_str()));

+        phosphor::logging::elog<

+            sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure>();

+    }


+    /// Check override socket directory exist, if not create it.

+    std::experimental::filesystem::path ovrUnitFileDir(

+        systemdOverrideUnitBasePath);

+    ovrUnitFileDir += socketUnitName;

+    ovrUnitFileDir += ".d";

+    if (!std::experimental::filesystem::exists(ovrUnitFileDir))

+    {

+        if (!std::experimental::filesystem::create_directories(ovrUnitFileDir))

+        {

+            phosphor::logging::log<phosphor::logging::level::ERR>(

+                "Unable to create the directory.",

+                phosphor::logging::entry("DIR=%s", ovrUnitFileDir.c_str()));

+            phosphor::logging::elog<sdbusplus::xyz::openbmc_project::Common::

+                                        Error::InternalFailure>();

+        }

+    }


+    /* Store require info locally */

+    unitSocketFilePath = std::string(ovrUnitFileDir);


+    sysDSockObjPath = systemd1UnitBasePath;

+    sysDSockObjPath.append(

+        std::regex_replace(sysDUnitName, std::regex("-"), "_2d"));

+    sysDSockObjPath.append("_2esocket");


+    // Adds interface, object and Properties....

+    registerProperties();


+    syncWithSystemD1Properties();


+    updatedFlag = 0;

+    return;



+void ServiceConfig::applySystemDServiceConfig()


+    phosphor::logging::log<phosphor::logging::level::INFO>(

+        "Applying new settings.",

+        phosphor::logging::entry("OBJPATH=%s", objPath.c_str()));

+    if (updatedFlag & ((1 << static_cast<uint8_t>(UpdatedProp::channel)) |

+                       (1 << static_cast<uint8_t>(UpdatedProp::port))))

+    {

+        // Create override config file and write data.

+        std::string ovrCfgFile{unitSocketFilePath + "/" + overrideConfFileName};

+        std::string tmpFile{ovrCfgFile + "_tmp"};

+        std::ofstream cfgFile(tmpFile, std::ios::out);

+        if (!cfgFile.good())

+        {

+            phosphor::logging::log<phosphor::logging::level::ERR>(

+                "Failed to open override.conf_tmp file");

+            phosphor::logging::elog<sdbusplus::xyz::openbmc_project::Common::

+                                        Error::InternalFailure>();

+        }


+        // Write the socket header

+        cfgFile << "[Socket]\n";

+        // Listen

+        cfgFile << "Listen" << protocol << "="

+                << "\n";

+        cfgFile << "Listen" << protocol << "=" << portNum << "\n";

+        // BindToDevice

+        bool firstElement = true;

+        cfgFile << "BindToDevice=";

+        for (const auto &it : channelList)

+        {

+            if (firstElement)

+            {

+                cfgFile << it;

+                firstElement = false;

+            }

+            else

+            {

+                cfgFile << "," << it;

+            }

+        }

+        cfgFile.close();


+        if (std::rename(tmpFile.c_str(), ovrCfgFile.c_str()) != 0)

+        {

+            phosphor::logging::log<phosphor::logging::level::ERR>(

+                "Failed to rename tmp file as override.conf");

+            std::remove(tmpFile.c_str());

+            phosphor::logging::elog<sdbusplus::xyz::openbmc_project::Common::

+                                        Error::InternalFailure>();

+        }


+        // Systemd forcing explicit socket stop before reload...!

+        std::string socketUnitName(sysDUnitName + ".socket");

+        systemdUnitAction(conn, socketUnitName, sysdActionStopUnit);


+        std::string srvUnitName(sysDUnitName + ".service");

+        systemdUnitAction(conn, srvUnitName, sysdActionStopUnit);


+        // Perform daemon reload to read new settings

+        systemdDaemonReload(conn);


+        // Restart the unit

+        systemdUnitAction(conn, socketUnitName, sysdActionStartUnit);

+        systemdUnitAction(conn, srvUnitName, sysdActionStartUnit);

+    }


+    if (updatedFlag & (1 << static_cast<uint8_t>(UpdatedProp::state)))

+    {

+        if ((stateValue == "enabled") || (stateValue == "disabled"))

+        {

+            systemdUnitFileStateChange(conn, sysDUnitName, stateValue);

+        }

+    }


+    // Reset the flag

+    updatedFlag = 0;


+    // All done. Lets reload the properties which are applied on systemd1.

+    // TODO: We need to capture the service restart signal and reload data

+    // inside the signal handler. So that we can update the service properties

+    // modified, outside of this service as well.

+    syncWithSystemD1Properties();


+    return;



+void ServiceConfig::startServiceRestartTimer()


+    timer->expires_from_now(boost::posix_time::seconds(restartTimeout));

+    timer->async_wait([this](const boost::system::error_code &ec) {

+        if (ec == boost::asio::error::operation_aborted)

+        {

+            // Timer reset.

+            return;

+        }

+        else if (ec)

+        {

+            phosphor::logging::log<phosphor::logging::level::ERR>(

+                "async wait error.");

+            return;

+        }

+        for (auto &srvMgrObj : srvMgrObjects)

+        {

+            auto &srvObj = srvMgrObj.second;

+            if (srvObj->updatedFlag)

+            {

+                srvObj->applySystemDServiceConfig();

+            }

+        }

+    });



+void ServiceConfig::registerProperties()


+    std::shared_ptr<sdbusplus::asio::dbus_interface> iface =

+        server.add_interface(objPath, serviceConfigIntfName);


+    iface->register_property(

+        "Port", portNum, [this](const uint16_t &req, uint16_t &res) {

+            phosphor::logging::log<phosphor::logging::level::ERR>(

+                " Inside register_property");

+            if (req == res)

+            {

+                return 1;

+            }

+            portNum = req;

+            updatedFlag |= (1 << static_cast<uint8_t>(UpdatedProp::port));

+            startServiceRestartTimer();

+            res = req;

+            return 1;

+        });


+    iface->register_property(

+        "Channel", channelList,

+        [this](const std::vector<std::string> &req,

+               std::vector<std::string> &res) {

+            if (req == res)

+            {

+                return 1;

+            }

+            channelList.clear();

+            std::copy(req.begin(), req.end(), back_inserter(channelList));


+            updatedFlag |= (1 << static_cast<uint8_t>(UpdatedProp::channel));

+            startServiceRestartTimer();

+            res = req;

+            return 1;

+        });


+    iface->register_property(

+        "State", stateValue, [this](const std::string &req, std::string &res) {

+            if (req == res)

+            {

+                return 1;

+            }

+            if ((req != "enabled") && (req != "disabled") && (req != "static"))

+            {

+                phosphor::logging::log<phosphor::logging::level::ERR>(

+                    "Invalid value specified");

+                return -EINVAL;

+            }

+            stateValue = req;

+            updatedFlag |= (1 << static_cast<uint8_t>(UpdatedProp::state));

+            startServiceRestartTimer();

+            res = req;

+            return 1;

+        });


+    iface->initialize();

+    return;



+} // namespace service

+} // namespace phosphor

diff --git a/src/utils.cpp b/src/utils.cpp
new file mode 100644
index 0000000..07239e2
--- /dev/null
+++ b/src/utils.cpp
@@ -0,0 +1,143 @@

+// Copyright (c) 2018 Intel Corporation


+// Licensed under the Apache License, Version 2.0 (the "License");

+// you may not use this file except in compliance with the License.

+// You may obtain a copy of the License at




+// Unless required by applicable law or agreed to in writing, software

+// distributed under the License is distributed on an "AS IS" BASIS,

+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+// See the License for the specific language governing permissions and

+// limitations under the License.


+#include "utils.hpp"


+void systemdDaemonReload(

+    const std::shared_ptr<sdbusplus::asio::connection> &conn)


+    try

+    {

+        conn->async_method_call(

+            [](boost::system::error_code ec) {

+                if (ec)

+                {

+                    phosphor::logging::log<phosphor::logging::level::ERR>(

+                        "async error: Failed to do systemd reload.");

+                    return;

+                }

+            },

+            "org.freedesktop.systemd1", "/org/freedesktop/systemd1",

+            "org.freedesktop.systemd1.Manager", "Reload");

+    }

+    catch (const sdbusplus::exception::SdBusError &e)

+    {

+        phosphor::logging::log<phosphor::logging::level::ERR>(

+            "daemon-reload operation failed.");

+        phosphor::logging::elog<

+            sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure>();

+    }


+    return;



+void systemdUnitAction(const std::shared_ptr<sdbusplus::asio::connection> &conn,

+                       const std::string &unitName,

+                       const std::string &actionMethod)


+    try

+    {

+        conn->async_method_call(

+            [](boost::system::error_code ec,

+               const sdbusplus::message::object_path &res) {

+                if (ec)

+                {

+                    phosphor::logging::log<phosphor::logging::level::ERR>(

+                        "async error: Failed to do systemd action");

+                    return;

+                }

+            },

+            "org.freedesktop.systemd1", "/org/freedesktop/systemd1",

+            "org.freedesktop.systemd1.Manager", actionMethod, unitName,

+            "replace");

+    }

+    catch (const sdbusplus::exception::SdBusError &e)

+    {

+        phosphor::logging::log<phosphor::logging::level::ERR>(

+            "Systemd operation failed.",

+            phosphor::logging::entry("ACTION=%s", actionMethod.c_str()));

+        phosphor::logging::elog<

+            sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure>();

+    }


+    return;



+void systemdUnitFileStateChange(

+    const std::shared_ptr<sdbusplus::asio::connection> &conn,

+    const std::string &unitName, const std::string &unitState)


+    try

+    {

+        // For now, we support two states(enabled & disabled). we can extend

+        // to other states (enable-runtime, mask, link etc..) if needed.

+        std::vector<std::string> unitFiles = {unitName};

+        if (unitState == "enabled")

+        {

+            conn->async_method_call(

+                [](boost::system::error_code ec) {

+                    if (ec)

+                    {

+                        phosphor::logging::log<phosphor::logging::level::ERR>(

+                            "async error: Failed to do systemd reload.");

+                        return;

+                    }

+                },

+                "org.freedesktop.systemd1", "/org/freedesktop/systemd1",

+                "org.freedesktop.systemd1.Manager", "EnableUnitFiles",

+                unitFiles, false, false);

+        }

+        else if (unitState == "disabled")

+        {

+            conn->async_method_call(

+                [](boost::system::error_code ec) {

+                    if (ec)

+                    {

+                        phosphor::logging::log<phosphor::logging::level::ERR>(

+                            "async error: Failed to do systemd reload.");

+                        return;

+                    }

+                },

+                "org.freedesktop.systemd1", "/org/freedesktop/systemd1",

+                "org.freedesktop.systemd1.Manager", "DisableUnitFiles",

+                unitFiles, false);

+        }

+        else

+        {

+            // Not supported unit State

+            phosphor::logging::log<phosphor::logging::level::ERR>(

+                "invalid Unit state",

+                phosphor::logging::entry("STATE=%s", unitState.c_str()));

+            phosphor::logging::elog<sdbusplus::xyz::openbmc_project::Common::

+                                        Error::InternalFailure>();

+        }

+    }

+    catch (const sdbusplus::exception::SdBusError &e)

+    {

+        phosphor::logging::log<phosphor::logging::level::ERR>(

+            "Systemd state change operation failed.");

+        phosphor::logging::elog<

+            sdbusplus::xyz::openbmc_project::Common::Error::InternalFailure>();

+    }


+    return;



+bool checkSystemdUnitExist(const std::string &unitName)


+    std::experimental::filesystem::path unitFilePath(

+        std::string("/lib/systemd/system/") + unitName);

+    return std::experimental::filesystem::exists(unitFilePath);
