Basic user manager D-Bus support

Basic User Manager D-Bus interfaces along
with signal to indicate other services.

Note: Removal of password.interfaces.yaml will be
done in separate commit

Change-Id: Ia547a0deae53eb25adf2cbc04c9d7a3593265a19
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

5 files changed, 179 insertions, 0 deletions

diff --git a/xyz/openbmc_project/User/Attributes.interface.yaml b/xyz/openbmc_project/User/Attributes.interface.yaml
new file mode 100644
index 0000000..108934d
--- /dev/null
+++ b/xyz/openbmc_project/User/Attributes.interface.yaml
@@ -0,0 +1,21 @@
+description: >
+    Provides user objects, their properties.
+    As communication to this service is done through authenticated
+    & authorized session, there won't be any validation for the both.
+
+properties:
+    - name: UserGroups
+      type: array[string]
+      description: >
+          Groups to which the user belong.
+
+    - name: UserPrivilege
+      type: string
+      description: >
+          Privilege of the user.
+
+    - name: UserEnabled
+      type: boolean
+      description: >
+          Enabled or disabled state of the user.
+# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
diff --git a/xyz/openbmc_project/User/Common.errors.yaml b/xyz/openbmc_project/User/Common.errors.yaml
new file mode 100644
index 0000000..a1c60ab
--- /dev/null
+++ b/xyz/openbmc_project/User/Common.errors.yaml
@@ -0,0 +1,15 @@
+# xyz.openbmc_project.User.Common.Error.UserNameExists
+- name: UserNameExists
+  description: Specified user name already exists.
+# xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist
+- name: UserNameDoesNotExist
+  description: Specified user name does not exist.
+# xyz.openbmc_project.User.Common.Error.UserNameGroupFail
+- name: UserNameGroupFail
+  description: Specified Group related restriction failure for user name.
+# xyz.openbmc_project.User.Common.Error.UserNamePrivFail
+- name: UserNamePrivFail
+  description: Specificed privilege related restriction failure for user name.
+# xyz.openbmc_project.User.Common.Error.NoResource
+- name: NoResource
+  description: No resource available.
diff --git a/xyz/openbmc_project/User/Common.metadata.yaml b/xyz/openbmc_project/User/Common.metadata.yaml
new file mode 100644
index 0000000..49ef492
--- /dev/null
+++ b/xyz/openbmc_project/User/Common.metadata.yaml
@@ -0,0 +1,19 @@
+- name: UserNameExists
+  level: ERR
+- name: UserNameDoesNotExist
+  level: ERR
+- name: UserNameGroupFail
+  level: ERR
+  meta:
+    - str: "REASON = %s"
+      type: string
+- name: UserNamePrivFail
+  level: ERR
+  meta:
+    - str: "REASON = %s"
+      type: string
+- name: NoResource
+  level: ERR
+  meta:
+    - str: "REASON = %s"
+      type: string
diff --git a/xyz/openbmc_project/User/Manager.interface.yaml b/xyz/openbmc_project/User/Manager.interface.yaml
new file mode 100644
index 0000000..a4c2d7b
--- /dev/null
+++ b/xyz/openbmc_project/User/Manager.interface.yaml
@@ -0,0 +1,83 @@
+description: >
+    Provides user management functionality.
+    As communication to this service is done through authenticated
+    & authorized session, there won't be any validation for both.
+
+methods:
+    - name: CreateUser
+      description: >
+          Creates a new user. If the user already exists, then it will throw
+          an error.
+      parameters:
+        - name: UserName
+          type: string
+          description: >
+              User name which has to be created.
+        - name: GroupNames
+          type: array[string]
+          description: >
+              List of groups to which the user has to be added.
+        - name: Privilege
+          type: string
+          description: >
+              Privilege of the user to be added.
+        - name: Enabled
+          type: boolean
+          description: >
+              User enabled / disabled.
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+        - xyz.openbmc_project.Common.Error.InsufficientPermission
+        - xyz.openbmc_project.Common.Error.InvalidArgument
+        - xyz.openbmc_project.User.Common.Error.UserNameExists
+        - xyz.openbmc_project.User.Common.Error.UserNameGroupFail
+        - xyz.openbmc_project.User.Common.Error.UserNamePrivFail
+        - xyz.openbmc_project.User.Common.Error.NoResource
+
+    - name: RenameUser
+      description: >
+          Rename's existing user to new one. All other properties of the
+          user will remain same.
+      parameters:
+        - name: UserName
+          type: string
+          description: >
+              User name which has to be updated.
+        - name: NewUserName
+          type: string
+          description: >
+              New User name to which user has to be updated.
+      errors:
+        - xyz.openbmc_project.Common.Error.InternalFailure
+        - xyz.openbmc_project.Common.Error.InsufficientPermission
+        - xyz.openbmc_project.Common.Error.InvalidArgument
+        - xyz.openbmc_project.User.Common.Error.UserNameDoesNotExist
+        - xyz.openbmc_project.User.Common.Error.UserNameExists
+        - xyz.openbmc_project.User.Common.Error.UserNameGroupFail
+        - xyz.openbmc_project.User.Common.Error.UserNamePrivFail
+        - xyz.openbmc_project.User.Common.Error.NoResource
+
+properties:
+    - name: AllPrivileges
+      type: array[string]
+      description: >
+          Lists all available user privileges in the system.
+
+    - name: AllGroups
+      type: array[string]
+      description: >
+          Lists all available groups in the system.
+
+signals:
+    - name: UserRenamed
+      description: >
+         Signal indicating user's name is updated.
+      properties:
+         - name: UserName
+           type: string
+           description: Name of the user which got renamed.
+         - name: NewUserName
+           type: string
+           description: New name of the user.
+
+# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
diff --git a/xyz/openbmc_project/User/README.md b/xyz/openbmc_project/User/README.md
new file mode 100644
index 0000000..cbda1e3
--- /dev/null
+++ b/xyz/openbmc_project/User/README.md
@@ -0,0 +1,41 @@
+# User Management
+
+## Overview
+User Manager service exposes D-Bus methods for user management operations.
+
+### User Manager Interface
+User manager interface `xyz.openbmc_project.User.Manager` provides following
+methods, properties and signals.
+
+#### xyz.openbmc_project.User.Manager interface
+##### methods
+* CreateUser - To create new user to the system.
+* RenameUser - To rename existing user to new name in the system.
+
+##### properties
+* AllGroups - To list all the groups supported in the system.
+* AllPrivileges  - To list all the privileges supported in the system.
+
+##### signals
+* UserRenamed - Signal sent out when user is renamed in the system.
+
+### Users Interface
+User manager daemon, will create user objects for each and every user existing
+in the system under object path `/xyz/openbmc_project/user/<user name>`.
+Each user object can be handled through 'org.freedesktop.DBus.ObjectManager'.
+User object will expose following properties and methods.
+
+#### xyz.openbmc_project.User.Attributes interface
+##### properties
+* UserPrivilege - Privilege of the user.
+* UserGroups - Groups to which the user belongs.
+* UserEnabled - User enabled state.
+
+#### xyz.openbmc_project.Object.Delete
+#### methods
+* Delete - To delete the user object in the system.
+
+##Note
+This interface doesn't provide ways to set / update password. The same has to
+be set / updated through pam_chauthtok() (PAM modules). This is to avoid
+sending out password through D-Bus.