User-mgmt: Add IPMI user pam authenticate check API

PAM user authentication check must be performed, before any RMCP+
session establishment, as this will be able to check whether user
is already locked out, due to failed attempt.
This patch introduces the pam user check API, which will be used by
netipmid daemon.

Tested:
Verified the API call check and making sure it works.
Real testing is performed by including the same in
phosphor-ipmi-net for RMCP+ session establishment both
for user locked for failed attempt and normal case.

Commands used-
Created new user using ipmitool

ipmitool user set name 2 testuser
ipmitool user enable 2
ipmitool user set password 2 pas1tes2
ipmitool user priv 2 4 3

ipmitool user list 3 //New user entry can be seen listed

ipmitool channel getaccess 3 2 //For getting channel access
ipmitool channel setaccess 3 2 ipmi=on priviledge=4

Normal Case:
ipmitool -I lanplus -U testuser -P pas1tes2 -H <bmc ip> raw 6 1
                                                      //Command
23 00 00 00 02 bf 57 01 00 7b 00 00 00 00 00         //Response

Negative Case:
busctl set-property xyz.openbmc_project.User.Manager
/xyz/openbmc_project/user xyz.openbmc_project.User.AccountPolicy
MaxLoginAttemptBeforeLockout q 3

Tried 3 failed login attempts from webpage, and then tried to
establish IPMI RMCP+ as expected, session establishment failed.

wait for the timeout or unlock the user using-
busctl set-property xyz.openbmc_project.User.Manager
/xyz/openbmc_project/user/sayushi xyz.openbmc_project.User.Attributes
UserLockedForFailedAttempt b false

busctl get-property xyz.openbmc_project.User.Manager
/xyz/openbmc_project/user/sayushi xyz.openbmc_project.User.Attributes
UserLockedForFailedAttempt b false //Command
b false //Response

After this RMCP+ session will be established as usual.

Change-Id: I5ee2dc0848944a12f682f0775930091d32508bde
Signed-off-by: Ayushi Smriti <smriti.ayushi@linux.intel.com>

0 files changed, 0 insertions, 0 deletions