diff options
Diffstat (limited to 'user_channel/user_mgmt.hpp')
-rw-r--r-- | user_channel/user_mgmt.hpp | 86 |
1 files changed, 82 insertions, 4 deletions
diff --git a/user_channel/user_mgmt.hpp b/user_channel/user_mgmt.hpp index 9ea9f6b..159b15c 100644 --- a/user_channel/user_mgmt.hpp +++ b/user_channel/user_mgmt.hpp @@ -16,19 +16,19 @@ #pragma once #include "user_layer.hpp" -#include <ipmid/api.h> - #include <boost/interprocess/sync/file_lock.hpp> #include <boost/interprocess/sync/named_recursive_mutex.hpp> #include <cstdint> #include <ctime> +#include <ipmid/api.hpp> #include <sdbusplus/bus.hpp> +#include <variant> namespace ipmi { using DbusUserPropVariant = - sdbusplus::message::variant<std::vector<std::string>, std::string, bool>; + std::variant<std::vector<std::string>, std::string, bool>; using DbusUserObjPath = sdbusplus::message::object_path; @@ -74,6 +74,7 @@ struct UserInfo bool userEnabled; bool userInSystem; bool fixedUserName; + PayloadAccess payloadAccess[ipmiMaxChannels]; }; /** @struct UsersTbl @@ -86,6 +87,16 @@ struct UsersTbl UserInfo user[ipmiMaxUsers + 1]; }; +/** @brief PAM User Authentication check + * + * @param[in] username - username in string + * @param[in] password - password in string + * + * @return status + */ +bool pamUserCheckAuthenticate(std::string_view username, + std::string_view password); + class UserAccess; UserAccess& getUserAccessObject(); @@ -155,6 +166,12 @@ class UserAccess */ bool isValidUserName(const char* userNameInChar); + /** @brief determines whether ipmi is in available groups list + * + * @return true if ipmi group is present, false otherwise + */ + bool isIpmiInAvailableGroupList(); + /** @brief provides user id of the user * * @param[in] userName - user name @@ -217,6 +234,16 @@ class UserAccess */ ipmi_ret_t setUserPassword(const uint8_t userId, const char* userPassword); + /** @brief to set special user password + * + * @param[in] userName - user name + * @param[in] userPassword - new password of the user + * + * @return IPMI_CC_OK for success, others for failure. + */ + ipmi_ret_t setSpecialUserPassword(const std::string& userName, + const std::string& userPassword); + /** @brief to set user privilege and access details * * @param[in] userId - user id @@ -231,6 +258,56 @@ class UserAccess const UserPrivAccess& privAccess, const bool& otherPrivUpdates); + /** @brief to get user payload access details from userInfo entry. + * + * @param[in] userInfo - userInfo entry in usersTbl. + * @param[out] stdPayload - stdPayloadEnables1 in a 2D-array. + * @param[out] oemPayload - oemPayloadEnables1 in a 2D-array. + * + * @details Update the given 2D-arrays using the payload access details + * available in the given userInfo entry (from usersTbl). + * This 2D-array will be mapped to a JSON object (which will be written to + * a JSON file subsequently). + */ + void readPayloadAccessFromUserInfo( + const UserInfo& userInfo, + std::array<std::array<bool, ipmiMaxChannels>, payloadsPerByte>& + stdPayload, + std::array<std::array<bool, ipmiMaxChannels>, payloadsPerByte>& + oemPayload); + + /** @brief to update user payload access details in userInfo entry. + * + * @param[in] stdPayload - stdPayloadEnables1 in a 2D-array. + * @param[in] oemPayload - oemPayloadEnables1 in a 2D-array. + * @param[out] userInfo - userInfo entry in usersTbl. + * + * @details Update user payload access details of a given userInfo + * entry (in usersTbl) with the information provided in given 2D-arrays. + * This 2D-array was created out of a JSON object (which was created by + * parsing a JSON file). + */ + void updatePayloadAccessInUserInfo( + const std::array<std::array<bool, ipmiMaxChannels>, payloadsPerByte>& + stdPayload, + const std::array<std::array<bool, ipmiMaxChannels>, payloadsPerByte>& + oemPayload, + UserInfo& userInfo); + + /** @brief to set user payload access details + * + * @param[in] chNum - channel number + * @param[in] operation - Enable / Disable + * @param[in] userId - user id + * @param[in] payloadAccess - payload access + * + * @return IPMI_CC_OK for success, others for failure. + */ + ipmi_ret_t setUserPayloadAccess(const uint8_t chNum, + const uint8_t operation, + const uint8_t userId, + const PayloadAccess& payloadAccess); + /** @brief reads user management related data from configuration file * */ @@ -321,8 +398,9 @@ class UserAccess void getSystemPrivAndGroups(); /** @brief function to init user data from configuration & D-Bus objects + * and to register for signals * */ - void initUserDataFile(); + void cacheUserDataFile(); }; } // namespace ipmi |