From 489a4ed9dc200db52e4e4cf5600b0367a29155f8 Mon Sep 17 00:00:00 2001
From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Date: Fri, 17 Jan 2020 11:48:40 +0530
Subject: [Fix]: Check ipmi groups list before creating user

When phosphor-user-manager is started later than ipmid,
then ipmid misses to get the AvailableGroups list from
phosphor-user-manager. Further creation of user through ipmi
will end up creating user which doesn't belong to any group
at all. This fixes, by making sure, ipmi creates user only
if ipmi group is in available groups lists, and will do
re-query if it is empty.

Tested:
1. Verified the user creation behaviour with having dependency to
phosphor-user-manager and without.
2. Manually tested the following.
  a. Stopped phosphor-user-manager & all ipmi
  b. Started phosphor-host-ipmid
  c. started phosphor-user-manager
  d. using ipmitool user set name created user and verified that it
  belongs to proper group as expected.

Change-Id: I5810babda0e70eb7b6bca577af2031da90dbb068
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
---
 user_channel/user_mgmt.cpp | 24 ++++++++++++++++++++++++
 user_channel/user_mgmt.hpp |  6 ++++++
 2 files changed, 30 insertions(+)

diff --git a/user_channel/user_mgmt.cpp b/user_channel/user_mgmt.cpp
index a8d2219..add7ee2 100644
--- a/user_channel/user_mgmt.cpp
+++ b/user_channel/user_mgmt.cpp
@@ -945,6 +945,26 @@ ipmi_ret_t UserAccess::getUserName(const uint8_t userId, std::string& userName)
     return IPMI_CC_OK;
 }
 
+bool UserAccess::isIpmiInAvailableGroupList()
+{
+    if (std::find(availableGroups.begin(), availableGroups.end(),
+                  ipmiGrpName) != availableGroups.end())
+    {
+        return true;
+    }
+    if (availableGroups.empty())
+    {
+        // available groups shouldn't be empty, re-query
+        getSystemPrivAndGroups();
+        if (std::find(availableGroups.begin(), availableGroups.end(),
+                      ipmiGrpName) != availableGroups.end())
+        {
+            return true;
+        }
+    }
+    return false;
+}
+
 ipmi_ret_t UserAccess::setUserName(const uint8_t userId,
                                    const char* userNameInChar)
 {
@@ -990,6 +1010,10 @@ ipmi_ret_t UserAccess::setUserName(const uint8_t userId,
     {
         try
         {
+            if (!isIpmiInAvailableGroupList())
+            {
+                return IPMI_CC_UNSPECIFIED_ERROR;
+            }
             // Create new user
             auto method = bus.new_method_call(
                 getUserServiceName().c_str(), userMgrObjBasePath,
diff --git a/user_channel/user_mgmt.hpp b/user_channel/user_mgmt.hpp
index 054c0e2..159b15c 100644
--- a/user_channel/user_mgmt.hpp
+++ b/user_channel/user_mgmt.hpp
@@ -166,6 +166,12 @@ class UserAccess
      */
     bool isValidUserName(const char* userNameInChar);
 
+    /** @brief determines whether ipmi is in available groups list
+     *
+     * @return true if ipmi group is present, false otherwise
+     */
+    bool isIpmiInAvailableGroupList();
+
     /** @brief provides user id of the user
      *
      *  @param[in] userName - user name
-- 
cgit v1.2.1