phosphor-user-manager, branch master

LDAP:change default values of GroupNameAttribute and UserNamAttribute

2019-04-05T04:55:28+00:00

Modify UserNameAttribute default value to "cn" and GroupNameAttribute default value to "gidNubmer" create config already enabled to make these attributes user configurable.these default values are to make sure ldap config works if user does not configure these attributes. Tested by: Configured LDAP without specifying group name and user name attributes and tested ldap user authentication Change-Id: I0091389122a384e0966659161566e9e543608628 Signed-off-by: raviteja-b

build: install into bin instead of sbin

2019-03-28T18:15:42+00:00

Installs into bin instead of sbin per guidelines. Signed-off-by: Patrick Venture Change-Id: Ie3fd4aa21c2644b2673f80a17dee13819b6b546e

Removing unused SetPassword D-Bus API method

2019-03-19T08:34:23+00:00

Password update is done through pam_chauthtok() API, and don't use SetPassword. Removing the unused code. Tested-by: N/A. Change-Id: I42a5b7c73bc2cb2404801df1c1cd057a94a1a924 Signed-off-by: Sumanth Bhat Signed-off-by: Richard Marian Thomaiyar

LDAP: Add the persistency for the "Enabled" property

2019-03-11T06:40:22+00:00

This property will control that whether the LDAP service would be started or not. We are persisting this property using cereal, other properties is being persisted through nslcd.conf, nslcd doesn't give us a way to put this property under nslcd.conf. Tested By: Test the persistency of enabled property. Verified that it was getting persisted across restart/reboot. Change-Id: Id64b23b71865bac15d3be2d79abad615aa576bea Signed-off-by: Ratan Gupta

squash the following commits

2019-03-11T06:30:02+00:00

LDAP: Adding support for extra properties Implement GetUserInfo function in phosphor-user-manager Squashing the commits due to phosphor-dbus-interfaces dependency as the interface gets merged and it requires implementation so it is a deadlock for both the commits. Implement GetUserInfo function in phosphor-user-manager There was need to have api which return privilege for ldap user. it was discussed in this commit https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-dbus-interfaces/+/12027/ and decided to have generic api. -Checks if user is local user, then returns map of properties of local user like user privilege,list of user groups,user enabled state and user locked state. -If its not local user, then it checks if its a ldap user, then get the privilege mapping for the LDAP group and returns. TestedBy: 1) getUserInfo with local user verify user details. 2) getUserInfo with ldap user having privilege mapper entry, verify user details. 3) getUserInfo with no existing user. check for exception UserNameDoesNotExist. Change-Id: I44af41953db60ff96b39498d72839c2ab64bc8bd Signed-off-by: raviteja-b LDAP: Adding support for extra properties This commit also decouple the ldap service(nslcd) start with each property update,Now there is a D-bus property ldap service enabled which controls that whether the LDAP service will be restarted after each property update,so now user have an option to disable the ldap service and do multi- property update and then enable the service again. TestedBy: 1) Create the config with new added properties Verify that it was getting reflected on the D-bus object. 2) After making the change restarted the ldap-conf service Verify that new properties(usernameattr,groupnameattr) are correctly updated. 3) Authenticaton test Verify that LDAP authentication worked fine. 4) Set the enabled property to true Verify that it starts the nslcd service 5) Set the enabled property to false Verify that it stops the nslcd.service 6) Set the enabled property to true and change any other config property Verify that it starts the nslcd.service 7) Set the enabled property to false which stops the nslcd service and change any other config property. Verify that it doesn't start the nslcd service. Change-Id: Ie3ca04a2adbbb1fe113764199348c4f7ac67f648 Signed-off-by: Ratan Gupta

Corrected the error log message.

2019-03-06T18:22:15+00:00

Change-Id: I682dda32c0482e0849289a70d5b3ffa624bb915d Signed-off-by: Ratan Gupta

MAINTAINERS: Remove myself, add Ratan and Richard

2019-03-05T15:24:07+00:00

I haven't written any code in this project, and I haven't been able allocate much time to peer review either so it doesn't make any sense for me to be a maintainer. Richard and Ratan both have written code in PUM, been active in peer review, and know a lot about the overall user management implementation in OpenBMC. Richard and Ratan will both provide timely and quality feedback to PUM contributors, so it makes a lot of sense for them to co-maintain PUM in place of Brad. Change-Id: I72b9c471f2c42b4b962de4ecc040d6c8489ee21f Signed-off-by: Brad Bishop

build: pkg anti-pattern: use defaults

2019-02-13T22:54:49+00:00

Use the defaults in the pkg check where the default error message is sufficient to identify which package is missing. Change-Id: I09cf1888ea4f41b5c22d18d72b169d2ca32fc339 Signed-off-by: Patrick Venture

Remove output user name comparison for pam_tally2

2018-11-28T14:35:00+00:00

pam_tally2 output restricts printing user name to 15 characters This makes the extra precautionary user name comparison to fail causing system to fail inadvertently. Hence removed the precautionary condition, as user name is passed to pam_tally2 as argument Unit test: Added user name of 16 characters or more and tried querying the user locked for failed attempt, and got successful data Change-Id: I889c423324e53e4c554e9dce772a39f1843803b2 Signed-off-by: Richard Marian Thomaiyar

Add unit tests for ldap mapper application

2018-11-26T14:33:39+00:00

Change-Id: I2d75a4f2e27f6e6640e8a16cc7834116b260f547 Signed-off-by: Tom Joseph