| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDAP: Adding support for extra properties
Implement GetUserInfo function in phosphor-user-manager
Squashing the commits due to phosphor-dbus-interfaces
dependency as the interface gets merged and it requires implementation
so it is a deadlock for both the commits.
Implement GetUserInfo function in phosphor-user-manager
There was need to have api which return privilege for ldap user.
it was discussed in this commit
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-dbus-interfaces/+/12027/
and decided to have generic api.
-Checks if user is local user, then returns map of properties of
local user like user privilege,list of user groups,user enabled
state and user locked state.
-If its not local user, then it checks if its a ldap user,
then get the privilege mapping for the LDAP group and returns.
TestedBy: 1) getUserInfo with local user
verify user details.
2) getUserInfo with ldap user having privilege mapper
entry, verify user details.
3) getUserInfo with no existing user.
check for exception UserNameDoesNotExist.
Change-Id: I44af41953db60ff96b39498d72839c2ab64bc8bd
Signed-off-by: raviteja-b <raviteja28031990@gmail.com>
LDAP: Adding support for extra properties
This commit also decouple the ldap service(nslcd) start
with each property update,Now there is a D-bus property
ldap service enabled which controls that whether the LDAP
service will be restarted after each property update,so now user
have an option to disable the ldap service and do multi-
property update and then enable the service again.
TestedBy: 1) Create the config with new added properties
Verify that it was getting reflected on the D-bus object.
2) After making the change restarted the ldap-conf service
Verify that new properties(usernameattr,groupnameattr) are correctly updated.
3) Authenticaton test
Verify that LDAP authentication worked fine.
4) Set the enabled property to true
Verify that it starts the nslcd service
5) Set the enabled property to false
Verify that it stops the nslcd.service
6) Set the enabled property to true and change any other config property
Verify that it starts the nslcd.service
7) Set the enabled property to false which stops the nslcd service
and change any other config property.
Verify that it doesn't start the nslcd service.
Change-Id: Ie3ca04a2adbbb1fe113764199348c4f7ac67f648
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pam_tally2 output restricts printing user name to 15 characters
This makes the extra precautionary user name comparison to fail
causing system to fail inadvertently. Hence removed the
precautionary condition, as user name is passed to pam_tally2
as argument
Unit test:
Added user name of 16 characters or more and tried querying
the user locked for failed attempt, and got successful data
Change-Id: I889c423324e53e4c554e9dce772a39f1843803b2
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[user_mgr.cpp:696]: (style) Throwing a copy of the caught exception
instead of rethrowing the original exception.
[user_mgr.cpp:923]: (style) Throwing a copy of the caught exception
instead of rethrowing the original exception.
[user_mgr.cpp:949]: (style) Throwing a copy of the caught exception
instead of rethrowing the original exception.
[user_mgr.cpp:974]: (style) Throwing a copy of the caught exception
instead of rethrowing the original exception.
[user_mgr.cpp:999]: (style) Throwing a copy of the caught exception
instead of rethrowing the original exception.
Change-Id: I57243acf997c248b38f52926c0a8dd525b32cc90
Signed-off-by: Patrick Venture <venture@google.com>
|
|
|
|
|
|
|
|
|
| |
Support for user locked state property using
pam_tally2 application added.
Change-Id: Ia77ff6527c15c93ac272110950e99fff56dcbaa6
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Support for password & security enforcement configuration added.
Implements the D-Bus interface properties to read and configure
minimum password length, old password remember history, unlock
timeout and maximum login attempt.
Change-Id: I1a462a8a5d1f5dd07f3b594d62bd9c61bbdddb9c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix to include user id 0 in users list of user manager service.
This enables to list out the user present in /etc/passwd file
even if it is root user with user id 0.
Unit test:
1. Made sure phosphor-user-manager service loads successfully
2. It listed root user / any user already present in /etc/passwd file.
Change-Id: I060d9581b7f433411e313b745d9d1b32e8680b7d
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
User home directory fixups, needed for SSH to work
properly. With this patch, home directory is created
for all users created and deleted, when users are removed.
Test:
Performed user creation, deletion test case and made sure
it is properly reflected in user manager and in ipmi.
Change-Id: If7d79c67784191e0cccb3f6c22f4e191fd0bbc84
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
|
|
|
|
|
|
|
| |
This fixes issue, which may end up adding "," in the groups
list, when privilege is empty. Allow adding privilege to the
groups list only when it is not empty
Change-Id: I42607c4835547eda4989f85521148a2716bedcb6
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|
|
Basic support for User Manager service methods
are implemented.
Change-Id: Id42432ec6dd421b99971268add931dcd70876f7c
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
|