From 36218e6c390401748fb13cd05670aeb86cb8d0c2 Mon Sep 17 00:00:00 2001
From: Vishwanatha Subbanna <vishwa@linux.vnet.ibm.com>
Date: Wed, 6 Sep 2017 17:19:56 +0530
Subject: Throw exceptions on password update failure

Change-Id: I78112212b0f436c6d3b05cb1f16015c2d6bb5089
Signed-off-by: Vishwanatha Subbanna <vishwa@linux.vnet.ibm.com>
---
 user.cpp | 58 ++++++++++++++++++++++++++++++++++++++++++++--------------
 user.hpp |  8 ++++++++
 2 files changed, 52 insertions(+), 14 deletions(-)

diff --git a/user.cpp b/user.cpp
index 24cd988..f92fe10 100644
--- a/user.cpp
+++ b/user.cpp
@@ -21,6 +21,10 @@
 #include <array>
 #include <random>
 #include <errno.h>
+#include <xyz/openbmc_project/Common/error.hpp>
+#include <phosphor-logging/log.hpp>
+#include <phosphor-logging/elog.hpp>
+#include <phosphor-logging/elog-errors.hpp>
 #include "user.hpp"
 #include "file.hpp"
 #include "shadowlock.hpp"
@@ -35,6 +39,11 @@ constexpr auto SHADOW_FILE = "/etc/shadow";
 // See crypt(3)
 constexpr int SALT_LENGTH = 16;
 
+using namespace phosphor::logging;
+using InsufficientPermission = sdbusplus::xyz::openbmc_project::Common::
+                                    Error::InsufficientPermission;
+using InternalFailure = sdbusplus::xyz::openbmc_project::Common::
+                                    Error::InternalFailure;
 // Sets or updates the password
 void User::setPassword(std::string newPassword)
 {
@@ -79,8 +88,7 @@ void User::applyPassword(const std::string& shadowFile,
     phosphor::user::File shadow(shadowFile, "r");
     if ((shadow)() == NULL)
     {
-        throw std::runtime_error("Error opening shadow file");
-        // TODO: Throw error
+        return raiseException(errno, "Error opening shadow file");
     }
 
     // Open the temp shadow file for writing
@@ -89,8 +97,7 @@ void User::applyPassword(const std::string& shadowFile,
     phosphor::user::File temp(tempFile, "w", true);
     if ((temp)() == NULL)
     {
-        throw std::runtime_error("Error opening temp shadow file");
-        // TODO: Throw error
+        return raiseException(errno, "Error opening temp shadow file");
     }
 
     // Change the permission of this new temp file
@@ -99,15 +106,13 @@ void User::applyPassword(const std::string& shadowFile,
     auto r = fstat(fileno((shadow)()), &st);
     if (r < 0)
     {
-        throw std::runtime_error("Error reading permission of shadow");
-        // TODO: Throw error
+        return raiseException(errno, "Error reading shadow file mode");
     }
 
     r = fchmod(fileno((temp)()), st.st_mode);
     if (r < 0)
     {
-        throw std::runtime_error("Error setting permission on temp file");
-        // TODO: Throw error
+        return raiseException(errno, "Error setting temp file mode");
     }
 
     // Read shadow file and process
@@ -117,8 +122,15 @@ void User::applyPassword(const std::string& shadowFile,
                              buffer.max_size(), &pshdp);
         if (r)
         {
-            // Done with all entries
-            break;
+            if (errno == EACCES || errno == ERANGE)
+            {
+                return raiseException(errno, "Error reading shadow file");
+            }
+            else
+            {
+                // Seem to have run over all
+                break;
+            }
         }
 
         // Hash of password if the user matches
@@ -136,8 +148,7 @@ void User::applyPassword(const std::string& shadowFile,
         r = putspent(&shdp, (temp)());
         if (r < 0)
         {
-            throw std::runtime_error("Error updating temp shadow entry");
-            // TODO: Throw exception
+            return raiseException(errno, "Error updating temp shadow file");
         }
     } // All entries
 
@@ -149,6 +160,24 @@ void User::applyPassword(const std::string& shadowFile,
     return;
 }
 
+void User::raiseException(int errNo, const std::string& errMsg)
+{
+    using namespace std::string_literals;
+    if (errNo == EACCES)
+    {
+        auto message = "Access denied "s + errMsg;
+        log<level::ERR>(message.c_str());
+        elog<InsufficientPermission>();
+    }
+    else
+    {
+        log<level::ERR>(errMsg.c_str(),
+                entry("USER=%s",user.c_str()),
+                    entry("ERRNO=%d", errNo));
+        elog<InternalFailure>();
+    }
+}
+
 std::string User::hashPassword(char* spPwdp,
                                const std::string& password,
                                const std::string& salt)
@@ -157,8 +186,9 @@ std::string User::hashPassword(char* spPwdp,
     auto cryptAlgo = getCryptField(spPwdp);
     if (cryptAlgo.empty())
     {
-        throw std::runtime_error("Error finding crypt algo");
-        // TODO: Throw error
+        log<level::ERR>("Error finding crypt algo",
+                entry("USER=%s",user.c_str()));
+        elog<InternalFailure>();
     }
 
     // Update shadow password pointer with hash
diff --git a/user.hpp b/user.hpp
index 4c18c7a..44dd3a3 100644
--- a/user.hpp
+++ b/user.hpp
@@ -120,6 +120,14 @@ class User : public Interface
                            const std::string& tempFile,
                            const std::string& password,
                            const std::string& salt);
+
+        /** @brief Wrapper for raising exception
+         *
+         *  @param[in] errNo  - errno
+         *  @param[in] errMsg - Error message
+         */
+        void raiseException(int errNo,
+                            const std::string& errMsg);
 };
 
 } // namespace user
-- 
cgit v1.2.1