From 9164fd9b15e7af88e8b80c7ed7dad45266327a57 Mon Sep 17 00:00:00 2001 From: Richard Marian Thomaiyar Date: Wed, 13 Jun 2018 16:51:00 +0530 Subject: Support for password & security configuration Support for password & security enforcement configuration added. Implements the D-Bus interface properties to read and configure minimum password length, old password remember history, unlock timeout and maximum login attempt. Change-Id: I1a462a8a5d1f5dd07f3b594d62bd9c61bbdddb9c Signed-off-by: Richard Marian Thomaiyar Signed-off-by: Brad Bishop --- user_mgr.hpp | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) (limited to 'user_mgr.hpp') diff --git a/user_mgr.hpp b/user_mgr.hpp index 44e14f7..b599724 100644 --- a/user_mgr.hpp +++ b/user_mgr.hpp @@ -17,6 +17,7 @@ #include #include #include +#include #include #include "users.hpp" @@ -28,10 +29,13 @@ namespace user using UserMgrIface = sdbusplus::xyz::openbmc_project::User::server::Manager; using UserSSHLists = std::pair, std::vector>; +using AccountPolicyIface = + sdbusplus::xyz::openbmc_project::User::server::AccountPolicy; + /** @class UserMgr * @brief Responsible for managing user accounts over the D-Bus interface. */ -class UserMgr : public UserMgrIface +class UserMgr : public UserMgrIface, AccountPolicyIface { public: UserMgr() = delete; @@ -93,6 +97,35 @@ class UserMgr : public UserMgrIface */ void userEnable(const std::string &userName, bool enabled); + /** @brief update minimum password length requirement + * + * @param[in] val - minimum password length + * @return - minimum password length + */ + uint8_t minPasswordLength(uint8_t val) override; + + /** @brief update old password history count + * + * @param[in] val - number of times old passwords has to be avoided + * @return - number of times old password has to be avoided + */ + uint8_t rememberOldPasswordTimes(uint8_t val) override; + + /** @brief update maximum number of failed login attempt before locked + * out. + * + * @param[in] val - number of allowed attempt + * @return - number of allowed attempt + */ + uint16_t maxLoginAttemptBeforeLockout(uint16_t val) override; + + /** @brief update timeout to unlock the account + * + * @param[in] val - value in seconds + * @return - value in seconds + */ + uint32_t accountUnlockTimeout(uint32_t val) override; + private: /** @brief sdbusplus handler */ sdbusplus::bus::bus &bus; @@ -201,6 +234,32 @@ class UserMgr : public UserMgrIface * @return - returns user count */ size_t getIpmiUsersCount(void); + + /** @brief get pam argument value + * method to get argument value from pam configuration + * + * @param[in] moduleName - name of the module from where arg has to be read + * @param[in] argName - argument name + * @param[out] argValue - argument value + * + * @return 0 - success state of the function + */ + int getPamModuleArgValue(const std::string &moduleName, + const std::string &argName, std::string &argValue); + + /** @brief set pam argument value + * method to set argument value in pam configuration + * + * @param[in] moduleName - name of the module in which argument value has + * to be set + * @param[in] argName - argument name + * @param[out] argValue - argument value + * + * @return 0 - success state of the function + */ + int setPamModuleArgValue(const std::string &moduleName, + const std::string &argName, + const std::string &argValue); }; } // namespace user -- cgit v1.2.1