SILABMC-283: phosphor-user-manager: Remove all groups for user with priv-noaccess

author: Nikita Kosenkov <NKosenkov@IBS.RU> 2022-09-02 18:02:38 +0300
committer: Nikita Kosenkov <NKosenkov@IBS.RU> 2022-09-02 18:02:38 +0300
commit: a42a48acf811b9536cdc01635a6b8f342a34655e (patch)
tree: 10fe722790f22aa334c51d2019633a135ce7de60 /meta-ibs
parent: 8b95d0e092a55e28b933767b92130203a3dbaf09 (diff)
download: openbmc-a42a48acf811b9536cdc01635a6b8f342a34655e.tar.xz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager/0001-Remove-all-groups-for-user-with-priv-noaccess.patch b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager/0001-Remove-all-groups-for-user-with-priv-noaccess.patch
new file mode 100644
index 0000000000..4b765ee6f9
--- /dev/null
+++ b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager/0001-Remove-all-groups-for-user-with-priv-noaccess.patch
@@ -0,0 +1,40 @@
+From db61e3c467904113ac296aeb0e976086a5cdd5a1 Mon Sep 17 00:00:00 2001
+From: Nikita Kosenkov <NKosenkov@IBS.RU>
+Date: Fri, 2 Sep 2022 16:44:30 +0300
+Subject: [PATCH] Remove all groups for user with priv-noaccess
+
+---
+ user_mgr.cpp | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/user_mgr.cpp b/user_mgr.cpp
+index a5ecb8f..972f943 100644
+--- a/user_mgr.cpp
++++ b/user_mgr.cpp
+@@ -308,6 +308,11 @@ void UserMgr::createUser(std::string userName,
+     std::string groups = getCSVFromVector(groupNames);
+     bool sshRequested = removeStringFromCSV(groups, grpSsh);
+ 
++    if (priv.empty() || (priv == "priv-noaccess"))
++    {
++        groups = "";
++    }
++
+     // treat privilege as a group - This is to avoid using different file to
+     // store the same.
+     if (!priv.empty())
+@@ -435,6 +440,11 @@ void UserMgr::updateGroupsAndPriv(const std::string& userName,
+     std::string groups = getCSVFromVector(groupNames);
+     bool sshRequested = removeStringFromCSV(groups, grpSsh);
+ 
++    if (priv.empty() || (priv == "priv-noaccess"))
++    {
++        groups = "";
++    }
++
+     // treat privilege as a group - This is to avoid using different file to
+     // store the same.
+     if (!priv.empty())
+-- 
+2.35.1
+
diff --git a/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend
new file mode 100644
index 0000000000..658fe27f10
--- /dev/null
+++ b/meta-ibs/meta-common/recipes-phosphor/users/phosphor-user-manager_%.bbappend
@@ -0,0 +1,5 @@
+FILESEXTRAPATHS:append := "${THISDIR}/${PN}:"
+
+SRC_URI:append = " \
+    file://0001-Remove-all-groups-for-user-with-priv-noaccess.patch \
+    "
+\ No newline at end of file
author	Nikita Kosenkov <NKosenkov@IBS.RU>	2022-09-02 18:02:38 +0300
committer	Nikita Kosenkov <NKosenkov@IBS.RU>	2022-09-02 18:02:38 +0300
commit	a42a48acf811b9536cdc01635a6b8f342a34655e (patch)
tree	10fe722790f22aa334c51d2019633a135ce7de60 /meta-ibs
parent	8b95d0e092a55e28b933767b92130203a3dbaf09 (diff)
download	openbmc-a42a48acf811b9536cdc01635a6b8f342a34655e.tar.xz