From 2cfd4a5dce804c2f8028d0e410ef1a6b6de63bed Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 22 Jan 2021 16:25:47 -0500
Subject: [PATCH] Add support for pass complexity and lockout

The TSM implements these two policies, make them configurable
through the bmc configuration like other Lenovo equipment

Change-Id: Ia5f4a5902af39795394ad4d096ff2c8123a59e0e
---
 pyghmi/redfish/oem/lenovo/tsma.py | 51 +++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 3 deletions(-)

diff --git a/pyghmi/redfish/oem/lenovo/tsma.py b/pyghmi/redfish/oem/lenovo/tsma.py
index bf11f97c..b3ff86ca 100644
--- a/pyghmi/redfish/oem/lenovo/tsma.py
+++ b/pyghmi/redfish/oem/lenovo/tsma.py
@@ -108,10 +108,25 @@ class TsmHandler(generic.OEMHandler):
             if currsrv and currsrv != '::':
                 dnssrvs.append(currsrv)
         settings['dns_servers'] = {'value': ','.join(dnssrvs)}
+        rsp, status = wc.grab_json_response_with_status(
+            '/api/LockoutPolicystatus')
+        if status == 200:
+            isenabled = rsp.get('Status', 0) == 1
+            if isenabled:
+                settings['password_login_failures'] = {'value': rsp.get(
+                    'Attemptstimes', 0)}
+            else:
+                settings['password_login_failures'] = {'value': 0}
+        rsp, status = wc.grab_json_response_with_status(
+            '/api/GetPWComplex')
+        if status == 200:
+            settings['password_complexity'] = {'value': rsp.get(
+                'pw_complex', 0)}
         return settings
 
     def set_bmc_configuration(self, changeset):
         dnschgs = {}
+        wc = self.wc
         for key in changeset:
             if isinstance(changeset[key], six.string_types):
                 changeset[key] = {'value': changeset[key]}
@@ -125,11 +140,41 @@ class TsmHandler(generic.OEMHandler):
                         dnschgs['dns_server{0}'.format(idx + 1)] = ''
             if 'dns_domain'.startswith(key.lower()):
                 dnschgs['domain_name'] = currval
+            if 'password_complexity'.startswith(key.lower()):
+                self._set_pass_complexity(currval, wc)
+            if 'password_login_failures'.startswith(key.lower()):
+                self._set_pass_lockout(currval, wc)
         if dnschgs:
-            self._set_dns_config(dnschgs)
+            self._set_dns_config(dnschgs, wc)
 
-    def _set_dns_config(self, dnschgs):
-        wc = self.wc
+    def _set_pass_complexity(self, currval, wc):
+        rsp, status = wc.grab_json_response_with_status(
+            '/api/SetPWComplex', {'Enable': currval})
+        if status != 200:
+            raise Exception(repr(rsp))
+
+    def _set_pass_lockout(self, currval, wc):
+        rsp, status = wc.grab_json_response_with_status(
+            '/api/LockoutPolicystatus')
+        if status != 200:
+            raise Exception(repr(rsp))
+        request = {
+            'SameStatus': 0,
+            'Lock_min': rsp.get('Locktime', 5),
+            'Rest_min': rsp.get('Resettime', 1),
+            'Attemptstimes': rsp.get('Attemptstimes', 3)
+        }
+        if currval == 0:
+            request['Enable'] = 0
+        else:
+            request['Enable'] = 1
+            request['Attemptstimes'] = currval
+        rsp, status = wc.grab_json_response_with_status(
+            '/api/SetLockoutPolicy', request)
+        if status != 200:
+            raise Exception(repr(rsp))
+
+    def _set_dns_config(self, dnschgs, wc):
         rsp, status = wc.grab_json_response_with_status(
             '/api/settings/dns-info')
         if status != 200: