phosphor-ldap-conf: handle "InterfaceAdded" signal on the ldap cert object
When LDAP client certificate is uploaded through install method on the
cert object, Object would emit the signal "InterfaceAdded".
Upon receiving the signal, Config file would be updated with
below given info if secure ldap is enabled:
tls_cert <path client certificate file>
tls_key <path to client certificate file>
Tested By: Unit Tested
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I54b3e116af1b8a9057d91797d4074d39efc65bb0
diff --git a/phosphor-ldap-config/ldap_config.cpp b/phosphor-ldap-config/ldap_config.cpp
index b22d684..80b8c9c 100644
--- a/phosphor-ldap-config/ldap_config.cpp
+++ b/phosphor-ldap-config/ldap_config.cpp
@@ -27,6 +27,7 @@
constexpr auto nscdService = "nscd.service";
constexpr auto LDAPscheme = "ldap";
constexpr auto LDAPSscheme = "ldaps";
+constexpr auto certObjPath = "/xyz/openbmc_project/certs/client/ldap";
using namespace phosphor::logging;
using namespace sdbusplus::xyz::openbmc_project::Common::Error;
@@ -44,7 +45,7 @@
using ConfigInfo = std::map<Key, Val>;
Config::Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath,
- const char* caCertFile, bool secureLDAP,
+ const char* caCertFile, const char* certFile, bool secureLDAP,
std::string lDAPServerURI, std::string lDAPBindDN,
std::string lDAPBaseDN, std::string&& lDAPBindDNPassword,
ConfigIface::SearchScope lDAPSearchScope,
@@ -53,8 +54,12 @@
ConfigMgr& parent) :
Ifaces(bus, path, true),
secureLDAP(secureLDAP), lDAPBindPassword(std::move(lDAPBindDNPassword)),
- tlsCacertFile(caCertFile), configFilePath(filePath), objectPath(path),
- bus(bus), parent(parent)
+ tlsCacertFile(caCertFile), tlsCertFile(certFile), configFilePath(filePath),
+ objectPath(path), bus(bus), parent(parent),
+ certificateInstalledSignal(
+ bus, sdbusplus::bus::match::rules::interfacesAdded(certObjPath),
+ std::bind(std::mem_fn(&Config::certificateInstalled), this,
+ std::placeholders::_1))
{
ConfigIface::lDAPServerURI(lDAPServerURI);
ConfigIface::lDAPBindDN(lDAPBindDN);
@@ -96,7 +101,11 @@
ConfigMgr& parent) :
Ifaces(bus, path, true),
tlsCacertFile(caCertFile), configFilePath(filePath), objectPath(path),
- bus(bus), parent(parent)
+ bus(bus), parent(parent),
+ certificateInstalledSignal(
+ bus, sdbusplus::bus::match::rules::interfacesAdded(certObjPath),
+ std::bind(std::mem_fn(&Config::certificateInstalled), this,
+ std::placeholders::_1))
{
ConfigIface::lDAPType(lDAPType);
@@ -115,6 +124,27 @@
fs::permissions(configPersistPath, permission);
}
+void Config::certificateInstalled(sdbusplus::message::message& msg)
+{
+ try
+ {
+ if (enabled())
+ {
+ writeConfig();
+ }
+ parent.startOrStopService(nslcdService, enabled());
+ }
+ catch (const InternalFailure& e)
+ {
+ throw;
+ }
+ catch (const std::exception& e)
+ {
+ log<level::ERR>(e.what());
+ elog<InternalFailure>();
+ }
+}
+
void Config::writeConfig()
{
std::stringstream confData;
@@ -156,6 +186,11 @@
confData << "ssl on\n";
confData << "tls_reqcert hard\n";
confData << "tls_cacertFile " << tlsCacertFile.c_str() << "\n";
+ if (fs::exists(tlsCertFile.c_str()))
+ {
+ confData << "tls_cert " << tlsCertFile.c_str() << "\n";
+ confData << "tls_key " << tlsCertFile.c_str() << "\n";
+ }
}
else
{