Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 3a1c2741173d4fc28773fa4aeb699a137e739c1e^! / . / phosphor-ldap-config / ldap_configuration.cpp
commit3a1c2741173d4fc28773fa4aeb699a137e739c1e[log] [tgz]
authorRatan Gupta <ratagupt@linux.vnet.ibm.com>Wed Mar 20 06:49:42 2019 +0530
committerRatan Gupta <ratagupt@linux.vnet.ibm.com>Thu May 02 09:59:33 2019 +0530
treede2b4c23316d09f4c28d74d2117180e64a163911
parentc3f56c50ffffe1076531eb4aad7c0a574a44841f [diff] [blame]
LDAP Config: Extend the support to change the BindDNPassword

Before this commit we don't allow the user to change the bind
DN password as our REST API was the mirror of the D-bus API.

Now with the introduction of Redfish, where we have to give the
support for changing the bind dn password.

With this fix, set property on the d-bus object would update the
underlying ldap config file but wouldn't update the D-bus object due
to security issue.

Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Change-Id: I6072820185cd540fe44850b90a4f6c256c44471c

diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp
index 466b72d..77726ee 100644
--- a/phosphor-ldap-config/ldap_configuration.cpp
+++ b/phosphor-ldap-config/ldap_configuration.cpp

@@ -33,8 +33,9 @@
                std::string userNameAttr, std::string groupNameAttr,
                ConfigMgr& parent) :
     Ifaces(bus, path, true),
-    secureLDAP(secureLDAP), configFilePath(filePath), tlsCacertFile(caCertFile),
-    lDAPBindDNPassword(std::move(lDAPBindDNPassword)), bus(bus), parent(parent)
+    secureLDAP(secureLDAP), lDAPBindPassword(std::move(lDAPBindDNPassword)),
+    configFilePath(filePath), tlsCacertFile(caCertFile), bus(bus),
+    parent(parent)
 {
     ConfigIface::lDAPServerURI(lDAPServerURI);
     ConfigIface::lDAPBindDN(lDAPBindDN);
@@ -44,6 +45,7 @@
     EnableIface::enabled(lDAPServiceEnabled);
     ConfigIface::userNameAttribute(userNameAttr);
     ConfigIface::groupNameAttribute(groupNameAttr);
+    // Don't update the bindDN password under ConfigIface::
     writeConfig();
     // Emit deferred signal.
     this->emit_object_added();
@@ -87,9 +89,9 @@
     confData << "uri " << lDAPServerURI() << "\n\n";
     confData << "base " << lDAPBaseDN() << "\n\n";
     confData << "binddn " << lDAPBindDN() << "\n";
-    if (!lDAPBindDNPassword.empty())
+    if (!lDAPBindPassword.empty())
     {
-        confData << "bindpw " << lDAPBindDNPassword << "\n";
+        confData << "bindpw " << lDAPBindPassword << "\n";
         isPwdTobeWritten = true;
     }
     confData << "\n";
@@ -194,6 +196,29 @@
     return;
 }
 
+std::string Config::lDAPBindDNPassword(std::string value)
+{
+    // Don't update the D-bus object, this is just to
+    // facilitate if user wants to change the bind dn password
+    // once d-bus object gets created.
+    lDAPBindPassword = value;
+    try
+    {
+        writeConfig();
+        parent.startOrStopService(nslcdService, enabled());
+    }
+    catch (const InternalFailure& e)
+    {
+        throw;
+    }
+    catch (const std::exception& e)
+    {
+        log<level::ERR>(e.what());
+        elog<InternalFailure>();
+    }
+    return value;
+}
+
 std::string Config::lDAPServerURI(std::string value)
 {
     std::string val;