ldap: Add application to configure privilege for LDAP groups
The application implements the xyz.openbmc_project.User.PrivilegeMapper
D-Bus interface to configure privilege levels for LDAP groups. The Create
method is used to create privilege mapping for the LDAP group. D-Bus
object is created for each LDAP group and implements the D-Bus interface
xyz.openbmc_project.User.PrivilegeMapperEntry.
:
Change-Id: I20935229a8a79ce1e52a857672a6a0085cb5ace4
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
diff --git a/phosphor-ldap-mapper/ldap_mapper_mgr.hpp b/phosphor-ldap-mapper/ldap_mapper_mgr.hpp
new file mode 100644
index 0000000..450626d
--- /dev/null
+++ b/phosphor-ldap-mapper/ldap_mapper_mgr.hpp
@@ -0,0 +1,103 @@
+#pragma once
+
+#include <sdbusplus/bus.hpp>
+#include <sdbusplus/server/object.hpp>
+#include "ldap_mapper_entry.hpp"
+#include <xyz/openbmc_project/User/PrivilegeMapper/server.hpp>
+#include <map>
+#include <set>
+
+namespace phosphor
+{
+
+namespace user
+{
+
+using MapperMgrIface =
+ sdbusplus::xyz::openbmc_project::User::server::PrivilegeMapper;
+using ObjectPath = sdbusplus::message::object_path;
+
+// D-Bus root for LDAP privilege mapper
+constexpr auto mapperMgrRoot = "/xyz/openbmc_project/user/ldap";
+
+/** @class LDAPMapperMgr
+ *
+ * @brief Responsible for managing LDAP groups to privilege mapping.
+ */
+class LDAPMapperMgr : public MapperMgrIface
+{
+ public:
+ LDAPMapperMgr() = delete;
+ ~LDAPMapperMgr() = default;
+ LDAPMapperMgr(const LDAPMapperMgr &) = delete;
+ LDAPMapperMgr &operator=(const LDAPMapperMgr &) = delete;
+ LDAPMapperMgr(LDAPMapperMgr &&) = delete;
+ LDAPMapperMgr &operator=(LDAPMapperMgr &&) = delete;
+
+ /** @brief Constructs LDAPMapperMgr object.
+ *
+ * @param[in] bus - sdbusplus handler
+ * @param[in] path - D-Bus path
+ */
+ LDAPMapperMgr(sdbusplus::bus::bus &bus, const char *path);
+
+ /** @brief Creates a mapping for the group to the privilege
+ *
+ * @param[in] groupName - Group Name to which the privilege needs to be
+ * assigned.
+ * @param[in] privilege - The privilege role associated with the group.
+ *
+ * @return On success return the D-Bus object path of the created privilege
+ * mapper entry.
+ */
+ ObjectPath create(std::string groupName, std::string privilege) override;
+
+ /** @brief Delete privilege mapping for LDAP group
+ *
+ * This method deletes the privilege mapping
+ *
+ * @param[in] groupName - name of the LDAP group for which privilege
+ * mapping is to be deleted.
+ */
+ void deletePrivilegeMapper(Id id);
+
+ /** @brief Check if LDAP group privilege mapping requested is valid
+ *
+ * Check if the privilege mapping already exists for the LDAP group name
+ * and group name is empty.
+ *
+ * @param[in] groupName - LDAP group name
+ *
+ * @return throw exception if the conditions are not met.
+ */
+ void checkPrivilegeMapper(const std::string &groupName);
+
+ /** @brief Check if the privilege level is a valid one
+ *
+ * @param[in] privilege - Privilege level
+ *
+ * @return throw exception if the conditions are not met.
+ */
+ void checkPrivilegeLevel(const std::string &privilege);
+
+ private:
+ /** @brief sdbusplus handler */
+ sdbusplus::bus::bus &bus;
+
+ /** @brief object path for the manager object*/
+ const std::string path;
+
+ /** @brief available privileges container */
+ std::set<std::string> privMgr = {"priv-admin", "priv-operator", "priv-user",
+ "priv-callback"};
+
+ /** @brief Id of the last privilege mapper entry */
+ Id entryId = 0;
+
+ /** @brief container to hold privilege mapper objects */
+ std::map<Id, std::unique_ptr<phosphor::user::LDAPMapperEntry>>
+ PrivilegeMapperList;
+};
+
+} // namespace user
+} // namespace phosphor