phosphor-ldap-conf: validate LDAP Server URI
Validates given URI.
Also updates secureLDAP property based on given URI. If URI is of LDAPS type,
secureLDAP is set to true, else it is set to false.
Change-Id: If96495c01a8bd911d255267ffbbbff7f28fa070b
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp
index e84e0b9..6fdc511 100644
--- a/phosphor-ldap-config/ldap_configuration.cpp
+++ b/phosphor-ldap-config/ldap_configuration.cpp
@@ -1,5 +1,5 @@
#include "ldap_configuration.hpp"
-#include <ldap.h>
+#include "utils.hpp"
#include <experimental/filesystem>
#include <fstream>
#include <sstream>
@@ -10,6 +10,8 @@
{
constexpr auto nslcdService = "nslcd.service";
constexpr auto nscdService = "nscd.service";
+constexpr auto LDAPscheme = "ldap";
+constexpr auto LDAPSscheme = "ldaps";
using namespace phosphor::logging;
using namespace sdbusplus::xyz::openbmc_project::Common::Error;
@@ -174,25 +176,20 @@
{
return value;
}
- if (secureLDAP)
+ if (isValidLDAPURI(value, LDAPSscheme))
{
- if (!ldap_is_ldaps_url(value.c_str()))
- {
- log<level::ERR>("bad LDAPS Server URI",
- entry("LDAPSSERVERURI=%s", value.c_str()));
- elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
- Argument::ARGUMENT_VALUE(value.c_str()));
- }
+ secureLDAP = true;
+ }
+ else if (isValidLDAPURI(value, LDAPscheme))
+ {
+ secureLDAP = false;
}
else
{
- if (!ldap_is_ldap_url(value.c_str()))
- {
- log<level::ERR>("bad LDAP Server URI",
- entry("LDAPSERVERURI=%s", value.c_str()));
- elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
- Argument::ARGUMENT_VALUE(value.c_str()));
- }
+ log<level::ERR>("bad LDAP Server URI",
+ entry("LDAPSERVERURI=%s", value.c_str()));
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
+ Argument::ARGUMENT_VALUE(value.c_str()));
}
val = ConfigIface::lDAPServerURI(value);
writeConfig();
@@ -202,6 +199,10 @@
{
throw;
}
+ catch (const InvalidArgument& e)
+ {
+ throw;
+ }
catch (const std::exception& e)
{
log<level::ERR>(e.what());
@@ -222,8 +223,8 @@
if (value.empty())
{
- log<level::ERR>("Not a valid LDAP BINDDN"),
- entry("LDAPBINDDN=%s", value.c_str());
+ log<level::ERR>("Not a valid LDAP BINDDN",
+ entry("LDAPBINDDN=%s", value.c_str()));
elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBindDN"),
Argument::ARGUMENT_VALUE(value.c_str()));
}
@@ -256,8 +257,8 @@
if (value.empty())
{
- log<level::ERR>("Not a valid LDAP BASEDN"),
- entry("BASEDN=%s", value.c_str());
+ log<level::ERR>("Not a valid LDAP BASEDN",
+ entry("BASEDN=%s", value.c_str()));
elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBaseDN"),
Argument::ARGUMENT_VALUE(value.c_str()));
}
@@ -379,11 +380,11 @@
{
bool secureLDAP = false;
- if (ldap_is_ldaps_url(lDAPServerURI.c_str()))
+ if (isValidLDAPURI(lDAPServerURI, LDAPSscheme))
{
secureLDAP = true;
}
- else if (ldap_is_ldap_url(lDAPServerURI.c_str()))
+ else if (isValidLDAPURI(lDAPServerURI, LDAPscheme))
{
secureLDAP = false;
}
@@ -397,16 +398,16 @@
if (lDAPBindDN.empty())
{
- log<level::ERR>("Not a valid LDAP BINDDN"),
- entry("LDAPBINDDN=%s", lDAPBindDN.c_str());
+ log<level::ERR>("Not a valid LDAP BINDDN",
+ entry("LDAPBINDDN=%s", lDAPBindDN.c_str()));
elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"),
Argument::ARGUMENT_VALUE(lDAPBindDN.c_str()));
}
if (lDAPBaseDN.empty())
{
- log<level::ERR>("Not a valid LDAP BASEDN"),
- entry("LDAPBASEDN=%s", lDAPBaseDN.c_str());
+ log<level::ERR>("Not a valid LDAP BASEDN",
+ entry("LDAPBASEDN=%s", lDAPBaseDN.c_str()));
elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"),
Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str()));
}