User Mgr: Update GetUserInfo to read ldap user privilege
Without this fix privilege mapping was fetched from the standalone
mapper application. Now with the recent changes privilege
mapping is part of the config object itself.
This fix is to address that change.
TestedBy:
1.Added privilege mapper for ldap user and
then GetUserInfo for ldap user and verified
if privilege is correct.
2.Created local user and verified local user info
through GetUserInfo and check privilege.
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: Ie149cc1ef46370a899aa8312ce17448b6c00c0e9
diff --git a/test/user_mgr_test.cpp b/test/user_mgr_test.cpp
index c7f1f89..943f0a8 100644
--- a/test/user_mgr_test.cpp
+++ b/test/user_mgr_test.cpp
@@ -40,9 +40,18 @@
{
DbusUserObj object;
DbusUserObjValue objValue;
- DbusUserObjPath object_path("/xyz/openbmc_project/user/ldap");
- DbusUserPropVariant group("ldapGroup");
- DbusUserPropVariant priv("priv-admin");
+
+ DbusUserObjPath obj_path("/xyz/openbmc_project/user/ldap/openldap");
+ DbusUserPropVariant enabled(true);
+ DbusUserObjProperties property = {std::make_pair("Enabled", enabled)};
+ std::string intf = "xyz.openbmc_project.Object.Enable";
+ objValue.emplace(intf, property);
+ object.emplace(obj_path, objValue);
+
+ DbusUserObjPath object_path(
+ "/xyz/openbmc_project/user/ldap/openldap/role_map/1");
+ std::string group = "ldapGroup";
+ std::string priv = "priv-admin";
DbusUserObjProperties properties = {std::make_pair("GroupName", group),
std::make_pair("Privilege", priv)};
std::string interface = "xyz.openbmc_project.User.PrivilegeMapperEntry";
@@ -52,6 +61,20 @@
return object;
}
+
+ DbusUserObj createLdapConfigObjectWithoutPrivilegeMapper(void)
+ {
+ DbusUserObj object;
+ DbusUserObjValue objValue;
+
+ DbusUserObjPath obj_path("/xyz/openbmc_project/user/ldap/openldap");
+ DbusUserPropVariant enabled(true);
+ DbusUserObjProperties property = {std::make_pair("Enabled", enabled)};
+ std::string intf = "xyz.openbmc_project.Object.Enable";
+ objValue.emplace(intf, property);
+ object.emplace(obj_path, objValue);
+ return object;
+ }
};
TEST_F(TestUserMgr, ldapEntryDoesNotExist)
@@ -105,10 +128,11 @@
UserInfoMap userInfo;
std::string userName = "ldapUser";
std::string ldapGroup = "ldapGroup";
- DbusUserObj object;
EXPECT_CALL(mockManager, getLdapGroupName(userName))
.WillRepeatedly(Return(ldapGroup));
+ // Create LDAP config object without privilege mapper
+ DbusUserObj object = createLdapConfigObjectWithoutPrivilegeMapper();
EXPECT_CALL(mockManager, getPrivilegeMapperObject())
.WillRepeatedly(Return(object));
userInfo = mockManager.getUserInfo(userName);
diff --git a/user_mgr.cpp b/user_mgr.cpp
index 47edf7d..183afbe 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -831,12 +831,11 @@
DbusUserObj objects;
try
{
- std::string basePath = "/xyz/openbmc_project/user/ldap";
- std::string interface = "xyz.openbmc_project.User.PrivilegeMapper";
+ std::string basePath = "/xyz/openbmc_project/user/ldap/openldap";
+ std::string interface = "xyz.openbmc_project.User.Ldap.Config";
auto ldapMgmtService =
getServiceName(std::move(basePath), std::move(interface));
-
auto method = bus.new_method_call(
ldapMgmtService.c_str(), ldapMgrObjBasePath,
"org.freedesktop.DBus.ObjectManager", "GetManagedObjects");
@@ -964,39 +963,74 @@
std::string privilege;
std::string groupName;
+ std::string ldapConfigPath;
try
{
- for (const auto &objpath : objects)
+ for (const auto &obj : objects)
{
- auto iter = objpath.second.find(
- "xyz.openbmc_project.User.PrivilegeMapperEntry");
- if (iter == objpath.second.end())
+ for (const auto &interface : obj.second)
{
- log<level::ERR>(
- "Error in finding privilege mapper entry interface");
- elog<InternalFailure>();
+ if ((interface.first ==
+ "xyz.openbmc_project.Object.Enable"))
+ {
+ for (const auto &property : interface.second)
+ {
+ auto value =
+ sdbusplus::message::variant_ns::get<bool>(
+ property.second);
+ if ((property.first == "Enabled") &&
+ (value == true))
+ {
+ ldapConfigPath = obj.first;
+ break;
+ }
+ }
+ }
}
- for (const auto &property : iter->second)
+ if (!ldapConfigPath.empty())
{
- auto value =
- sdbusplus::message::variant_ns::get<std::string>(
- property.second);
- if (property.first == "GroupName")
+ break;
+ }
+ }
+
+ if (ldapConfigPath.empty())
+ {
+ return userInfo;
+ }
+
+ for (const auto &obj : objects)
+ {
+ for (const auto &interface : obj.second)
+ {
+ if ((interface.first ==
+ "xyz.openbmc_project.User.PrivilegeMapperEntry") &&
+ (obj.first.str.find(ldapConfigPath) !=
+ std::string::npos))
{
- groupName = value;
- }
- else if (property.first == "Privilege")
- {
- privilege = value;
- }
- if (groupName == ldapGroupName)
- {
- userInfo["UserPrivilege"] = privilege;
+
+ for (const auto &property : interface.second)
+ {
+ auto value = sdbusplus::message::variant_ns::get<
+ std::string>(property.second);
+ if (property.first == "GroupName")
+ {
+ groupName = value;
+ }
+ else if (property.first == "Privilege")
+ {
+ privilege = value;
+ }
+ if (groupName == ldapGroupName)
+ {
+ userInfo["UserPrivilege"] = privilege;
+ }
+ }
}
}
}
auto priv = std::get<std::string>(userInfo["UserPrivilege"]);
+
if (priv.empty())
{
log<level::ERR>("LDAP group privilege mapping does not exist");
diff --git a/user_mgr.hpp b/user_mgr.hpp
index 7409b73..4c24201 100644
--- a/user_mgr.hpp
+++ b/user_mgr.hpp
@@ -37,13 +37,15 @@
using GroupList = std::vector<std::string>;
using UserEnabled = bool;
using PropertyName = std::string;
+using ServiceEnabled = bool;
using UserInfo = std::variant<Privilege, GroupList, UserEnabled>;
using UserInfoMap = std::map<PropertyName, UserInfo>;
using DbusUserObjPath = sdbusplus::message::object_path;
-using DbusUserPropVariant = sdbusplus::message::variant<Privilege>;
+using DbusUserPropVariant =
+ sdbusplus::message::variant<Privilege, ServiceEnabled>;
using DbusUserObjProperties =
std::vector<std::pair<PropertyName, DbusUserPropVariant>>;