phosphor-ldap-conf: add support for validation of parameters
Validate LDAP Server's URI, BaseDN and BindBN.
Change-Id: If754e17c238069e04c9e1e8735a28d54dbf221cb
TODO: Unit tests will be added in subsequent commits.
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
diff --git a/phosphor-ldap-config/Makefile.am b/phosphor-ldap-config/Makefile.am
index ed0853c..cf2b4f0 100644
--- a/phosphor-ldap-config/Makefile.am
+++ b/phosphor-ldap-config/Makefile.am
@@ -8,8 +8,9 @@
phosphor_ldap_conf_LDFLAGS = $(SDBUSPLUS_LIBS) \
$(PHOSPHOR_DBUS_INTERFACES_LIBS) \
- $(PHOSPHOR_LOGGING_LIBS)\
- -lstdc++fs
+ $(PHOSPHOR_LOGGING_LIBS) \
+ -lstdc++fs \
+ -lldap
phosphor_ldap_conf_CXXFLAGS = $(SYSTEMD_CFLAGS) \
$(PHOSPHOR_DBUS_INTERFACES_CFLAGS) \
diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp
index 222793e..e3b337d 100644
--- a/phosphor-ldap-config/ldap_configuration.cpp
+++ b/phosphor-ldap-config/ldap_configuration.cpp
@@ -1,4 +1,5 @@
#include "ldap_configuration.hpp"
+#include <ldap.h>
#include <experimental/filesystem>
#include <fstream>
#include <sstream>
@@ -13,6 +14,7 @@
using namespace phosphor::logging;
using namespace sdbusplus::xyz::openbmc_project::Common::Error;
namespace fs = std::experimental::filesystem;
+using Argument = xyz::openbmc_project::Common::InvalidArgument;
using Line = std::string;
using Key = std::string;
@@ -178,7 +180,14 @@
{
return value;
}
-
+ if (!(ldap_is_ldap_url(value.c_str()) ||
+ ldap_is_ldaps_url(value.c_str())))
+ {
+ log<level::ERR>("Not a valid LDAP Server URI"),
+ entry("LDAPSERVERURI=%s", value.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
+ Argument::ARGUMENT_VALUE(value.c_str()));
+ }
val = ConfigIface::lDAPServerURI(value);
writeConfig();
parent.restartService(nslcdService);
@@ -206,6 +215,14 @@
return value;
}
+ if (value.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BINDDN"),
+ entry("LDAPBINDDN=%s", value.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBindDN"),
+ Argument::ARGUMENT_VALUE(value.c_str()));
+ }
+
val = ConfigIface::lDAPBindDN(value);
writeConfig();
parent.restartService(nslcdService);
@@ -232,6 +249,14 @@
return value;
}
+ if (value.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BASEDN"),
+ entry("BASEDN=%s", value.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBaseDN"),
+ Argument::ARGUMENT_VALUE(value.c_str()));
+ }
+
val = ConfigIface::lDAPBaseDN(value);
writeConfig();
parent.restartService(nslcdService);
@@ -373,7 +398,31 @@
ldap_base::Create::SearchScope lDAPSearchScope,
ldap_base::Create::Type lDAPType)
{
- // TODO Validate parameters passed-in.
+ if (!(ldap_is_ldap_url(lDAPServerURI.c_str()) ||
+ ldap_is_ldaps_url(lDAPServerURI.c_str())))
+ {
+ log<level::ERR>("Not a valid LDAP Server URI"),
+ entry("LDAPSERVERURI=%s", lDAPServerURI.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
+ Argument::ARGUMENT_VALUE(lDAPServerURI.c_str()));
+ }
+
+ if (lDAPBindDN.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BINDDN"),
+ entry("LDAPBINDDN=%s", lDAPBindDN.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"),
+ Argument::ARGUMENT_VALUE(lDAPBindDN.c_str()));
+ }
+
+ if (lDAPBaseDN.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BASEDN"),
+ entry("LDAPBASEDN=%s", lDAPBaseDN.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"),
+ Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str()));
+ }
+
// With current implementation we support only one LDAP server.
deleteObject();
try