Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 5fe724a7c02784be1bf42765501b584da5f0e5ab / . / phosphor-ldap-config / ldap_config.hpp
blob: cbd2e04a6f195443587f672a95ae37bbaa04639e [file] [log] [blame]
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]1#pragma once
2
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]3#include "config.h"
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]4#include <xyz/openbmc_project/Object/Enable/server.hpp>
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]5#include <xyz/openbmc_project/User/Ldap/Create/server.hpp>
Ratan Guptae1f4db62019-04-11 18:57:42 +0530[diff] [blame]6#include <xyz/openbmc_project/User/Ldap/Config/server.hpp>
Ratan Gupta7b04c352019-04-12 21:46:29 +0530[diff] [blame]7#include <xyz/openbmc_project/User/PrivilegeMapper/server.hpp>
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]8#include <xyz/openbmc_project/Common/error.hpp>
Ratan Gupta7b04c352019-04-12 21:46:29 +0530[diff] [blame]9#include "ldap_mapper_entry.hpp"
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]10#include <phosphor-logging/log.hpp>
11#include <phosphor-logging/elog.hpp>
12#include <phosphor-logging/elog-errors.hpp>
13#include <sdbusplus/bus.hpp>
14#include <sdbusplus/server/object.hpp>
Ratan Gupta7b04c352019-04-12 21:46:29 +0530[diff] [blame]15
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]16#include <filesystem>
Ratan Gupta7b04c352019-04-12 21:46:29 +0530[diff] [blame]17#include <set>
18#include <string>
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]19
20namespace phosphor
21{
22namespace ldap
23{
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]24
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]25using namespace phosphor::logging;
26using namespace sdbusplus::xyz::openbmc_project::Common::Error;
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]27using ConfigIface = sdbusplus::xyz::openbmc_project::User::Ldap::server::Config;
28using EnableIface = sdbusplus::xyz::openbmc_project::Object::server::Enable;
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]29using CreateIface = sdbusplus::server::object::object<
30 sdbusplus::xyz::openbmc_project::User::Ldap::server::Create>;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]31namespace fs = std::filesystem;
Ratan Gupta7b04c352019-04-12 21:46:29 +0530[diff] [blame]32using MapperIface =
33 sdbusplus::xyz::openbmc_project::User::server::PrivilegeMapper;
34
35using Ifaces =
36 sdbusplus::server::object::object<ConfigIface, EnableIface, MapperIface>;
37using ObjectPath = sdbusplus::message::object_path;
38
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]39class ConfigMgr;
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]40class MockConfigMgr;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]41
42/** @class Config
43 * @brief Configuration for LDAP.
44 * @details concrete implementation of xyz.openbmc_project.User.Ldap.Config
45 * API, in order to provide LDAP configuration.
46 */
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]47class Config : public Ifaces
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]48{
49 public:
50 Config() = delete;
51 ~Config() = default;
52 Config(const Config&) = delete;
53 Config& operator=(const Config&) = delete;
54 Config(Config&&) = default;
55 Config& operator=(Config&&) = default;
56
57 /** @brief Constructor to put object onto bus at a D-Bus path.
58 * @param[in] bus - Bus to attach to.
59 * @param[in] path - The D-Bus object path to attach at.
60 * @param[in] filePath - LDAP configuration file.
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]61 * @param[in] caCertFile - LDAP's CA certificate file.
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]62 * @param[in] secureLDAP - Specifies whether to use SSL or not.
63 * @param[in] lDAPServerURI - LDAP URI of the server.
64 * @param[in] lDAPBindDN - distinguished name with which to bind.
65 * @param[in] lDAPBaseDN - distinguished name to use as search base.
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]66 * @param[in] lDAPBindDNPassword - credentials with which to bind.
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]67 * @param[in] lDAPSearchScope - the search scope.
68 * @param[in] lDAPType - Specifies the LDAP server type which can be AD
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]69 * or openLDAP.
70 * @param[in] lDAPServiceEnabled - Specifies whether the service would be
71 * enabled or not.
72 * @param[in] groupNameAttribute - Specifies attribute name that contains
73 * the name of the Group in the LDAP server.
74 * @param[in] userNameAttribute - Specifies attribute name that contains
75 * the username in the LDAP server.
76 *
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]77 * @param[in] parent - parent of config object.
78 */
79
80 Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath,
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]81 const char* caCertFile, bool secureLDAP, std::string lDAPServerURI,
82 std::string lDAPBindDN, std::string lDAPBaseDN,
83 std::string&& lDAPBindDNPassword,
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]84 ConfigIface::SearchScope lDAPSearchScope, ConfigIface::Type lDAPType,
85 bool lDAPServiceEnabled, std::string groupNameAttribute,
86 std::string userNameAttribute, ConfigMgr& parent);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]87
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]88 /** @brief Constructor to put object onto bus at a D-Bus path.
89 * @param[in] bus - Bus to attach to.
90 * @param[in] path - The D-Bus object path to attach at.
91 * @param[in] filePath - LDAP configuration file.
92 * @param[in] lDAPType - Specifies the LDAP server type which can be AD
93 * or openLDAP.
94 * @param[in] parent - parent of config object.
95 */
96 Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath,
97 const char* caCertFile, ConfigIface::Type lDAPType,
98 ConfigMgr& parent);
99
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]100 using ConfigIface::groupNameAttribute;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]101 using ConfigIface::lDAPBaseDN;
102 using ConfigIface::lDAPBindDN;
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]103 using ConfigIface::lDAPBindDNPassword;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]104 using ConfigIface::lDAPSearchScope;
105 using ConfigIface::lDAPServerURI;
106 using ConfigIface::lDAPType;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]107 using ConfigIface::setPropertyByName;
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]108 using ConfigIface::userNameAttribute;
109 using EnableIface::enabled;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]110
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]111 /** @brief Update the Server URI property.
112 * @param[in] value - lDAPServerURI value to be updated.
113 * @returns value of changed lDAPServerURI.
114 */
115 std::string lDAPServerURI(std::string value) override;
116
117 /** @brief Update the BindDN property.
118 * @param[in] value - lDAPBindDN value to be updated.
119 * @returns value of changed lDAPBindDN.
120 */
121 std::string lDAPBindDN(std::string value) override;
122
123 /** @brief Update the BaseDN property.
124 * @param[in] value - lDAPBaseDN value to be updated.
125 * @returns value of changed lDAPBaseDN.
126 */
127 std::string lDAPBaseDN(std::string value) override;
128
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]129 /** @brief Update the Search scope property.
130 * @param[in] value - lDAPSearchScope value to be updated.
131 * @returns value of changed lDAPSearchScope.
132 */
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]133 ConfigIface::SearchScope
134 lDAPSearchScope(ConfigIface::SearchScope value) override;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]135
136 /** @brief Update the LDAP Type property.
137 * @param[in] value - lDAPType value to be updated.
138 * @returns value of changed lDAPType.
139 */
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]140 ConfigIface::Type lDAPType(ConfigIface::Type value) override;
141
142 /** @brief Update the ldapServiceEnabled property.
143 * @param[in] value - ldapServiceEnabled value to be updated.
144 * @returns value of changed ldapServiceEnabled.
145 */
146 bool enabled(bool value) override;
147
148 /** @brief Update the userNameAttribute property.
149 * @param[in] value - userNameAttribute value to be updated.
150 * @returns value of changed userNameAttribute.
151 */
152 std::string userNameAttribute(std::string value) override;
153
154 /** @brief Update the groupNameAttribute property.
155 * @param[in] value - groupNameAttribute value to be updated.
156 * @returns value of changed groupNameAttribute.
157 */
158 std::string groupNameAttribute(std::string value) override;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]159
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]160 /** @brief Update the BindDNPasword property.
161 * @param[in] value - lDAPBindDNPassword value to be updated.
162 * @returns value of changed lDAPBindDNPassword.
163 */
164 std::string lDAPBindDNPassword(std::string value) override;
165
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]166 /** @brief Function required by Cereal to perform deserialization.
167 * @tparam Archive - Cereal archive type (binary in our case).
168 * @param[in] archive - reference to Cereal archive.
169 * @param[in] version - Class version that enables handling
170 * a serialized data across code levels
171 */
172 template <class Archive>
173 void load(Archive& archive, const std::uint32_t version);
174
175 /** @brief Function required by Cereal to perform serialization.
176 * @tparam Archive - Cereal archive type (binary in our case).
177 * @param[in] archive - reference to Cereal archive.
178 * @param[in] version - Class version that enables handling
179 * a serialized data across code levels
180 */
181 template <class Archive>
182 void save(Archive& archive, const std::uint32_t version) const;
183
184 /** @brief Serialize and persist this object at the persist
185 * location.
186 */
187 void serialize();
188
189 /** @brief Deserialize LDAP config data from the persistent location
190 * into this object
191 * @return bool - true if the deserialization was successful, false
192 * otherwise.
193 */
194 bool deserialize();
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]195
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]196 /** @brief enable or disable the service with the given value
197 * @param[in] value - enable/disble
198 * @returns value of changed status
199 */
200 bool enableService(bool value);
201
Ratan Gupta7b04c352019-04-12 21:46:29 +0530[diff] [blame]202 /** @brief Creates a mapping for the group to the privilege
203 *
204 * @param[in] groupName - Group Name to which the privilege needs to be
205 * assigned.
206 * @param[in] privilege - The privilege role associated with the group.
207 *
208 * @return On success return the D-Bus object path of the created privilege
209 * mapper entry.
210 */
211 ObjectPath create(std::string groupName, std::string privilege) override;
212
213 /** @brief Delete privilege mapping for LDAP group
214 *
215 * This method deletes the privilege mapping
216 *
217 * @param[in] id - id of the object which needs to be deleted.
218 */
219 void deletePrivilegeMapper(Id id);
220
221 /** @brief Check if LDAP group privilege mapping requested is valid
222 *
223 * Check if the privilege mapping already exists for the LDAP group name
224 * and group name is empty.
225 *
226 * @param[in] groupName - LDAP group name
227 *
228 * @return throw exception if the conditions are not met.
229 */
230 void checkPrivilegeMapper(const std::string& groupName);
231
232 /** @brief Check if the privilege level is a valid one
233 *
234 * @param[in] privilege - Privilege level
235 *
236 * @return throw exception if the conditions are not met.
237 */
238 void checkPrivilegeLevel(const std::string& privilege);
239
240 /** @brief Construct LDAP mapper entry D-Bus objects from their persisted
241 * representations.
242 */
243 void restoreRoleMapping();
244
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]245 private:
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]246 bool secureLDAP;
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]247 std::string lDAPBindPassword{};
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]248 std::string tlsCacertFile{};
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]249 std::string configFilePath{};
250 std::string objectPath{};
251 std::filesystem::path configPersistPath{};
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]252
253 /** @brief Persistent sdbusplus D-Bus bus connection. */
254 sdbusplus::bus::bus& bus;
255
256 /** @brief Create a new LDAP config file.
257 */
258 virtual void writeConfig();
259
260 /** @brief reference to config manager object */
261 ConfigMgr& parent;
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]262
Ratan Gupta7b04c352019-04-12 21:46:29 +0530[diff] [blame]263 /** @brief Id of the last privilege mapper entry */
264 Id entryId = 0;
265
266 /** @brief container to hold privilege mapper objects */
267 std::map<Id, std::unique_ptr<LDAPMapperEntry>> PrivilegeMapperList;
268
269 /** @brief available privileges container */
270 std::set<std::string> privMgr = {"priv-admin", "priv-operator", "priv-user",
271 "priv-callback"};
272
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]273 friend class MockConfigMgr;
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]274};
275
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]276} // namespace ldap
277} // namespace phosphor