| Tom Joseph | 536ea32 | 2018-09-14 10:02:20 +0530 | [diff] [blame] | 1 | #pragma once |
| 2 | |
| 3 | #include <sdbusplus/bus.hpp> |
| 4 | #include <sdbusplus/server/object.hpp> |
| 5 | #include "ldap_mapper_entry.hpp" |
| 6 | #include <xyz/openbmc_project/User/PrivilegeMapper/server.hpp> |
| 7 | #include <map> |
| 8 | #include <set> |
| 9 | |
| 10 | namespace phosphor |
| 11 | { |
| 12 | |
| 13 | namespace user |
| 14 | { |
| 15 | |
| 16 | using MapperMgrIface = |
| 17 | sdbusplus::xyz::openbmc_project::User::server::PrivilegeMapper; |
| 18 | using ObjectPath = sdbusplus::message::object_path; |
| 19 | |
| 20 | // D-Bus root for LDAP privilege mapper |
| 21 | constexpr auto mapperMgrRoot = "/xyz/openbmc_project/user/ldap"; |
| 22 | |
| 23 | /** @class LDAPMapperMgr |
| 24 | * |
| 25 | * @brief Responsible for managing LDAP groups to privilege mapping. |
| 26 | */ |
| 27 | class LDAPMapperMgr : public MapperMgrIface |
| 28 | { |
| 29 | public: |
| 30 | LDAPMapperMgr() = delete; |
| 31 | ~LDAPMapperMgr() = default; |
| 32 | LDAPMapperMgr(const LDAPMapperMgr &) = delete; |
| 33 | LDAPMapperMgr &operator=(const LDAPMapperMgr &) = delete; |
| 34 | LDAPMapperMgr(LDAPMapperMgr &&) = delete; |
| 35 | LDAPMapperMgr &operator=(LDAPMapperMgr &&) = delete; |
| 36 | |
| 37 | /** @brief Constructs LDAPMapperMgr object. |
| 38 | * |
| 39 | * @param[in] bus - sdbusplus handler |
| 40 | * @param[in] path - D-Bus path |
| 41 | */ |
| 42 | LDAPMapperMgr(sdbusplus::bus::bus &bus, const char *path); |
| 43 | |
| 44 | /** @brief Creates a mapping for the group to the privilege |
| 45 | * |
| 46 | * @param[in] groupName - Group Name to which the privilege needs to be |
| 47 | * assigned. |
| 48 | * @param[in] privilege - The privilege role associated with the group. |
| 49 | * |
| 50 | * @return On success return the D-Bus object path of the created privilege |
| 51 | * mapper entry. |
| 52 | */ |
| 53 | ObjectPath create(std::string groupName, std::string privilege) override; |
| 54 | |
| 55 | /** @brief Delete privilege mapping for LDAP group |
| 56 | * |
| 57 | * This method deletes the privilege mapping |
| 58 | * |
| 59 | * @param[in] groupName - name of the LDAP group for which privilege |
| 60 | * mapping is to be deleted. |
| 61 | */ |
| 62 | void deletePrivilegeMapper(Id id); |
| 63 | |
| 64 | /** @brief Check if LDAP group privilege mapping requested is valid |
| 65 | * |
| 66 | * Check if the privilege mapping already exists for the LDAP group name |
| 67 | * and group name is empty. |
| 68 | * |
| 69 | * @param[in] groupName - LDAP group name |
| 70 | * |
| 71 | * @return throw exception if the conditions are not met. |
| 72 | */ |
| 73 | void checkPrivilegeMapper(const std::string &groupName); |
| 74 | |
| 75 | /** @brief Check if the privilege level is a valid one |
| 76 | * |
| 77 | * @param[in] privilege - Privilege level |
| 78 | * |
| 79 | * @return throw exception if the conditions are not met. |
| 80 | */ |
| 81 | void checkPrivilegeLevel(const std::string &privilege); |
| 82 | |
| Tom Joseph | 0b14c47 | 2018-09-30 01:42:59 +0530 | [diff] [blame] | 83 | /** @brief Construct LDAP mapper entry D-Bus objects from their persisted |
| 84 | * representations. |
| 85 | */ |
| 86 | void restore(); |
| 87 | |
| Tom Joseph | 536ea32 | 2018-09-14 10:02:20 +0530 | [diff] [blame] | 88 | private: |
| 89 | /** @brief sdbusplus handler */ |
| 90 | sdbusplus::bus::bus &bus; |
| 91 | |
| 92 | /** @brief object path for the manager object*/ |
| 93 | const std::string path; |
| 94 | |
| 95 | /** @brief available privileges container */ |
| 96 | std::set<std::string> privMgr = {"priv-admin", "priv-operator", "priv-user", |
| 97 | "priv-callback"}; |
| 98 | |
| 99 | /** @brief Id of the last privilege mapper entry */ |
| 100 | Id entryId = 0; |
| 101 | |
| 102 | /** @brief container to hold privilege mapper objects */ |
| 103 | std::map<Id, std::unique_ptr<phosphor::user::LDAPMapperEntry>> |
| 104 | PrivilegeMapperList; |
| 105 | }; |
| 106 | |
| 107 | } // namespace user |
| 108 | } // namespace phosphor |