Blame - phosphor-ldap-config/ldap_config_mgr.cpp - openbmc/phosphor-user-manager

blob: 65d4bda87cf621abaddef8276f376e8315d05b0e [file] [log] [blame]

Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	1	#include "ldap_config_mgr.hpp"
Ratan Gupta	37fb3fe	2019-04-13 12:54:18 +0530	[diff] [blame]	2	#include "ldap_config.hpp"
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	3
				4	#include "utils.hpp"
				5	#include <filesystem>
				6	#include <fstream>
				7	#include <sstream>
				8
				9	namespace phosphor
				10	{
				11	namespace ldap
				12	{
				13
				14	constexpr auto nscdService = "nscd.service";
				15	constexpr auto LDAPscheme = "ldap";
				16	constexpr auto LDAPSscheme = "ldaps";
				17
				18	using namespace phosphor::logging;
				19	using namespace sdbusplus::xyz::openbmc_project::Common::Error;
				20	namespace fs = std::filesystem;
				21	using Argument = xyz::openbmc_project::Common::InvalidArgument;
				22
				23	using Line = std::string;
				24	using Key = std::string;
				25	using Val = std::string;
				26	using ConfigInfo = std::map<Key, Val>;
				27
				28	void ConfigMgr::startOrStopService(const std::string& service, bool start)
				29	{
				30	if (start)
				31	{
				32	restartService(service);
				33	}
				34	else
				35	{
				36	stopService(service);
				37	}
				38	}
				39
				40	void ConfigMgr::restartService(const std::string& service)
				41	{
				42	try
				43	{
				44	auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
				45	SYSTEMD_INTERFACE, "RestartUnit");
				46	method.append(service.c_str(), "replace");
				47	bus.call_noreply(method);
				48	}
				49	catch (const sdbusplus::exception::SdBusError& ex)
				50	{
				51	log<level::ERR>("Failed to restart service",
				52	entry("SERVICE=%s", service.c_str()),
				53	entry("ERR=%s", ex.what()));
				54	elog<InternalFailure>();
				55	}
				56	}
				57	void ConfigMgr::stopService(const std::string& service)
				58	{
				59	try
				60	{
				61	auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
				62	SYSTEMD_INTERFACE, "StopUnit");
				63	method.append(service.c_str(), "replace");
				64	bus.call_noreply(method);
				65	}
				66	catch (const sdbusplus::exception::SdBusError& ex)
				67	{
				68	log<level::ERR>("Failed to stop service",
				69	entry("SERVICE=%s", service.c_str()),
				70	entry("ERR=%s", ex.what()));
				71	elog<InternalFailure>();
				72	}
				73	}
				74
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	75	std::string ConfigMgr::createConfig(
				76	std::string lDAPServerURI, std::string lDAPBindDN, std::string lDAPBaseDN,
				77	std::string lDAPBindDNPassword, CreateIface::SearchScope lDAPSearchScope,
				78	CreateIface::Create::Type lDAPType, std::string groupNameAttribute,
				79	std::string userNameAttribute)
				80	{
				81	bool secureLDAP = false;
				82
				83	if (isValidLDAPURI(lDAPServerURI, LDAPSscheme))
				84	{
				85	secureLDAP = true;
				86	}
				87	else if (isValidLDAPURI(lDAPServerURI, LDAPscheme))
				88	{
				89	secureLDAP = false;
				90	}
				91	else
				92	{
				93	log<level::ERR>("bad LDAP Server URI",
				94	entry("LDAPSERVERURI=%s", lDAPServerURI.c_str()));
				95	elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
				96	Argument::ARGUMENT_VALUE(lDAPServerURI.c_str()));
				97	}
				98
				99	if (secureLDAP && !fs::exists(tlsCacertFile.c_str()))
				100	{
				101	log<level::ERR>("LDAP server's CA certificate not provided",
				102	entry("TLSCACERTFILE=%s", tlsCacertFile.c_str()));
				103	elog<NoCACertificate>();
				104	}
				105
				106	if (lDAPBindDN.empty())
				107	{
				108	log<level::ERR>("Not a valid LDAP BINDDN",
				109	entry("LDAPBINDDN=%s", lDAPBindDN.c_str()));
				110	elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"),
				111	Argument::ARGUMENT_VALUE(lDAPBindDN.c_str()));
				112	}
				113
				114	if (lDAPBaseDN.empty())
				115	{
				116	log<level::ERR>("Not a valid LDAP BASEDN",
				117	entry("LDAPBASEDN=%s", lDAPBaseDN.c_str()));
				118	elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"),
				119	Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str()));
				120	}
				121
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	122	// With current implementation we support only two default LDAP server.
				123	// which will be always there but when the support comes for additional
				124	// account providers then the create config would be used to create the
				125	// additional config.
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	126
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	127	std::string objPath;
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	128
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	129	if (static_cast<ConfigIface::Type>(lDAPType) == ConfigIface::Type::OpenLdap)
				130	{
				131	openLDAPConfigPtr.reset(nullptr);
				132	objPath = openLDAPDbusObjectPath;
				133	openLDAPConfigPtr = std::make_unique<Config>(
				134	bus, objPath.c_str(), configFilePath.c_str(), tlsCacertFile.c_str(),
				135	secureLDAP, lDAPServerURI, lDAPBindDN, lDAPBaseDN,
				136	std::move(lDAPBindDNPassword),
				137	static_cast<ConfigIface::SearchScope>(lDAPSearchScope),
				138	static_cast<ConfigIface::Type>(lDAPType), false, groupNameAttribute,
				139	userNameAttribute, *this);
				140	}
				141	else
				142	{
				143	ADConfigPtr.reset(nullptr);
				144	objPath = ADDbusObjectPath;
				145	ADConfigPtr = std::make_unique<Config>(
				146	bus, objPath.c_str(), configFilePath.c_str(), tlsCacertFile.c_str(),
				147	secureLDAP, lDAPServerURI, lDAPBindDN, lDAPBaseDN,
				148	std::move(lDAPBindDNPassword),
				149	static_cast<ConfigIface::SearchScope>(lDAPSearchScope),
				150	static_cast<ConfigIface::Type>(lDAPType), false, groupNameAttribute,
				151	userNameAttribute, *this);
				152	}
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	153	restartService(nscdService);
				154	return objPath;
				155	}
				156
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	157	void ConfigMgr::createDefaultObjects()
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	158	{
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	159	if (!openLDAPConfigPtr)
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	160	{
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	161	openLDAPConfigPtr = std::make_unique<Config>(
				162	bus, openLDAPDbusObjectPath.c_str(), configFilePath.c_str(),
Ratan Gupta	21e88cb	2019-04-12 17:15:52 +0530	[diff] [blame^]	163	tlsCacertFile.c_str(), ConfigIface::Type::OpenLdap, *this);
				164	openLDAPConfigPtr->emit_object_added();
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	165	}
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	166	if (!ADConfigPtr)
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	167	{
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	168	ADConfigPtr = std::make_unique<Config>(
				169	bus, ADDbusObjectPath.c_str(), configFilePath.c_str(),
Ratan Gupta	21e88cb	2019-04-12 17:15:52 +0530	[diff] [blame^]	170	tlsCacertFile.c_str(), ConfigIface::Type::ActiveDirectory, *this);
				171	ADConfigPtr->emit_object_added();
				172	}
				173	}
				174
				175	void ConfigMgr::restore()
				176	{
				177	createDefaultObjects();
				178	// Restore the ldap config and their mappings
				179	if (ADConfigPtr->deserialize())
				180	{
				181	// Restore the role mappings in later commit
				182	ADConfigPtr->emit_object_added();
				183	}
				184	if (openLDAPConfigPtr->deserialize())
				185	{
				186	// Restore the role mappings in later commit
				187	openLDAPConfigPtr->emit_object_added();
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	188	}
				189	}
Ratan Gupta	27d4c01	2019-04-12 13:03:35 +0530	[diff] [blame]	190
Ratan Gupta	e1f4db6	2019-04-11 18:57:42 +0530	[diff] [blame]	191	} // namespace ldap
				192	} // namespace phosphor