Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 3e7a72eaaca9819f28e48fbf676bf67eb408287d / . / phosphor-ldap-config / ldap_configuration.cpp
blob: 13693627943eb8516561ad0f7babca7f502c3d84 [file] [log] [blame]
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]1#include "ldap_configuration.hpp"
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]2#include "utils.hpp"
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]3#include <experimental/filesystem>
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]4#include <fstream>
5#include <sstream>
6
7namespace phosphor
8{
9namespace ldap
10{
11constexpr auto nslcdService = "nslcd.service";
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]12constexpr auto nscdService = "nscd.service";
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]13constexpr auto LDAPscheme = "ldap";
14constexpr auto LDAPSscheme = "ldaps";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]15
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]16using namespace phosphor::logging;
17using namespace sdbusplus::xyz::openbmc_project::Common::Error;
18namespace fs = std::experimental::filesystem;
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]19using Argument = xyz::openbmc_project::Common::InvalidArgument;
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]20
21using Line = std::string;
22using Key = std::string;
23using Val = std::string;
24using ConfigInfo = std::map<Key, Val>;
25
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]26Config::Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath,
27 bool secureLDAP, std::string lDAPServerURI,
28 std::string lDAPBindDN, std::string lDAPBaseDN,
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]29 std::string&& lDAPBindDNPassword,
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]30 ldap_base::Config::SearchScope lDAPSearchScope,
31 ldap_base::Config::Type lDAPType, ConfigMgr& parent) :
32 ConfigIface(bus, path, true),
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]33 secureLDAP(secureLDAP), configFilePath(filePath),
34 lDAPBindDNPassword(std::move(lDAPBindDNPassword)), bus(bus), parent(parent)
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]35{
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]36 ConfigIface::lDAPServerURI(lDAPServerURI);
37 ConfigIface::lDAPBindDN(lDAPBindDN);
38 ConfigIface::lDAPBaseDN(lDAPBaseDN);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]39 ConfigIface::lDAPSearchScope(lDAPSearchScope);
40 ConfigIface::lDAPType(lDAPType);
41 writeConfig();
42 parent.restartService(nslcdService);
43 // Emit deferred signal.
44 this->emit_object_added();
45}
46
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]47void Config::delete_()
48{
49 parent.deleteObject();
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]50 try
51 {
52 fs::copy_file(defaultNslcdFile, LDAP_CONFIG_FILE,
53 fs::copy_options::overwrite_existing);
Ratan Gupta3e7a72e2018-10-18 09:57:14 +0530[diff] [blame^]54
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]55 fs::copy_file(linuxNsSwitchFile, nsSwitchFile,
56 fs::copy_options::overwrite_existing);
57 }
58 catch (const std::exception& e)
59 {
60 log<level::ERR>("Failed to rename Config Files while deleting Object",
61 entry("ERR=%s", e.what()));
62 elog<InternalFailure>();
63 }
64
65 parent.restartService(nscdService);
66 parent.stopService(nslcdService);
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]67}
68
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]69void Config::writeConfig()
70{
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]71 std::stringstream confData;
Ratan Gupta9891f2f2018-10-06 12:07:35 +0530[diff] [blame]72 auto isPwdTobeWritten = false;
73
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]74 confData << "uid root\n";
75 confData << "gid root\n\n";
76 confData << "ldap_version 3\n\n";
77 confData << "timelimit 30\n";
78 confData << "bind_timelimit 30\n";
79 confData << "pagesize 1000\n";
80 confData << "referrals off\n\n";
81 confData << "uri " << lDAPServerURI() << "\n\n";
82 confData << "base " << lDAPBaseDN() << "\n\n";
83 confData << "binddn " << lDAPBindDN() << "\n";
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]84 if (!lDAPBindDNPassword.empty())
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]85 {
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]86 confData << "bindpw " << lDAPBindDNPassword << "\n";
Ratan Gupta9891f2f2018-10-06 12:07:35 +0530[diff] [blame]87 isPwdTobeWritten = true;
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]88 }
89 confData << "\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]90 switch (lDAPSearchScope())
91 {
92 case ldap_base::Config::SearchScope::sub:
93 confData << "scope sub\n\n";
94 break;
95 case ldap_base::Config::SearchScope::one:
96 confData << "scope one\n\n";
97 break;
98 case ldap_base::Config::SearchScope::base:
99 confData << "scope base\n\n";
100 break;
101 }
102 confData << "base passwd " << lDAPBaseDN() << "\n";
103 confData << "base shadow " << lDAPBaseDN() << "\n\n";
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]104 if (secureLDAP == true)
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]105 {
106 confData << "ssl on\n";
107 confData << "tls_reqcert allow\n";
108 confData << "tls_cert /etc/nslcd/certs/cert.pem\n";
109 }
110 else
111 {
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]112 confData << "ssl off\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]113 }
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]114 confData << "\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]115 if (lDAPType() == ldap_base::Config::Type::ActiveDirectory)
116 {
117 confData << "filter passwd (&(objectClass=user)(objectClass=person)"
118 "(!(objectClass=computer)))\n";
119 confData
120 << "filter group (|(objectclass=group)(objectclass=groupofnames) "
121 "(objectclass=groupofuniquenames))\n";
122 confData << "map passwd uid sAMAccountName\n";
123 confData << "map passwd uidNumber "
124 "objectSid:S-1-5-21-3623811015-3361044348-30300820\n";
125 confData << "map passwd gidNumber primaryGroupID\n";
126 confData << "map passwd homeDirectory \"/home/$sAMAccountName\"\n";
127 confData << "map passwd gecos displayName\n";
128 confData << "map passwd loginShell \"/bin/bash\"\n";
129 confData << "map group gidNumber primaryGroupID\n";
130 confData << "map group gidNumber "
131 "objectSid:S-1-5-21-3623811015-3361044348-30300820\n";
132 confData << "map group cn sAMAccountName\n";
133 }
134 else if (lDAPType() == ldap_base::Config::Type::OpenLdap)
135 {
136 confData << "filter passwd (objectclass=*)\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]137 confData << "map passwd gecos displayName\n";
Nagaraju Goruganti808eda42018-10-10 08:48:12 -0500[diff] [blame]138 confData << "filter group (objectclass=posixGroup)\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]139 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]140 try
141 {
142 std::fstream stream(configFilePath.c_str(), std::fstream::out);
Ratan Gupta9891f2f2018-10-06 12:07:35 +0530[diff] [blame]143 // remove the read permission from others if password is being written.
144 // nslcd forces this behaviour.
145 auto permission = fs::perms::owner_read | fs::perms::owner_write |
146 fs::perms::group_read;
147 if (isPwdTobeWritten)
148 {
149 fs::permissions(configFilePath, permission);
150 }
151 else
152 {
153 fs::permissions(configFilePath,
154 permission | fs::perms::others_read);
155 }
156
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]157 stream << confData.str();
158 stream.flush();
159 stream.close();
160 }
161 catch (const std::exception& e)
162 {
163 log<level::ERR>(e.what());
164 elog<InternalFailure>();
165 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]166 return;
167}
168
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]169std::string Config::lDAPServerURI(std::string value)
170{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]171 std::string val;
172 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]173 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]174 if (value == lDAPServerURI())
175 {
176 return value;
177 }
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]178 if (isValidLDAPURI(value, LDAPSscheme))
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]179 {
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]180 secureLDAP = true;
181 }
182 else if (isValidLDAPURI(value, LDAPscheme))
183 {
184 secureLDAP = false;
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]185 }
186 else
187 {
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]188 log<level::ERR>("bad LDAP Server URI",
189 entry("LDAPSERVERURI=%s", value.c_str()));
190 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
191 Argument::ARGUMENT_VALUE(value.c_str()));
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]192 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]193 val = ConfigIface::lDAPServerURI(value);
194 writeConfig();
195 parent.restartService(nslcdService);
196 }
197 catch (const InternalFailure& e)
198 {
199 throw;
200 }
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]201 catch (const InvalidArgument& e)
202 {
203 throw;
204 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]205 catch (const std::exception& e)
206 {
207 log<level::ERR>(e.what());
208 elog<InternalFailure>();
209 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]210 return val;
211}
212
213std::string Config::lDAPBindDN(std::string value)
214{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]215 std::string val;
216 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]217 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]218 if (value == lDAPBindDN())
219 {
220 return value;
221 }
222
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]223 if (value.empty())
224 {
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]225 log<level::ERR>("Not a valid LDAP BINDDN",
226 entry("LDAPBINDDN=%s", value.c_str()));
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]227 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBindDN"),
228 Argument::ARGUMENT_VALUE(value.c_str()));
229 }
230
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]231 val = ConfigIface::lDAPBindDN(value);
232 writeConfig();
233 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]234 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]235 catch (const InternalFailure& e)
236 {
237 throw;
238 }
239 catch (const std::exception& e)
240 {
241 log<level::ERR>(e.what());
242 elog<InternalFailure>();
243 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]244 return val;
245}
246
247std::string Config::lDAPBaseDN(std::string value)
248{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]249 std::string val;
250 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]251 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]252 if (value == lDAPBaseDN())
253 {
254 return value;
255 }
256
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]257 if (value.empty())
258 {
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]259 log<level::ERR>("Not a valid LDAP BASEDN",
260 entry("BASEDN=%s", value.c_str()));
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]261 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBaseDN"),
262 Argument::ARGUMENT_VALUE(value.c_str()));
263 }
264
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]265 val = ConfigIface::lDAPBaseDN(value);
266 writeConfig();
267 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]268 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]269 catch (const InternalFailure& e)
270 {
271 throw;
272 }
273 catch (const std::exception& e)
274 {
275 log<level::ERR>(e.what());
276 elog<InternalFailure>();
277 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]278 return val;
279}
280
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]281ldap_base::Config::SearchScope
282 Config::lDAPSearchScope(ldap_base::Config::SearchScope value)
283{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]284 ldap_base::Config::SearchScope val;
285 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]286 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]287 if (value == lDAPSearchScope())
288 {
289 return value;
290 }
291
292 val = ConfigIface::lDAPSearchScope(value);
293 writeConfig();
294 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]295 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]296 catch (const InternalFailure& e)
297 {
298 throw;
299 }
300 catch (const std::exception& e)
301 {
302 log<level::ERR>(e.what());
303 elog<InternalFailure>();
304 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]305 return val;
306}
307
308ldap_base::Config::Type Config::lDAPType(ldap_base::Config::Type value)
309{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]310 ldap_base::Config::Type val;
311 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]312 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]313 if (value == lDAPType())
314 {
315 return value;
316 }
317
318 val = ConfigIface::lDAPType(value);
319 writeConfig();
320 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]321 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]322 catch (const InternalFailure& e)
323 {
324 throw;
325 }
326 catch (const std::exception& e)
327 {
328 log<level::ERR>(e.what());
329 elog<InternalFailure>();
330 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]331 return val;
332}
333
334void ConfigMgr::restartService(const std::string& service)
335{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]336 try
337 {
338 auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
339 SYSTEMD_INTERFACE, "RestartUnit");
340 method.append(service.c_str(), "replace");
341 bus.call_noreply(method);
342 }
343 catch (const sdbusplus::exception::SdBusError& ex)
344 {
345 log<level::ERR>("Failed to restart nslcd service",
346 entry("ERR=%s", ex.what()));
347 elog<InternalFailure>();
348 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]349}
350
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]351void ConfigMgr::stopService(const std::string& service)
352{
353 try
354 {
355 auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
356 SYSTEMD_INTERFACE, "StopUnit");
357 method.append(service.c_str(), "replace");
358 bus.call_noreply(method);
359 }
360 catch (const sdbusplus::exception::SdBusError& ex)
361 {
362 log<level::ERR>("Failed to stop nslcd service",
363 entry("ERR=%s", ex.what()));
364 elog<InternalFailure>();
365 }
366}
367
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]368void ConfigMgr::deleteObject()
369{
370 configPtr.reset(nullptr);
371}
372
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]373std::string
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]374 ConfigMgr::createConfig(std::string lDAPServerURI, std::string lDAPBindDN,
375 std::string lDAPBaseDN,
376 std::string lDAPBindDNPassword,
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]377 ldap_base::Create::SearchScope lDAPSearchScope,
378 ldap_base::Create::Type lDAPType)
379{
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]380 bool secureLDAP = false;
381
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]382 if (isValidLDAPURI(lDAPServerURI, LDAPSscheme))
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]383 {
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]384 secureLDAP = true;
385 }
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]386 else if (isValidLDAPURI(lDAPServerURI, LDAPscheme))
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]387 {
388 secureLDAP = false;
389 }
390 else
391 {
392 log<level::ERR>("bad LDAP Server URI",
393 entry("LDAPSERVERURI=%s", lDAPServerURI.c_str()));
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]394 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
395 Argument::ARGUMENT_VALUE(lDAPServerURI.c_str()));
396 }
397
398 if (lDAPBindDN.empty())
399 {
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]400 log<level::ERR>("Not a valid LDAP BINDDN",
401 entry("LDAPBINDDN=%s", lDAPBindDN.c_str()));
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]402 elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"),
403 Argument::ARGUMENT_VALUE(lDAPBindDN.c_str()));
404 }
405
406 if (lDAPBaseDN.empty())
407 {
Nagaraju Goruganti59287f02018-10-12 07:00:20 -0500[diff] [blame]408 log<level::ERR>("Not a valid LDAP BASEDN",
409 entry("LDAPBASEDN=%s", lDAPBaseDN.c_str()));
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]410 elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"),
411 Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str()));
412 }
413
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]414 // With current implementation we support only one LDAP server.
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]415 deleteObject();
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]416 try
417 {
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]418 fs::copy_file(LDAPNsSwitchFile, nsSwitchFile,
419 fs::copy_options::overwrite_existing);
420 }
421 catch (const std::exception& e)
422 {
423 log<level::ERR>("Failed to rename Config Files while creating Object",
424 entry("ERR=%s", e.what()));
425 elog<InternalFailure>();
426 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]427
428 auto objPath = std::string(LDAP_CONFIG_DBUS_OBJ_PATH);
429 configPtr = std::make_unique<Config>(
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]430 bus, objPath.c_str(), configFilePath.c_str(), secureLDAP, lDAPServerURI,
431 lDAPBindDN, lDAPBaseDN, std::move(lDAPBindDNPassword),
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]432 static_cast<ldap_base::Config::SearchScope>(lDAPSearchScope),
433 static_cast<ldap_base::Config::Type>(lDAPType), *this);
434
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]435 restartService(nslcdService);
436 restartService(nscdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]437 return objPath;
438}
439
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]440void ConfigMgr::restore(const char* filePath)
441{
442 if (!fs::exists(filePath))
443 {
444 log<level::ERR>("Config file doesn't exists",
445 entry("LDAP_CONFIG_FILE=%s", LDAP_CONFIG_FILE));
446 return;
447 }
448
449 ConfigInfo configValues;
450
451 try
452 {
453 std::fstream stream(filePath, std::fstream::in);
454 Line line;
455 // read characters from stream and places them into line
456 while (std::getline(stream, line))
457 {
458 // remove leading and trailing extra spaces
459 auto firstScan = line.find_first_not_of(' ');
460 auto first =
461 (firstScan == std::string::npos ? line.length() : firstScan);
462 auto last = line.find_last_not_of(' ');
463 line = line.substr(first, last - first + 1);
464 // reduce multiple spaces between two words to a single space
465 auto pred = [](char a, char b) {
466 return (a == b && a == ' ') ? true : false;
467 };
468
469 auto lastPos = std::unique(line.begin(), line.end(), pred);
470
471 line.erase(lastPos, line.end());
472
473 // Ignore if line is empty or starts with '#'
474 if (line.empty() || line.at(0) == '#')
475 {
476 continue;
477 }
478
479 Key key;
480 std::istringstream isLine(line);
481 // extract characters from isLine and stores them into
482 // key until the delimitation character ' ' is found.
483 // If the delimiter is found, it is extracted and discarded
484 // the next input operation will begin after it.
485 if (std::getline(isLine, key, ' '))
486 {
487 Val value;
488 // extract characters after delimitation character ' '
489 if (std::getline(isLine, value, ' '))
490 {
491 // skip line if it starts with "base shadow" or
492 // "base passwd" because we would have 3 entries
493 // ("base lDAPBaseDN" , "base passwd lDAPBaseDN" and
494 // "base shadow lDAPBaseDN") for the property "lDAPBaseDN",
495 // one is enough to restore it.
496
497 if ((key == "base") &&
498 (value == "passwd" || value == "shadow"))
499 {
500 continue;
501 }
502 // skip the line if it starts with "map passwd".
503 // if config type is AD "map group" entry would be add to
504 // the map configValues. For OpenLdap config file no map
505 // entry would be there.
506 if ((key == "map") && (value == "passwd"))
507 {
508 continue;
509 }
510 configValues[key] = value;
511 }
512 }
513 }
514
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]515 ldap_base::Create::SearchScope lDAPSearchScope;
516 if (configValues["scope"] == "sub")
517 {
518 lDAPSearchScope = ldap_base::Create::SearchScope::sub;
519 }
520 else if (configValues["scope"] == "one")
521 {
522 lDAPSearchScope = ldap_base::Create::SearchScope::one;
523 }
524 else
525 {
526 lDAPSearchScope = ldap_base::Create::SearchScope::base;
527 }
528
529 ldap_base::Create::Type lDAPType;
530 // If the file is having a line which starts with "map group"
531 if (configValues["map"] == "group")
532 {
533 lDAPType = ldap_base::Create::Type::ActiveDirectory;
534 }
535 else
536 {
537 lDAPType = ldap_base::Create::Type::OpenLdap;
538 }
539
Ratan Guptac9c86a22018-10-18 00:47:01 +0530[diff] [blame]540 // Don't create the config object if either of the field is empty.
541 if (configValues["uri"] == "" || configValues["binddn"] == "" ||
542 configValues["base"] == "")
543 {
544 log<level::INFO>(
545 "LDAP config parameter value missing",
546 entry("URI=%s", configValues["uri"].c_str()),
547 entry("BASEDN=%s", configValues["base"].c_str()),
548 entry("BINDDN=%s", configValues["binddn"].c_str()));
549 return;
550 }
551
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]552 createConfig(
Nagaraju Gorugantidb60f582018-11-08 03:14:48 -0600[diff] [blame]553 std::move(configValues["uri"]), std::move(configValues["binddn"]),
554 std::move(configValues["base"]), std::move(configValues["bindpw"]),
555 lDAPSearchScope, lDAPType);
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]556 }
557 catch (const InvalidArgument& e)
558 {
559 // Don't throw - we don't want to create a D-Bus
560 // object upon finding empty values in config, as
561 // this can be a default config.
562 }
563 catch (const InternalFailure& e)
564 {
565 throw;
566 }
567 catch (const std::exception& e)
568 {
569 log<level::ERR>(e.what());
570 elog<InternalFailure>();
571 }
572}
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]573} // namespace ldap
574} // namespace phosphor