Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 9891f2f8f330cfe678098342bd1cb536e5810233 / . / phosphor-ldap-config / ldap_configuration.cpp
blob: 4bbcbed5949f08ccbe35e1cb2dcfa1e87fb90e18 [file] [log] [blame]
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]1#include "ldap_configuration.hpp"
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]2#include <ldap.h>
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]3#include <experimental/filesystem>
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]4#include <fstream>
5#include <sstream>
6
7namespace phosphor
8{
9namespace ldap
10{
11constexpr auto nslcdService = "nslcd.service";
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]12constexpr auto nscdService = "nscd.service";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]13
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]14using namespace phosphor::logging;
15using namespace sdbusplus::xyz::openbmc_project::Common::Error;
16namespace fs = std::experimental::filesystem;
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]17using Argument = xyz::openbmc_project::Common::InvalidArgument;
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]18
19using Line = std::string;
20using Key = std::string;
21using Val = std::string;
22using ConfigInfo = std::map<Key, Val>;
23
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]24Config::Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath,
25 bool secureLDAP, std::string lDAPServerURI,
26 std::string lDAPBindDN, std::string lDAPBaseDN,
27 std::string lDAPBindDNpassword,
28 ldap_base::Config::SearchScope lDAPSearchScope,
29 ldap_base::Config::Type lDAPType, ConfigMgr& parent) :
30 ConfigIface(bus, path, true),
31 configFilePath(filePath), bus(bus), parent(parent)
32{
33 ConfigIface::secureLDAP(secureLDAP);
34 ConfigIface::lDAPServerURI(lDAPServerURI);
35 ConfigIface::lDAPBindDN(lDAPBindDN);
36 ConfigIface::lDAPBaseDN(lDAPBaseDN);
37 ConfigIface::lDAPBINDDNpassword(lDAPBindDNpassword);
38 ConfigIface::lDAPSearchScope(lDAPSearchScope);
39 ConfigIface::lDAPType(lDAPType);
40 writeConfig();
41 parent.restartService(nslcdService);
42 // Emit deferred signal.
43 this->emit_object_added();
44}
45
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]46void Config::delete_()
47{
48 parent.deleteObject();
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]49 try
50 {
51 fs::copy_file(defaultNslcdFile, LDAP_CONFIG_FILE,
52 fs::copy_options::overwrite_existing);
53 fs::copy_file(nsSwitchFile, LDAPNsSwitchFile,
54 fs::copy_options::overwrite_existing);
55 fs::copy_file(linuxNsSwitchFile, nsSwitchFile,
56 fs::copy_options::overwrite_existing);
57 }
58 catch (const std::exception& e)
59 {
60 log<level::ERR>("Failed to rename Config Files while deleting Object",
61 entry("ERR=%s", e.what()));
62 elog<InternalFailure>();
63 }
64
65 parent.restartService(nscdService);
66 parent.stopService(nslcdService);
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]67}
68
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]69void Config::writeConfig()
70{
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]71 std::stringstream confData;
Ratan Gupta9891f2f2018-10-06 12:07:35 +0530[diff] [blame^]72 auto isPwdTobeWritten = false;
73
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]74 confData << "uid root\n";
75 confData << "gid root\n\n";
76 confData << "ldap_version 3\n\n";
77 confData << "timelimit 30\n";
78 confData << "bind_timelimit 30\n";
79 confData << "pagesize 1000\n";
80 confData << "referrals off\n\n";
81 confData << "uri " << lDAPServerURI() << "\n\n";
82 confData << "base " << lDAPBaseDN() << "\n\n";
83 confData << "binddn " << lDAPBindDN() << "\n";
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]84 if (!lDAPBINDDNpassword().empty())
85 {
86 confData << "bindpw " << lDAPBINDDNpassword() << "\n";
Ratan Gupta9891f2f2018-10-06 12:07:35 +0530[diff] [blame^]87 isPwdTobeWritten = true;
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]88 }
89 confData << "\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]90 switch (lDAPSearchScope())
91 {
92 case ldap_base::Config::SearchScope::sub:
93 confData << "scope sub\n\n";
94 break;
95 case ldap_base::Config::SearchScope::one:
96 confData << "scope one\n\n";
97 break;
98 case ldap_base::Config::SearchScope::base:
99 confData << "scope base\n\n";
100 break;
101 }
102 confData << "base passwd " << lDAPBaseDN() << "\n";
103 confData << "base shadow " << lDAPBaseDN() << "\n\n";
104 if (secureLDAP() == true)
105 {
106 confData << "ssl on\n";
107 confData << "tls_reqcert allow\n";
108 confData << "tls_cert /etc/nslcd/certs/cert.pem\n";
109 }
110 else
111 {
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]112 confData << "ssl off\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]113 }
Nagaraju Goruganti15675472018-10-05 07:03:05 -0500[diff] [blame]114 confData << "\n";
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]115 if (lDAPType() == ldap_base::Config::Type::ActiveDirectory)
116 {
117 confData << "filter passwd (&(objectClass=user)(objectClass=person)"
118 "(!(objectClass=computer)))\n";
119 confData
120 << "filter group (|(objectclass=group)(objectclass=groupofnames) "
121 "(objectclass=groupofuniquenames))\n";
122 confData << "map passwd uid sAMAccountName\n";
123 confData << "map passwd uidNumber "
124 "objectSid:S-1-5-21-3623811015-3361044348-30300820\n";
125 confData << "map passwd gidNumber primaryGroupID\n";
126 confData << "map passwd homeDirectory \"/home/$sAMAccountName\"\n";
127 confData << "map passwd gecos displayName\n";
128 confData << "map passwd loginShell \"/bin/bash\"\n";
129 confData << "map group gidNumber primaryGroupID\n";
130 confData << "map group gidNumber "
131 "objectSid:S-1-5-21-3623811015-3361044348-30300820\n";
132 confData << "map group cn sAMAccountName\n";
133 }
134 else if (lDAPType() == ldap_base::Config::Type::OpenLdap)
135 {
136 confData << "filter passwd (objectclass=*)\n";
137 confData << "map passwd uid cn\n";
138 confData << "map passwd gecos displayName\n";
139 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]140 try
141 {
142 std::fstream stream(configFilePath.c_str(), std::fstream::out);
Ratan Gupta9891f2f2018-10-06 12:07:35 +0530[diff] [blame^]143 // remove the read permission from others if password is being written.
144 // nslcd forces this behaviour.
145 auto permission = fs::perms::owner_read | fs::perms::owner_write |
146 fs::perms::group_read;
147 if (isPwdTobeWritten)
148 {
149 fs::permissions(configFilePath, permission);
150 }
151 else
152 {
153 fs::permissions(configFilePath,
154 permission | fs::perms::others_read);
155 }
156
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]157 stream << confData.str();
158 stream.flush();
159 stream.close();
160 }
161 catch (const std::exception& e)
162 {
163 log<level::ERR>(e.what());
164 elog<InternalFailure>();
165 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]166 return;
167}
168
169bool Config::secureLDAP(bool value)
170{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]171 bool val = false;
172 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]173 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]174 if (value == secureLDAP())
175 {
176 return value;
177 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]178
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]179 val = ConfigIface::secureLDAP(value);
180 writeConfig();
181 parent.restartService(nslcdService);
182 }
183 catch (const InternalFailure& e)
184 {
185 throw;
186 }
187 catch (const std::exception& e)
188 {
189 log<level::ERR>(e.what());
190 elog<InternalFailure>();
191 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]192
193 return val;
194}
195
196std::string Config::lDAPServerURI(std::string value)
197{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]198 std::string val;
199 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]200 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]201 if (value == lDAPServerURI())
202 {
203 return value;
204 }
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]205 if (!(ldap_is_ldap_url(value.c_str()) ||
206 ldap_is_ldaps_url(value.c_str())))
207 {
208 log<level::ERR>("Not a valid LDAP Server URI"),
209 entry("LDAPSERVERURI=%s", value.c_str());
210 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
211 Argument::ARGUMENT_VALUE(value.c_str()));
212 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]213 val = ConfigIface::lDAPServerURI(value);
214 writeConfig();
215 parent.restartService(nslcdService);
216 }
217 catch (const InternalFailure& e)
218 {
219 throw;
220 }
221 catch (const std::exception& e)
222 {
223 log<level::ERR>(e.what());
224 elog<InternalFailure>();
225 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]226
227 return val;
228}
229
230std::string Config::lDAPBindDN(std::string value)
231{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]232 std::string val;
233 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]234 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]235 if (value == lDAPBindDN())
236 {
237 return value;
238 }
239
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]240 if (value.empty())
241 {
242 log<level::ERR>("Not a valid LDAP BINDDN"),
243 entry("LDAPBINDDN=%s", value.c_str());
244 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBindDN"),
245 Argument::ARGUMENT_VALUE(value.c_str()));
246 }
247
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]248 val = ConfigIface::lDAPBindDN(value);
249 writeConfig();
250 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]251 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]252 catch (const InternalFailure& e)
253 {
254 throw;
255 }
256 catch (const std::exception& e)
257 {
258 log<level::ERR>(e.what());
259 elog<InternalFailure>();
260 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]261 return val;
262}
263
264std::string Config::lDAPBaseDN(std::string value)
265{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]266 std::string val;
267 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]268 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]269 if (value == lDAPBaseDN())
270 {
271 return value;
272 }
273
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]274 if (value.empty())
275 {
276 log<level::ERR>("Not a valid LDAP BASEDN"),
277 entry("BASEDN=%s", value.c_str());
278 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBaseDN"),
279 Argument::ARGUMENT_VALUE(value.c_str()));
280 }
281
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]282 val = ConfigIface::lDAPBaseDN(value);
283 writeConfig();
284 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]285 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]286 catch (const InternalFailure& e)
287 {
288 throw;
289 }
290 catch (const std::exception& e)
291 {
292 log<level::ERR>(e.what());
293 elog<InternalFailure>();
294 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]295 return val;
296}
297
298std::string Config::lDAPBINDDNpassword(std::string value)
299{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]300 std::string val;
301 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]302 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]303 if (value == lDAPBINDDNpassword())
304 {
305 return value;
306 }
307
308 val = ConfigIface::lDAPBINDDNpassword(value);
309 writeConfig();
310 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]311 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]312 catch (const InternalFailure& e)
313 {
314 throw;
315 }
316 catch (const std::exception& e)
317 {
318 log<level::ERR>(e.what());
319 elog<InternalFailure>();
320 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]321 return val;
322}
323
324ldap_base::Config::SearchScope
325 Config::lDAPSearchScope(ldap_base::Config::SearchScope value)
326{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]327 ldap_base::Config::SearchScope val;
328 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]329 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]330 if (value == lDAPSearchScope())
331 {
332 return value;
333 }
334
335 val = ConfigIface::lDAPSearchScope(value);
336 writeConfig();
337 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]338 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]339 catch (const InternalFailure& e)
340 {
341 throw;
342 }
343 catch (const std::exception& e)
344 {
345 log<level::ERR>(e.what());
346 elog<InternalFailure>();
347 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]348 return val;
349}
350
351ldap_base::Config::Type Config::lDAPType(ldap_base::Config::Type value)
352{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]353 ldap_base::Config::Type val;
354 try
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]355 {
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]356 if (value == lDAPType())
357 {
358 return value;
359 }
360
361 val = ConfigIface::lDAPType(value);
362 writeConfig();
363 parent.restartService(nslcdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]364 }
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]365 catch (const InternalFailure& e)
366 {
367 throw;
368 }
369 catch (const std::exception& e)
370 {
371 log<level::ERR>(e.what());
372 elog<InternalFailure>();
373 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]374 return val;
375}
376
377void ConfigMgr::restartService(const std::string& service)
378{
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]379 try
380 {
381 auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
382 SYSTEMD_INTERFACE, "RestartUnit");
383 method.append(service.c_str(), "replace");
384 bus.call_noreply(method);
385 }
386 catch (const sdbusplus::exception::SdBusError& ex)
387 {
388 log<level::ERR>("Failed to restart nslcd service",
389 entry("ERR=%s", ex.what()));
390 elog<InternalFailure>();
391 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]392}
393
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]394void ConfigMgr::stopService(const std::string& service)
395{
396 try
397 {
398 auto method = bus.new_method_call(SYSTEMD_BUSNAME, SYSTEMD_PATH,
399 SYSTEMD_INTERFACE, "StopUnit");
400 method.append(service.c_str(), "replace");
401 bus.call_noreply(method);
402 }
403 catch (const sdbusplus::exception::SdBusError& ex)
404 {
405 log<level::ERR>("Failed to stop nslcd service",
406 entry("ERR=%s", ex.what()));
407 elog<InternalFailure>();
408 }
409}
410
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]411void ConfigMgr::deleteObject()
412{
413 configPtr.reset(nullptr);
414}
415
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]416std::string
417 ConfigMgr::createConfig(bool secureLDAP, std::string lDAPServerURI,
418 std::string lDAPBindDN, std::string lDAPBaseDN,
419 std::string lDAPBINDDNpassword,
420 ldap_base::Create::SearchScope lDAPSearchScope,
421 ldap_base::Create::Type lDAPType)
422{
Nagaraju Gorugantib26799a2018-09-28 13:12:19 -0500[diff] [blame]423 if (!(ldap_is_ldap_url(lDAPServerURI.c_str()) ||
424 ldap_is_ldaps_url(lDAPServerURI.c_str())))
425 {
426 log<level::ERR>("Not a valid LDAP Server URI"),
427 entry("LDAPSERVERURI=%s", lDAPServerURI.c_str());
428 elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
429 Argument::ARGUMENT_VALUE(lDAPServerURI.c_str()));
430 }
431
432 if (lDAPBindDN.empty())
433 {
434 log<level::ERR>("Not a valid LDAP BINDDN"),
435 entry("LDAPBINDDN=%s", lDAPBindDN.c_str());
436 elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"),
437 Argument::ARGUMENT_VALUE(lDAPBindDN.c_str()));
438 }
439
440 if (lDAPBaseDN.empty())
441 {
442 log<level::ERR>("Not a valid LDAP BASEDN"),
443 entry("LDAPBASEDN=%s", lDAPBaseDN.c_str());
444 elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"),
445 Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str()));
446 }
447
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]448 // With current implementation we support only one LDAP server.
Nagaraju Goruganti24194bd2018-09-18 09:55:09 -0500[diff] [blame]449 deleteObject();
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]450 try
451 {
452 fs::copy_file(nsSwitchFile, linuxNsSwitchFile,
453 fs::copy_options::overwrite_existing);
454 fs::copy_file(LDAPNsSwitchFile, nsSwitchFile,
455 fs::copy_options::overwrite_existing);
456 }
457 catch (const std::exception& e)
458 {
459 log<level::ERR>("Failed to rename Config Files while creating Object",
460 entry("ERR=%s", e.what()));
461 elog<InternalFailure>();
462 }
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]463
464 auto objPath = std::string(LDAP_CONFIG_DBUS_OBJ_PATH);
465 configPtr = std::make_unique<Config>(
466 bus, objPath.c_str(), LDAP_CONFIG_FILE, secureLDAP, lDAPServerURI,
467 lDAPBindDN, lDAPBaseDN, lDAPBINDDNpassword,
468 static_cast<ldap_base::Config::SearchScope>(lDAPSearchScope),
469 static_cast<ldap_base::Config::Type>(lDAPType), *this);
470
Nagaraju Gorugantidccee2b2018-09-25 08:51:06 -0500[diff] [blame]471 restartService(nslcdService);
472 restartService(nscdService);
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]473 return objPath;
474}
475
Nagaraju Gorugantif1940d92018-09-18 05:05:50 -0500[diff] [blame]476void ConfigMgr::restore(const char* filePath)
477{
478 if (!fs::exists(filePath))
479 {
480 log<level::ERR>("Config file doesn't exists",
481 entry("LDAP_CONFIG_FILE=%s", LDAP_CONFIG_FILE));
482 return;
483 }
484
485 ConfigInfo configValues;
486
487 try
488 {
489 std::fstream stream(filePath, std::fstream::in);
490 Line line;
491 // read characters from stream and places them into line
492 while (std::getline(stream, line))
493 {
494 // remove leading and trailing extra spaces
495 auto firstScan = line.find_first_not_of(' ');
496 auto first =
497 (firstScan == std::string::npos ? line.length() : firstScan);
498 auto last = line.find_last_not_of(' ');
499 line = line.substr(first, last - first + 1);
500 // reduce multiple spaces between two words to a single space
501 auto pred = [](char a, char b) {
502 return (a == b && a == ' ') ? true : false;
503 };
504
505 auto lastPos = std::unique(line.begin(), line.end(), pred);
506
507 line.erase(lastPos, line.end());
508
509 // Ignore if line is empty or starts with '#'
510 if (line.empty() || line.at(0) == '#')
511 {
512 continue;
513 }
514
515 Key key;
516 std::istringstream isLine(line);
517 // extract characters from isLine and stores them into
518 // key until the delimitation character ' ' is found.
519 // If the delimiter is found, it is extracted and discarded
520 // the next input operation will begin after it.
521 if (std::getline(isLine, key, ' '))
522 {
523 Val value;
524 // extract characters after delimitation character ' '
525 if (std::getline(isLine, value, ' '))
526 {
527 // skip line if it starts with "base shadow" or
528 // "base passwd" because we would have 3 entries
529 // ("base lDAPBaseDN" , "base passwd lDAPBaseDN" and
530 // "base shadow lDAPBaseDN") for the property "lDAPBaseDN",
531 // one is enough to restore it.
532
533 if ((key == "base") &&
534 (value == "passwd" || value == "shadow"))
535 {
536 continue;
537 }
538 // skip the line if it starts with "map passwd".
539 // if config type is AD "map group" entry would be add to
540 // the map configValues. For OpenLdap config file no map
541 // entry would be there.
542 if ((key == "map") && (value == "passwd"))
543 {
544 continue;
545 }
546 configValues[key] = value;
547 }
548 }
549 }
550
551 // extract properties from configValues map
552 bool secureLDAP;
553 if (configValues["ssl"] == "on")
554 {
555 secureLDAP = true;
556 }
557 else
558 {
559 secureLDAP = false;
560 }
561
562 ldap_base::Create::SearchScope lDAPSearchScope;
563 if (configValues["scope"] == "sub")
564 {
565 lDAPSearchScope = ldap_base::Create::SearchScope::sub;
566 }
567 else if (configValues["scope"] == "one")
568 {
569 lDAPSearchScope = ldap_base::Create::SearchScope::one;
570 }
571 else
572 {
573 lDAPSearchScope = ldap_base::Create::SearchScope::base;
574 }
575
576 ldap_base::Create::Type lDAPType;
577 // If the file is having a line which starts with "map group"
578 if (configValues["map"] == "group")
579 {
580 lDAPType = ldap_base::Create::Type::ActiveDirectory;
581 }
582 else
583 {
584 lDAPType = ldap_base::Create::Type::OpenLdap;
585 }
586
587 createConfig(
588 secureLDAP, std::move(configValues["uri"]),
589 std::move(configValues["binddn"]), std::move(configValues["base"]),
590 std::move(configValues["bindpw"]), lDAPSearchScope, lDAPType);
591 }
592 catch (const InvalidArgument& e)
593 {
594 // Don't throw - we don't want to create a D-Bus
595 // object upon finding empty values in config, as
596 // this can be a default config.
597 }
598 catch (const InternalFailure& e)
599 {
600 throw;
601 }
602 catch (const std::exception& e)
603 {
604 log<level::ERR>(e.what());
605 elog<InternalFailure>();
606 }
607}
Nagaraju Goruganti997f5e02018-08-30 03:05:11 -0500[diff] [blame]608} // namespace ldap
609} // namespace phosphor