diff options
author | Tom Joseph <tomjoseph@in.ibm.com> | 2018-09-30 16:00:54 +0530 |
---|---|---|
committer | Tom Joseph <tomjoseph@in.ibm.com> | 2018-10-04 15:36:45 +0530 |
commit | a58489312b9bd804500fbee13c3259f2c92a4b17 (patch) | |
tree | f8bc6f8e24bd62a3d2d8598c4df9a0a73c5ff56d /xyz/openbmc_project | |
parent | bf21cfa8640c968a5e825b141866b858118fb1a1 (diff) | |
download | phosphor-dbus-interfaces-a58489312b9bd804500fbee13c3259f2c92a4b17.tar.gz phosphor-dbus-interfaces-a58489312b9bd804500fbee13c3259f2c92a4b17.zip |
Modify the PrivilegeMapperEntry interface
The object path for the privilege mapper cannot have LDAP group name
in the path name. The D-Bus object path should only contain the ASCII
characters [A-Z][a-z][0-9]_. According to RFC 2253, the LDAP group name
can have additional special characters. A unique identifier is added to
the D-Bus object path and the group name is a property of the privilege
mapper.
Change-Id: If1c511bee7a492887eb45e7ce00fdfc55e98c073
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
Diffstat (limited to 'xyz/openbmc_project')
-rw-r--r-- | xyz/openbmc_project/User/PrivilegeMapper.interface.yaml | 15 | ||||
-rw-r--r-- | xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml | 9 |
2 files changed, 19 insertions, 5 deletions
diff --git a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml index 5b4f511..aac9fc0 100644 --- a/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml +++ b/xyz/openbmc_project/User/PrivilegeMapper.interface.yaml @@ -3,11 +3,17 @@ description: > group name. The users in the group will inherit the privilege mapping of the group. The Create method on success creates the object which implements xyz.openbmc_project.User.PrivilegeMapperEntry. For example in the case of - LDAP, the object path will be /xyz/openbmc_project/user/ldap/<GroupName>. - If the privilege mapping already exists then it throws the exception + LDAP, the object path will be + /xyz/openbmc_project/user/ldap/privilege_mapper/<id>. The <id> will be + a unique number generated by the application. If the privilege mapping + already exists then it throws the exception xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists. To modify the privilege for a mapping which already exists, the Privilege property in the xyz.openbmc_project.User.PrivilegeMapperEntry interface needs to be set. + Any application consuming the privilege mapping should not cache the object + path and use the GetManagedObjects method on the + org.freedesktop.DBus.ObjectManager interface to figure out the D-Bus object + path associated with the group name. methods: - name: Create @@ -18,8 +24,7 @@ methods: type: string description: > Group Name to which the privilege is to be assigned. In the case - of LDAP, the GroupName will be the LDAP group the user is part - of. + of LDAP, the GroupName will be the LDAP group the user is part of. - name: Privilege type: string description: > @@ -31,7 +36,7 @@ methods: https://github.com/openbmc/docs/blob/master/user_management.md returns: - name: Path - type: string + type: path description: > The path for the created privilege mapping object. diff --git a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml index a90989d..cea3ca2 100644 --- a/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml +++ b/xyz/openbmc_project/User/PrivilegeMapperEntry.interface.yaml @@ -2,6 +2,15 @@ description: > Implement to provide privilege for the group. properties: + - name: GroupName + type: string + description: > + Group Name to which the privilege is to be assigned. In the case of + LDAP, the GroupName will be the LDAP group the user is part of. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.User.Common.Error.PrivilegeMappingExists - name: Privilege type: string description: > |