summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNagaraju Goruganti <ngorugan@in.ibm.com>2018-09-28 13:12:19 -0500
committerDeepak Kodihalli <dkodihal@in.ibm.com>2018-10-06 11:07:08 -0500
commitb26799aad62dfab304b322e7eb06167a9ea05ce7 (patch)
treeec670751601733f810e361e80a4669132129fea4
parentdccee2b7ff47757afb6a0606707b6436bb0f4c7b (diff)
downloadphosphor-user-manager-b26799aad62dfab304b322e7eb06167a9ea05ce7.zip
phosphor-user-manager-b26799aad62dfab304b322e7eb06167a9ea05ce7.tar.gz
phosphor-ldap-conf: add support for validation of parameters
Validate LDAP Server's URI, BaseDN and BindBN. Change-Id: If754e17c238069e04c9e1e8735a28d54dbf221cb TODO: Unit tests will be added in subsequent commits. Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
-rw-r--r--phosphor-ldap-config/Makefile.am5
-rw-r--r--phosphor-ldap-config/ldap_configuration.cpp53
2 files changed, 54 insertions, 4 deletions
diff --git a/phosphor-ldap-config/Makefile.am b/phosphor-ldap-config/Makefile.am
index ed0853c..cf2b4f0 100644
--- a/phosphor-ldap-config/Makefile.am
+++ b/phosphor-ldap-config/Makefile.am
@@ -8,8 +8,9 @@ phosphor_ldap_conf_SOURCES = \
phosphor_ldap_conf_LDFLAGS = $(SDBUSPLUS_LIBS) \
$(PHOSPHOR_DBUS_INTERFACES_LIBS) \
- $(PHOSPHOR_LOGGING_LIBS)\
- -lstdc++fs
+ $(PHOSPHOR_LOGGING_LIBS) \
+ -lstdc++fs \
+ -lldap
phosphor_ldap_conf_CXXFLAGS = $(SYSTEMD_CFLAGS) \
$(PHOSPHOR_DBUS_INTERFACES_CFLAGS) \
diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp
index 222793e..e3b337d 100644
--- a/phosphor-ldap-config/ldap_configuration.cpp
+++ b/phosphor-ldap-config/ldap_configuration.cpp
@@ -1,4 +1,5 @@
#include "ldap_configuration.hpp"
+#include <ldap.h>
#include <experimental/filesystem>
#include <fstream>
#include <sstream>
@@ -13,6 +14,7 @@ constexpr auto nscdService = "nscd.service";
using namespace phosphor::logging;
using namespace sdbusplus::xyz::openbmc_project::Common::Error;
namespace fs = std::experimental::filesystem;
+using Argument = xyz::openbmc_project::Common::InvalidArgument;
using Line = std::string;
using Key = std::string;
@@ -178,7 +180,14 @@ std::string Config::lDAPServerURI(std::string value)
{
return value;
}
-
+ if (!(ldap_is_ldap_url(value.c_str()) ||
+ ldap_is_ldaps_url(value.c_str())))
+ {
+ log<level::ERR>("Not a valid LDAP Server URI"),
+ entry("LDAPSERVERURI=%s", value.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
+ Argument::ARGUMENT_VALUE(value.c_str()));
+ }
val = ConfigIface::lDAPServerURI(value);
writeConfig();
parent.restartService(nslcdService);
@@ -206,6 +215,14 @@ std::string Config::lDAPBindDN(std::string value)
return value;
}
+ if (value.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BINDDN"),
+ entry("LDAPBINDDN=%s", value.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBindDN"),
+ Argument::ARGUMENT_VALUE(value.c_str()));
+ }
+
val = ConfigIface::lDAPBindDN(value);
writeConfig();
parent.restartService(nslcdService);
@@ -232,6 +249,14 @@ std::string Config::lDAPBaseDN(std::string value)
return value;
}
+ if (value.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BASEDN"),
+ entry("BASEDN=%s", value.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBaseDN"),
+ Argument::ARGUMENT_VALUE(value.c_str()));
+ }
+
val = ConfigIface::lDAPBaseDN(value);
writeConfig();
parent.restartService(nslcdService);
@@ -373,7 +398,31 @@ std::string
ldap_base::Create::SearchScope lDAPSearchScope,
ldap_base::Create::Type lDAPType)
{
- // TODO Validate parameters passed-in.
+ if (!(ldap_is_ldap_url(lDAPServerURI.c_str()) ||
+ ldap_is_ldaps_url(lDAPServerURI.c_str())))
+ {
+ log<level::ERR>("Not a valid LDAP Server URI"),
+ entry("LDAPSERVERURI=%s", lDAPServerURI.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
+ Argument::ARGUMENT_VALUE(lDAPServerURI.c_str()));
+ }
+
+ if (lDAPBindDN.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BINDDN"),
+ entry("LDAPBINDDN=%s", lDAPBindDN.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"),
+ Argument::ARGUMENT_VALUE(lDAPBindDN.c_str()));
+ }
+
+ if (lDAPBaseDN.empty())
+ {
+ log<level::ERR>("Not a valid LDAP BASEDN"),
+ entry("LDAPBASEDN=%s", lDAPBaseDN.c_str());
+ elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"),
+ Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str()));
+ }
+
// With current implementation we support only one LDAP server.
deleteObject();
try
OpenPOWER on IntegriCloud