phosphor-ldap-conf: validate LDAP Server URI

Validates given URI. Also updates secureLDAP property based on given URI. If URI is of LDAPS type, secureLDAP is set to true, else it is set to false. Change-Id: If96495c01a8bd911d255267ffbbbff7f28fa070b Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
author: Nagaraju Goruganti <ngorugan@in.ibm.com> 2018-10-12 07:00:20 -0500
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> 2018-11-20 02:11:46 +0000
commit: 59287f090c9ea371a6d7f9c151f26c46a068a0b3 (patch)
tree: 28757865672ab23acbeb19fb756a1da48c2321b6 /phosphor-ldap-config/ldap_configuration.cpp
parent: db60f5847bc89e96fbee5eb504726c11382973b8 (diff)
download: phosphor-user-manager-59287f090c9ea371a6d7f9c151f26c46a068a0b3.tar.gz
phosphor-user-manager-59287f090c9ea371a6d7f9c151f26c46a068a0b3.zip
1 files changed, 27 insertions, 26 deletions
diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp
index e84e0b9..6fdc511 100644
--- a/phosphor-ldap-config/ldap_configuration.cpp
+++ b/phosphor-ldap-config/ldap_configuration.cpp
@@ -1,5 +1,5 @@
 #include "ldap_configuration.hpp"
-#include <ldap.h>
+#include "utils.hpp"
 #include <experimental/filesystem>
 #include <fstream>
 #include <sstream>
@@ -10,6 +10,8 @@ namespace ldap
 {
 constexpr auto nslcdService = "nslcd.service";
 constexpr auto nscdService = "nscd.service";
+constexpr auto LDAPscheme = "ldap";
+constexpr auto LDAPSscheme = "ldaps";
 
 using namespace phosphor::logging;
 using namespace sdbusplus::xyz::openbmc_project::Common::Error;
@@ -174,25 +176,20 @@ std::string Config::lDAPServerURI(std::string value)
         {
             return value;
         }
-        if (secureLDAP)
+        if (isValidLDAPURI(value, LDAPSscheme))
         {
-            if (!ldap_is_ldaps_url(value.c_str()))
-            {
-                log<level::ERR>("bad LDAPS Server URI",
-                                entry("LDAPSSERVERURI=%s", value.c_str()));
-                elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
-                                      Argument::ARGUMENT_VALUE(value.c_str()));
-            }
+            secureLDAP = true;
+        }
+        else if (isValidLDAPURI(value, LDAPscheme))
+        {
+            secureLDAP = false;
         }
         else
         {
-            if (!ldap_is_ldap_url(value.c_str()))
-            {
-                log<level::ERR>("bad LDAP Server URI",
-                                entry("LDAPSERVERURI=%s", value.c_str()));
-                elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
-                                      Argument::ARGUMENT_VALUE(value.c_str()));
-            }
+            log<level::ERR>("bad LDAP Server URI",
+                            entry("LDAPSERVERURI=%s", value.c_str()));
+            elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"),
+                                  Argument::ARGUMENT_VALUE(value.c_str()));
         }
         val = ConfigIface::lDAPServerURI(value);
         writeConfig();
@@ -202,6 +199,10 @@ std::string Config::lDAPServerURI(std::string value)
     {
         throw;
     }
+    catch (const InvalidArgument& e)
+    {
+        throw;
+    }
     catch (const std::exception& e)
     {
         log<level::ERR>(e.what());
@@ -222,8 +223,8 @@ std::string Config::lDAPBindDN(std::string value)
 
         if (value.empty())
         {
-            log<level::ERR>("Not a valid LDAP BINDDN"),
-                entry("LDAPBINDDN=%s", value.c_str());
+            log<level::ERR>("Not a valid LDAP BINDDN",
+                            entry("LDAPBINDDN=%s", value.c_str()));
             elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBindDN"),
                                   Argument::ARGUMENT_VALUE(value.c_str()));
         }
@@ -256,8 +257,8 @@ std::string Config::lDAPBaseDN(std::string value)
 
         if (value.empty())
         {
-            log<level::ERR>("Not a valid LDAP BASEDN"),
-                entry("BASEDN=%s", value.c_str());
+            log<level::ERR>("Not a valid LDAP BASEDN",
+                            entry("BASEDN=%s", value.c_str()));
             elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBaseDN"),
                                   Argument::ARGUMENT_VALUE(value.c_str()));
         }
@@ -379,11 +380,11 @@ std::string
 {
     bool secureLDAP = false;
 
-    if (ldap_is_ldaps_url(lDAPServerURI.c_str()))
+    if (isValidLDAPURI(lDAPServerURI, LDAPSscheme))
     {
         secureLDAP = true;
     }
-    else if (ldap_is_ldap_url(lDAPServerURI.c_str()))
+    else if (isValidLDAPURI(lDAPServerURI, LDAPscheme))
     {
         secureLDAP = false;
     }
@@ -397,16 +398,16 @@ std::string
 
     if (lDAPBindDN.empty())
     {
-        log<level::ERR>("Not a valid LDAP BINDDN"),
-            entry("LDAPBINDDN=%s", lDAPBindDN.c_str());
+        log<level::ERR>("Not a valid LDAP BINDDN",
+                        entry("LDAPBINDDN=%s", lDAPBindDN.c_str()));
         elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"),
                               Argument::ARGUMENT_VALUE(lDAPBindDN.c_str()));
     }
 
     if (lDAPBaseDN.empty())
     {
-        log<level::ERR>("Not a valid LDAP BASEDN"),
-            entry("LDAPBASEDN=%s", lDAPBaseDN.c_str());
+        log<level::ERR>("Not a valid LDAP BASEDN",
+                        entry("LDAPBASEDN=%s", lDAPBaseDN.c_str()));
         elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"),
                               Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str()));
     }
author	Nagaraju Goruganti <ngorugan@in.ibm.com>	2018-10-12 07:00:20 -0500
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	2018-11-20 02:11:46 +0000
commit	59287f090c9ea371a6d7f9c151f26c46a068a0b3 (patch)
tree	28757865672ab23acbeb19fb756a1da48c2321b6 /phosphor-ldap-config/ldap_configuration.cpp
parent	db60f5847bc89e96fbee5eb504726c11382973b8 (diff)
download	phosphor-user-manager-59287f090c9ea371a6d7f9c151f26c46a068a0b3.tar.gz phosphor-user-manager-59287f090c9ea371a6d7f9c151f26c46a068a0b3.zip