diff options
Diffstat (limited to 'phosphor-ldap-config/ldap_configuration.cpp')
-rw-r--r-- | phosphor-ldap-config/ldap_configuration.cpp | 210 |
1 files changed, 166 insertions, 44 deletions
diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp index a54db9b..413998a 100644 --- a/phosphor-ldap-config/ldap_configuration.cpp +++ b/phosphor-ldap-config/ldap_configuration.cpp @@ -27,9 +27,11 @@ Config::Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath, const char* caCertFile, bool secureLDAP, std::string lDAPServerURI, std::string lDAPBindDN, std::string lDAPBaseDN, std::string&& lDAPBindDNPassword, - ldap_base::Config::SearchScope lDAPSearchScope, - ldap_base::Config::Type lDAPType, ConfigMgr& parent) : - ConfigIface(bus, path, true), + ConfigIface::SearchScope lDAPSearchScope, + ConfigIface::Type lDAPType, bool lDAPServiceEnabled, + std::string userNameAttr, std::string groupNameAttr, + ConfigMgr& parent) : + Ifaces(bus, path, true), secureLDAP(secureLDAP), configFilePath(filePath), tlsCacertFile(caCertFile), lDAPBindDNPassword(std::move(lDAPBindDNPassword)), bus(bus), parent(parent) { @@ -38,9 +40,13 @@ Config::Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath, ConfigIface::lDAPBaseDN(lDAPBaseDN); ConfigIface::lDAPSearchScope(lDAPSearchScope); ConfigIface::lDAPType(lDAPType); + EnableIface::enabled(lDAPServiceEnabled); + ConfigIface::userNameAttribute(userNameAttr); + ConfigIface::groupNameAttribute(groupNameAttr); writeConfig(); // Emit deferred signal. this->emit_object_added(); + parent.startOrStopService(nslcdService, enabled()); } void Config::delete_() @@ -68,6 +74,7 @@ void Config::writeConfig() { std::stringstream confData; auto isPwdTobeWritten = false; + std::string userNameAttr; confData << "uid root\n"; confData << "gid root\n\n"; @@ -87,13 +94,13 @@ void Config::writeConfig() confData << "\n"; switch (lDAPSearchScope()) { - case ldap_base::Config::SearchScope::sub: + case ConfigIface::SearchScope::sub: confData << "scope sub\n\n"; break; - case ldap_base::Config::SearchScope::one: + case ConfigIface::SearchScope::one: confData << "scope one\n\n"; break; - case ldap_base::Config::SearchScope::base: + case ConfigIface::SearchScope::base: confData << "scope base\n\n"; break; } @@ -110,30 +117,52 @@ void Config::writeConfig() confData << "ssl off\n"; } confData << "\n"; - if (lDAPType() == ldap_base::Config::Type::ActiveDirectory) + if (lDAPType() == ConfigIface::Type::ActiveDirectory) { + if (ConfigIface::userNameAttribute().empty()) + { + ConfigIface::userNameAttribute("sAMAccountName"); + } + if (ConfigIface::groupNameAttribute().empty()) + { + ConfigIface::groupNameAttribute("primaryGroupID"); + } confData << "filter passwd (&(objectClass=user)(objectClass=person)" "(!(objectClass=computer)))\n"; confData << "filter group (|(objectclass=group)(objectclass=groupofnames) " "(objectclass=groupofuniquenames))\n"; - confData << "map passwd uid sAMAccountName\n"; + confData << "map passwd uid " + << ConfigIface::userNameAttribute() << "\n"; confData << "map passwd uidNumber " "objectSid:S-1-5-21-3623811015-3361044348-30300820\n"; - confData << "map passwd gidNumber primaryGroupID\n"; + confData << "map passwd gidNumber " + << ConfigIface::groupNameAttribute() << "\n"; confData << "map passwd homeDirectory \"/home/$sAMAccountName\"\n"; confData << "map passwd gecos displayName\n"; confData << "map passwd loginShell \"/bin/bash\"\n"; - confData << "map group gidNumber primaryGroupID\n"; confData << "map group gidNumber " "objectSid:S-1-5-21-3623811015-3361044348-30300820\n"; - confData << "map group cn sAMAccountName\n"; + confData << "map group cn " + << ConfigIface::userNameAttribute() << "\n"; } - else if (lDAPType() == ldap_base::Config::Type::OpenLdap) + else if (lDAPType() == ConfigIface::Type::OpenLdap) { + if (ConfigIface::userNameAttribute().empty()) + { + ConfigIface::userNameAttribute("uid"); + } + if (ConfigIface::groupNameAttribute().empty()) + { + ConfigIface::groupNameAttribute("gid"); + } confData << "filter passwd (objectclass=*)\n"; confData << "map passwd gecos displayName\n"; confData << "filter group (objectclass=posixGroup)\n"; + confData << "map passwd uid " + << ConfigIface::userNameAttribute() << "\n"; + confData << "map passwd gidNumber " + << ConfigIface::groupNameAttribute() << "\n"; } try { @@ -197,7 +226,7 @@ std::string Config::lDAPServerURI(std::string value) } val = ConfigIface::lDAPServerURI(value); writeConfig(); - parent.restartService(nslcdService); + parent.startOrStopService(nslcdService, enabled()); } catch (const InternalFailure& e) { @@ -239,7 +268,7 @@ std::string Config::lDAPBindDN(std::string value) val = ConfigIface::lDAPBindDN(value); writeConfig(); - parent.restartService(nslcdService); + parent.startOrStopService(nslcdService, enabled()); } catch (const InternalFailure& e) { @@ -277,7 +306,7 @@ std::string Config::lDAPBaseDN(std::string value) val = ConfigIface::lDAPBaseDN(value); writeConfig(); - parent.restartService(nslcdService); + parent.startOrStopService(nslcdService, enabled()); } catch (const InternalFailure& e) { @@ -295,10 +324,9 @@ std::string Config::lDAPBaseDN(std::string value) return val; } -ldap_base::Config::SearchScope - Config::lDAPSearchScope(ldap_base::Config::SearchScope value) +ConfigIface::SearchScope Config::lDAPSearchScope(ConfigIface::SearchScope value) { - ldap_base::Config::SearchScope val; + ConfigIface::SearchScope val; try { if (value == lDAPSearchScope()) @@ -308,7 +336,7 @@ ldap_base::Config::SearchScope val = ConfigIface::lDAPSearchScope(value); writeConfig(); - parent.restartService(nslcdService); + parent.startOrStopService(nslcdService, enabled()); } catch (const InternalFailure& e) { @@ -322,9 +350,9 @@ ldap_base::Config::SearchScope return val; } -ldap_base::Config::Type Config::lDAPType(ldap_base::Config::Type value) +ConfigIface::Type Config::lDAPType(ConfigIface::Type value) { - ldap_base::Config::Type val; + ConfigIface::Type val; try { if (value == lDAPType()) @@ -334,7 +362,83 @@ ldap_base::Config::Type Config::lDAPType(ldap_base::Config::Type value) val = ConfigIface::lDAPType(value); writeConfig(); - parent.restartService(nslcdService); + parent.startOrStopService(nslcdService, enabled()); + } + catch (const InternalFailure& e) + { + throw; + } + catch (const std::exception& e) + { + log<level::ERR>(e.what()); + elog<InternalFailure>(); + } + return val; +} + +bool Config::enabled(bool value) +{ + bool isEnable; + try + { + if (value == enabled()) + { + return value; + } + isEnable = EnableIface::enabled(value); + parent.startOrStopService(nslcdService, value); + } + catch (const InternalFailure& e) + { + throw; + } + catch (const std::exception& e) + { + log<level::ERR>(e.what()); + elog<InternalFailure>(); + } + return isEnable; +} + +std::string Config::userNameAttribute(std::string value) +{ + std::string val; + try + { + if (value == userNameAttribute()) + { + return value; + } + + val = ConfigIface::userNameAttribute(value); + writeConfig(); + parent.startOrStopService(nslcdService, enabled()); + } + catch (const InternalFailure& e) + { + throw; + } + catch (const std::exception& e) + { + log<level::ERR>(e.what()); + elog<InternalFailure>(); + } + return val; +} + +std::string Config::groupNameAttribute(std::string value) +{ + std::string val; + try + { + if (value == groupNameAttribute()) + { + return value; + } + + val = ConfigIface::groupNameAttribute(value); + writeConfig(); + parent.startOrStopService(nslcdService, enabled()); } catch (const InternalFailure& e) { @@ -348,6 +452,18 @@ ldap_base::Config::Type Config::lDAPType(ldap_base::Config::Type value) return val; } +void ConfigMgr::startOrStopService(const std::string& service, bool start) +{ + if (start) + { + restartService(service); + } + else + { + stopService(service); + } +} + void ConfigMgr::restartService(const std::string& service) { try @@ -389,12 +505,11 @@ void ConfigMgr::deleteObject() configPtr.reset(nullptr); } -std::string - ConfigMgr::createConfig(std::string lDAPServerURI, std::string lDAPBindDN, - std::string lDAPBaseDN, - std::string lDAPBindDNPassword, - ldap_base::Create::SearchScope lDAPSearchScope, - ldap_base::Create::Type lDAPType) +std::string ConfigMgr::createConfig( + std::string lDAPServerURI, std::string lDAPBindDN, std::string lDAPBaseDN, + std::string lDAPBindDNPassword, CreateIface::SearchScope lDAPSearchScope, + CreateIface::Create::Type lDAPType, std::string groupNameAttribute, + std::string userNameAttribute) { bool secureLDAP = false; @@ -445,10 +560,10 @@ std::string bus, objPath.c_str(), configFilePath.c_str(), tlsCacertFile.c_str(), secureLDAP, lDAPServerURI, lDAPBindDN, lDAPBaseDN, std::move(lDAPBindDNPassword), - static_cast<ldap_base::Config::SearchScope>(lDAPSearchScope), - static_cast<ldap_base::Config::Type>(lDAPType), *this); + static_cast<ConfigIface::SearchScope>(lDAPSearchScope), + static_cast<ConfigIface::Type>(lDAPType), false, groupNameAttribute, + userNameAttribute, *this); - restartService(nslcdService); restartService(nscdService); return objPath; } @@ -515,42 +630,47 @@ void ConfigMgr::restore(const char* filePath) { continue; } - // skip the line if it starts with "map passwd". + // if config type is AD "map group" entry would be add to // the map configValues. For OpenLdap config file no map // entry would be there. if ((key == "map") && (value == "passwd")) { - continue; + key = key + "_" + value; + if (std::getline(isLine, value, ' ')) + { + key += "_" + value; + } + std::getline(isLine, value, ' '); } configValues[key] = value; } } } - ldap_base::Create::SearchScope lDAPSearchScope; + CreateIface::SearchScope lDAPSearchScope; if (configValues["scope"] == "sub") { - lDAPSearchScope = ldap_base::Create::SearchScope::sub; + lDAPSearchScope = CreateIface::SearchScope::sub; } else if (configValues["scope"] == "one") { - lDAPSearchScope = ldap_base::Create::SearchScope::one; + lDAPSearchScope = CreateIface::SearchScope::one; } else { - lDAPSearchScope = ldap_base::Create::SearchScope::base; + lDAPSearchScope = CreateIface::SearchScope::base; } - ldap_base::Create::Type lDAPType; + CreateIface::Type lDAPType; // If the file is having a line which starts with "map group" if (configValues["map"] == "group") { - lDAPType = ldap_base::Create::Type::ActiveDirectory; + lDAPType = CreateIface::Type::ActiveDirectory; } else { - lDAPType = ldap_base::Create::Type::OpenLdap; + lDAPType = CreateIface::Type::OpenLdap; } // Don't create the config object if either of the field is empty. @@ -565,10 +685,12 @@ void ConfigMgr::restore(const char* filePath) return; } - createConfig( - std::move(configValues["uri"]), std::move(configValues["binddn"]), - std::move(configValues["base"]), std::move(configValues["bindpw"]), - lDAPSearchScope, lDAPType); + createConfig(std::move(configValues["uri"]), + std::move(configValues["binddn"]), + std::move(configValues["base"]), + std::move(configValues["bindpw"]), lDAPSearchScope, + lDAPType, std::move(configValues["map_passwd_uid"]), + std::move(configValues["map_passwd_gidNumber"])); } catch (const InvalidArgument& e) { |