diff options
Diffstat (limited to 'phosphor-ldap-config')
-rw-r--r-- | phosphor-ldap-config/Makefile.am | 3 | ||||
-rw-r--r-- | phosphor-ldap-config/ldap_configuration.cpp | 53 | ||||
-rw-r--r-- | phosphor-ldap-config/utils.cpp | 52 | ||||
-rw-r--r-- | phosphor-ldap-config/utils.hpp | 20 |
4 files changed, 101 insertions, 27 deletions
diff --git a/phosphor-ldap-config/Makefile.am b/phosphor-ldap-config/Makefile.am index cf2b4f0..907c365 100644 --- a/phosphor-ldap-config/Makefile.am +++ b/phosphor-ldap-config/Makefile.am @@ -1,9 +1,10 @@ sbin_PROGRAMS = phosphor-ldap-conf -noinst_HEADERS = ldap_configuration.hpp +noinst_HEADERS = ldap_configuration.hpp utils.hpp phosphor_ldap_conf_SOURCES = \ main.cpp \ + utils.cpp \ ldap_configuration.cpp phosphor_ldap_conf_LDFLAGS = $(SDBUSPLUS_LIBS) \ diff --git a/phosphor-ldap-config/ldap_configuration.cpp b/phosphor-ldap-config/ldap_configuration.cpp index e84e0b9..6fdc511 100644 --- a/phosphor-ldap-config/ldap_configuration.cpp +++ b/phosphor-ldap-config/ldap_configuration.cpp @@ -1,5 +1,5 @@ #include "ldap_configuration.hpp" -#include <ldap.h> +#include "utils.hpp" #include <experimental/filesystem> #include <fstream> #include <sstream> @@ -10,6 +10,8 @@ namespace ldap { constexpr auto nslcdService = "nslcd.service"; constexpr auto nscdService = "nscd.service"; +constexpr auto LDAPscheme = "ldap"; +constexpr auto LDAPSscheme = "ldaps"; using namespace phosphor::logging; using namespace sdbusplus::xyz::openbmc_project::Common::Error; @@ -174,25 +176,20 @@ std::string Config::lDAPServerURI(std::string value) { return value; } - if (secureLDAP) + if (isValidLDAPURI(value, LDAPSscheme)) { - if (!ldap_is_ldaps_url(value.c_str())) - { - log<level::ERR>("bad LDAPS Server URI", - entry("LDAPSSERVERURI=%s", value.c_str())); - elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"), - Argument::ARGUMENT_VALUE(value.c_str())); - } + secureLDAP = true; + } + else if (isValidLDAPURI(value, LDAPscheme)) + { + secureLDAP = false; } else { - if (!ldap_is_ldap_url(value.c_str())) - { - log<level::ERR>("bad LDAP Server URI", - entry("LDAPSERVERURI=%s", value.c_str())); - elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"), - Argument::ARGUMENT_VALUE(value.c_str())); - } + log<level::ERR>("bad LDAP Server URI", + entry("LDAPSERVERURI=%s", value.c_str())); + elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPServerURI"), + Argument::ARGUMENT_VALUE(value.c_str())); } val = ConfigIface::lDAPServerURI(value); writeConfig(); @@ -202,6 +199,10 @@ std::string Config::lDAPServerURI(std::string value) { throw; } + catch (const InvalidArgument& e) + { + throw; + } catch (const std::exception& e) { log<level::ERR>(e.what()); @@ -222,8 +223,8 @@ std::string Config::lDAPBindDN(std::string value) if (value.empty()) { - log<level::ERR>("Not a valid LDAP BINDDN"), - entry("LDAPBINDDN=%s", value.c_str()); + log<level::ERR>("Not a valid LDAP BINDDN", + entry("LDAPBINDDN=%s", value.c_str())); elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBindDN"), Argument::ARGUMENT_VALUE(value.c_str())); } @@ -256,8 +257,8 @@ std::string Config::lDAPBaseDN(std::string value) if (value.empty()) { - log<level::ERR>("Not a valid LDAP BASEDN"), - entry("BASEDN=%s", value.c_str()); + log<level::ERR>("Not a valid LDAP BASEDN", + entry("BASEDN=%s", value.c_str())); elog<InvalidArgument>(Argument::ARGUMENT_NAME("lDAPBaseDN"), Argument::ARGUMENT_VALUE(value.c_str())); } @@ -379,11 +380,11 @@ std::string { bool secureLDAP = false; - if (ldap_is_ldaps_url(lDAPServerURI.c_str())) + if (isValidLDAPURI(lDAPServerURI, LDAPSscheme)) { secureLDAP = true; } - else if (ldap_is_ldap_url(lDAPServerURI.c_str())) + else if (isValidLDAPURI(lDAPServerURI, LDAPscheme)) { secureLDAP = false; } @@ -397,16 +398,16 @@ std::string if (lDAPBindDN.empty()) { - log<level::ERR>("Not a valid LDAP BINDDN"), - entry("LDAPBINDDN=%s", lDAPBindDN.c_str()); + log<level::ERR>("Not a valid LDAP BINDDN", + entry("LDAPBINDDN=%s", lDAPBindDN.c_str())); elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBindDN"), Argument::ARGUMENT_VALUE(lDAPBindDN.c_str())); } if (lDAPBaseDN.empty()) { - log<level::ERR>("Not a valid LDAP BASEDN"), - entry("LDAPBASEDN=%s", lDAPBaseDN.c_str()); + log<level::ERR>("Not a valid LDAP BASEDN", + entry("LDAPBASEDN=%s", lDAPBaseDN.c_str())); elog<InvalidArgument>(Argument::ARGUMENT_NAME("LDAPBaseDN"), Argument::ARGUMENT_VALUE(lDAPBaseDN.c_str())); } diff --git a/phosphor-ldap-config/utils.cpp b/phosphor-ldap-config/utils.cpp new file mode 100644 index 0000000..7a40a3e --- /dev/null +++ b/phosphor-ldap-config/utils.cpp @@ -0,0 +1,52 @@ +#include "utils.hpp" +#include <cstring> +#include <netdb.h> +#include <arpa/inet.h> +#include <ldap.h> +#include <memory> + +namespace phosphor +{ +namespace ldap +{ + +bool isValidLDAPURI(const std::string& URI, const char* scheme) +{ + LDAPURLDesc* ludpp = nullptr; + int res = LDAP_URL_ERR_BADURL; + res = ldap_url_parse(URI.c_str(), &ludpp); + + auto ludppCleanupFunc = [](LDAPURLDesc* ludpp) { + ldap_free_urldesc(ludpp); + }; + std::unique_ptr<LDAPURLDesc, decltype(ludppCleanupFunc)> ludppPtr( + ludpp, ludppCleanupFunc); + + if (res != LDAP_URL_SUCCESS) + { + return false; + } + if (std::strcmp(scheme, ludppPtr->lud_scheme) != 0) + { + return false; + } + addrinfo hints{}; + addrinfo* servinfo = nullptr; + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags |= AI_CANONNAME; + + auto result = getaddrinfo(ludppPtr->lud_host, nullptr, &hints, &servinfo); + auto cleanupFunc = [](addrinfo* servinfo) { freeaddrinfo(servinfo); }; + std::unique_ptr<addrinfo, decltype(cleanupFunc)> servinfoPtr(servinfo, + cleanupFunc); + + if (result) + { + return false; + } + return true; +} + +} // namespace ldap +} // namespace phosphor diff --git a/phosphor-ldap-config/utils.hpp b/phosphor-ldap-config/utils.hpp new file mode 100644 index 0000000..984aae6 --- /dev/null +++ b/phosphor-ldap-config/utils.hpp @@ -0,0 +1,20 @@ +#pragma once + +#include <string> + +namespace phosphor +{ +namespace ldap +{ + +/** @brief checks that the given URI is valid LDAP's URI. + * LDAP's URL begins with "ldap://" and LDAPS's URL begins with "ldap://" + * @param[in] URI - URI which needs to be validated. + * @param[in] scheme - LDAP's scheme, scheme equals to "ldaps" to validate + * against LDAPS type URI, for LDAP type URI it is equals to "ldap". + * @returns true if it is valid otherwise false. + */ +bool isValidLDAPURI(const std::string& URI, const char* scheme); + +} // namespace ldap +} // namespace phosphor |