summaryrefslogtreecommitdiffstats
path: root/phosphor-ldap-mapper/ldap_mapper_mgr.hpp
blob: b2617ca764df9f380d935d9c09173dc5afac3739 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#pragma once

#include <sdbusplus/bus.hpp>
#include <sdbusplus/server/object.hpp>
#include "ldap_mapper_entry.hpp"
#include <xyz/openbmc_project/User/PrivilegeMapper/server.hpp>
#include <map>
#include <set>

namespace phosphor
{

namespace user
{

using MapperMgrIface =
    sdbusplus::xyz::openbmc_project::User::server::PrivilegeMapper;
using ObjectPath = sdbusplus::message::object_path;

// D-Bus root for LDAP privilege mapper
constexpr auto mapperMgrRoot = "/xyz/openbmc_project/user/ldap";

/** @class LDAPMapperMgr
 *
 *  @brief Responsible for managing LDAP groups to privilege mapping.
 */
class LDAPMapperMgr : public MapperMgrIface
{
  public:
    LDAPMapperMgr() = delete;
    ~LDAPMapperMgr() = default;
    LDAPMapperMgr(const LDAPMapperMgr &) = delete;
    LDAPMapperMgr &operator=(const LDAPMapperMgr &) = delete;
    LDAPMapperMgr(LDAPMapperMgr &&) = delete;
    LDAPMapperMgr &operator=(LDAPMapperMgr &&) = delete;

    /** @brief Constructs LDAPMapperMgr object.
     *
     *  @param[in] bus  - sdbusplus handler
     *  @param[in] path - D-Bus path
     */
    LDAPMapperMgr(sdbusplus::bus::bus &bus, const char *path);

    /** @brief Creates a mapping for the group to the privilege
     *
     *  @param[in] groupName - Group Name to which the privilege needs to be
     *                         assigned.
     *  @param[in] privilege - The privilege role associated with the group.
     *
     *  @return On success return the D-Bus object path of the created privilege
     *          mapper entry.
     */
    ObjectPath create(std::string groupName, std::string privilege) override;

    /** @brief Delete privilege mapping for LDAP group
     *
     *  This method deletes the privilege mapping
     *
     *  @param[in] groupName - name of the LDAP group for which privilege
     *                         mapping is to be deleted.
     */
    void deletePrivilegeMapper(Id id);

    /** @brief Check if LDAP group privilege mapping requested is valid
     *
     *  Check if the privilege mapping already exists for the LDAP group name
     *  and group name is empty.
     *
     *  @param[in] groupName - LDAP group name
     *
     *  @return throw exception if the conditions are not met.
     */
    void checkPrivilegeMapper(const std::string &groupName);

    /** @brief Check if the privilege level is a valid one
     *
     *  @param[in] privilege - Privilege level
     *
     *  @return throw exception if the conditions are not met.
     */
    void checkPrivilegeLevel(const std::string &privilege);

    /** @brief Construct LDAP mapper entry D-Bus objects from their persisted
     *         representations.
     */
    void restore();

  private:
    /** @brief sdbusplus handler */
    sdbusplus::bus::bus &bus;

    /** @brief object path for the manager object*/
    const std::string path;

    /** @brief available privileges container */
    std::set<std::string> privMgr = {"priv-admin", "priv-operator", "priv-user",
                                     "priv-callback"};

    /** @brief Id of the last privilege mapper entry */
    Id entryId = 0;

    /** @brief container to hold privilege mapper objects */
    std::map<Id, std::unique_ptr<phosphor::user::LDAPMapperEntry>>
        PrivilegeMapperList;
};

} // namespace user
} // namespace phosphor
OpenPOWER on IntegriCloud