blob: 6f7d1f7f75e425ea7c3595892b7bad6b04709e15 [file] [log] [blame]
#include "config.h"
#include "phosphor-ldap-config/ldap_config.hpp"
#include "phosphor-ldap-config/ldap_config_mgr.hpp"
#include <sys/types.h>
#include <phosphor-logging/elog-errors.hpp>
#include <phosphor-logging/log.hpp>
#include <sdbusplus/bus.hpp>
#include <xyz/openbmc_project/Common/error.hpp>
#include <xyz/openbmc_project/User/Common/error.hpp>
#include <filesystem>
#include <fstream>
#include <string>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
namespace phosphor
{
namespace ldap
{
namespace fs = std::filesystem;
namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server;
using NotAllowed = sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
using NotAllowedArgument = xyz::openbmc_project::Common::NotAllowed;
using Config = phosphor::ldap::Config;
static constexpr const char* dbusPersistFile = "Config";
using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
Error::PrivilegeMappingExists;
class TestLDAPConfig : public testing::Test
{
public:
TestLDAPConfig() : bus(sdbusplus::bus::new_default())
{}
void SetUp() override
{
using namespace phosphor::ldap;
char tmpldap[] = "/tmp/ldap_test.XXXXXX";
dir = fs::path(mkdtemp(tmpldap));
fs::path tlsCacertFilePath{TLS_CACERT_PATH};
tlsCacertFile = tlsCacertFilePath.filename().c_str();
fs::path tlsCertFilePath{TLS_CERT_FILE};
tlsCertFile = tlsCertFilePath.filename().c_str();
fs::path confFilePath{LDAP_CONFIG_FILE};
ldapconfFile = confFilePath.filename().c_str();
std::fstream fs;
fs.open(dir / defaultNslcdFile, std::fstream::out);
fs.close();
fs.open(dir / nsSwitchFile, std::fstream::out);
fs.close();
fs.open(dir / tlsCacertFile, std::fstream::out);
fs.close();
fs.open(dir / tlsCertFile, std::fstream::out);
fs.close();
}
void TearDown() override
{
fs::remove_all(dir);
}
protected:
fs::path dir;
std::string tlsCacertFile;
std::string tlsCertFile;
std::string ldapconfFile;
sdbusplus::bus_t bus;
};
class MockConfigMgr : public phosphor::ldap::ConfigMgr
{
public:
MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
const char* dbusPersistentFile, const char* caCertFile,
const char* certFile) :
phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
caCertFile, certFile)
{}
MOCK_METHOD1(restartService, void(const std::string& service));
MOCK_METHOD1(stopService, void(const std::string& service));
std::unique_ptr<Config>& getOpenLdapConfigPtr()
{
return openLDAPConfigPtr;
}
std::string configBindPassword()
{
return getADConfigPtr()->ldapBindPassword;
}
std::unique_ptr<Config>& getADConfigPtr()
{
return ADConfigPtr;
}
void restore()
{
phosphor::ldap::ConfigMgr::restore();
return;
}
void createDefaultObjects()
{
phosphor::ldap::ConfigMgr::createDefaultObjects();
}
bool secureLDAP()
{
return ADConfigPtr->secureLDAP;
}
friend class TestLDAPConfig;
};
TEST_F(TestLDAPConfig, testCreate)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(manager, stopService("nslcd.service")).Times(2);
EXPECT_CALL(manager, restartService("nslcd.service")).Times(2);
EXPECT_CALL(manager, restartService("nscd.service")).Times(2);
manager.createConfig(
"ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
manager.getADConfigPtr()->enabled(true);
manager.createConfig("ldap://9.194.251.137/", "cn=Users",
"cn=Users,dc=test", "MyLdap123",
ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::OpenLdap, "uid", "gid");
manager.getOpenLdapConfigPtr()->enabled(false);
// Below setting of username/groupname attr is to make sure
// that in-active config should not call the start/stop service.
manager.getOpenLdapConfigPtr()->userNameAttribute("abc");
EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc");
manager.getOpenLdapConfigPtr()->groupNameAttribute("def");
EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def");
EXPECT_TRUE(fs::exists(configFilePath));
EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(),
"ldap://9.194.251.136/");
EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(),
ldap_base::Config::SearchScope::sub);
EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
ldap_base::Config::Type::ActiveDirectory);
EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid");
EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid");
EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
EXPECT_EQ(manager.configBindPassword(), "MyLdap12");
// change the password
manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14");
EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
EXPECT_EQ(manager.configBindPassword(), "MyLdap14");
}
TEST_F(TestLDAPConfig, testDefaultObject)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
manager.createDefaultObjects();
EXPECT_NE(nullptr, manager.getADConfigPtr());
EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
ldap_base::Config::Type::ActiveDirectory);
EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
ldap_base::Config::Type::OpenLdap);
}
TEST_F(TestLDAPConfig, testRestoresDefault)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(manager, stopService("nslcd.service")).Times(1);
EXPECT_CALL(manager, restartService("nslcd.service")).Times(0);
EXPECT_CALL(manager, restartService("nscd.service")).Times(0);
manager.restore();
EXPECT_NE(nullptr, manager.getADConfigPtr());
EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
ldap_base::Config::Type::ActiveDirectory);
EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
ldap_base::Config::Type::OpenLdap);
EXPECT_FALSE(manager.getADConfigPtr()->enabled());
EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled());
}
TEST_F(TestLDAPConfig, testRestores)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
managerPtr->getADConfigPtr()->enabled(false);
EXPECT_FALSE(fs::exists(configFilePath));
EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled());
managerPtr->getADConfigPtr()->enabled(true);
EXPECT_TRUE(fs::exists(configFilePath));
// Restore from configFilePath
managerPtr->restore();
// validate restored properties
EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled());
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
"ldap://9.194.251.138/");
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
ldap_base::Config::SearchScope::sub);
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
ldap_base::Config::Type::ActiveDirectory);
EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid");
EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid");
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), "");
EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12");
delete managerPtr;
}
TEST_F(TestLDAPConfig, testLDAPServerURI)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->getADConfigPtr()->enabled(true);
// Change LDAP Server URI
managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/");
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
"ldap://9.194.251.139/");
fs::remove(tlsCacertfile.c_str());
// Change LDAP Server URI to make it secure
EXPECT_THROW(
managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"),
NoCACertificate);
// check once again
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
"ldap://9.194.251.139/");
managerPtr->restore();
// Check LDAP Server URI
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
"ldap://9.194.251.139/");
delete managerPtr;
}
TEST_F(TestLDAPConfig, testLDAPBindDN)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->getADConfigPtr()->enabled(true);
// Change LDAP BindDN
managerPtr->getADConfigPtr()->ldapBindDN(
"cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
"cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
// Change LDAP BindDN
EXPECT_THROW(
{
try
{
managerPtr->getADConfigPtr()->ldapBindDN("");
}
catch (const InvalidArgument& e)
{
throw;
}
},
InvalidArgument);
managerPtr->restore();
// Check LDAP BindDN after restoring
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
"cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
delete managerPtr;
}
TEST_F(TestLDAPConfig, testLDAPBaseDN)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->getADConfigPtr()->enabled(true);
// Change LDAP BaseDN
managerPtr->getADConfigPtr()->ldapBaseDN(
"cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
"cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
// Change LDAP BaseDN
EXPECT_THROW(
{
try
{
managerPtr->getADConfigPtr()->ldapBaseDN("");
}
catch (const InvalidArgument& e)
{
throw;
}
},
InvalidArgument);
managerPtr->restore();
// Check LDAP BaseDN after restoring
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
"cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
delete managerPtr;
}
TEST_F(TestLDAPConfig, testSearchScope)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->getADConfigPtr()->enabled(true);
// Change LDAP SearchScope
managerPtr->getADConfigPtr()->ldapSearchScope(
ldap_base::Config::SearchScope::one);
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
ldap_base::Config::SearchScope::one);
managerPtr->restore();
// Check LDAP SearchScope after restoring
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
ldap_base::Config::SearchScope::one);
delete managerPtr;
}
TEST_F(TestLDAPConfig, testLDAPType)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->getADConfigPtr()->enabled(true);
// Change LDAP type
// will not be changed
EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType(
ldap_base::Config::Type::OpenLdap),
NotAllowed);
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
ldap_base::Config::Type::ActiveDirectory);
managerPtr->restore();
// Check LDAP type after restoring
EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
ldap_base::Config::Type::ActiveDirectory);
delete managerPtr;
}
TEST_F(TestLDAPConfig, testsecureLDAPRestore)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->getADConfigPtr()->enabled(true);
EXPECT_TRUE(managerPtr->secureLDAP());
managerPtr->restore();
// Check secureLDAP variable value after restoring
EXPECT_TRUE(managerPtr->secureLDAP());
delete managerPtr;
}
TEST_F(TestLDAPConfig, filePermission)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->getADConfigPtr()->enabled(true);
// Permission of the persistent file should be 640
// Others should not be allowed to read.
auto permission =
fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read;
auto persistFilepath = std::string(dir.c_str());
persistFilepath += ADDbusObjectPath;
persistFilepath += "/config";
EXPECT_EQ(fs::status(persistFilepath).permissions(), permission);
delete managerPtr;
}
TEST_F(TestLDAPConfig, ConditionalEnableConfig)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr* managerPtr =
new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3);
EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2);
managerPtr->createConfig(
"ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
"MyLdap12", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
managerPtr->createConfig(
"ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp",
"MyLdap123", ldap_base::Create::SearchScope::sub,
ldap_base::Create::Type::OpenLdap, "attr1", "attr2");
// Enable the AD configuration
managerPtr->getADConfigPtr()->enabled(true);
EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
// AS AD is already enabled so openldap can't be enabled.
EXPECT_THROW(
{
try
{
managerPtr->getOpenLdapConfigPtr()->enabled(true);
}
catch (const NotAllowed& e)
{
throw;
}
},
NotAllowed);
// Check the values
EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
// Let's disable the AD.
managerPtr->getADConfigPtr()->enabled(false);
EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
// Now enable the openldap
managerPtr->getOpenLdapConfigPtr()->enabled(true);
EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true);
EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
delete managerPtr;
}
TEST_F(TestLDAPConfig, createPrivMapping)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
manager.createDefaultObjects();
// Create the priv-mapping under the config.
manager.getADConfigPtr()->create("admin", "priv-admin");
// Check whether the entry has been created.
EXPECT_THROW(
{
try
{
manager.getADConfigPtr()->checkPrivilegeMapper("admin");
}
catch (const PrivilegeMappingExists& e)
{
throw;
}
},
PrivilegeMappingExists);
}
TEST_F(TestLDAPConfig, deletePrivMapping)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
manager.createDefaultObjects();
// Create the priv-mapping under the config.
manager.getADConfigPtr()->create("admin", "priv-admin");
manager.getADConfigPtr()->create("user", "priv-user");
// Check whether the entry has been created.
EXPECT_THROW(
{
try
{
manager.getADConfigPtr()->checkPrivilegeMapper("admin");
manager.getADConfigPtr()->checkPrivilegeMapper("user");
}
catch (const PrivilegeMappingExists& e)
{
throw;
}
},
PrivilegeMappingExists);
// This would delete the admin privilege
manager.getADConfigPtr()->deletePrivilegeMapper(1);
EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"));
manager.getADConfigPtr()->deletePrivilegeMapper(2);
EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user"));
}
TEST_F(TestLDAPConfig, restorePrivMapping)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
manager.createDefaultObjects();
// Create the priv-mapping under the config.
manager.getADConfigPtr()->create("admin", "priv-admin");
manager.getOpenLdapConfigPtr()->create("user", "priv-user");
manager.restore();
EXPECT_THROW(
{
try
{
manager.getADConfigPtr()->checkPrivilegeMapper("admin");
}
catch (const PrivilegeMappingExists& e)
{
throw;
}
},
PrivilegeMappingExists);
EXPECT_THROW(
{
try
{
manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user");
}
catch (const PrivilegeMappingExists& e)
{
throw;
}
},
PrivilegeMappingExists);
}
TEST_F(TestLDAPConfig, testPrivileges)
{
auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
auto dbusPersistentFilePath = std::string(dir.c_str());
if (fs::exists(configFilePath))
{
fs::remove(configFilePath);
}
EXPECT_FALSE(fs::exists(configFilePath));
MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
tlsCertfile.c_str());
manager.createDefaultObjects();
std::string groupName = "admin";
std::string privilege = "priv-admin";
size_t entryId = 1;
auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
"/active_directory/role_map/" + std::to_string(entryId);
dbusPersistentFilePath += dbusPath;
auto entry = std::make_unique<LDAPMapperEntry>(
bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName,
privilege, *(manager.getADConfigPtr()));
EXPECT_NO_THROW(entry->privilege("priv-operator"));
EXPECT_NO_THROW(entry->privilege("priv-user"));
}
} // namespace ldap
} // namespace phosphor