Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 0b6b8013f8522619e776a9317483d1bfa9c30b51 / . / test / ldap_config_test.cpp
blob: c210b848e86c40a7039fd347b86479599fbb73c7 [file] [log] [blame]
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]1#include "config.h"
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]2
Ratan Gupta37fb3fe2019-04-13 12:54:18 +0530[diff] [blame]3#include "phosphor-ldap-config/ldap_config.hpp"
Ratan Guptae1f4db62019-04-11 18:57:42 +0530[diff] [blame]4#include "phosphor-ldap-config/ldap_config_mgr.hpp"
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]5
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]6#include <sys/types.h>
7
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]8#include <phosphor-logging/elog-errors.hpp>
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]9#include <phosphor-logging/log.hpp>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]10#include <sdbusplus/bus.hpp>
11#include <xyz/openbmc_project/Common/error.hpp>
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]12#include <xyz/openbmc_project/User/Common/error.hpp>
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]13
14#include <filesystem>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]15#include <fstream>
16#include <string>
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]17
18#include <gmock/gmock.h>
19#include <gtest/gtest.h>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]20
21namespace phosphor
22{
23namespace ldap
24{
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]25namespace fs = std::filesystem;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]26namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server;
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]27using NotAllowed = sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
28using NotAllowedArgument = xyz::openbmc_project::Common::NotAllowed;
29
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]30using Config = phosphor::ldap::Config;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]31using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
32 Error::PrivilegeMappingExists;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]33
34class TestLDAPConfig : public testing::Test
35{
36 public:
37 TestLDAPConfig() : bus(sdbusplus::bus::new_default())
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]38 {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]39 void SetUp() override
40 {
41 using namespace phosphor::ldap;
42 char tmpldap[] = "/tmp/ldap_test.XXXXXX";
43 dir = fs::path(mkdtemp(tmpldap));
Zbigniew Kurzynski5d00cf22019-10-03 12:10:20 +0200[diff] [blame]44 fs::path tlsCacertFilePath{TLS_CACERT_PATH};
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]45 tlsCACertFile = tlsCacertFilePath.filename().c_str();
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]46 fs::path tlsCertFilePath{TLS_CERT_FILE};
47 tlsCertFile = tlsCertFilePath.filename().c_str();
48
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]49 fs::path confFilePath{LDAP_CONFIG_FILE};
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]50 ldapConfFile = confFilePath.filename().c_str();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]51 std::fstream fs;
52 fs.open(dir / defaultNslcdFile, std::fstream::out);
53 fs.close();
54 fs.open(dir / nsSwitchFile, std::fstream::out);
55 fs.close();
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]56 fs.open(dir / tlsCACertFile, std::fstream::out);
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]57 fs.close();
58 fs.open(dir / tlsCertFile, std::fstream::out);
59 fs.close();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]60 }
61
62 void TearDown() override
63 {
64 fs::remove_all(dir);
65 }
66
67 protected:
68 fs::path dir;
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]69 std::string tlsCACertFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]70 std::string tlsCertFile;
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]71 std::string ldapConfFile;
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]72 sdbusplus::bus_t bus;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]73};
74
75class MockConfigMgr : public phosphor::ldap::ConfigMgr
76{
77 public:
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]78 MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
79 const char* dbusPersistentFile, const char* caCertFile,
80 const char* certFile) :
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]81 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]82 caCertFile, certFile)
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]83 {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]84 MOCK_METHOD1(restartService, void(const std::string& service));
85 MOCK_METHOD1(stopService, void(const std::string& service));
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]86 std::unique_ptr<Config>& getOpenLdapConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]87 {
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]88 return openLDAPConfigPtr;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]89 }
90
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]91 std::string configBindPassword()
92 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]93 return getADConfigPtr()->ldapBindPassword;
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]94 }
95
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]96 std::unique_ptr<Config>& getADConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]97 {
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]98 return ADConfigPtr;
99 }
100 void restore()
101 {
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]102 phosphor::ldap::ConfigMgr::restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]103 return;
104 }
105
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]106 void createDefaultObjects()
107 {
108 phosphor::ldap::ConfigMgr::createDefaultObjects();
109 }
110
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]111 bool secureLDAP()
112 {
113 return ADConfigPtr->secureLDAP;
114 }
115
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]116 friend class TestLDAPConfig;
117};
118
119TEST_F(TestLDAPConfig, testCreate)
120{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]121 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
122 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
123 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]124 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]125
126 if (fs::exists(configFilePath))
127 {
128 fs::remove(configFilePath);
129 }
130 EXPECT_FALSE(fs::exists(configFilePath));
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]131 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]132 dbusPersistentFilePath.c_str(),
133 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]134
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]135 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2);
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]136 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2);
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]137 EXPECT_CALL(manager, restartService("nscd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]138
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]139 manager.createConfig(
140 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp",
141 "MyLdap12", ldap_base::Create::SearchScope::sub,
142 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]143 manager.getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]144
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]145 manager.createConfig("ldap://9.194.251.137/", "cn=Users",
146 "cn=Users,dc=test", "MyLdap123",
147 ldap_base::Create::SearchScope::sub,
148 ldap_base::Create::Type::OpenLdap, "uid", "gid");
149 manager.getOpenLdapConfigPtr()->enabled(false);
150
151 // Below setting of username/groupname attr is to make sure
152 // that in-active config should not call the start/stop service.
153 manager.getOpenLdapConfigPtr()->userNameAttribute("abc");
154 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc");
155
156 manager.getOpenLdapConfigPtr()->groupNameAttribute("def");
157 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def");
158
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]159 EXPECT_TRUE(fs::exists(configFilePath));
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]160 EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]161 "ldap://9.194.251.136/");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]162 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
163 EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
164 EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]165 ldap_base::Config::SearchScope::sub);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]166 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]167 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]168
169 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid");
170 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]171 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]172 EXPECT_EQ(manager.configBindPassword(), "MyLdap12");
173 // change the password
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]174 manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14");
175 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]176 EXPECT_EQ(manager.configBindPassword(), "MyLdap14");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]177}
178
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]179TEST_F(TestLDAPConfig, testDefaultObject)
180{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]181 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
182 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
183 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]184 auto dbusPersistentFilePath = std::string(dir.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]185
186 if (fs::exists(configFilePath))
187 {
188 fs::remove(configFilePath);
189 }
190 EXPECT_FALSE(fs::exists(configFilePath));
191
192 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]193 dbusPersistentFilePath.c_str(),
194 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]195
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]196 manager.createDefaultObjects();
197
198 EXPECT_NE(nullptr, manager.getADConfigPtr());
199 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]200 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]201 ldap_base::Config::Type::ActiveDirectory);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]202 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]203 ldap_base::Config::Type::OpenLdap);
204}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]205
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]206TEST_F(TestLDAPConfig, testRestoresDefault)
207{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]208 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
209 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
210 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]211 auto dbusPersistentFilePath = std::string(dir.c_str());
212
213 if (fs::exists(configFilePath))
214 {
215 fs::remove(configFilePath);
216 }
217 EXPECT_FALSE(fs::exists(configFilePath));
218
219 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]220 dbusPersistentFilePath.c_str(),
221 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]222
223 EXPECT_CALL(manager, stopService("nslcd.service")).Times(1);
224 EXPECT_CALL(manager, restartService("nslcd.service")).Times(0);
225 EXPECT_CALL(manager, restartService("nscd.service")).Times(0);
226
227 manager.restore();
228
229 EXPECT_NE(nullptr, manager.getADConfigPtr());
230 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
231 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
232 ldap_base::Config::Type::ActiveDirectory);
233 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
234 ldap_base::Config::Type::OpenLdap);
235 EXPECT_FALSE(manager.getADConfigPtr()->enabled());
236 EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled());
237}
238
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]239TEST_F(TestLDAPConfig, testRestores)
240{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]241 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
242 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
243 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]244 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]245
246 if (fs::exists(configFilePath))
247 {
248 fs::remove(configFilePath);
249 }
250 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]251 MockConfigMgr* managerPtr =
252 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]253 dbusPersistentFilePath.c_str(),
254 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]255 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]256 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]257 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]258 managerPtr->createConfig(
259 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
260 "MyLdap12", ldap_base::Create::SearchScope::sub,
261 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]262 managerPtr->getADConfigPtr()->enabled(false);
263 EXPECT_FALSE(fs::exists(configFilePath));
264 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled());
265 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]266
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]267 EXPECT_TRUE(fs::exists(configFilePath));
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]268 // Restore from configFilePath
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]269 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]270 // validate restored properties
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]271 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled());
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]272 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]273 "ldap://9.194.251.138/");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]274 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
275 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
276 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]277 ldap_base::Config::SearchScope::sub);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]278 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]279 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]280 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid");
281 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]282 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]283 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]284 delete managerPtr;
285}
286
287TEST_F(TestLDAPConfig, testLDAPServerURI)
288{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]289 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
290 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
291 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]292 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]293
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]294 if (fs::exists(configFilePath))
295 {
296 fs::remove(configFilePath);
297 }
298 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]299 MockConfigMgr* managerPtr =
300 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]301 dbusPersistentFilePath.c_str(),
302 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]303
304 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]305 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]306 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]307
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]308 managerPtr->createConfig(
309 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
310 "MyLdap12", ldap_base::Create::SearchScope::sub,
311 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]312 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]313
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]314 // Change LDAP Server URI
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]315 managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/");
316 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]317 "ldap://9.194.251.139/");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]318
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]319 fs::remove(tlsCACertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]320 // Change LDAP Server URI to make it secure
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]321 EXPECT_THROW(
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]322 managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]323 NoCACertificate);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]324
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]325 // check once again
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]326 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]327 "ldap://9.194.251.139/");
328
329 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]330 // Check LDAP Server URI
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]331 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]332 "ldap://9.194.251.139/");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]333 delete managerPtr;
334}
335
336TEST_F(TestLDAPConfig, testLDAPBindDN)
337{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]338 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
339 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
340 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]341 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]342
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]343 if (fs::exists(configFilePath))
344 {
345 fs::remove(configFilePath);
346 }
347 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]348 MockConfigMgr* managerPtr =
349 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]350 dbusPersistentFilePath.c_str(),
351 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]352
353 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]354 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]355 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]356
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]357 managerPtr->createConfig(
358 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
359 "MyLdap12", ldap_base::Create::SearchScope::sub,
360 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]361 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]362
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]363 // Change LDAP BindDN
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]364 managerPtr->getADConfigPtr()->ldapBindDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]365 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]366 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]367 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
368 // Change LDAP BindDN
369 EXPECT_THROW(
370 {
371 try
372 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]373 managerPtr->getADConfigPtr()->ldapBindDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]374 }
375 catch (const InvalidArgument& e)
376 {
377 throw;
378 }
379 },
380 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]381
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]382 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]383 // Check LDAP BindDN after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]384 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]385 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
386 delete managerPtr;
387}
388
389TEST_F(TestLDAPConfig, testLDAPBaseDN)
390{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]391 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
392 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
393 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]394 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]395
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]396 if (fs::exists(configFilePath))
397 {
398 fs::remove(configFilePath);
399 }
400 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]401 MockConfigMgr* managerPtr =
402 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]403 dbusPersistentFilePath.c_str(),
404 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]405 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]406 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]407 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]408 managerPtr->createConfig(
409 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
410 "MyLdap12", ldap_base::Create::SearchScope::sub,
411 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]412 managerPtr->getADConfigPtr()->enabled(true);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]413 // Change LDAP BaseDN
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]414 managerPtr->getADConfigPtr()->ldapBaseDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]415 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]416 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]417 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
418 // Change LDAP BaseDN
419 EXPECT_THROW(
420 {
421 try
422 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]423 managerPtr->getADConfigPtr()->ldapBaseDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]424 }
425 catch (const InvalidArgument& e)
426 {
427 throw;
428 }
429 },
430 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]431
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]432 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]433 // Check LDAP BaseDN after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]434 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]435 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
436 delete managerPtr;
437}
438
439TEST_F(TestLDAPConfig, testSearchScope)
440{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]441 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
442 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
443 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]444 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]445
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]446 if (fs::exists(configFilePath))
447 {
448 fs::remove(configFilePath);
449 }
450 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]451 MockConfigMgr* managerPtr =
452 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]453 dbusPersistentFilePath.c_str(),
454 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]455 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]456 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]457 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]458 managerPtr->createConfig(
459 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
460 "MyLdap12", ldap_base::Create::SearchScope::sub,
461 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]462 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]463
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]464 // Change LDAP SearchScope
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]465 managerPtr->getADConfigPtr()->ldapSearchScope(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]466 ldap_base::Config::SearchScope::one);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]467 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]468 ldap_base::Config::SearchScope::one);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]469
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]470 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]471 // Check LDAP SearchScope after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]472 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]473 ldap_base::Config::SearchScope::one);
474 delete managerPtr;
475}
476
477TEST_F(TestLDAPConfig, testLDAPType)
478{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]479 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
480 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
481 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]482 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]483
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]484 if (fs::exists(configFilePath))
485 {
486 fs::remove(configFilePath);
487 }
488 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]489 MockConfigMgr* managerPtr =
490 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]491 dbusPersistentFilePath.c_str(),
492 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]493 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]494 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]495 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]496 managerPtr->createConfig(
497 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
498 "MyLdap12", ldap_base::Create::SearchScope::sub,
499 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]500 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]501
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]502 // Change LDAP type
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]503 // will not be changed
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]504 EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType(
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]505 ldap_base::Config::Type::OpenLdap),
506 NotAllowed);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]507 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]508 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]509
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]510 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]511 // Check LDAP type after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]512 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]513 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]514 delete managerPtr;
515}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]516
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]517TEST_F(TestLDAPConfig, testsecureLDAPRestore)
518{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]519 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
520 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
521 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]522 auto dbusPersistentFilePath = std::string(dir.c_str());
523
524 if (fs::exists(configFilePath))
525 {
526 fs::remove(configFilePath);
527 }
528 EXPECT_FALSE(fs::exists(configFilePath));
529 MockConfigMgr* managerPtr =
530 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]531 dbusPersistentFilePath.c_str(),
532 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]533 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]534 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]535 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
536 managerPtr->createConfig(
537 "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
538 "MyLdap12", ldap_base::Create::SearchScope::sub,
539 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
540 managerPtr->getADConfigPtr()->enabled(true);
541 EXPECT_TRUE(managerPtr->secureLDAP());
542 managerPtr->restore();
543 // Check secureLDAP variable value after restoring
544 EXPECT_TRUE(managerPtr->secureLDAP());
545
546 delete managerPtr;
547}
548
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]549TEST_F(TestLDAPConfig, filePermission)
550{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]551 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
552 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
553 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]554 auto dbusPersistentFilePath = std::string(dir.c_str());
555
556 if (fs::exists(configFilePath))
557 {
558 fs::remove(configFilePath);
559 }
560 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]561 MockConfigMgr* managerPtr =
562 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]563 dbusPersistentFilePath.c_str(),
564 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]565 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
566 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
567 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
568 managerPtr->createConfig(
569 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
570 "MyLdap12", ldap_base::Create::SearchScope::sub,
571 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
572 managerPtr->getADConfigPtr()->enabled(true);
573
574 // Permission of the persistent file should be 640
575 // Others should not be allowed to read.
576 auto permission =
577 fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read;
578 auto persistFilepath = std::string(dir.c_str());
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]579 persistFilepath += adDbusObjectPath;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]580 persistFilepath += "/config";
581
582 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission);
583 delete managerPtr;
584}
585
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]586TEST_F(TestLDAPConfig, ConditionalEnableConfig)
587{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]588 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
589 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
590 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]591 auto dbusPersistentFilePath = std::string(dir.c_str());
592
593 if (fs::exists(configFilePath))
594 {
595 fs::remove(configFilePath);
596 }
597 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]598 MockConfigMgr* managerPtr =
599 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]600 dbusPersistentFilePath.c_str(),
601 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]602 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3);
603 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
604 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2);
605 managerPtr->createConfig(
606 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
607 "MyLdap12", ldap_base::Create::SearchScope::sub,
608 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
609
610 managerPtr->createConfig(
611 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp",
612 "MyLdap123", ldap_base::Create::SearchScope::sub,
613 ldap_base::Create::Type::OpenLdap, "attr1", "attr2");
614
615 // Enable the AD configuration
616 managerPtr->getADConfigPtr()->enabled(true);
617
618 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
619 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
620
621 // AS AD is already enabled so openldap can't be enabled.
622 EXPECT_THROW(
623 {
624 try
625 {
626 managerPtr->getOpenLdapConfigPtr()->enabled(true);
627 }
628 catch (const NotAllowed& e)
629 {
630 throw;
631 }
632 },
633 NotAllowed);
634 // Check the values
635 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
636 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
637 // Let's disable the AD.
638 managerPtr->getADConfigPtr()->enabled(false);
639 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
640 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
641 // Now enable the openldap
642 managerPtr->getOpenLdapConfigPtr()->enabled(true);
643 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true);
644 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
645
646 delete managerPtr;
647}
648
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]649TEST_F(TestLDAPConfig, createPrivMapping)
650{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]651 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
652 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
653 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]654 auto dbusPersistentFilePath = std::string(dir.c_str());
655
656 if (fs::exists(configFilePath))
657 {
658 fs::remove(configFilePath);
659 }
660 EXPECT_FALSE(fs::exists(configFilePath));
661 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]662 dbusPersistentFilePath.c_str(),
663 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]664 manager.createDefaultObjects();
665 // Create the priv-mapping under the config.
666 manager.getADConfigPtr()->create("admin", "priv-admin");
667 // Check whether the entry has been created.
668 EXPECT_THROW(
669 {
670 try
671 {
672 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
673 }
674 catch (const PrivilegeMappingExists& e)
675 {
676 throw;
677 }
678 },
679 PrivilegeMappingExists);
680}
681
682TEST_F(TestLDAPConfig, deletePrivMapping)
683{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]684 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
685 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
686 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]687 auto dbusPersistentFilePath = std::string(dir.c_str());
688
689 if (fs::exists(configFilePath))
690 {
691 fs::remove(configFilePath);
692 }
693 EXPECT_FALSE(fs::exists(configFilePath));
694 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]695 dbusPersistentFilePath.c_str(),
696 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]697 manager.createDefaultObjects();
698 // Create the priv-mapping under the config.
699 manager.getADConfigPtr()->create("admin", "priv-admin");
700 manager.getADConfigPtr()->create("user", "priv-user");
701 // Check whether the entry has been created.
702 EXPECT_THROW(
703 {
704 try
705 {
706 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
707 manager.getADConfigPtr()->checkPrivilegeMapper("user");
708 }
709 catch (const PrivilegeMappingExists& e)
710 {
711 throw;
712 }
713 },
714 PrivilegeMappingExists);
715
716 // This would delete the admin privilege
717 manager.getADConfigPtr()->deletePrivilegeMapper(1);
718 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"));
719 manager.getADConfigPtr()->deletePrivilegeMapper(2);
720 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user"));
721}
722
723TEST_F(TestLDAPConfig, restorePrivMapping)
724{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]725 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
726 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
727 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]728 auto dbusPersistentFilePath = std::string(dir.c_str());
729
730 if (fs::exists(configFilePath))
731 {
732 fs::remove(configFilePath);
733 }
734 EXPECT_FALSE(fs::exists(configFilePath));
735 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]736 dbusPersistentFilePath.c_str(),
737 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]738 manager.createDefaultObjects();
739 // Create the priv-mapping under the config.
740 manager.getADConfigPtr()->create("admin", "priv-admin");
741 manager.getOpenLdapConfigPtr()->create("user", "priv-user");
742 manager.restore();
743 EXPECT_THROW(
744 {
745 try
746 {
747 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
748 }
749 catch (const PrivilegeMappingExists& e)
750 {
751 throw;
752 }
753 },
754 PrivilegeMappingExists);
755
756 EXPECT_THROW(
757 {
758 try
759 {
760 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user");
761 }
762 catch (const PrivilegeMappingExists& e)
763 {
764 throw;
765 }
766 },
767 PrivilegeMappingExists);
768}
769
770TEST_F(TestLDAPConfig, testPrivileges)
771{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]772 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
773 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
774 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]775 auto dbusPersistentFilePath = std::string(dir.c_str());
776
777 if (fs::exists(configFilePath))
778 {
779 fs::remove(configFilePath);
780 }
781 EXPECT_FALSE(fs::exists(configFilePath));
782 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]783 dbusPersistentFilePath.c_str(),
784 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]785 manager.createDefaultObjects();
786
787 std::string groupName = "admin";
788 std::string privilege = "priv-admin";
789 size_t entryId = 1;
790 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
791 "/active_directory/role_map/" + std::to_string(entryId);
792 dbusPersistentFilePath += dbusPath;
793
794 auto entry = std::make_unique<LDAPMapperEntry>(
795 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName,
796 privilege, *(manager.getADConfigPtr()));
797
798 EXPECT_NO_THROW(entry->privilege("priv-operator"));
799 EXPECT_NO_THROW(entry->privilege("priv-user"));
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]800}
801
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]802} // namespace ldap
803} // namespace phosphor