Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 3b80d01d6fdf0d3fb3daa0cda97ff6590e759834 / . / test / ldap_config_test.cpp
blob: 6f7d1f7f75e425ea7c3595892b7bad6b04709e15 [file] [log] [blame]
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]1#include "config.h"
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]2
Ratan Gupta37fb3fe2019-04-13 12:54:18 +0530[diff] [blame]3#include "phosphor-ldap-config/ldap_config.hpp"
Ratan Guptae1f4db62019-04-11 18:57:42 +0530[diff] [blame]4#include "phosphor-ldap-config/ldap_config_mgr.hpp"
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]5
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]6#include <sys/types.h>
7
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]8#include <phosphor-logging/elog-errors.hpp>
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]9#include <phosphor-logging/log.hpp>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]10#include <sdbusplus/bus.hpp>
11#include <xyz/openbmc_project/Common/error.hpp>
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]12#include <xyz/openbmc_project/User/Common/error.hpp>
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]13
14#include <filesystem>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]15#include <fstream>
16#include <string>
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]17
18#include <gmock/gmock.h>
19#include <gtest/gtest.h>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]20
21namespace phosphor
22{
23namespace ldap
24{
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]25namespace fs = std::filesystem;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]26namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server;
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]27using NotAllowed = sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
28using NotAllowedArgument = xyz::openbmc_project::Common::NotAllowed;
29
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]30using Config = phosphor::ldap::Config;
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]31static constexpr const char* dbusPersistFile = "Config";
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]32using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
33 Error::PrivilegeMappingExists;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]34
35class TestLDAPConfig : public testing::Test
36{
37 public:
38 TestLDAPConfig() : bus(sdbusplus::bus::new_default())
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]39 {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]40 void SetUp() override
41 {
42 using namespace phosphor::ldap;
43 char tmpldap[] = "/tmp/ldap_test.XXXXXX";
44 dir = fs::path(mkdtemp(tmpldap));
Zbigniew Kurzynski5d00cf22019-10-03 12:10:20 +0200[diff] [blame]45 fs::path tlsCacertFilePath{TLS_CACERT_PATH};
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]46 tlsCacertFile = tlsCacertFilePath.filename().c_str();
47 fs::path tlsCertFilePath{TLS_CERT_FILE};
48 tlsCertFile = tlsCertFilePath.filename().c_str();
49
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]50 fs::path confFilePath{LDAP_CONFIG_FILE};
51 ldapconfFile = confFilePath.filename().c_str();
52 std::fstream fs;
53 fs.open(dir / defaultNslcdFile, std::fstream::out);
54 fs.close();
55 fs.open(dir / nsSwitchFile, std::fstream::out);
56 fs.close();
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]57 fs.open(dir / tlsCacertFile, std::fstream::out);
58 fs.close();
59 fs.open(dir / tlsCertFile, std::fstream::out);
60 fs.close();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]61 }
62
63 void TearDown() override
64 {
65 fs::remove_all(dir);
66 }
67
68 protected:
69 fs::path dir;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]70 std::string tlsCacertFile;
71 std::string tlsCertFile;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]72 std::string ldapconfFile;
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]73 sdbusplus::bus_t bus;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]74};
75
76class MockConfigMgr : public phosphor::ldap::ConfigMgr
77{
78 public:
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]79 MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
80 const char* dbusPersistentFile, const char* caCertFile,
81 const char* certFile) :
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]82 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]83 caCertFile, certFile)
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]84 {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]85 MOCK_METHOD1(restartService, void(const std::string& service));
86 MOCK_METHOD1(stopService, void(const std::string& service));
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]87 std::unique_ptr<Config>& getOpenLdapConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]88 {
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]89 return openLDAPConfigPtr;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]90 }
91
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]92 std::string configBindPassword()
93 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]94 return getADConfigPtr()->ldapBindPassword;
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]95 }
96
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]97 std::unique_ptr<Config>& getADConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]98 {
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]99 return ADConfigPtr;
100 }
101 void restore()
102 {
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]103 phosphor::ldap::ConfigMgr::restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]104 return;
105 }
106
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]107 void createDefaultObjects()
108 {
109 phosphor::ldap::ConfigMgr::createDefaultObjects();
110 }
111
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]112 bool secureLDAP()
113 {
114 return ADConfigPtr->secureLDAP;
115 }
116
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]117 friend class TestLDAPConfig;
118};
119
120TEST_F(TestLDAPConfig, testCreate)
121{
122 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]123 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
124 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]125 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]126
127 if (fs::exists(configFilePath))
128 {
129 fs::remove(configFilePath);
130 }
131 EXPECT_FALSE(fs::exists(configFilePath));
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]132 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]133 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
134 tlsCertfile.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]135
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]136 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2);
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]137 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2);
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]138 EXPECT_CALL(manager, restartService("nscd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]139
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]140 manager.createConfig(
141 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp",
142 "MyLdap12", ldap_base::Create::SearchScope::sub,
143 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]144 manager.getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]145
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]146 manager.createConfig("ldap://9.194.251.137/", "cn=Users",
147 "cn=Users,dc=test", "MyLdap123",
148 ldap_base::Create::SearchScope::sub,
149 ldap_base::Create::Type::OpenLdap, "uid", "gid");
150 manager.getOpenLdapConfigPtr()->enabled(false);
151
152 // Below setting of username/groupname attr is to make sure
153 // that in-active config should not call the start/stop service.
154 manager.getOpenLdapConfigPtr()->userNameAttribute("abc");
155 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc");
156
157 manager.getOpenLdapConfigPtr()->groupNameAttribute("def");
158 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def");
159
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]160 EXPECT_TRUE(fs::exists(configFilePath));
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]161 EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]162 "ldap://9.194.251.136/");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]163 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
164 EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
165 EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]166 ldap_base::Config::SearchScope::sub);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]167 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]168 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]169
170 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid");
171 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]172 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]173 EXPECT_EQ(manager.configBindPassword(), "MyLdap12");
174 // change the password
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]175 manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14");
176 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]177 EXPECT_EQ(manager.configBindPassword(), "MyLdap14");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]178}
179
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]180TEST_F(TestLDAPConfig, testDefaultObject)
181{
182 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]183 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
184 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]185 auto dbusPersistentFilePath = std::string(dir.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]186
187 if (fs::exists(configFilePath))
188 {
189 fs::remove(configFilePath);
190 }
191 EXPECT_FALSE(fs::exists(configFilePath));
192
193 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]194 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
195 tlsCertfile.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]196
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]197 manager.createDefaultObjects();
198
199 EXPECT_NE(nullptr, manager.getADConfigPtr());
200 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]201 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]202 ldap_base::Config::Type::ActiveDirectory);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]203 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]204 ldap_base::Config::Type::OpenLdap);
205}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]206
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]207TEST_F(TestLDAPConfig, testRestoresDefault)
208{
209 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
210 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
211 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
212 auto dbusPersistentFilePath = std::string(dir.c_str());
213
214 if (fs::exists(configFilePath))
215 {
216 fs::remove(configFilePath);
217 }
218 EXPECT_FALSE(fs::exists(configFilePath));
219
220 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
221 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
222 tlsCertfile.c_str());
223
224 EXPECT_CALL(manager, stopService("nslcd.service")).Times(1);
225 EXPECT_CALL(manager, restartService("nslcd.service")).Times(0);
226 EXPECT_CALL(manager, restartService("nscd.service")).Times(0);
227
228 manager.restore();
229
230 EXPECT_NE(nullptr, manager.getADConfigPtr());
231 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
232 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
233 ldap_base::Config::Type::ActiveDirectory);
234 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
235 ldap_base::Config::Type::OpenLdap);
236 EXPECT_FALSE(manager.getADConfigPtr()->enabled());
237 EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled());
238}
239
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]240TEST_F(TestLDAPConfig, testRestores)
241{
242 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]243 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
244 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]245 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]246
247 if (fs::exists(configFilePath))
248 {
249 fs::remove(configFilePath);
250 }
251 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]252 MockConfigMgr* managerPtr =
253 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
254 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
255 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]256 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]257 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]258 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]259 managerPtr->createConfig(
260 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
261 "MyLdap12", ldap_base::Create::SearchScope::sub,
262 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]263 managerPtr->getADConfigPtr()->enabled(false);
264 EXPECT_FALSE(fs::exists(configFilePath));
265 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled());
266 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]267
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]268 EXPECT_TRUE(fs::exists(configFilePath));
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]269 // Restore from configFilePath
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]270 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]271 // validate restored properties
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]272 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled());
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]273 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]274 "ldap://9.194.251.138/");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]275 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
276 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
277 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]278 ldap_base::Config::SearchScope::sub);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]279 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]280 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]281 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid");
282 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]283 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]284 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]285 delete managerPtr;
286}
287
288TEST_F(TestLDAPConfig, testLDAPServerURI)
289{
290 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]291 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
292 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]293 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]294
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]295 if (fs::exists(configFilePath))
296 {
297 fs::remove(configFilePath);
298 }
299 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]300 MockConfigMgr* managerPtr =
301 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
302 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
303 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]304
305 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]306 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]307 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]308
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]309 managerPtr->createConfig(
310 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
311 "MyLdap12", ldap_base::Create::SearchScope::sub,
312 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]313 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]314
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]315 // Change LDAP Server URI
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]316 managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/");
317 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]318 "ldap://9.194.251.139/");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]319
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]320 fs::remove(tlsCacertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]321 // Change LDAP Server URI to make it secure
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]322 EXPECT_THROW(
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]323 managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]324 NoCACertificate);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]325
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]326 // check once again
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]327 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]328 "ldap://9.194.251.139/");
329
330 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]331 // Check LDAP Server URI
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]332 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]333 "ldap://9.194.251.139/");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]334 delete managerPtr;
335}
336
337TEST_F(TestLDAPConfig, testLDAPBindDN)
338{
339 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]340 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
341 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]342 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]343
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]344 if (fs::exists(configFilePath))
345 {
346 fs::remove(configFilePath);
347 }
348 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]349 MockConfigMgr* managerPtr =
350 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
351 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
352 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]353
354 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]355 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]356 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]357
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]358 managerPtr->createConfig(
359 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
360 "MyLdap12", ldap_base::Create::SearchScope::sub,
361 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]362 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]363
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]364 // Change LDAP BindDN
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]365 managerPtr->getADConfigPtr()->ldapBindDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]366 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]367 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]368 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
369 // Change LDAP BindDN
370 EXPECT_THROW(
371 {
372 try
373 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]374 managerPtr->getADConfigPtr()->ldapBindDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]375 }
376 catch (const InvalidArgument& e)
377 {
378 throw;
379 }
380 },
381 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]382
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]383 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]384 // Check LDAP BindDN after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]385 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]386 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
387 delete managerPtr;
388}
389
390TEST_F(TestLDAPConfig, testLDAPBaseDN)
391{
392 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]393 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
394 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]395 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]396
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]397 if (fs::exists(configFilePath))
398 {
399 fs::remove(configFilePath);
400 }
401 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]402 MockConfigMgr* managerPtr =
403 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
404 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
405 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]406 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]407 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]408 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]409 managerPtr->createConfig(
410 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
411 "MyLdap12", ldap_base::Create::SearchScope::sub,
412 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]413 managerPtr->getADConfigPtr()->enabled(true);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]414 // Change LDAP BaseDN
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]415 managerPtr->getADConfigPtr()->ldapBaseDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]416 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]417 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]418 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
419 // Change LDAP BaseDN
420 EXPECT_THROW(
421 {
422 try
423 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]424 managerPtr->getADConfigPtr()->ldapBaseDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]425 }
426 catch (const InvalidArgument& e)
427 {
428 throw;
429 }
430 },
431 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]432
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]433 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]434 // Check LDAP BaseDN after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]435 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]436 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
437 delete managerPtr;
438}
439
440TEST_F(TestLDAPConfig, testSearchScope)
441{
442 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]443 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
444 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]445 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]446
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]447 if (fs::exists(configFilePath))
448 {
449 fs::remove(configFilePath);
450 }
451 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]452 MockConfigMgr* managerPtr =
453 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
454 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
455 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]456 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]457 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]458 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]459 managerPtr->createConfig(
460 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
461 "MyLdap12", ldap_base::Create::SearchScope::sub,
462 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]463 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]464
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]465 // Change LDAP SearchScope
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]466 managerPtr->getADConfigPtr()->ldapSearchScope(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]467 ldap_base::Config::SearchScope::one);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]468 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]469 ldap_base::Config::SearchScope::one);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]470
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]471 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]472 // Check LDAP SearchScope after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]473 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]474 ldap_base::Config::SearchScope::one);
475 delete managerPtr;
476}
477
478TEST_F(TestLDAPConfig, testLDAPType)
479{
480 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]481 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
482 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]483 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]484
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]485 if (fs::exists(configFilePath))
486 {
487 fs::remove(configFilePath);
488 }
489 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]490 MockConfigMgr* managerPtr =
491 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
492 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
493 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]494 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]495 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]496 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]497 managerPtr->createConfig(
498 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
499 "MyLdap12", ldap_base::Create::SearchScope::sub,
500 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]501 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]502
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]503 // Change LDAP type
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]504 // will not be changed
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]505 EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType(
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]506 ldap_base::Config::Type::OpenLdap),
507 NotAllowed);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]508 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]509 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]510
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]511 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]512 // Check LDAP type after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]513 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]514 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]515 delete managerPtr;
516}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]517
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]518TEST_F(TestLDAPConfig, testsecureLDAPRestore)
519{
520 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
521 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
522 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
523 auto dbusPersistentFilePath = std::string(dir.c_str());
524
525 if (fs::exists(configFilePath))
526 {
527 fs::remove(configFilePath);
528 }
529 EXPECT_FALSE(fs::exists(configFilePath));
530 MockConfigMgr* managerPtr =
531 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
532 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
533 tlsCertfile.c_str());
534 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]535 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]536 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
537 managerPtr->createConfig(
538 "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
539 "MyLdap12", ldap_base::Create::SearchScope::sub,
540 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
541 managerPtr->getADConfigPtr()->enabled(true);
542 EXPECT_TRUE(managerPtr->secureLDAP());
543 managerPtr->restore();
544 // Check secureLDAP variable value after restoring
545 EXPECT_TRUE(managerPtr->secureLDAP());
546
547 delete managerPtr;
548}
549
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]550TEST_F(TestLDAPConfig, filePermission)
551{
552 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]553 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
554 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]555 auto dbusPersistentFilePath = std::string(dir.c_str());
556
557 if (fs::exists(configFilePath))
558 {
559 fs::remove(configFilePath);
560 }
561 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]562 MockConfigMgr* managerPtr =
563 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
564 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
565 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]566 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
567 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
568 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
569 managerPtr->createConfig(
570 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
571 "MyLdap12", ldap_base::Create::SearchScope::sub,
572 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
573 managerPtr->getADConfigPtr()->enabled(true);
574
575 // Permission of the persistent file should be 640
576 // Others should not be allowed to read.
577 auto permission =
578 fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read;
579 auto persistFilepath = std::string(dir.c_str());
580 persistFilepath += ADDbusObjectPath;
581 persistFilepath += "/config";
582
583 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission);
584 delete managerPtr;
585}
586
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]587TEST_F(TestLDAPConfig, ConditionalEnableConfig)
588{
589 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]590 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
591 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]592 auto dbusPersistentFilePath = std::string(dir.c_str());
593
594 if (fs::exists(configFilePath))
595 {
596 fs::remove(configFilePath);
597 }
598 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]599 MockConfigMgr* managerPtr =
600 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
601 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
602 tlsCertfile.c_str());
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]603 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3);
604 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
605 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2);
606 managerPtr->createConfig(
607 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
608 "MyLdap12", ldap_base::Create::SearchScope::sub,
609 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
610
611 managerPtr->createConfig(
612 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp",
613 "MyLdap123", ldap_base::Create::SearchScope::sub,
614 ldap_base::Create::Type::OpenLdap, "attr1", "attr2");
615
616 // Enable the AD configuration
617 managerPtr->getADConfigPtr()->enabled(true);
618
619 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
620 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
621
622 // AS AD is already enabled so openldap can't be enabled.
623 EXPECT_THROW(
624 {
625 try
626 {
627 managerPtr->getOpenLdapConfigPtr()->enabled(true);
628 }
629 catch (const NotAllowed& e)
630 {
631 throw;
632 }
633 },
634 NotAllowed);
635 // Check the values
636 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
637 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
638 // Let's disable the AD.
639 managerPtr->getADConfigPtr()->enabled(false);
640 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
641 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
642 // Now enable the openldap
643 managerPtr->getOpenLdapConfigPtr()->enabled(true);
644 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true);
645 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
646
647 delete managerPtr;
648}
649
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]650TEST_F(TestLDAPConfig, createPrivMapping)
651{
652 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]653 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
654 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]655 auto dbusPersistentFilePath = std::string(dir.c_str());
656
657 if (fs::exists(configFilePath))
658 {
659 fs::remove(configFilePath);
660 }
661 EXPECT_FALSE(fs::exists(configFilePath));
662 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]663 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
664 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]665 manager.createDefaultObjects();
666 // Create the priv-mapping under the config.
667 manager.getADConfigPtr()->create("admin", "priv-admin");
668 // Check whether the entry has been created.
669 EXPECT_THROW(
670 {
671 try
672 {
673 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
674 }
675 catch (const PrivilegeMappingExists& e)
676 {
677 throw;
678 }
679 },
680 PrivilegeMappingExists);
681}
682
683TEST_F(TestLDAPConfig, deletePrivMapping)
684{
685 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]686 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
687 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]688 auto dbusPersistentFilePath = std::string(dir.c_str());
689
690 if (fs::exists(configFilePath))
691 {
692 fs::remove(configFilePath);
693 }
694 EXPECT_FALSE(fs::exists(configFilePath));
695 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]696 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
697 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]698 manager.createDefaultObjects();
699 // Create the priv-mapping under the config.
700 manager.getADConfigPtr()->create("admin", "priv-admin");
701 manager.getADConfigPtr()->create("user", "priv-user");
702 // Check whether the entry has been created.
703 EXPECT_THROW(
704 {
705 try
706 {
707 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
708 manager.getADConfigPtr()->checkPrivilegeMapper("user");
709 }
710 catch (const PrivilegeMappingExists& e)
711 {
712 throw;
713 }
714 },
715 PrivilegeMappingExists);
716
717 // This would delete the admin privilege
718 manager.getADConfigPtr()->deletePrivilegeMapper(1);
719 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"));
720 manager.getADConfigPtr()->deletePrivilegeMapper(2);
721 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user"));
722}
723
724TEST_F(TestLDAPConfig, restorePrivMapping)
725{
726 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]727 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
728 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]729 auto dbusPersistentFilePath = std::string(dir.c_str());
730
731 if (fs::exists(configFilePath))
732 {
733 fs::remove(configFilePath);
734 }
735 EXPECT_FALSE(fs::exists(configFilePath));
736 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]737 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
738 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]739 manager.createDefaultObjects();
740 // Create the priv-mapping under the config.
741 manager.getADConfigPtr()->create("admin", "priv-admin");
742 manager.getOpenLdapConfigPtr()->create("user", "priv-user");
743 manager.restore();
744 EXPECT_THROW(
745 {
746 try
747 {
748 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
749 }
750 catch (const PrivilegeMappingExists& e)
751 {
752 throw;
753 }
754 },
755 PrivilegeMappingExists);
756
757 EXPECT_THROW(
758 {
759 try
760 {
761 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user");
762 }
763 catch (const PrivilegeMappingExists& e)
764 {
765 throw;
766 }
767 },
768 PrivilegeMappingExists);
769}
770
771TEST_F(TestLDAPConfig, testPrivileges)
772{
773 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]774 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
775 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]776 auto dbusPersistentFilePath = std::string(dir.c_str());
777
778 if (fs::exists(configFilePath))
779 {
780 fs::remove(configFilePath);
781 }
782 EXPECT_FALSE(fs::exists(configFilePath));
783 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]784 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
785 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]786 manager.createDefaultObjects();
787
788 std::string groupName = "admin";
789 std::string privilege = "priv-admin";
790 size_t entryId = 1;
791 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
792 "/active_directory/role_map/" + std::to_string(entryId);
793 dbusPersistentFilePath += dbusPath;
794
795 auto entry = std::make_unique<LDAPMapperEntry>(
796 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName,
797 privilege, *(manager.getADConfigPtr()));
798
799 EXPECT_NO_THROW(entry->privilege("priv-operator"));
800 EXPECT_NO_THROW(entry->privilege("priv-user"));
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]801}
802
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]803} // namespace ldap
804} // namespace phosphor