Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 4e2c06e79c3b9640e1d1f31efd34fe08a6b945b9 / . / test / ldap_config_test.cpp
blob: 768554359a276d5bf1b56384ca6c616b140f54e6 [file] [log] [blame]
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]1#include "config.h"
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]2
Ratan Gupta37fb3fe2019-04-13 12:54:18 +0530[diff] [blame]3#include "phosphor-ldap-config/ldap_config.hpp"
Ratan Guptae1f4db62019-04-11 18:57:42 +0530[diff] [blame]4#include "phosphor-ldap-config/ldap_config_mgr.hpp"
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]5
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]6#include <sys/types.h>
7
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]8#include <sdbusplus/bus.hpp>
9#include <xyz/openbmc_project/Common/error.hpp>
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]10#include <xyz/openbmc_project/User/Common/error.hpp>
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]11
12#include <filesystem>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]13#include <fstream>
14#include <string>
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]15
16#include <gmock/gmock.h>
17#include <gtest/gtest.h>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]18
19namespace phosphor
20{
21namespace ldap
22{
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]23namespace fs = std::filesystem;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]24namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server;
Jiaqing Zhaoe8d664d2022-07-05 21:22:54 +0800[diff] [blame]25using namespace sdbusplus::xyz::openbmc_project::Common::Error;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]26using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
27 Error::PrivilegeMappingExists;
Jiaqing Zhaoe8d664d2022-07-05 21:22:54 +0800[diff] [blame]28using Config = phosphor::ldap::Config;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]29
30class TestLDAPConfig : public testing::Test
31{
32 public:
Patrick Williamsb7043042023-05-10 07:50:52 -0500[diff] [blame]33 TestLDAPConfig() : bus(sdbusplus::bus::new_default()) {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]34 void SetUp() override
35 {
36 using namespace phosphor::ldap;
37 char tmpldap[] = "/tmp/ldap_test.XXXXXX";
38 dir = fs::path(mkdtemp(tmpldap));
Zbigniew Kurzynski5d00cf22019-10-03 12:10:20 +0200[diff] [blame]39 fs::path tlsCacertFilePath{TLS_CACERT_PATH};
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]40 tlsCACertFile = tlsCacertFilePath.filename().c_str();
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]41 fs::path tlsCertFilePath{TLS_CERT_FILE};
42 tlsCertFile = tlsCertFilePath.filename().c_str();
43
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]44 fs::path confFilePath{LDAP_CONFIG_FILE};
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]45 ldapConfFile = confFilePath.filename().c_str();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]46 std::fstream fs;
47 fs.open(dir / defaultNslcdFile, std::fstream::out);
48 fs.close();
49 fs.open(dir / nsSwitchFile, std::fstream::out);
50 fs.close();
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]51 fs.open(dir / tlsCACertFile, std::fstream::out);
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]52 fs.close();
53 fs.open(dir / tlsCertFile, std::fstream::out);
54 fs.close();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]55 }
56
57 void TearDown() override
58 {
59 fs::remove_all(dir);
60 }
61
62 protected:
63 fs::path dir;
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]64 std::string tlsCACertFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]65 std::string tlsCertFile;
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]66 std::string ldapConfFile;
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]67 sdbusplus::bus_t bus;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]68};
69
70class MockConfigMgr : public phosphor::ldap::ConfigMgr
71{
72 public:
Patrick Williamsb3ef4e12022-07-22 19:26:55 -0500[diff] [blame]73 MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
74 const char* dbusPersistentFile, const char* caCertFile,
75 const char* certFile) :
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]76 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]77 caCertFile, certFile)
Patrick Williams9638afb2021-02-22 17:16:24 -0600[diff] [blame]78 {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]79 MOCK_METHOD1(restartService, void(const std::string& service));
80 MOCK_METHOD1(stopService, void(const std::string& service));
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]81 std::unique_ptr<Config>& getOpenLdapConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]82 {
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]83 return openLDAPConfigPtr;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]84 }
85
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]86 std::string configBindPassword()
87 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]88 return getADConfigPtr()->ldapBindPassword;
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]89 }
90
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]91 std::unique_ptr<Config>& getADConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]92 {
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]93 return ADConfigPtr;
94 }
95 void restore()
96 {
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]97 phosphor::ldap::ConfigMgr::restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]98 return;
99 }
100
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]101 void createDefaultObjects()
102 {
103 phosphor::ldap::ConfigMgr::createDefaultObjects();
104 }
105
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]106 bool secureLDAP()
107 {
108 return ADConfigPtr->secureLDAP;
109 }
110
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]111 friend class TestLDAPConfig;
112};
113
114TEST_F(TestLDAPConfig, testCreate)
115{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]116 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
117 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
118 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]119 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]120
121 if (fs::exists(configFilePath))
122 {
123 fs::remove(configFilePath);
124 }
125 EXPECT_FALSE(fs::exists(configFilePath));
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]126 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]127 dbusPersistentFilePath.c_str(),
128 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]129
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]130 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2);
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]131 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2);
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]132 EXPECT_CALL(manager, restartService("nscd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]133
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]134 manager.createConfig(
135 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp",
136 "MyLdap12", ldap_base::Create::SearchScope::sub,
137 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]138 manager.getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]139
Ratan Guptaec117542019-04-25 18:38:29 +0530[diff] [blame]140 manager.createConfig("ldap://9.194.251.137/", "cn=Users",
141 "cn=Users,dc=test", "MyLdap123",
142 ldap_base::Create::SearchScope::sub,
143 ldap_base::Create::Type::OpenLdap, "uid", "gid");
144 manager.getOpenLdapConfigPtr()->enabled(false);
145
146 // Below setting of username/groupname attr is to make sure
147 // that in-active config should not call the start/stop service.
148 manager.getOpenLdapConfigPtr()->userNameAttribute("abc");
149 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc");
150
151 manager.getOpenLdapConfigPtr()->groupNameAttribute("def");
152 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def");
153
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]154 EXPECT_TRUE(fs::exists(configFilePath));
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]155 EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]156 "ldap://9.194.251.136/");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]157 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
158 EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
159 EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]160 ldap_base::Config::SearchScope::sub);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]161 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]162 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]163
164 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid");
165 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]166 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]167 EXPECT_EQ(manager.configBindPassword(), "MyLdap12");
168 // change the password
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]169 manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14");
170 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]171 EXPECT_EQ(manager.configBindPassword(), "MyLdap14");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]172}
173
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]174TEST_F(TestLDAPConfig, testDefaultObject)
175{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]176 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
177 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
178 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]179 auto dbusPersistentFilePath = std::string(dir.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]180
181 if (fs::exists(configFilePath))
182 {
183 fs::remove(configFilePath);
184 }
185 EXPECT_FALSE(fs::exists(configFilePath));
186
187 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]188 dbusPersistentFilePath.c_str(),
189 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]190
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]191 manager.createDefaultObjects();
192
193 EXPECT_NE(nullptr, manager.getADConfigPtr());
194 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]195 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]196 ldap_base::Config::Type::ActiveDirectory);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]197 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
Ratan Gupta27d4c012019-04-12 13:03:35 +0530[diff] [blame]198 ldap_base::Config::Type::OpenLdap);
199}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]200
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]201TEST_F(TestLDAPConfig, testRestoresDefault)
202{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]203 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
204 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
205 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]206 auto dbusPersistentFilePath = std::string(dir.c_str());
207
208 if (fs::exists(configFilePath))
209 {
210 fs::remove(configFilePath);
211 }
212 EXPECT_FALSE(fs::exists(configFilePath));
213
214 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]215 dbusPersistentFilePath.c_str(),
216 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]217
218 EXPECT_CALL(manager, stopService("nslcd.service")).Times(1);
219 EXPECT_CALL(manager, restartService("nslcd.service")).Times(0);
220 EXPECT_CALL(manager, restartService("nscd.service")).Times(0);
221
222 manager.restore();
223
224 EXPECT_NE(nullptr, manager.getADConfigPtr());
225 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
226 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
227 ldap_base::Config::Type::ActiveDirectory);
228 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
229 ldap_base::Config::Type::OpenLdap);
230 EXPECT_FALSE(manager.getADConfigPtr()->enabled());
231 EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled());
232}
233
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]234TEST_F(TestLDAPConfig, testRestores)
235{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]236 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
237 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
238 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]239 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]240
241 if (fs::exists(configFilePath))
242 {
243 fs::remove(configFilePath);
244 }
245 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]246 MockConfigMgr* managerPtr =
247 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]248 dbusPersistentFilePath.c_str(),
249 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]250 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]251 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]252 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]253 managerPtr->createConfig(
254 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
255 "MyLdap12", ldap_base::Create::SearchScope::sub,
256 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]257 managerPtr->getADConfigPtr()->enabled(false);
258 EXPECT_FALSE(fs::exists(configFilePath));
259 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled());
260 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]261
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]262 EXPECT_TRUE(fs::exists(configFilePath));
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]263 // Restore from configFilePath
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]264 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]265 // validate restored properties
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]266 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled());
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]267 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]268 "ldap://9.194.251.138/");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]269 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
270 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
271 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]272 ldap_base::Config::SearchScope::sub);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]273 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]274 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]275 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid");
276 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]277 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530[diff] [blame]278 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]279 delete managerPtr;
280}
281
282TEST_F(TestLDAPConfig, testLDAPServerURI)
283{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]284 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
285 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
286 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]287 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]288
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]289 if (fs::exists(configFilePath))
290 {
291 fs::remove(configFilePath);
292 }
293 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]294 MockConfigMgr* managerPtr =
295 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]296 dbusPersistentFilePath.c_str(),
297 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]298
299 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]300 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]301 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]302
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]303 managerPtr->createConfig(
304 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
305 "MyLdap12", ldap_base::Create::SearchScope::sub,
306 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]307 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]308
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]309 // Change LDAP Server URI
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]310 managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/");
311 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]312 "ldap://9.194.251.139/");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]313
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]314 fs::remove(tlsCACertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]315 // Change LDAP Server URI to make it secure
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]316 EXPECT_THROW(
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]317 managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]318 NoCACertificate);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]319
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]320 // check once again
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]321 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]322 "ldap://9.194.251.139/");
323
324 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]325 // Check LDAP Server URI
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]326 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]327 "ldap://9.194.251.139/");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]328 delete managerPtr;
329}
330
331TEST_F(TestLDAPConfig, testLDAPBindDN)
332{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]333 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
334 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
335 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]336 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]337
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]338 if (fs::exists(configFilePath))
339 {
340 fs::remove(configFilePath);
341 }
342 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]343 MockConfigMgr* managerPtr =
344 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]345 dbusPersistentFilePath.c_str(),
346 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]347
348 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]349 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]350 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]351
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]352 managerPtr->createConfig(
353 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
354 "MyLdap12", ldap_base::Create::SearchScope::sub,
355 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]356 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]357
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]358 // Change LDAP BindDN
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]359 managerPtr->getADConfigPtr()->ldapBindDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]360 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]361 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]362 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
363 // Change LDAP BindDN
364 EXPECT_THROW(
365 {
366 try
367 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]368 managerPtr->getADConfigPtr()->ldapBindDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]369 }
370 catch (const InvalidArgument& e)
371 {
372 throw;
373 }
374 },
375 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]376
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]377 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]378 // Check LDAP BindDN after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]379 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]380 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
381 delete managerPtr;
382}
383
384TEST_F(TestLDAPConfig, testLDAPBaseDN)
385{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]386 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
387 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
388 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]389 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]390
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]391 if (fs::exists(configFilePath))
392 {
393 fs::remove(configFilePath);
394 }
395 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]396 MockConfigMgr* managerPtr =
397 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]398 dbusPersistentFilePath.c_str(),
399 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]400 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]401 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]402 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]403 managerPtr->createConfig(
404 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
405 "MyLdap12", ldap_base::Create::SearchScope::sub,
406 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]407 managerPtr->getADConfigPtr()->enabled(true);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]408 // Change LDAP BaseDN
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]409 managerPtr->getADConfigPtr()->ldapBaseDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]410 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]411 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]412 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
413 // Change LDAP BaseDN
414 EXPECT_THROW(
415 {
416 try
417 {
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]418 managerPtr->getADConfigPtr()->ldapBaseDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]419 }
420 catch (const InvalidArgument& e)
421 {
422 throw;
423 }
424 },
425 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]426
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]427 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]428 // Check LDAP BaseDN after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]429 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]430 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
431 delete managerPtr;
432}
433
434TEST_F(TestLDAPConfig, testSearchScope)
435{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]436 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
437 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
438 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]439 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]440
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]441 if (fs::exists(configFilePath))
442 {
443 fs::remove(configFilePath);
444 }
445 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]446 MockConfigMgr* managerPtr =
447 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]448 dbusPersistentFilePath.c_str(),
449 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]450 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]451 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]452 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]453 managerPtr->createConfig(
454 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
455 "MyLdap12", ldap_base::Create::SearchScope::sub,
456 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]457 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]458
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]459 // Change LDAP SearchScope
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]460 managerPtr->getADConfigPtr()->ldapSearchScope(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]461 ldap_base::Config::SearchScope::one);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]462 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]463 ldap_base::Config::SearchScope::one);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]464
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]465 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]466 // Check LDAP SearchScope after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]467 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]468 ldap_base::Config::SearchScope::one);
469 delete managerPtr;
470}
471
472TEST_F(TestLDAPConfig, testLDAPType)
473{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]474 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
475 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
476 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]477 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600[diff] [blame]478
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]479 if (fs::exists(configFilePath))
480 {
481 fs::remove(configFilePath);
482 }
483 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]484 MockConfigMgr* managerPtr =
485 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]486 dbusPersistentFilePath.c_str(),
487 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]488 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]489 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]490 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600[diff] [blame]491 managerPtr->createConfig(
492 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
493 "MyLdap12", ldap_base::Create::SearchScope::sub,
494 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]495 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530[diff] [blame]496
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]497 // Change LDAP type
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]498 // will not be changed
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]499 EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType(
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]500 ldap_base::Config::Type::OpenLdap),
501 NotAllowed);
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]502 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]503 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]504
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]505 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]506 // Check LDAP type after restoring
Patrick Williamse6500a42021-05-01 05:58:23 -0500[diff] [blame]507 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]508 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]509 delete managerPtr;
510}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]511
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]512TEST_F(TestLDAPConfig, testsecureLDAPRestore)
513{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]514 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
515 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
516 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]517 auto dbusPersistentFilePath = std::string(dir.c_str());
518
519 if (fs::exists(configFilePath))
520 {
521 fs::remove(configFilePath);
522 }
523 EXPECT_FALSE(fs::exists(configFilePath));
524 MockConfigMgr* managerPtr =
525 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]526 dbusPersistentFilePath.c_str(),
527 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]528 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
Alexander Filippov372c5662021-06-30 20:23:39 +0300[diff] [blame]529 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
Ravi Tejad5884042019-06-10 02:35:22 -0500[diff] [blame]530 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
531 managerPtr->createConfig(
532 "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
533 "MyLdap12", ldap_base::Create::SearchScope::sub,
534 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
535 managerPtr->getADConfigPtr()->enabled(true);
536 EXPECT_TRUE(managerPtr->secureLDAP());
537 managerPtr->restore();
538 // Check secureLDAP variable value after restoring
539 EXPECT_TRUE(managerPtr->secureLDAP());
540
541 delete managerPtr;
542}
543
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]544TEST_F(TestLDAPConfig, filePermission)
545{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]546 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
547 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
548 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]549 auto dbusPersistentFilePath = std::string(dir.c_str());
550
551 if (fs::exists(configFilePath))
552 {
553 fs::remove(configFilePath);
554 }
555 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]556 MockConfigMgr* managerPtr =
557 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]558 dbusPersistentFilePath.c_str(),
559 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]560 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
561 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
562 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
563 managerPtr->createConfig(
564 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
565 "MyLdap12", ldap_base::Create::SearchScope::sub,
566 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
567 managerPtr->getADConfigPtr()->enabled(true);
568
569 // Permission of the persistent file should be 640
570 // Others should not be allowed to read.
Patrick Williamsb7043042023-05-10 07:50:52 -0500[diff] [blame]571 auto permission = fs::perms::owner_read | fs::perms::owner_write |
572 fs::perms::group_read;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]573 auto persistFilepath = std::string(dir.c_str());
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]574 persistFilepath += adDbusObjectPath;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530[diff] [blame]575 persistFilepath += "/config";
576
577 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission);
578 delete managerPtr;
579}
580
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]581TEST_F(TestLDAPConfig, ConditionalEnableConfig)
582{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]583 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
584 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
585 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]586 auto dbusPersistentFilePath = std::string(dir.c_str());
587
588 if (fs::exists(configFilePath))
589 {
590 fs::remove(configFilePath);
591 }
592 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530[diff] [blame]593 MockConfigMgr* managerPtr =
594 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]595 dbusPersistentFilePath.c_str(),
596 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptac5481d12019-04-12 18:31:05 +0530[diff] [blame]597 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3);
598 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
599 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2);
600 managerPtr->createConfig(
601 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
602 "MyLdap12", ldap_base::Create::SearchScope::sub,
603 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
604
605 managerPtr->createConfig(
606 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp",
607 "MyLdap123", ldap_base::Create::SearchScope::sub,
608 ldap_base::Create::Type::OpenLdap, "attr1", "attr2");
609
610 // Enable the AD configuration
611 managerPtr->getADConfigPtr()->enabled(true);
612
613 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
614 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
615
616 // AS AD is already enabled so openldap can't be enabled.
617 EXPECT_THROW(
618 {
619 try
620 {
621 managerPtr->getOpenLdapConfigPtr()->enabled(true);
622 }
623 catch (const NotAllowed& e)
624 {
625 throw;
626 }
627 },
628 NotAllowed);
629 // Check the values
630 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
631 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
632 // Let's disable the AD.
633 managerPtr->getADConfigPtr()->enabled(false);
634 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
635 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
636 // Now enable the openldap
637 managerPtr->getOpenLdapConfigPtr()->enabled(true);
638 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true);
639 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
640
641 delete managerPtr;
642}
643
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]644TEST_F(TestLDAPConfig, createPrivMapping)
645{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]646 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
647 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
648 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]649 auto dbusPersistentFilePath = std::string(dir.c_str());
650
651 if (fs::exists(configFilePath))
652 {
653 fs::remove(configFilePath);
654 }
655 EXPECT_FALSE(fs::exists(configFilePath));
656 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]657 dbusPersistentFilePath.c_str(),
658 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]659 manager.createDefaultObjects();
660 // Create the priv-mapping under the config.
661 manager.getADConfigPtr()->create("admin", "priv-admin");
662 // Check whether the entry has been created.
663 EXPECT_THROW(
664 {
665 try
666 {
667 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
668 }
669 catch (const PrivilegeMappingExists& e)
670 {
671 throw;
672 }
673 },
674 PrivilegeMappingExists);
675}
676
677TEST_F(TestLDAPConfig, deletePrivMapping)
678{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]679 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
680 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
681 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]682 auto dbusPersistentFilePath = std::string(dir.c_str());
683
684 if (fs::exists(configFilePath))
685 {
686 fs::remove(configFilePath);
687 }
688 EXPECT_FALSE(fs::exists(configFilePath));
689 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]690 dbusPersistentFilePath.c_str(),
691 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]692 manager.createDefaultObjects();
693 // Create the priv-mapping under the config.
694 manager.getADConfigPtr()->create("admin", "priv-admin");
695 manager.getADConfigPtr()->create("user", "priv-user");
696 // Check whether the entry has been created.
697 EXPECT_THROW(
698 {
699 try
700 {
701 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
702 manager.getADConfigPtr()->checkPrivilegeMapper("user");
703 }
704 catch (const PrivilegeMappingExists& e)
705 {
706 throw;
707 }
708 },
709 PrivilegeMappingExists);
710
711 // This would delete the admin privilege
712 manager.getADConfigPtr()->deletePrivilegeMapper(1);
713 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"));
714 manager.getADConfigPtr()->deletePrivilegeMapper(2);
715 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user"));
716}
717
718TEST_F(TestLDAPConfig, restorePrivMapping)
719{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]720 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
721 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
722 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]723 auto dbusPersistentFilePath = std::string(dir.c_str());
724
725 if (fs::exists(configFilePath))
726 {
727 fs::remove(configFilePath);
728 }
729 EXPECT_FALSE(fs::exists(configFilePath));
730 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]731 dbusPersistentFilePath.c_str(),
732 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]733 manager.createDefaultObjects();
734 // Create the priv-mapping under the config.
735 manager.getADConfigPtr()->create("admin", "priv-admin");
736 manager.getOpenLdapConfigPtr()->create("user", "priv-user");
737 manager.restore();
738 EXPECT_THROW(
739 {
740 try
741 {
742 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
743 }
744 catch (const PrivilegeMappingExists& e)
745 {
746 throw;
747 }
748 },
749 PrivilegeMappingExists);
750
751 EXPECT_THROW(
752 {
753 try
754 {
755 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user");
756 }
757 catch (const PrivilegeMappingExists& e)
758 {
759 throw;
760 }
761 },
762 PrivilegeMappingExists);
763}
764
765TEST_F(TestLDAPConfig, testPrivileges)
766{
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]767 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
768 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
769 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]770 auto dbusPersistentFilePath = std::string(dir.c_str());
771
772 if (fs::exists(configFilePath))
773 {
774 fs::remove(configFilePath);
775 }
776 EXPECT_FALSE(fs::exists(configFilePath));
777 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Nan Zhou78d85042022-08-29 17:50:22 +0000[diff] [blame]778 dbusPersistentFilePath.c_str(),
779 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]780 manager.createDefaultObjects();
781
782 std::string groupName = "admin";
783 std::string privilege = "priv-admin";
784 size_t entryId = 1;
785 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
786 "/active_directory/role_map/" + std::to_string(entryId);
787 dbusPersistentFilePath += dbusPath;
788
789 auto entry = std::make_unique<LDAPMapperEntry>(
790 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName,
791 privilege, *(manager.getADConfigPtr()));
792
793 EXPECT_NO_THROW(entry->privilege("priv-operator"));
794 EXPECT_NO_THROW(entry->privilege("priv-user"));
Ratan Guptafef57892019-04-14 13:43:09 +0530[diff] [blame]795}
796
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600[diff] [blame]797} // namespace ldap
798} // namespace phosphor