blob: 81682450080e87bdd6d399d6732e6c4748287d1b [file] [log] [blame]
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -06001#include "config.h"
Patrick Williams9638afb2021-02-22 17:16:24 -06002
Ratan Gupta37fb3fe2019-04-13 12:54:18 +05303#include "phosphor-ldap-config/ldap_config.hpp"
Ratan Guptae1f4db62019-04-11 18:57:42 +05304#include "phosphor-ldap-config/ldap_config_mgr.hpp"
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -06005
Patrick Williams9638afb2021-02-22 17:16:24 -06006#include <sys/types.h>
7
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -06008#include <phosphor-logging/elog-errors.hpp>
Patrick Williams9638afb2021-02-22 17:16:24 -06009#include <phosphor-logging/log.hpp>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060010#include <sdbusplus/bus.hpp>
11#include <xyz/openbmc_project/Common/error.hpp>
Ratan Guptafef57892019-04-14 13:43:09 +053012#include <xyz/openbmc_project/User/Common/error.hpp>
Ratan Gupta95a29312019-02-18 20:34:10 +053013
14#include <filesystem>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060015#include <fstream>
16#include <string>
Patrick Williams9638afb2021-02-22 17:16:24 -060017
18#include <gmock/gmock.h>
19#include <gtest/gtest.h>
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060020
21namespace phosphor
22{
23namespace ldap
24{
Ratan Gupta95a29312019-02-18 20:34:10 +053025namespace fs = std::filesystem;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060026namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server;
Ratan Guptac5481d12019-04-12 18:31:05 +053027using NotAllowed = sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed;
28using NotAllowedArgument = xyz::openbmc_project::Common::NotAllowed;
29
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060030using Config = phosphor::ldap::Config;
Ratan Gupta95a29312019-02-18 20:34:10 +053031static constexpr const char* dbusPersistFile = "Config";
Ratan Guptafef57892019-04-14 13:43:09 +053032using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
33 Error::PrivilegeMappingExists;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060034
35class TestLDAPConfig : public testing::Test
36{
37 public:
38 TestLDAPConfig() : bus(sdbusplus::bus::new_default())
Patrick Williams9638afb2021-02-22 17:16:24 -060039 {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060040 void SetUp() override
41 {
42 using namespace phosphor::ldap;
43 char tmpldap[] = "/tmp/ldap_test.XXXXXX";
44 dir = fs::path(mkdtemp(tmpldap));
Zbigniew Kurzynski5d00cf22019-10-03 12:10:20 +020045 fs::path tlsCacertFilePath{TLS_CACERT_PATH};
Ratan Gupta22f13f12019-04-29 15:36:40 +053046 tlsCacertFile = tlsCacertFilePath.filename().c_str();
47 fs::path tlsCertFilePath{TLS_CERT_FILE};
48 tlsCertFile = tlsCertFilePath.filename().c_str();
49
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060050 fs::path confFilePath{LDAP_CONFIG_FILE};
51 ldapconfFile = confFilePath.filename().c_str();
52 std::fstream fs;
53 fs.open(dir / defaultNslcdFile, std::fstream::out);
54 fs.close();
55 fs.open(dir / nsSwitchFile, std::fstream::out);
56 fs.close();
Ratan Gupta22f13f12019-04-29 15:36:40 +053057 fs.open(dir / tlsCacertFile, std::fstream::out);
58 fs.close();
59 fs.open(dir / tlsCertFile, std::fstream::out);
60 fs.close();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060061 }
62
63 void TearDown() override
64 {
65 fs::remove_all(dir);
66 }
67
68 protected:
69 fs::path dir;
Ratan Gupta22f13f12019-04-29 15:36:40 +053070 std::string tlsCacertFile;
71 std::string tlsCertFile;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060072 std::string ldapconfFile;
73 sdbusplus::bus::bus bus;
74};
75
76class MockConfigMgr : public phosphor::ldap::ConfigMgr
77{
78 public:
79 MockConfigMgr(sdbusplus::bus::bus& bus, const char* path,
Ratan Gupta95a29312019-02-18 20:34:10 +053080 const char* filePath, const char* dbusPersistentFile,
Ratan Gupta22f13f12019-04-29 15:36:40 +053081 const char* caCertFile, const char* certFile) :
Ratan Gupta95a29312019-02-18 20:34:10 +053082 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
Ratan Gupta22f13f12019-04-29 15:36:40 +053083 caCertFile, certFile)
Patrick Williams9638afb2021-02-22 17:16:24 -060084 {}
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060085 MOCK_METHOD1(restartService, void(const std::string& service));
86 MOCK_METHOD1(stopService, void(const std::string& service));
Ratan Gupta27d4c012019-04-12 13:03:35 +053087 std::unique_ptr<Config>& getOpenLdapConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060088 {
Ratan Gupta27d4c012019-04-12 13:03:35 +053089 return openLDAPConfigPtr;
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060090 }
91
Ratan Gupta3a1c2742019-03-20 06:49:42 +053092 std::string configBindPassword()
93 {
Ratan Gupta27d4c012019-04-12 13:03:35 +053094 return getADConfigPtr()->lDAPBindPassword;
Ratan Gupta3a1c2742019-03-20 06:49:42 +053095 }
96
Ratan Gupta27d4c012019-04-12 13:03:35 +053097 std::unique_ptr<Config>& getADConfigPtr()
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -060098 {
Ratan Gupta27d4c012019-04-12 13:03:35 +053099 return ADConfigPtr;
100 }
101 void restore()
102 {
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530103 phosphor::ldap::ConfigMgr::restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600104 return;
105 }
106
Ratan Gupta27d4c012019-04-12 13:03:35 +0530107 void createDefaultObjects()
108 {
109 phosphor::ldap::ConfigMgr::createDefaultObjects();
110 }
111
Ravi Tejad5884042019-06-10 02:35:22 -0500112 bool secureLDAP()
113 {
114 return ADConfigPtr->secureLDAP;
115 }
116
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600117 friend class TestLDAPConfig;
118};
119
120TEST_F(TestLDAPConfig, testCreate)
121{
122 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530123 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
124 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530125 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600126
127 if (fs::exists(configFilePath))
128 {
129 fs::remove(configFilePath);
130 }
131 EXPECT_FALSE(fs::exists(configFilePath));
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600132 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530133 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
134 tlsCertfile.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530135
Ratan Guptaec117542019-04-25 18:38:29 +0530136 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2);
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530137 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2);
Ratan Guptaec117542019-04-25 18:38:29 +0530138 EXPECT_CALL(manager, restartService("nscd.service")).Times(2);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530139
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600140 manager.createConfig(
141 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp",
142 "MyLdap12", ldap_base::Create::SearchScope::sub,
143 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta27d4c012019-04-12 13:03:35 +0530144 manager.getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530145
Ratan Guptaec117542019-04-25 18:38:29 +0530146 manager.createConfig("ldap://9.194.251.137/", "cn=Users",
147 "cn=Users,dc=test", "MyLdap123",
148 ldap_base::Create::SearchScope::sub,
149 ldap_base::Create::Type::OpenLdap, "uid", "gid");
150 manager.getOpenLdapConfigPtr()->enabled(false);
151
152 // Below setting of username/groupname attr is to make sure
153 // that in-active config should not call the start/stop service.
154 manager.getOpenLdapConfigPtr()->userNameAttribute("abc");
155 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc");
156
157 manager.getOpenLdapConfigPtr()->groupNameAttribute("def");
158 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def");
159
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600160 EXPECT_TRUE(fs::exists(configFilePath));
Ratan Gupta27d4c012019-04-12 13:03:35 +0530161 EXPECT_EQ(manager.getADConfigPtr()->lDAPServerURI(),
162 "ldap://9.194.251.136/");
163 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com");
164 EXPECT_EQ(manager.getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp");
165 EXPECT_EQ(manager.getADConfigPtr()->lDAPSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600166 ldap_base::Config::SearchScope::sub);
Ratan Gupta27d4c012019-04-12 13:03:35 +0530167 EXPECT_EQ(manager.getADConfigPtr()->lDAPType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600168 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta27d4c012019-04-12 13:03:35 +0530169
170 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid");
171 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid");
172 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530173 EXPECT_EQ(manager.configBindPassword(), "MyLdap12");
174 // change the password
Ratan Gupta27d4c012019-04-12 13:03:35 +0530175 manager.getADConfigPtr()->lDAPBindDNPassword("MyLdap14");
176 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530177 EXPECT_EQ(manager.configBindPassword(), "MyLdap14");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600178}
179
Ratan Gupta27d4c012019-04-12 13:03:35 +0530180TEST_F(TestLDAPConfig, testDefaultObject)
181{
182 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530183 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
184 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530185 auto dbusPersistentFilePath = std::string(dir.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530186
187 if (fs::exists(configFilePath))
188 {
189 fs::remove(configFilePath);
190 }
191 EXPECT_FALSE(fs::exists(configFilePath));
192
193 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530194 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
195 tlsCertfile.c_str());
Ratan Gupta27d4c012019-04-12 13:03:35 +0530196
Ratan Gupta27d4c012019-04-12 13:03:35 +0530197 manager.createDefaultObjects();
198
199 EXPECT_NE(nullptr, manager.getADConfigPtr());
200 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
201 EXPECT_EQ(manager.getADConfigPtr()->lDAPType(),
202 ldap_base::Config::Type::ActiveDirectory);
203 EXPECT_EQ(manager.getOpenLdapConfigPtr()->lDAPType(),
204 ldap_base::Config::Type::OpenLdap);
205}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530206
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600207TEST_F(TestLDAPConfig, testRestores)
208{
209 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530210 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
211 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530212 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600213
214 if (fs::exists(configFilePath))
215 {
216 fs::remove(configFilePath);
217 }
218 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530219 MockConfigMgr* managerPtr =
220 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
221 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
222 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530223 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
224 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
225 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600226 managerPtr->createConfig(
227 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
228 "MyLdap12", ldap_base::Create::SearchScope::sub,
229 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530230 managerPtr->getADConfigPtr()->enabled(false);
231 EXPECT_FALSE(fs::exists(configFilePath));
232 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled());
233 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530234
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600235 EXPECT_TRUE(fs::exists(configFilePath));
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600236 // Restore from configFilePath
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530237 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600238 // validate restored properties
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530239 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled());
240 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600241 "ldap://9.194.251.138/");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530242 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com");
243 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp");
244 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600245 ldap_base::Config::SearchScope::sub);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530246 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600247 ldap_base::Config::Type::ActiveDirectory);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530248 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid");
249 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid");
250 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDNPassword(), "");
Ratan Gupta3a1c2742019-03-20 06:49:42 +0530251 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600252 delete managerPtr;
253}
254
255TEST_F(TestLDAPConfig, testLDAPServerURI)
256{
257 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530258 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
259 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530260 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600261
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600262 if (fs::exists(configFilePath))
263 {
264 fs::remove(configFilePath);
265 }
266 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530267 MockConfigMgr* managerPtr =
268 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
269 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
270 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530271
272 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
273 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
274 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600275
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600276 managerPtr->createConfig(
277 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
278 "MyLdap12", ldap_base::Create::SearchScope::sub,
279 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530280 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530281
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600282 // Change LDAP Server URI
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530283 managerPtr->getADConfigPtr()->lDAPServerURI("ldap://9.194.251.139/");
284 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600285 "ldap://9.194.251.139/");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530286
Ratan Gupta22f13f12019-04-29 15:36:40 +0530287 fs::remove(tlsCacertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530288 // Change LDAP Server URI to make it secure
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600289 EXPECT_THROW(
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530290 managerPtr->getADConfigPtr()->lDAPServerURI("ldaps://9.194.251.139/"),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600291 NoCACertificate);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600292
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530293 // check once again
294 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(),
295 "ldap://9.194.251.139/");
296
297 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600298 // Check LDAP Server URI
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530299 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(),
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600300 "ldap://9.194.251.139/");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600301 delete managerPtr;
302}
303
304TEST_F(TestLDAPConfig, testLDAPBindDN)
305{
306 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530307 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
308 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530309 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600310
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600311 if (fs::exists(configFilePath))
312 {
313 fs::remove(configFilePath);
314 }
315 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530316 MockConfigMgr* managerPtr =
317 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
318 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
319 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530320
321 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
322 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
323 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600324
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600325 managerPtr->createConfig(
326 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
327 "MyLdap12", ldap_base::Create::SearchScope::sub,
328 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530329 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530330
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600331 // Change LDAP BindDN
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530332 managerPtr->getADConfigPtr()->lDAPBindDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600333 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530334 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600335 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
336 // Change LDAP BindDN
337 EXPECT_THROW(
338 {
339 try
340 {
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530341 managerPtr->getADConfigPtr()->lDAPBindDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600342 }
343 catch (const InvalidArgument& e)
344 {
345 throw;
346 }
347 },
348 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600349
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530350 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600351 // Check LDAP BindDN after restoring
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530352 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600353 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
354 delete managerPtr;
355}
356
357TEST_F(TestLDAPConfig, testLDAPBaseDN)
358{
359 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530360 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
361 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530362 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600363
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600364 if (fs::exists(configFilePath))
365 {
366 fs::remove(configFilePath);
367 }
368 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530369 MockConfigMgr* managerPtr =
370 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
371 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
372 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530373 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
374 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
375 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600376 managerPtr->createConfig(
377 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
378 "MyLdap12", ldap_base::Create::SearchScope::sub,
379 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530380 managerPtr->getADConfigPtr()->enabled(true);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600381 // Change LDAP BaseDN
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530382 managerPtr->getADConfigPtr()->lDAPBaseDN(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600383 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530384 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600385 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
386 // Change LDAP BaseDN
387 EXPECT_THROW(
388 {
389 try
390 {
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530391 managerPtr->getADConfigPtr()->lDAPBaseDN("");
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600392 }
393 catch (const InvalidArgument& e)
394 {
395 throw;
396 }
397 },
398 InvalidArgument);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600399
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530400 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600401 // Check LDAP BaseDN after restoring
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530402 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600403 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
404 delete managerPtr;
405}
406
407TEST_F(TestLDAPConfig, testSearchScope)
408{
409 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530410 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
411 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530412 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600413
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600414 if (fs::exists(configFilePath))
415 {
416 fs::remove(configFilePath);
417 }
418 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530419 MockConfigMgr* managerPtr =
420 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
421 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
422 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530423 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
424 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
425 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600426 managerPtr->createConfig(
427 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
428 "MyLdap12", ldap_base::Create::SearchScope::sub,
429 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530430 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530431
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600432 // Change LDAP SearchScope
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530433 managerPtr->getADConfigPtr()->lDAPSearchScope(
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600434 ldap_base::Config::SearchScope::one);
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530435 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600436 ldap_base::Config::SearchScope::one);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600437
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530438 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600439 // Check LDAP SearchScope after restoring
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530440 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(),
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600441 ldap_base::Config::SearchScope::one);
442 delete managerPtr;
443}
444
445TEST_F(TestLDAPConfig, testLDAPType)
446{
447 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530448 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
449 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530450 auto dbusPersistentFilePath = std::string(dir.c_str());
Nagaraju Goruganti3b4d06a2018-11-08 03:13:38 -0600451
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600452 if (fs::exists(configFilePath))
453 {
454 fs::remove(configFilePath);
455 }
456 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530457 MockConfigMgr* managerPtr =
458 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
459 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
460 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530461 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
462 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
463 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
Ratan Guptaaeaf9412019-02-11 04:41:52 -0600464 managerPtr->createConfig(
465 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
466 "MyLdap12", ldap_base::Create::SearchScope::sub,
467 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530468 managerPtr->getADConfigPtr()->enabled(true);
Ratan Gupta95a29312019-02-18 20:34:10 +0530469
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600470 // Change LDAP type
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530471 // will not be changed
472 EXPECT_THROW(managerPtr->getADConfigPtr()->lDAPType(
473 ldap_base::Config::Type::OpenLdap),
474 NotAllowed);
475 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(),
476 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600477
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530478 managerPtr->restore();
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600479 // Check LDAP type after restoring
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530480 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(),
481 ldap_base::Config::Type::ActiveDirectory);
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600482 delete managerPtr;
483}
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530484
Ravi Tejad5884042019-06-10 02:35:22 -0500485TEST_F(TestLDAPConfig, testsecureLDAPRestore)
486{
487 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
488 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
489 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
490 auto dbusPersistentFilePath = std::string(dir.c_str());
491
492 if (fs::exists(configFilePath))
493 {
494 fs::remove(configFilePath);
495 }
496 EXPECT_FALSE(fs::exists(configFilePath));
497 MockConfigMgr* managerPtr =
498 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
499 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
500 tlsCertfile.c_str());
501 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
502 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
503 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
504 managerPtr->createConfig(
505 "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
506 "MyLdap12", ldap_base::Create::SearchScope::sub,
507 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
508 managerPtr->getADConfigPtr()->enabled(true);
509 EXPECT_TRUE(managerPtr->secureLDAP());
510 managerPtr->restore();
511 // Check secureLDAP variable value after restoring
512 EXPECT_TRUE(managerPtr->secureLDAP());
513
514 delete managerPtr;
515}
516
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530517TEST_F(TestLDAPConfig, filePermission)
518{
519 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530520 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
521 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530522 auto dbusPersistentFilePath = std::string(dir.c_str());
523
524 if (fs::exists(configFilePath))
525 {
526 fs::remove(configFilePath);
527 }
528 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530529 MockConfigMgr* managerPtr =
530 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
531 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
532 tlsCertfile.c_str());
Ratan Gupta21e88cb2019-04-12 17:15:52 +0530533 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
534 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
535 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
536 managerPtr->createConfig(
537 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
538 "MyLdap12", ldap_base::Create::SearchScope::sub,
539 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
540 managerPtr->getADConfigPtr()->enabled(true);
541
542 // Permission of the persistent file should be 640
543 // Others should not be allowed to read.
544 auto permission =
545 fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read;
546 auto persistFilepath = std::string(dir.c_str());
547 persistFilepath += ADDbusObjectPath;
548 persistFilepath += "/config";
549
550 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission);
551 delete managerPtr;
552}
553
Ratan Guptac5481d12019-04-12 18:31:05 +0530554TEST_F(TestLDAPConfig, ConditionalEnableConfig)
555{
556 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530557 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
558 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptac5481d12019-04-12 18:31:05 +0530559 auto dbusPersistentFilePath = std::string(dir.c_str());
560
561 if (fs::exists(configFilePath))
562 {
563 fs::remove(configFilePath);
564 }
565 EXPECT_FALSE(fs::exists(configFilePath));
Ratan Gupta22f13f12019-04-29 15:36:40 +0530566 MockConfigMgr* managerPtr =
567 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
568 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
569 tlsCertfile.c_str());
Ratan Guptac5481d12019-04-12 18:31:05 +0530570 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3);
571 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
572 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2);
573 managerPtr->createConfig(
574 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
575 "MyLdap12", ldap_base::Create::SearchScope::sub,
576 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
577
578 managerPtr->createConfig(
579 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp",
580 "MyLdap123", ldap_base::Create::SearchScope::sub,
581 ldap_base::Create::Type::OpenLdap, "attr1", "attr2");
582
583 // Enable the AD configuration
584 managerPtr->getADConfigPtr()->enabled(true);
585
586 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
587 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
588
589 // AS AD is already enabled so openldap can't be enabled.
590 EXPECT_THROW(
591 {
592 try
593 {
594 managerPtr->getOpenLdapConfigPtr()->enabled(true);
595 }
596 catch (const NotAllowed& e)
597 {
598 throw;
599 }
600 },
601 NotAllowed);
602 // Check the values
603 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
604 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
605 // Let's disable the AD.
606 managerPtr->getADConfigPtr()->enabled(false);
607 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
608 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
609 // Now enable the openldap
610 managerPtr->getOpenLdapConfigPtr()->enabled(true);
611 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true);
612 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
613
614 delete managerPtr;
615}
616
Ratan Guptafef57892019-04-14 13:43:09 +0530617TEST_F(TestLDAPConfig, createPrivMapping)
618{
619 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530620 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
621 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530622 auto dbusPersistentFilePath = std::string(dir.c_str());
623
624 if (fs::exists(configFilePath))
625 {
626 fs::remove(configFilePath);
627 }
628 EXPECT_FALSE(fs::exists(configFilePath));
629 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530630 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
631 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530632 manager.createDefaultObjects();
633 // Create the priv-mapping under the config.
634 manager.getADConfigPtr()->create("admin", "priv-admin");
635 // Check whether the entry has been created.
636 EXPECT_THROW(
637 {
638 try
639 {
640 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
641 }
642 catch (const PrivilegeMappingExists& e)
643 {
644 throw;
645 }
646 },
647 PrivilegeMappingExists);
648}
649
650TEST_F(TestLDAPConfig, deletePrivMapping)
651{
652 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530653 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
654 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530655 auto dbusPersistentFilePath = std::string(dir.c_str());
656
657 if (fs::exists(configFilePath))
658 {
659 fs::remove(configFilePath);
660 }
661 EXPECT_FALSE(fs::exists(configFilePath));
662 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530663 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
664 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530665 manager.createDefaultObjects();
666 // Create the priv-mapping under the config.
667 manager.getADConfigPtr()->create("admin", "priv-admin");
668 manager.getADConfigPtr()->create("user", "priv-user");
669 // Check whether the entry has been created.
670 EXPECT_THROW(
671 {
672 try
673 {
674 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
675 manager.getADConfigPtr()->checkPrivilegeMapper("user");
676 }
677 catch (const PrivilegeMappingExists& e)
678 {
679 throw;
680 }
681 },
682 PrivilegeMappingExists);
683
684 // This would delete the admin privilege
685 manager.getADConfigPtr()->deletePrivilegeMapper(1);
686 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"));
687 manager.getADConfigPtr()->deletePrivilegeMapper(2);
688 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user"));
689}
690
691TEST_F(TestLDAPConfig, restorePrivMapping)
692{
693 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530694 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
695 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530696 auto dbusPersistentFilePath = std::string(dir.c_str());
697
698 if (fs::exists(configFilePath))
699 {
700 fs::remove(configFilePath);
701 }
702 EXPECT_FALSE(fs::exists(configFilePath));
703 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530704 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
705 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530706 manager.createDefaultObjects();
707 // Create the priv-mapping under the config.
708 manager.getADConfigPtr()->create("admin", "priv-admin");
709 manager.getOpenLdapConfigPtr()->create("user", "priv-user");
710 manager.restore();
711 EXPECT_THROW(
712 {
713 try
714 {
715 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
716 }
717 catch (const PrivilegeMappingExists& e)
718 {
719 throw;
720 }
721 },
722 PrivilegeMappingExists);
723
724 EXPECT_THROW(
725 {
726 try
727 {
728 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user");
729 }
730 catch (const PrivilegeMappingExists& e)
731 {
732 throw;
733 }
734 },
735 PrivilegeMappingExists);
736}
737
738TEST_F(TestLDAPConfig, testPrivileges)
739{
740 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile;
Ratan Gupta22f13f12019-04-29 15:36:40 +0530741 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile;
742 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile;
Ratan Guptafef57892019-04-14 13:43:09 +0530743 auto dbusPersistentFilePath = std::string(dir.c_str());
744
745 if (fs::exists(configFilePath))
746 {
747 fs::remove(configFilePath);
748 }
749 EXPECT_FALSE(fs::exists(configFilePath));
750 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
Ratan Gupta22f13f12019-04-29 15:36:40 +0530751 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(),
752 tlsCertfile.c_str());
Ratan Guptafef57892019-04-14 13:43:09 +0530753 manager.createDefaultObjects();
754
755 std::string groupName = "admin";
756 std::string privilege = "priv-admin";
757 size_t entryId = 1;
758 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
759 "/active_directory/role_map/" + std::to_string(entryId);
760 dbusPersistentFilePath += dbusPath;
761
762 auto entry = std::make_unique<LDAPMapperEntry>(
763 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName,
764 privilege, *(manager.getADConfigPtr()));
765
766 EXPECT_NO_THROW(entry->privilege("priv-operator"));
767 EXPECT_NO_THROW(entry->privilege("priv-user"));
Ratan Guptafef57892019-04-14 13:43:09 +0530768}
769
Nagaraju Gorugantid514e5d2018-11-08 03:07:25 -0600770} // namespace ldap
771} // namespace phosphor