1 #include "config.h"
2
3 #include "phosphor-ldap-config/ldap_config.hpp"
4 #include "phosphor-ldap-config/ldap_config_mgr.hpp"
5
6 #include <sys/types.h>
7
8 #include <sdbusplus/bus.hpp>
9 #include <xyz/openbmc_project/Common/error.hpp>
10 #include <xyz/openbmc_project/User/Common/error.hpp>
11
12 #include <filesystem>
13 #include <fstream>
14 #include <string>
15
16 #include <gmock/gmock.h>
17 #include <gtest/gtest.h>
18
19 namespace phosphor
20 {
21 namespace ldap
22 {
23 namespace fs = std::filesystem;
24 namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server;
25 using namespace sdbusplus::xyz::openbmc_project::Common::Error;
26 using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
27 Error::PrivilegeMappingExists;
28 using Config = phosphor::ldap::Config;
29
30 class TestLDAPConfig : public testing::Test
31 {
32 public:
TestLDAPConfig()33 TestLDAPConfig() : bus(sdbusplus::bus::new_default()) {}
SetUp()34 void SetUp() override
35 {
36 using namespace phosphor::ldap;
37 char tmpldap[] = "/tmp/ldap_test.XXXXXX";
38 dir = fs::path(mkdtemp(tmpldap));
39 fs::path tlsCacertFilePath{TLS_CACERT_PATH};
40 tlsCACertFile = tlsCacertFilePath.filename().c_str();
41 fs::path tlsCertFilePath{TLS_CERT_FILE};
42 tlsCertFile = tlsCertFilePath.filename().c_str();
43
44 fs::path confFilePath{LDAP_CONFIG_FILE};
45 ldapConfFile = confFilePath.filename().c_str();
46 std::fstream fs;
47 fs.open(dir / defaultNslcdFile, std::fstream::out);
48 fs.close();
49 fs.open(dir / nsSwitchFile, std::fstream::out);
50 fs.close();
51 fs.open(dir / tlsCACertFile, std::fstream::out);
52 fs.close();
53 fs.open(dir / tlsCertFile, std::fstream::out);
54 fs.close();
55 }
56
TearDown()57 void TearDown() override
58 {
59 fs::remove_all(dir);
60 }
61
62 protected:
63 fs::path dir;
64 std::string tlsCACertFile;
65 std::string tlsCertFile;
66 std::string ldapConfFile;
67 sdbusplus::bus_t bus;
68 };
69
70 class MockConfigMgr : public phosphor::ldap::ConfigMgr
71 {
72 public:
MockConfigMgr(sdbusplus::bus_t & bus,const char * path,const char * filePath,const char * dbusPersistentFile,const char * caCertFile,const char * certFile)73 MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
74 const char* dbusPersistentFile, const char* caCertFile,
75 const char* certFile) :
76 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
77 caCertFile, certFile)
78 {}
79 MOCK_METHOD1(restartService, void(const std::string& service));
80 MOCK_METHOD1(stopService, void(const std::string& service));
getOpenLdapConfigPtr()81 std::unique_ptr<Config>& getOpenLdapConfigPtr()
82 {
83 return openLDAPConfigPtr;
84 }
85
configBindPassword()86 std::string configBindPassword()
87 {
88 return getADConfigPtr()->ldapBindPassword;
89 }
90
getADConfigPtr()91 std::unique_ptr<Config>& getADConfigPtr()
92 {
93 return ADConfigPtr;
94 }
restore()95 void restore()
96 {
97 phosphor::ldap::ConfigMgr::restore();
98 return;
99 }
100
createDefaultObjects()101 void createDefaultObjects()
102 {
103 phosphor::ldap::ConfigMgr::createDefaultObjects();
104 }
105
secureLDAP()106 bool secureLDAP()
107 {
108 return ADConfigPtr->secureLDAP;
109 }
110
111 friend class TestLDAPConfig;
112 };
113
TEST_F(TestLDAPConfig,testCreate)114 TEST_F(TestLDAPConfig, testCreate)
115 {
116 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
117 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
118 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
119 auto dbusPersistentFilePath = std::string(dir.c_str());
120
121 if (fs::exists(configFilePath))
122 {
123 fs::remove(configFilePath);
124 }
125 EXPECT_FALSE(fs::exists(configFilePath));
126 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
127 dbusPersistentFilePath.c_str(),
128 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
129
130 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2);
131 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2);
132 EXPECT_CALL(manager, restartService("nscd.service")).Times(2);
133
134 manager.createConfig(
135 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp",
136 "MyLdap12", ldap_base::Create::SearchScope::sub,
137 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
138 manager.getADConfigPtr()->enabled(true);
139
140 manager.createConfig("ldap://9.194.251.137/", "cn=Users",
141 "cn=Users,dc=test", "MyLdap123",
142 ldap_base::Create::SearchScope::sub,
143 ldap_base::Create::Type::OpenLdap, "uid", "gid");
144 manager.getOpenLdapConfigPtr()->enabled(false);
145
146 // Below setting of username/groupname attr is to make sure
147 // that in-active config should not call the start/stop service.
148 manager.getOpenLdapConfigPtr()->userNameAttribute("abc");
149 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc");
150
151 manager.getOpenLdapConfigPtr()->groupNameAttribute("def");
152 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def");
153
154 EXPECT_TRUE(fs::exists(configFilePath));
155 EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(),
156 "ldap://9.194.251.136/");
157 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
158 EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
159 EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(),
160 ldap_base::Config::SearchScope::sub);
161 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
162 ldap_base::Config::Type::ActiveDirectory);
163
164 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid");
165 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid");
166 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
167 EXPECT_EQ(manager.configBindPassword(), "MyLdap12");
168 // change the password
169 manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14");
170 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
171 EXPECT_EQ(manager.configBindPassword(), "MyLdap14");
172 }
173
TEST_F(TestLDAPConfig,testDefaultObject)174 TEST_F(TestLDAPConfig, testDefaultObject)
175 {
176 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
177 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
178 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
179 auto dbusPersistentFilePath = std::string(dir.c_str());
180
181 if (fs::exists(configFilePath))
182 {
183 fs::remove(configFilePath);
184 }
185 EXPECT_FALSE(fs::exists(configFilePath));
186
187 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
188 dbusPersistentFilePath.c_str(),
189 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
190
191 manager.createDefaultObjects();
192
193 EXPECT_NE(nullptr, manager.getADConfigPtr());
194 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
195 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
196 ldap_base::Config::Type::ActiveDirectory);
197 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
198 ldap_base::Config::Type::OpenLdap);
199 }
200
TEST_F(TestLDAPConfig,testRestoresDefault)201 TEST_F(TestLDAPConfig, testRestoresDefault)
202 {
203 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
204 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
205 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
206 auto dbusPersistentFilePath = std::string(dir.c_str());
207
208 if (fs::exists(configFilePath))
209 {
210 fs::remove(configFilePath);
211 }
212 EXPECT_FALSE(fs::exists(configFilePath));
213
214 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
215 dbusPersistentFilePath.c_str(),
216 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
217
218 EXPECT_CALL(manager, stopService("nslcd.service")).Times(1);
219 EXPECT_CALL(manager, restartService("nslcd.service")).Times(0);
220 EXPECT_CALL(manager, restartService("nscd.service")).Times(0);
221
222 manager.restore();
223
224 EXPECT_NE(nullptr, manager.getADConfigPtr());
225 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
226 EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
227 ldap_base::Config::Type::ActiveDirectory);
228 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
229 ldap_base::Config::Type::OpenLdap);
230 EXPECT_FALSE(manager.getADConfigPtr()->enabled());
231 EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled());
232 }
233
TEST_F(TestLDAPConfig,testRestores)234 TEST_F(TestLDAPConfig, testRestores)
235 {
236 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
237 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
238 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
239 auto dbusPersistentFilePath = std::string(dir.c_str());
240
241 if (fs::exists(configFilePath))
242 {
243 fs::remove(configFilePath);
244 }
245 EXPECT_FALSE(fs::exists(configFilePath));
246 MockConfigMgr* managerPtr =
247 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
248 dbusPersistentFilePath.c_str(),
249 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
250 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
251 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
252 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
253 managerPtr->createConfig(
254 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
255 "MyLdap12", ldap_base::Create::SearchScope::sub,
256 ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
257 managerPtr->getADConfigPtr()->enabled(false);
258 EXPECT_FALSE(fs::exists(configFilePath));
259 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled());
260 managerPtr->getADConfigPtr()->enabled(true);
261
262 EXPECT_TRUE(fs::exists(configFilePath));
263 // Restore from configFilePath
264 managerPtr->restore();
265 // validate restored properties
266 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled());
267 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
268 "ldap://9.194.251.138/");
269 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
270 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
271 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
272 ldap_base::Config::SearchScope::sub);
273 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
274 ldap_base::Config::Type::ActiveDirectory);
275 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid");
276 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid");
277 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), "");
278 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12");
279 delete managerPtr;
280 }
281
TEST_F(TestLDAPConfig,testLDAPServerURI)282 TEST_F(TestLDAPConfig, testLDAPServerURI)
283 {
284 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
285 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
286 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
287 auto dbusPersistentFilePath = std::string(dir.c_str());
288
289 if (fs::exists(configFilePath))
290 {
291 fs::remove(configFilePath);
292 }
293 EXPECT_FALSE(fs::exists(configFilePath));
294 MockConfigMgr* managerPtr =
295 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
296 dbusPersistentFilePath.c_str(),
297 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
298
299 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
300 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
301 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
302
303 managerPtr->createConfig(
304 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
305 "MyLdap12", ldap_base::Create::SearchScope::sub,
306 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
307 managerPtr->getADConfigPtr()->enabled(true);
308
309 // Change LDAP Server URI
310 managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/");
311 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
312 "ldap://9.194.251.139/");
313
314 fs::remove(tlsCACertFilePath.c_str());
315 // Change LDAP Server URI to make it secure
316 EXPECT_THROW(
317 managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"),
318 NoCACertificate);
319
320 // check once again
321 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
322 "ldap://9.194.251.139/");
323
324 managerPtr->restore();
325 // Check LDAP Server URI
326 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
327 "ldap://9.194.251.139/");
328 delete managerPtr;
329 }
330
TEST_F(TestLDAPConfig,testLDAPBindDN)331 TEST_F(TestLDAPConfig, testLDAPBindDN)
332 {
333 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
334 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
335 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
336 auto dbusPersistentFilePath = std::string(dir.c_str());
337
338 if (fs::exists(configFilePath))
339 {
340 fs::remove(configFilePath);
341 }
342 EXPECT_FALSE(fs::exists(configFilePath));
343 MockConfigMgr* managerPtr =
344 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
345 dbusPersistentFilePath.c_str(),
346 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
347
348 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
349 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
350 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
351
352 managerPtr->createConfig(
353 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
354 "MyLdap12", ldap_base::Create::SearchScope::sub,
355 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
356 managerPtr->getADConfigPtr()->enabled(true);
357
358 // Change LDAP BindDN
359 managerPtr->getADConfigPtr()->ldapBindDN(
360 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
361 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
362 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
363 // Change LDAP BindDN
364 EXPECT_THROW(
365 {
366 try
367 {
368 managerPtr->getADConfigPtr()->ldapBindDN("");
369 }
370 catch (const InvalidArgument& e)
371 {
372 throw;
373 }
374 },
375 InvalidArgument);
376
377 managerPtr->restore();
378 // Check LDAP BindDN after restoring
379 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
380 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
381 delete managerPtr;
382 }
383
TEST_F(TestLDAPConfig,testLDAPBaseDN)384 TEST_F(TestLDAPConfig, testLDAPBaseDN)
385 {
386 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
387 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
388 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
389 auto dbusPersistentFilePath = std::string(dir.c_str());
390
391 if (fs::exists(configFilePath))
392 {
393 fs::remove(configFilePath);
394 }
395 EXPECT_FALSE(fs::exists(configFilePath));
396 MockConfigMgr* managerPtr =
397 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
398 dbusPersistentFilePath.c_str(),
399 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
400 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
401 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
402 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
403 managerPtr->createConfig(
404 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
405 "MyLdap12", ldap_base::Create::SearchScope::sub,
406 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
407 managerPtr->getADConfigPtr()->enabled(true);
408 // Change LDAP BaseDN
409 managerPtr->getADConfigPtr()->ldapBaseDN(
410 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
411 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
412 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
413 // Change LDAP BaseDN
414 EXPECT_THROW(
415 {
416 try
417 {
418 managerPtr->getADConfigPtr()->ldapBaseDN("");
419 }
420 catch (const InvalidArgument& e)
421 {
422 throw;
423 }
424 },
425 InvalidArgument);
426
427 managerPtr->restore();
428 // Check LDAP BaseDN after restoring
429 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
430 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
431 delete managerPtr;
432 }
433
TEST_F(TestLDAPConfig,testSearchScope)434 TEST_F(TestLDAPConfig, testSearchScope)
435 {
436 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
437 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
438 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
439 auto dbusPersistentFilePath = std::string(dir.c_str());
440
441 if (fs::exists(configFilePath))
442 {
443 fs::remove(configFilePath);
444 }
445 EXPECT_FALSE(fs::exists(configFilePath));
446 MockConfigMgr* managerPtr =
447 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
448 dbusPersistentFilePath.c_str(),
449 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
450 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
451 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
452 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
453 managerPtr->createConfig(
454 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
455 "MyLdap12", ldap_base::Create::SearchScope::sub,
456 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
457 managerPtr->getADConfigPtr()->enabled(true);
458
459 // Change LDAP SearchScope
460 managerPtr->getADConfigPtr()->ldapSearchScope(
461 ldap_base::Config::SearchScope::one);
462 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
463 ldap_base::Config::SearchScope::one);
464
465 managerPtr->restore();
466 // Check LDAP SearchScope after restoring
467 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
468 ldap_base::Config::SearchScope::one);
469 delete managerPtr;
470 }
471
TEST_F(TestLDAPConfig,testLDAPType)472 TEST_F(TestLDAPConfig, testLDAPType)
473 {
474 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
475 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
476 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
477 auto dbusPersistentFilePath = std::string(dir.c_str());
478
479 if (fs::exists(configFilePath))
480 {
481 fs::remove(configFilePath);
482 }
483 EXPECT_FALSE(fs::exists(configFilePath));
484 MockConfigMgr* managerPtr =
485 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
486 dbusPersistentFilePath.c_str(),
487 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
488 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
489 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
490 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
491 managerPtr->createConfig(
492 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
493 "MyLdap12", ldap_base::Create::SearchScope::sub,
494 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
495 managerPtr->getADConfigPtr()->enabled(true);
496
497 // Change LDAP type
498 // will not be changed
499 EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType(
500 ldap_base::Config::Type::OpenLdap),
501 NotAllowed);
502 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
503 ldap_base::Config::Type::ActiveDirectory);
504
505 managerPtr->restore();
506 // Check LDAP type after restoring
507 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
508 ldap_base::Config::Type::ActiveDirectory);
509 delete managerPtr;
510 }
511
TEST_F(TestLDAPConfig,testsecureLDAPRestore)512 TEST_F(TestLDAPConfig, testsecureLDAPRestore)
513 {
514 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
515 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
516 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
517 auto dbusPersistentFilePath = std::string(dir.c_str());
518
519 if (fs::exists(configFilePath))
520 {
521 fs::remove(configFilePath);
522 }
523 EXPECT_FALSE(fs::exists(configFilePath));
524 MockConfigMgr* managerPtr =
525 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
526 dbusPersistentFilePath.c_str(),
527 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
528 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
529 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
530 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
531 managerPtr->createConfig(
532 "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
533 "MyLdap12", ldap_base::Create::SearchScope::sub,
534 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
535 managerPtr->getADConfigPtr()->enabled(true);
536 EXPECT_TRUE(managerPtr->secureLDAP());
537 managerPtr->restore();
538 // Check secureLDAP variable value after restoring
539 EXPECT_TRUE(managerPtr->secureLDAP());
540
541 delete managerPtr;
542 }
543
TEST_F(TestLDAPConfig,filePermission)544 TEST_F(TestLDAPConfig, filePermission)
545 {
546 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
547 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
548 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
549 auto dbusPersistentFilePath = std::string(dir.c_str());
550
551 if (fs::exists(configFilePath))
552 {
553 fs::remove(configFilePath);
554 }
555 EXPECT_FALSE(fs::exists(configFilePath));
556 MockConfigMgr* managerPtr =
557 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
558 dbusPersistentFilePath.c_str(),
559 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
560 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
561 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
562 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
563 managerPtr->createConfig(
564 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
565 "MyLdap12", ldap_base::Create::SearchScope::sub,
566 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
567 managerPtr->getADConfigPtr()->enabled(true);
568
569 // Permission of the persistent file should be 640
570 // Others should not be allowed to read.
571 auto permission = fs::perms::owner_read | fs::perms::owner_write |
572 fs::perms::group_read;
573 auto persistFilepath = std::string(dir.c_str());
574 persistFilepath += adDbusObjectPath;
575 persistFilepath += "/config";
576
577 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission);
578 delete managerPtr;
579 }
580
TEST_F(TestLDAPConfig,ConditionalEnableConfig)581 TEST_F(TestLDAPConfig, ConditionalEnableConfig)
582 {
583 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
584 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
585 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
586 auto dbusPersistentFilePath = std::string(dir.c_str());
587
588 if (fs::exists(configFilePath))
589 {
590 fs::remove(configFilePath);
591 }
592 EXPECT_FALSE(fs::exists(configFilePath));
593 MockConfigMgr* managerPtr =
594 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
595 dbusPersistentFilePath.c_str(),
596 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
597 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3);
598 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
599 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2);
600 managerPtr->createConfig(
601 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
602 "MyLdap12", ldap_base::Create::SearchScope::sub,
603 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
604
605 managerPtr->createConfig(
606 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp",
607 "MyLdap123", ldap_base::Create::SearchScope::sub,
608 ldap_base::Create::Type::OpenLdap, "attr1", "attr2");
609
610 // Enable the AD configuration
611 managerPtr->getADConfigPtr()->enabled(true);
612
613 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
614 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
615
616 // AS AD is already enabled so openldap can't be enabled.
617 EXPECT_THROW(
618 {
619 try
620 {
621 managerPtr->getOpenLdapConfigPtr()->enabled(true);
622 }
623 catch (const NotAllowed& e)
624 {
625 throw;
626 }
627 },
628 NotAllowed);
629 // Check the values
630 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
631 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
632 // Let's disable the AD.
633 managerPtr->getADConfigPtr()->enabled(false);
634 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
635 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
636 // Now enable the openldap
637 managerPtr->getOpenLdapConfigPtr()->enabled(true);
638 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true);
639 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
640
641 delete managerPtr;
642 }
643
TEST_F(TestLDAPConfig,createPrivMapping)644 TEST_F(TestLDAPConfig, createPrivMapping)
645 {
646 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
647 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
648 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
649 auto dbusPersistentFilePath = std::string(dir.c_str());
650
651 if (fs::exists(configFilePath))
652 {
653 fs::remove(configFilePath);
654 }
655 EXPECT_FALSE(fs::exists(configFilePath));
656 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
657 dbusPersistentFilePath.c_str(),
658 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
659 manager.createDefaultObjects();
660 // Create the priv-mapping under the config.
661 manager.getADConfigPtr()->create("admin", "priv-admin");
662 // Check whether the entry has been created.
663 EXPECT_THROW(
664 {
665 try
666 {
667 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
668 }
669 catch (const PrivilegeMappingExists& e)
670 {
671 throw;
672 }
673 },
674 PrivilegeMappingExists);
675 }
676
TEST_F(TestLDAPConfig,deletePrivMapping)677 TEST_F(TestLDAPConfig, deletePrivMapping)
678 {
679 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
680 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
681 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
682 auto dbusPersistentFilePath = std::string(dir.c_str());
683
684 if (fs::exists(configFilePath))
685 {
686 fs::remove(configFilePath);
687 }
688 EXPECT_FALSE(fs::exists(configFilePath));
689 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
690 dbusPersistentFilePath.c_str(),
691 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
692 manager.createDefaultObjects();
693 // Create the priv-mapping under the config.
694 manager.getADConfigPtr()->create("admin", "priv-admin");
695 manager.getADConfigPtr()->create("user", "priv-user");
696 // Check whether the entry has been created.
697 EXPECT_THROW(
698 {
699 try
700 {
701 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
702 manager.getADConfigPtr()->checkPrivilegeMapper("user");
703 }
704 catch (const PrivilegeMappingExists& e)
705 {
706 throw;
707 }
708 },
709 PrivilegeMappingExists);
710
711 // This would delete the admin privilege
712 manager.getADConfigPtr()->deletePrivilegeMapper(1);
713 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"));
714 manager.getADConfigPtr()->deletePrivilegeMapper(2);
715 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user"));
716 }
717
TEST_F(TestLDAPConfig,restorePrivMapping)718 TEST_F(TestLDAPConfig, restorePrivMapping)
719 {
720 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
721 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
722 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
723 auto dbusPersistentFilePath = std::string(dir.c_str());
724
725 if (fs::exists(configFilePath))
726 {
727 fs::remove(configFilePath);
728 }
729 EXPECT_FALSE(fs::exists(configFilePath));
730 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
731 dbusPersistentFilePath.c_str(),
732 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
733 manager.createDefaultObjects();
734 // Create the priv-mapping under the config.
735 manager.getADConfigPtr()->create("admin", "priv-admin");
736 manager.getOpenLdapConfigPtr()->create("user", "priv-user");
737 manager.restore();
738 EXPECT_THROW(
739 {
740 try
741 {
742 manager.getADConfigPtr()->checkPrivilegeMapper("admin");
743 }
744 catch (const PrivilegeMappingExists& e)
745 {
746 throw;
747 }
748 },
749 PrivilegeMappingExists);
750
751 EXPECT_THROW(
752 {
753 try
754 {
755 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user");
756 }
757 catch (const PrivilegeMappingExists& e)
758 {
759 throw;
760 }
761 },
762 PrivilegeMappingExists);
763 }
764
TEST_F(TestLDAPConfig,testPrivileges)765 TEST_F(TestLDAPConfig, testPrivileges)
766 {
767 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
768 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
769 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
770 auto dbusPersistentFilePath = std::string(dir.c_str());
771
772 if (fs::exists(configFilePath))
773 {
774 fs::remove(configFilePath);
775 }
776 EXPECT_FALSE(fs::exists(configFilePath));
777 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
778 dbusPersistentFilePath.c_str(),
779 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
780 manager.createDefaultObjects();
781
782 std::string groupName = "admin";
783 std::string privilege = "priv-admin";
784 size_t entryId = 1;
785 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
786 "/active_directory/role_map/" + std::to_string(entryId);
787 dbusPersistentFilePath += dbusPath;
788
789 auto entry = std::make_unique<LDAPMapperEntry>(
790 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName,
791 privilege, *(manager.getADConfigPtr()));
792
793 EXPECT_NO_THROW(entry->privilege("priv-operator"));
794 EXPECT_NO_THROW(entry->privilege("priv-user"));
795 }
796
797 } // namespace ldap
798 } // namespace phosphor
799