1d514e5dcSNagaraju Goruganti #include "config.h"
29638afb9SPatrick Williams
337fb3feeSRatan Gupta #include "phosphor-ldap-config/ldap_config.hpp"
4e1f4db62SRatan Gupta #include "phosphor-ldap-config/ldap_config_mgr.hpp"
5d514e5dcSNagaraju Goruganti
69638afb9SPatrick Williams #include <sys/types.h>
79638afb9SPatrick Williams
8d514e5dcSNagaraju Goruganti #include <sdbusplus/bus.hpp>
9d514e5dcSNagaraju Goruganti #include <xyz/openbmc_project/Common/error.hpp>
10fef57896SRatan Gupta #include <xyz/openbmc_project/User/Common/error.hpp>
1195a29314SRatan Gupta
1295a29314SRatan Gupta #include <filesystem>
13d514e5dcSNagaraju Goruganti #include <fstream>
14d514e5dcSNagaraju Goruganti #include <string>
159638afb9SPatrick Williams
169638afb9SPatrick Williams #include <gmock/gmock.h>
179638afb9SPatrick Williams #include <gtest/gtest.h>
18d514e5dcSNagaraju Goruganti
19d514e5dcSNagaraju Goruganti namespace phosphor
20d514e5dcSNagaraju Goruganti {
21d514e5dcSNagaraju Goruganti namespace ldap
22d514e5dcSNagaraju Goruganti {
2395a29314SRatan Gupta namespace fs = std::filesystem;
24d514e5dcSNagaraju Goruganti namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server;
25e8d664d1SJiaqing Zhao using namespace sdbusplus::xyz::openbmc_project::Common::Error;
26fef57896SRatan Gupta using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
27fef57896SRatan Gupta Error::PrivilegeMappingExists;
28e8d664d1SJiaqing Zhao using Config = phosphor::ldap::Config;
29d514e5dcSNagaraju Goruganti
30d514e5dcSNagaraju Goruganti class TestLDAPConfig : public testing::Test
31d514e5dcSNagaraju Goruganti {
32d514e5dcSNagaraju Goruganti public:
TestLDAPConfig()33*b7043047SPatrick Williams TestLDAPConfig() : bus(sdbusplus::bus::new_default()) {}
SetUp()34d514e5dcSNagaraju Goruganti void SetUp() override
35d514e5dcSNagaraju Goruganti {
36d514e5dcSNagaraju Goruganti using namespace phosphor::ldap;
37d514e5dcSNagaraju Goruganti char tmpldap[] = "/tmp/ldap_test.XXXXXX";
38d514e5dcSNagaraju Goruganti dir = fs::path(mkdtemp(tmpldap));
395d00cf25SZbigniew Kurzynski fs::path tlsCacertFilePath{TLS_CACERT_PATH};
4078d85042SNan Zhou tlsCACertFile = tlsCacertFilePath.filename().c_str();
4122f13f18SRatan Gupta fs::path tlsCertFilePath{TLS_CERT_FILE};
4222f13f18SRatan Gupta tlsCertFile = tlsCertFilePath.filename().c_str();
4322f13f18SRatan Gupta
44d514e5dcSNagaraju Goruganti fs::path confFilePath{LDAP_CONFIG_FILE};
4578d85042SNan Zhou ldapConfFile = confFilePath.filename().c_str();
46d514e5dcSNagaraju Goruganti std::fstream fs;
47d514e5dcSNagaraju Goruganti fs.open(dir / defaultNslcdFile, std::fstream::out);
48d514e5dcSNagaraju Goruganti fs.close();
49d514e5dcSNagaraju Goruganti fs.open(dir / nsSwitchFile, std::fstream::out);
50d514e5dcSNagaraju Goruganti fs.close();
5178d85042SNan Zhou fs.open(dir / tlsCACertFile, std::fstream::out);
5222f13f18SRatan Gupta fs.close();
5322f13f18SRatan Gupta fs.open(dir / tlsCertFile, std::fstream::out);
5422f13f18SRatan Gupta fs.close();
55d514e5dcSNagaraju Goruganti }
56d514e5dcSNagaraju Goruganti
TearDown()57d514e5dcSNagaraju Goruganti void TearDown() override
58d514e5dcSNagaraju Goruganti {
59d514e5dcSNagaraju Goruganti fs::remove_all(dir);
60d514e5dcSNagaraju Goruganti }
61d514e5dcSNagaraju Goruganti
62d514e5dcSNagaraju Goruganti protected:
63d514e5dcSNagaraju Goruganti fs::path dir;
6478d85042SNan Zhou std::string tlsCACertFile;
6522f13f18SRatan Gupta std::string tlsCertFile;
6678d85042SNan Zhou std::string ldapConfFile;
67b3ef4e1aSPatrick Williams sdbusplus::bus_t bus;
68d514e5dcSNagaraju Goruganti };
69d514e5dcSNagaraju Goruganti
70d514e5dcSNagaraju Goruganti class MockConfigMgr : public phosphor::ldap::ConfigMgr
71d514e5dcSNagaraju Goruganti {
72d514e5dcSNagaraju Goruganti public:
MockConfigMgr(sdbusplus::bus_t & bus,const char * path,const char * filePath,const char * dbusPersistentFile,const char * caCertFile,const char * certFile)73b3ef4e1aSPatrick Williams MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
74b3ef4e1aSPatrick Williams const char* dbusPersistentFile, const char* caCertFile,
75b3ef4e1aSPatrick Williams const char* certFile) :
7695a29314SRatan Gupta phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
7722f13f18SRatan Gupta caCertFile, certFile)
789638afb9SPatrick Williams {}
79d514e5dcSNagaraju Goruganti MOCK_METHOD1(restartService, void(const std::string& service));
80d514e5dcSNagaraju Goruganti MOCK_METHOD1(stopService, void(const std::string& service));
getOpenLdapConfigPtr()8127d4c011SRatan Gupta std::unique_ptr<Config>& getOpenLdapConfigPtr()
82d514e5dcSNagaraju Goruganti {
8327d4c011SRatan Gupta return openLDAPConfigPtr;
84d514e5dcSNagaraju Goruganti }
85d514e5dcSNagaraju Goruganti
configBindPassword()863a1c2741SRatan Gupta std::string configBindPassword()
873a1c2741SRatan Gupta {
88e6500a49SPatrick Williams return getADConfigPtr()->ldapBindPassword;
893a1c2741SRatan Gupta }
903a1c2741SRatan Gupta
getADConfigPtr()9127d4c011SRatan Gupta std::unique_ptr<Config>& getADConfigPtr()
92d514e5dcSNagaraju Goruganti {
9327d4c011SRatan Gupta return ADConfigPtr;
9427d4c011SRatan Gupta }
restore()9527d4c011SRatan Gupta void restore()
9627d4c011SRatan Gupta {
9721e88cb5SRatan Gupta phosphor::ldap::ConfigMgr::restore();
98d514e5dcSNagaraju Goruganti return;
99d514e5dcSNagaraju Goruganti }
100d514e5dcSNagaraju Goruganti
createDefaultObjects()10127d4c011SRatan Gupta void createDefaultObjects()
10227d4c011SRatan Gupta {
10327d4c011SRatan Gupta phosphor::ldap::ConfigMgr::createDefaultObjects();
10427d4c011SRatan Gupta }
10527d4c011SRatan Gupta
secureLDAP()106d5884043SRavi Teja bool secureLDAP()
107d5884043SRavi Teja {
108d5884043SRavi Teja return ADConfigPtr->secureLDAP;
109d5884043SRavi Teja }
110d5884043SRavi Teja
111d514e5dcSNagaraju Goruganti friend class TestLDAPConfig;
112d514e5dcSNagaraju Goruganti };
113d514e5dcSNagaraju Goruganti
TEST_F(TestLDAPConfig,testCreate)114d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testCreate)
115d514e5dcSNagaraju Goruganti {
11678d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
11778d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
11878d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
11921e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
120d514e5dcSNagaraju Goruganti
121d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath))
122d514e5dcSNagaraju Goruganti {
123d514e5dcSNagaraju Goruganti fs::remove(configFilePath);
124d514e5dcSNagaraju Goruganti }
125d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath));
1263b4d06a1SNagaraju Goruganti MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
12778d85042SNan Zhou dbusPersistentFilePath.c_str(),
12878d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
12927d4c011SRatan Gupta
130ec11754bSRatan Gupta EXPECT_CALL(manager, stopService("nslcd.service")).Times(2);
1313a1c2741SRatan Gupta EXPECT_CALL(manager, restartService("nslcd.service")).Times(2);
132ec11754bSRatan Gupta EXPECT_CALL(manager, restartService("nscd.service")).Times(2);
13321e88cb5SRatan Gupta
134aeaf9413SRatan Gupta manager.createConfig(
135aeaf9413SRatan Gupta "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp",
136aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
137aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
13827d4c011SRatan Gupta manager.getADConfigPtr()->enabled(true);
13995a29314SRatan Gupta
140ec11754bSRatan Gupta manager.createConfig("ldap://9.194.251.137/", "cn=Users",
141ec11754bSRatan Gupta "cn=Users,dc=test", "MyLdap123",
142ec11754bSRatan Gupta ldap_base::Create::SearchScope::sub,
143ec11754bSRatan Gupta ldap_base::Create::Type::OpenLdap, "uid", "gid");
144ec11754bSRatan Gupta manager.getOpenLdapConfigPtr()->enabled(false);
145ec11754bSRatan Gupta
146ec11754bSRatan Gupta // Below setting of username/groupname attr is to make sure
147ec11754bSRatan Gupta // that in-active config should not call the start/stop service.
148ec11754bSRatan Gupta manager.getOpenLdapConfigPtr()->userNameAttribute("abc");
149ec11754bSRatan Gupta EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc");
150ec11754bSRatan Gupta
151ec11754bSRatan Gupta manager.getOpenLdapConfigPtr()->groupNameAttribute("def");
152ec11754bSRatan Gupta EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def");
153ec11754bSRatan Gupta
154d514e5dcSNagaraju Goruganti EXPECT_TRUE(fs::exists(configFilePath));
155e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(),
15627d4c011SRatan Gupta "ldap://9.194.251.136/");
157e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
158e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
159e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(),
160d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::sub);
161e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
162d514e5dcSNagaraju Goruganti ldap_base::Config::Type::ActiveDirectory);
16327d4c011SRatan Gupta
16427d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid");
16527d4c011SRatan Gupta EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid");
166e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
1673a1c2741SRatan Gupta EXPECT_EQ(manager.configBindPassword(), "MyLdap12");
1683a1c2741SRatan Gupta // change the password
169e6500a49SPatrick Williams manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14");
170e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), "");
1713a1c2741SRatan Gupta EXPECT_EQ(manager.configBindPassword(), "MyLdap14");
172d514e5dcSNagaraju Goruganti }
173d514e5dcSNagaraju Goruganti
TEST_F(TestLDAPConfig,testDefaultObject)17427d4c011SRatan Gupta TEST_F(TestLDAPConfig, testDefaultObject)
17527d4c011SRatan Gupta {
17678d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
17778d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
17878d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
17921e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
18027d4c011SRatan Gupta
18127d4c011SRatan Gupta if (fs::exists(configFilePath))
18227d4c011SRatan Gupta {
18327d4c011SRatan Gupta fs::remove(configFilePath);
18427d4c011SRatan Gupta }
18527d4c011SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
18627d4c011SRatan Gupta
18727d4c011SRatan Gupta MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
18878d85042SNan Zhou dbusPersistentFilePath.c_str(),
18978d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
19027d4c011SRatan Gupta
19127d4c011SRatan Gupta manager.createDefaultObjects();
19227d4c011SRatan Gupta
19327d4c011SRatan Gupta EXPECT_NE(nullptr, manager.getADConfigPtr());
19427d4c011SRatan Gupta EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
195e6500a49SPatrick Williams EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
19627d4c011SRatan Gupta ldap_base::Config::Type::ActiveDirectory);
197e6500a49SPatrick Williams EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
19827d4c011SRatan Gupta ldap_base::Config::Type::OpenLdap);
19927d4c011SRatan Gupta }
20021e88cb5SRatan Gupta
TEST_F(TestLDAPConfig,testRestoresDefault)201372c5668SAlexander Filippov TEST_F(TestLDAPConfig, testRestoresDefault)
202372c5668SAlexander Filippov {
20378d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
20478d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
20578d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
206372c5668SAlexander Filippov auto dbusPersistentFilePath = std::string(dir.c_str());
207372c5668SAlexander Filippov
208372c5668SAlexander Filippov if (fs::exists(configFilePath))
209372c5668SAlexander Filippov {
210372c5668SAlexander Filippov fs::remove(configFilePath);
211372c5668SAlexander Filippov }
212372c5668SAlexander Filippov EXPECT_FALSE(fs::exists(configFilePath));
213372c5668SAlexander Filippov
214372c5668SAlexander Filippov MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
21578d85042SNan Zhou dbusPersistentFilePath.c_str(),
21678d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
217372c5668SAlexander Filippov
218372c5668SAlexander Filippov EXPECT_CALL(manager, stopService("nslcd.service")).Times(1);
219372c5668SAlexander Filippov EXPECT_CALL(manager, restartService("nslcd.service")).Times(0);
220372c5668SAlexander Filippov EXPECT_CALL(manager, restartService("nscd.service")).Times(0);
221372c5668SAlexander Filippov
222372c5668SAlexander Filippov manager.restore();
223372c5668SAlexander Filippov
224372c5668SAlexander Filippov EXPECT_NE(nullptr, manager.getADConfigPtr());
225372c5668SAlexander Filippov EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr());
226372c5668SAlexander Filippov EXPECT_EQ(manager.getADConfigPtr()->ldapType(),
227372c5668SAlexander Filippov ldap_base::Config::Type::ActiveDirectory);
228372c5668SAlexander Filippov EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(),
229372c5668SAlexander Filippov ldap_base::Config::Type::OpenLdap);
230372c5668SAlexander Filippov EXPECT_FALSE(manager.getADConfigPtr()->enabled());
231372c5668SAlexander Filippov EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled());
232372c5668SAlexander Filippov }
233372c5668SAlexander Filippov
TEST_F(TestLDAPConfig,testRestores)234d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testRestores)
235d514e5dcSNagaraju Goruganti {
23678d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
23778d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
23878d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
23921e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
240d514e5dcSNagaraju Goruganti
241d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath))
242d514e5dcSNagaraju Goruganti {
243d514e5dcSNagaraju Goruganti fs::remove(configFilePath);
244d514e5dcSNagaraju Goruganti }
245d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath));
24622f13f18SRatan Gupta MockConfigMgr* managerPtr =
24722f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
24878d85042SNan Zhou dbusPersistentFilePath.c_str(),
24978d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
25021e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
251372c5668SAlexander Filippov EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
25221e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
253aeaf9413SRatan Gupta managerPtr->createConfig(
254aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
255aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
256aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "uid", "gid");
25721e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(false);
25821e88cb5SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
25921e88cb5SRatan Gupta EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled());
26021e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
26195a29314SRatan Gupta
262d514e5dcSNagaraju Goruganti EXPECT_TRUE(fs::exists(configFilePath));
263d514e5dcSNagaraju Goruganti // Restore from configFilePath
26421e88cb5SRatan Gupta managerPtr->restore();
265d514e5dcSNagaraju Goruganti // validate restored properties
26621e88cb5SRatan Gupta EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled());
267e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
268d514e5dcSNagaraju Goruganti "ldap://9.194.251.138/");
269e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com");
270e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp");
271e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
272d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::sub);
273e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
274d514e5dcSNagaraju Goruganti ldap_base::Config::Type::ActiveDirectory);
27521e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid");
27621e88cb5SRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid");
277e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), "");
2783a1c2741SRatan Gupta EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12");
279d514e5dcSNagaraju Goruganti delete managerPtr;
280d514e5dcSNagaraju Goruganti }
281d514e5dcSNagaraju Goruganti
TEST_F(TestLDAPConfig,testLDAPServerURI)282d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPServerURI)
283d514e5dcSNagaraju Goruganti {
28478d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
28578d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
28678d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
28721e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
2883b4d06a1SNagaraju Goruganti
289d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath))
290d514e5dcSNagaraju Goruganti {
291d514e5dcSNagaraju Goruganti fs::remove(configFilePath);
292d514e5dcSNagaraju Goruganti }
293d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath));
29422f13f18SRatan Gupta MockConfigMgr* managerPtr =
29522f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
29678d85042SNan Zhou dbusPersistentFilePath.c_str(),
29778d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
29821e88cb5SRatan Gupta
29921e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
300372c5668SAlexander Filippov EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
30121e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
302d514e5dcSNagaraju Goruganti
303aeaf9413SRatan Gupta managerPtr->createConfig(
304aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
305aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
306aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
30721e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
30895a29314SRatan Gupta
309d514e5dcSNagaraju Goruganti // Change LDAP Server URI
310e6500a49SPatrick Williams managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/");
311e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
3123b4d06a1SNagaraju Goruganti "ldap://9.194.251.139/");
31321e88cb5SRatan Gupta
31478d85042SNan Zhou fs::remove(tlsCACertFilePath.c_str());
31521e88cb5SRatan Gupta // Change LDAP Server URI to make it secure
3163b4d06a1SNagaraju Goruganti EXPECT_THROW(
317e6500a49SPatrick Williams managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"),
3183b4d06a1SNagaraju Goruganti NoCACertificate);
319d514e5dcSNagaraju Goruganti
32021e88cb5SRatan Gupta // check once again
321e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
32221e88cb5SRatan Gupta "ldap://9.194.251.139/");
32321e88cb5SRatan Gupta
32421e88cb5SRatan Gupta managerPtr->restore();
325d514e5dcSNagaraju Goruganti // Check LDAP Server URI
326e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(),
3273b4d06a1SNagaraju Goruganti "ldap://9.194.251.139/");
328d514e5dcSNagaraju Goruganti delete managerPtr;
329d514e5dcSNagaraju Goruganti }
330d514e5dcSNagaraju Goruganti
TEST_F(TestLDAPConfig,testLDAPBindDN)331d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPBindDN)
332d514e5dcSNagaraju Goruganti {
33378d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
33478d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
33578d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
33621e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
3373b4d06a1SNagaraju Goruganti
338d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath))
339d514e5dcSNagaraju Goruganti {
340d514e5dcSNagaraju Goruganti fs::remove(configFilePath);
341d514e5dcSNagaraju Goruganti }
342d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath));
34322f13f18SRatan Gupta MockConfigMgr* managerPtr =
34422f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
34578d85042SNan Zhou dbusPersistentFilePath.c_str(),
34678d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
34721e88cb5SRatan Gupta
34821e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
349372c5668SAlexander Filippov EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
35021e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
351d514e5dcSNagaraju Goruganti
352aeaf9413SRatan Gupta managerPtr->createConfig(
353aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
354aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
355aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
35621e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
35795a29314SRatan Gupta
358d514e5dcSNagaraju Goruganti // Change LDAP BindDN
359e6500a49SPatrick Williams managerPtr->getADConfigPtr()->ldapBindDN(
360d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
361e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
362d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
363d514e5dcSNagaraju Goruganti // Change LDAP BindDN
364d514e5dcSNagaraju Goruganti EXPECT_THROW(
365d514e5dcSNagaraju Goruganti {
366d514e5dcSNagaraju Goruganti try
367d514e5dcSNagaraju Goruganti {
368e6500a49SPatrick Williams managerPtr->getADConfigPtr()->ldapBindDN("");
369d514e5dcSNagaraju Goruganti }
370d514e5dcSNagaraju Goruganti catch (const InvalidArgument& e)
371d514e5dcSNagaraju Goruganti {
372d514e5dcSNagaraju Goruganti throw;
373d514e5dcSNagaraju Goruganti }
374d514e5dcSNagaraju Goruganti },
375d514e5dcSNagaraju Goruganti InvalidArgument);
376d514e5dcSNagaraju Goruganti
37721e88cb5SRatan Gupta managerPtr->restore();
378d514e5dcSNagaraju Goruganti // Check LDAP BindDN after restoring
379e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(),
380d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
381d514e5dcSNagaraju Goruganti delete managerPtr;
382d514e5dcSNagaraju Goruganti }
383d514e5dcSNagaraju Goruganti
TEST_F(TestLDAPConfig,testLDAPBaseDN)384d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPBaseDN)
385d514e5dcSNagaraju Goruganti {
38678d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
38778d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
38878d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
38921e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
3903b4d06a1SNagaraju Goruganti
391d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath))
392d514e5dcSNagaraju Goruganti {
393d514e5dcSNagaraju Goruganti fs::remove(configFilePath);
394d514e5dcSNagaraju Goruganti }
395d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath));
39622f13f18SRatan Gupta MockConfigMgr* managerPtr =
39722f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
39878d85042SNan Zhou dbusPersistentFilePath.c_str(),
39978d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
40021e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
401372c5668SAlexander Filippov EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
40221e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
403aeaf9413SRatan Gupta managerPtr->createConfig(
404aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
405aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
406aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
40721e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
408d514e5dcSNagaraju Goruganti // Change LDAP BaseDN
409e6500a49SPatrick Williams managerPtr->getADConfigPtr()->ldapBaseDN(
410d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
411e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
412d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
413d514e5dcSNagaraju Goruganti // Change LDAP BaseDN
414d514e5dcSNagaraju Goruganti EXPECT_THROW(
415d514e5dcSNagaraju Goruganti {
416d514e5dcSNagaraju Goruganti try
417d514e5dcSNagaraju Goruganti {
418e6500a49SPatrick Williams managerPtr->getADConfigPtr()->ldapBaseDN("");
419d514e5dcSNagaraju Goruganti }
420d514e5dcSNagaraju Goruganti catch (const InvalidArgument& e)
421d514e5dcSNagaraju Goruganti {
422d514e5dcSNagaraju Goruganti throw;
423d514e5dcSNagaraju Goruganti }
424d514e5dcSNagaraju Goruganti },
425d514e5dcSNagaraju Goruganti InvalidArgument);
426d514e5dcSNagaraju Goruganti
42721e88cb5SRatan Gupta managerPtr->restore();
428d514e5dcSNagaraju Goruganti // Check LDAP BaseDN after restoring
429e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(),
430d514e5dcSNagaraju Goruganti "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com");
431d514e5dcSNagaraju Goruganti delete managerPtr;
432d514e5dcSNagaraju Goruganti }
433d514e5dcSNagaraju Goruganti
TEST_F(TestLDAPConfig,testSearchScope)434d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testSearchScope)
435d514e5dcSNagaraju Goruganti {
43678d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
43778d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
43878d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
43921e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
4403b4d06a1SNagaraju Goruganti
441d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath))
442d514e5dcSNagaraju Goruganti {
443d514e5dcSNagaraju Goruganti fs::remove(configFilePath);
444d514e5dcSNagaraju Goruganti }
445d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath));
44622f13f18SRatan Gupta MockConfigMgr* managerPtr =
44722f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
44878d85042SNan Zhou dbusPersistentFilePath.c_str(),
44978d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
45021e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
451372c5668SAlexander Filippov EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3);
45221e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
453aeaf9413SRatan Gupta managerPtr->createConfig(
454aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
455aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
456aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
45721e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
45895a29314SRatan Gupta
459d514e5dcSNagaraju Goruganti // Change LDAP SearchScope
460e6500a49SPatrick Williams managerPtr->getADConfigPtr()->ldapSearchScope(
461d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::one);
462e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
463d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::one);
464d514e5dcSNagaraju Goruganti
46521e88cb5SRatan Gupta managerPtr->restore();
466d514e5dcSNagaraju Goruganti // Check LDAP SearchScope after restoring
467e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(),
468d514e5dcSNagaraju Goruganti ldap_base::Config::SearchScope::one);
469d514e5dcSNagaraju Goruganti delete managerPtr;
470d514e5dcSNagaraju Goruganti }
471d514e5dcSNagaraju Goruganti
TEST_F(TestLDAPConfig,testLDAPType)472d514e5dcSNagaraju Goruganti TEST_F(TestLDAPConfig, testLDAPType)
473d514e5dcSNagaraju Goruganti {
47478d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
47578d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
47678d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
47721e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
4783b4d06a1SNagaraju Goruganti
479d514e5dcSNagaraju Goruganti if (fs::exists(configFilePath))
480d514e5dcSNagaraju Goruganti {
481d514e5dcSNagaraju Goruganti fs::remove(configFilePath);
482d514e5dcSNagaraju Goruganti }
483d514e5dcSNagaraju Goruganti EXPECT_FALSE(fs::exists(configFilePath));
48422f13f18SRatan Gupta MockConfigMgr* managerPtr =
48522f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
48678d85042SNan Zhou dbusPersistentFilePath.c_str(),
48778d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
48821e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
489372c5668SAlexander Filippov EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
49021e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
491aeaf9413SRatan Gupta managerPtr->createConfig(
492aeaf9413SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
493aeaf9413SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
494aeaf9413SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
49521e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
49695a29314SRatan Gupta
497d514e5dcSNagaraju Goruganti // Change LDAP type
49821e88cb5SRatan Gupta // will not be changed
499e6500a49SPatrick Williams EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType(
50021e88cb5SRatan Gupta ldap_base::Config::Type::OpenLdap),
50121e88cb5SRatan Gupta NotAllowed);
502e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
50321e88cb5SRatan Gupta ldap_base::Config::Type::ActiveDirectory);
504d514e5dcSNagaraju Goruganti
50521e88cb5SRatan Gupta managerPtr->restore();
506d514e5dcSNagaraju Goruganti // Check LDAP type after restoring
507e6500a49SPatrick Williams EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(),
50821e88cb5SRatan Gupta ldap_base::Config::Type::ActiveDirectory);
509d514e5dcSNagaraju Goruganti delete managerPtr;
510d514e5dcSNagaraju Goruganti }
51121e88cb5SRatan Gupta
TEST_F(TestLDAPConfig,testsecureLDAPRestore)512d5884043SRavi Teja TEST_F(TestLDAPConfig, testsecureLDAPRestore)
513d5884043SRavi Teja {
51478d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
51578d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
51678d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
517d5884043SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
518d5884043SRavi Teja
519d5884043SRavi Teja if (fs::exists(configFilePath))
520d5884043SRavi Teja {
521d5884043SRavi Teja fs::remove(configFilePath);
522d5884043SRavi Teja }
523d5884043SRavi Teja EXPECT_FALSE(fs::exists(configFilePath));
524d5884043SRavi Teja MockConfigMgr* managerPtr =
525d5884043SRavi Teja new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
52678d85042SNan Zhou dbusPersistentFilePath.c_str(),
52778d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
528d5884043SRavi Teja EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
529372c5668SAlexander Filippov EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
530d5884043SRavi Teja EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
531d5884043SRavi Teja managerPtr->createConfig(
532d5884043SRavi Teja "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
533d5884043SRavi Teja "MyLdap12", ldap_base::Create::SearchScope::sub,
534d5884043SRavi Teja ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
535d5884043SRavi Teja managerPtr->getADConfigPtr()->enabled(true);
536d5884043SRavi Teja EXPECT_TRUE(managerPtr->secureLDAP());
537d5884043SRavi Teja managerPtr->restore();
538d5884043SRavi Teja // Check secureLDAP variable value after restoring
539d5884043SRavi Teja EXPECT_TRUE(managerPtr->secureLDAP());
540d5884043SRavi Teja
541d5884043SRavi Teja delete managerPtr;
542d5884043SRavi Teja }
543d5884043SRavi Teja
TEST_F(TestLDAPConfig,filePermission)54421e88cb5SRatan Gupta TEST_F(TestLDAPConfig, filePermission)
54521e88cb5SRatan Gupta {
54678d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
54778d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
54878d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
54921e88cb5SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
55021e88cb5SRatan Gupta
55121e88cb5SRatan Gupta if (fs::exists(configFilePath))
55221e88cb5SRatan Gupta {
55321e88cb5SRatan Gupta fs::remove(configFilePath);
55421e88cb5SRatan Gupta }
55521e88cb5SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
55622f13f18SRatan Gupta MockConfigMgr* managerPtr =
55722f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
55878d85042SNan Zhou dbusPersistentFilePath.c_str(),
55978d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
56021e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1);
56121e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1);
56221e88cb5SRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1);
56321e88cb5SRatan Gupta managerPtr->createConfig(
56421e88cb5SRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
56521e88cb5SRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
56621e88cb5SRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
56721e88cb5SRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
56821e88cb5SRatan Gupta
56921e88cb5SRatan Gupta // Permission of the persistent file should be 640
57021e88cb5SRatan Gupta // Others should not be allowed to read.
571*b7043047SPatrick Williams auto permission = fs::perms::owner_read | fs::perms::owner_write |
572*b7043047SPatrick Williams fs::perms::group_read;
57321e88cb5SRatan Gupta auto persistFilepath = std::string(dir.c_str());
57478d85042SNan Zhou persistFilepath += adDbusObjectPath;
57521e88cb5SRatan Gupta persistFilepath += "/config";
57621e88cb5SRatan Gupta
57721e88cb5SRatan Gupta EXPECT_EQ(fs::status(persistFilepath).permissions(), permission);
57821e88cb5SRatan Gupta delete managerPtr;
57921e88cb5SRatan Gupta }
58021e88cb5SRatan Gupta
TEST_F(TestLDAPConfig,ConditionalEnableConfig)581c5481d1cSRatan Gupta TEST_F(TestLDAPConfig, ConditionalEnableConfig)
582c5481d1cSRatan Gupta {
58378d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
58478d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
58578d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
586c5481d1cSRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
587c5481d1cSRatan Gupta
588c5481d1cSRatan Gupta if (fs::exists(configFilePath))
589c5481d1cSRatan Gupta {
590c5481d1cSRatan Gupta fs::remove(configFilePath);
591c5481d1cSRatan Gupta }
592c5481d1cSRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
59322f13f18SRatan Gupta MockConfigMgr* managerPtr =
59422f13f18SRatan Gupta new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
59578d85042SNan Zhou dbusPersistentFilePath.c_str(),
59678d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
597c5481d1cSRatan Gupta EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3);
598c5481d1cSRatan Gupta EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2);
599c5481d1cSRatan Gupta EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2);
600c5481d1cSRatan Gupta managerPtr->createConfig(
601c5481d1cSRatan Gupta "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp",
602c5481d1cSRatan Gupta "MyLdap12", ldap_base::Create::SearchScope::sub,
603c5481d1cSRatan Gupta ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2");
604c5481d1cSRatan Gupta
605c5481d1cSRatan Gupta managerPtr->createConfig(
606c5481d1cSRatan Gupta "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp",
607c5481d1cSRatan Gupta "MyLdap123", ldap_base::Create::SearchScope::sub,
608c5481d1cSRatan Gupta ldap_base::Create::Type::OpenLdap, "attr1", "attr2");
609c5481d1cSRatan Gupta
610c5481d1cSRatan Gupta // Enable the AD configuration
611c5481d1cSRatan Gupta managerPtr->getADConfigPtr()->enabled(true);
612c5481d1cSRatan Gupta
613c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
614c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
615c5481d1cSRatan Gupta
616c5481d1cSRatan Gupta // AS AD is already enabled so openldap can't be enabled.
617c5481d1cSRatan Gupta EXPECT_THROW(
618c5481d1cSRatan Gupta {
619c5481d1cSRatan Gupta try
620c5481d1cSRatan Gupta {
621c5481d1cSRatan Gupta managerPtr->getOpenLdapConfigPtr()->enabled(true);
622c5481d1cSRatan Gupta }
623c5481d1cSRatan Gupta catch (const NotAllowed& e)
624c5481d1cSRatan Gupta {
625c5481d1cSRatan Gupta throw;
626c5481d1cSRatan Gupta }
627c5481d1cSRatan Gupta },
628c5481d1cSRatan Gupta NotAllowed);
629c5481d1cSRatan Gupta // Check the values
630c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true);
631c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
632c5481d1cSRatan Gupta // Let's disable the AD.
633c5481d1cSRatan Gupta managerPtr->getADConfigPtr()->enabled(false);
634c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
635c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false);
636c5481d1cSRatan Gupta // Now enable the openldap
637c5481d1cSRatan Gupta managerPtr->getOpenLdapConfigPtr()->enabled(true);
638c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true);
639c5481d1cSRatan Gupta EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false);
640c5481d1cSRatan Gupta
641c5481d1cSRatan Gupta delete managerPtr;
642c5481d1cSRatan Gupta }
643c5481d1cSRatan Gupta
TEST_F(TestLDAPConfig,createPrivMapping)644fef57896SRatan Gupta TEST_F(TestLDAPConfig, createPrivMapping)
645fef57896SRatan Gupta {
64678d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
64778d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
64878d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
649fef57896SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
650fef57896SRatan Gupta
651fef57896SRatan Gupta if (fs::exists(configFilePath))
652fef57896SRatan Gupta {
653fef57896SRatan Gupta fs::remove(configFilePath);
654fef57896SRatan Gupta }
655fef57896SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
656fef57896SRatan Gupta MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
65778d85042SNan Zhou dbusPersistentFilePath.c_str(),
65878d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
659fef57896SRatan Gupta manager.createDefaultObjects();
660fef57896SRatan Gupta // Create the priv-mapping under the config.
661fef57896SRatan Gupta manager.getADConfigPtr()->create("admin", "priv-admin");
662fef57896SRatan Gupta // Check whether the entry has been created.
663fef57896SRatan Gupta EXPECT_THROW(
664fef57896SRatan Gupta {
665fef57896SRatan Gupta try
666fef57896SRatan Gupta {
667fef57896SRatan Gupta manager.getADConfigPtr()->checkPrivilegeMapper("admin");
668fef57896SRatan Gupta }
669fef57896SRatan Gupta catch (const PrivilegeMappingExists& e)
670fef57896SRatan Gupta {
671fef57896SRatan Gupta throw;
672fef57896SRatan Gupta }
673fef57896SRatan Gupta },
674fef57896SRatan Gupta PrivilegeMappingExists);
675fef57896SRatan Gupta }
676fef57896SRatan Gupta
TEST_F(TestLDAPConfig,deletePrivMapping)677fef57896SRatan Gupta TEST_F(TestLDAPConfig, deletePrivMapping)
678fef57896SRatan Gupta {
67978d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
68078d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
68178d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
682fef57896SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
683fef57896SRatan Gupta
684fef57896SRatan Gupta if (fs::exists(configFilePath))
685fef57896SRatan Gupta {
686fef57896SRatan Gupta fs::remove(configFilePath);
687fef57896SRatan Gupta }
688fef57896SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
689fef57896SRatan Gupta MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
69078d85042SNan Zhou dbusPersistentFilePath.c_str(),
69178d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
692fef57896SRatan Gupta manager.createDefaultObjects();
693fef57896SRatan Gupta // Create the priv-mapping under the config.
694fef57896SRatan Gupta manager.getADConfigPtr()->create("admin", "priv-admin");
695fef57896SRatan Gupta manager.getADConfigPtr()->create("user", "priv-user");
696fef57896SRatan Gupta // Check whether the entry has been created.
697fef57896SRatan Gupta EXPECT_THROW(
698fef57896SRatan Gupta {
699fef57896SRatan Gupta try
700fef57896SRatan Gupta {
701fef57896SRatan Gupta manager.getADConfigPtr()->checkPrivilegeMapper("admin");
702fef57896SRatan Gupta manager.getADConfigPtr()->checkPrivilegeMapper("user");
703fef57896SRatan Gupta }
704fef57896SRatan Gupta catch (const PrivilegeMappingExists& e)
705fef57896SRatan Gupta {
706fef57896SRatan Gupta throw;
707fef57896SRatan Gupta }
708fef57896SRatan Gupta },
709fef57896SRatan Gupta PrivilegeMappingExists);
710fef57896SRatan Gupta
711fef57896SRatan Gupta // This would delete the admin privilege
712fef57896SRatan Gupta manager.getADConfigPtr()->deletePrivilegeMapper(1);
713fef57896SRatan Gupta EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"));
714fef57896SRatan Gupta manager.getADConfigPtr()->deletePrivilegeMapper(2);
715fef57896SRatan Gupta EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user"));
716fef57896SRatan Gupta }
717fef57896SRatan Gupta
TEST_F(TestLDAPConfig,restorePrivMapping)718fef57896SRatan Gupta TEST_F(TestLDAPConfig, restorePrivMapping)
719fef57896SRatan Gupta {
72078d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
72178d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
72278d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
723fef57896SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
724fef57896SRatan Gupta
725fef57896SRatan Gupta if (fs::exists(configFilePath))
726fef57896SRatan Gupta {
727fef57896SRatan Gupta fs::remove(configFilePath);
728fef57896SRatan Gupta }
729fef57896SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
730fef57896SRatan Gupta MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
73178d85042SNan Zhou dbusPersistentFilePath.c_str(),
73278d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
733fef57896SRatan Gupta manager.createDefaultObjects();
734fef57896SRatan Gupta // Create the priv-mapping under the config.
735fef57896SRatan Gupta manager.getADConfigPtr()->create("admin", "priv-admin");
736fef57896SRatan Gupta manager.getOpenLdapConfigPtr()->create("user", "priv-user");
737fef57896SRatan Gupta manager.restore();
738fef57896SRatan Gupta EXPECT_THROW(
739fef57896SRatan Gupta {
740fef57896SRatan Gupta try
741fef57896SRatan Gupta {
742fef57896SRatan Gupta manager.getADConfigPtr()->checkPrivilegeMapper("admin");
743fef57896SRatan Gupta }
744fef57896SRatan Gupta catch (const PrivilegeMappingExists& e)
745fef57896SRatan Gupta {
746fef57896SRatan Gupta throw;
747fef57896SRatan Gupta }
748fef57896SRatan Gupta },
749fef57896SRatan Gupta PrivilegeMappingExists);
750fef57896SRatan Gupta
751fef57896SRatan Gupta EXPECT_THROW(
752fef57896SRatan Gupta {
753fef57896SRatan Gupta try
754fef57896SRatan Gupta {
755fef57896SRatan Gupta manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user");
756fef57896SRatan Gupta }
757fef57896SRatan Gupta catch (const PrivilegeMappingExists& e)
758fef57896SRatan Gupta {
759fef57896SRatan Gupta throw;
760fef57896SRatan Gupta }
761fef57896SRatan Gupta },
762fef57896SRatan Gupta PrivilegeMappingExists);
763fef57896SRatan Gupta }
764fef57896SRatan Gupta
TEST_F(TestLDAPConfig,testPrivileges)765fef57896SRatan Gupta TEST_F(TestLDAPConfig, testPrivileges)
766fef57896SRatan Gupta {
76778d85042SNan Zhou auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
76878d85042SNan Zhou auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
76978d85042SNan Zhou auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
770fef57896SRatan Gupta auto dbusPersistentFilePath = std::string(dir.c_str());
771fef57896SRatan Gupta
772fef57896SRatan Gupta if (fs::exists(configFilePath))
773fef57896SRatan Gupta {
774fef57896SRatan Gupta fs::remove(configFilePath);
775fef57896SRatan Gupta }
776fef57896SRatan Gupta EXPECT_FALSE(fs::exists(configFilePath));
777fef57896SRatan Gupta MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
77878d85042SNan Zhou dbusPersistentFilePath.c_str(),
77978d85042SNan Zhou tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
780fef57896SRatan Gupta manager.createDefaultObjects();
781fef57896SRatan Gupta
782fef57896SRatan Gupta std::string groupName = "admin";
783fef57896SRatan Gupta std::string privilege = "priv-admin";
784fef57896SRatan Gupta size_t entryId = 1;
785fef57896SRatan Gupta auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
786fef57896SRatan Gupta "/active_directory/role_map/" + std::to_string(entryId);
787fef57896SRatan Gupta dbusPersistentFilePath += dbusPath;
788fef57896SRatan Gupta
789fef57896SRatan Gupta auto entry = std::make_unique<LDAPMapperEntry>(
790fef57896SRatan Gupta bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName,
791fef57896SRatan Gupta privilege, *(manager.getADConfigPtr()));
792fef57896SRatan Gupta
793fef57896SRatan Gupta EXPECT_NO_THROW(entry->privilege("priv-operator"));
794fef57896SRatan Gupta EXPECT_NO_THROW(entry->privilege("priv-user"));
795fef57896SRatan Gupta }
796fef57896SRatan Gupta
797d514e5dcSNagaraju Goruganti } // namespace ldap
798d514e5dcSNagaraju Goruganti } // namespace phosphor
799