1 #include "config.h" 2 #include "phosphor-ldap-config/ldap_config.hpp" 3 #include "phosphor-ldap-config/ldap_config_mgr.hpp" 4 5 #include <phosphor-logging/log.hpp> 6 #include <phosphor-logging/elog-errors.hpp> 7 #include <sdbusplus/bus.hpp> 8 #include <xyz/openbmc_project/Common/error.hpp> 9 #include <xyz/openbmc_project/User/Common/error.hpp> 10 #include <sdbusplus/bus.hpp> 11 #include <gmock/gmock.h> 12 #include <gtest/gtest.h> 13 14 #include <filesystem> 15 #include <fstream> 16 #include <string> 17 #include <sys/types.h> 18 19 namespace phosphor 20 { 21 namespace ldap 22 { 23 namespace fs = std::filesystem; 24 namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server; 25 using NotAllowed = sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 26 using NotAllowedArgument = xyz::openbmc_project::Common::NotAllowed; 27 28 using Config = phosphor::ldap::Config; 29 static constexpr const char* dbusPersistFile = "Config"; 30 using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common:: 31 Error::PrivilegeMappingExists; 32 33 class TestLDAPConfig : public testing::Test 34 { 35 public: 36 TestLDAPConfig() : bus(sdbusplus::bus::new_default()) 37 { 38 } 39 void SetUp() override 40 { 41 using namespace phosphor::ldap; 42 char tmpldap[] = "/tmp/ldap_test.XXXXXX"; 43 dir = fs::path(mkdtemp(tmpldap)); 44 fs::path tlsCacertFilePath{TLS_CACERT_FILE}; 45 tlsCacertFile = tlsCacertFilePath.filename().c_str(); 46 fs::path tlsCertFilePath{TLS_CERT_FILE}; 47 tlsCertFile = tlsCertFilePath.filename().c_str(); 48 49 fs::path confFilePath{LDAP_CONFIG_FILE}; 50 ldapconfFile = confFilePath.filename().c_str(); 51 std::fstream fs; 52 fs.open(dir / defaultNslcdFile, std::fstream::out); 53 fs.close(); 54 fs.open(dir / nsSwitchFile, std::fstream::out); 55 fs.close(); 56 fs.open(dir / tlsCacertFile, std::fstream::out); 57 fs.close(); 58 fs.open(dir / tlsCertFile, std::fstream::out); 59 fs.close(); 60 } 61 62 void TearDown() override 63 { 64 fs::remove_all(dir); 65 } 66 67 protected: 68 fs::path dir; 69 std::string tlsCacertFile; 70 std::string tlsCertFile; 71 std::string ldapconfFile; 72 sdbusplus::bus::bus bus; 73 }; 74 75 class MockConfigMgr : public phosphor::ldap::ConfigMgr 76 { 77 public: 78 MockConfigMgr(sdbusplus::bus::bus& bus, const char* path, 79 const char* filePath, const char* dbusPersistentFile, 80 const char* caCertFile, const char* certFile) : 81 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile, 82 caCertFile, certFile) 83 { 84 } 85 MOCK_METHOD1(restartService, void(const std::string& service)); 86 MOCK_METHOD1(stopService, void(const std::string& service)); 87 std::unique_ptr<Config>& getOpenLdapConfigPtr() 88 { 89 return openLDAPConfigPtr; 90 } 91 92 std::string configBindPassword() 93 { 94 return getADConfigPtr()->lDAPBindPassword; 95 } 96 97 std::unique_ptr<Config>& getADConfigPtr() 98 { 99 return ADConfigPtr; 100 } 101 void restore() 102 { 103 phosphor::ldap::ConfigMgr::restore(); 104 return; 105 } 106 107 void createDefaultObjects() 108 { 109 phosphor::ldap::ConfigMgr::createDefaultObjects(); 110 } 111 112 friend class TestLDAPConfig; 113 }; 114 115 TEST_F(TestLDAPConfig, testCreate) 116 { 117 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 118 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 119 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 120 auto dbusPersistentFilePath = std::string(dir.c_str()); 121 122 if (fs::exists(configFilePath)) 123 { 124 fs::remove(configFilePath); 125 } 126 EXPECT_FALSE(fs::exists(configFilePath)); 127 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 128 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 129 tlsCertfile.c_str()); 130 131 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2); 132 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2); 133 EXPECT_CALL(manager, restartService("nscd.service")).Times(2); 134 135 manager.createConfig( 136 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp", 137 "MyLdap12", ldap_base::Create::SearchScope::sub, 138 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 139 manager.getADConfigPtr()->enabled(true); 140 141 manager.createConfig("ldap://9.194.251.137/", "cn=Users", 142 "cn=Users,dc=test", "MyLdap123", 143 ldap_base::Create::SearchScope::sub, 144 ldap_base::Create::Type::OpenLdap, "uid", "gid"); 145 manager.getOpenLdapConfigPtr()->enabled(false); 146 147 // Below setting of username/groupname attr is to make sure 148 // that in-active config should not call the start/stop service. 149 manager.getOpenLdapConfigPtr()->userNameAttribute("abc"); 150 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc"); 151 152 manager.getOpenLdapConfigPtr()->groupNameAttribute("def"); 153 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def"); 154 155 EXPECT_TRUE(fs::exists(configFilePath)); 156 EXPECT_EQ(manager.getADConfigPtr()->lDAPServerURI(), 157 "ldap://9.194.251.136/"); 158 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com"); 159 EXPECT_EQ(manager.getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp"); 160 EXPECT_EQ(manager.getADConfigPtr()->lDAPSearchScope(), 161 ldap_base::Config::SearchScope::sub); 162 EXPECT_EQ(manager.getADConfigPtr()->lDAPType(), 163 ldap_base::Config::Type::ActiveDirectory); 164 165 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid"); 166 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid"); 167 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), ""); 168 EXPECT_EQ(manager.configBindPassword(), "MyLdap12"); 169 // change the password 170 manager.getADConfigPtr()->lDAPBindDNPassword("MyLdap14"); 171 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), ""); 172 EXPECT_EQ(manager.configBindPassword(), "MyLdap14"); 173 } 174 175 TEST_F(TestLDAPConfig, testDefaultObject) 176 { 177 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 178 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 179 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 180 auto dbusPersistentFilePath = std::string(dir.c_str()); 181 182 if (fs::exists(configFilePath)) 183 { 184 fs::remove(configFilePath); 185 } 186 EXPECT_FALSE(fs::exists(configFilePath)); 187 188 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 189 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 190 tlsCertfile.c_str()); 191 192 manager.createDefaultObjects(); 193 194 EXPECT_NE(nullptr, manager.getADConfigPtr()); 195 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr()); 196 EXPECT_EQ(manager.getADConfigPtr()->lDAPType(), 197 ldap_base::Config::Type::ActiveDirectory); 198 EXPECT_EQ(manager.getOpenLdapConfigPtr()->lDAPType(), 199 ldap_base::Config::Type::OpenLdap); 200 } 201 202 TEST_F(TestLDAPConfig, testRestores) 203 { 204 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 205 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 206 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 207 auto dbusPersistentFilePath = std::string(dir.c_str()); 208 209 if (fs::exists(configFilePath)) 210 { 211 fs::remove(configFilePath); 212 } 213 EXPECT_FALSE(fs::exists(configFilePath)); 214 MockConfigMgr* managerPtr = 215 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 216 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 217 tlsCertfile.c_str()); 218 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 219 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 220 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 221 managerPtr->createConfig( 222 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 223 "MyLdap12", ldap_base::Create::SearchScope::sub, 224 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 225 managerPtr->getADConfigPtr()->enabled(false); 226 EXPECT_FALSE(fs::exists(configFilePath)); 227 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled()); 228 managerPtr->getADConfigPtr()->enabled(true); 229 230 EXPECT_TRUE(fs::exists(configFilePath)); 231 // Restore from configFilePath 232 managerPtr->restore(); 233 // validate restored properties 234 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled()); 235 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 236 "ldap://9.194.251.138/"); 237 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com"); 238 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp"); 239 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 240 ldap_base::Config::SearchScope::sub); 241 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 242 ldap_base::Config::Type::ActiveDirectory); 243 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid"); 244 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid"); 245 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDNPassword(), ""); 246 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12"); 247 delete managerPtr; 248 } 249 250 TEST_F(TestLDAPConfig, testLDAPServerURI) 251 { 252 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 253 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 254 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 255 auto dbusPersistentFilePath = std::string(dir.c_str()); 256 257 if (fs::exists(configFilePath)) 258 { 259 fs::remove(configFilePath); 260 } 261 EXPECT_FALSE(fs::exists(configFilePath)); 262 MockConfigMgr* managerPtr = 263 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 264 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 265 tlsCertfile.c_str()); 266 267 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 268 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 269 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 270 271 managerPtr->createConfig( 272 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 273 "MyLdap12", ldap_base::Create::SearchScope::sub, 274 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 275 managerPtr->getADConfigPtr()->enabled(true); 276 277 // Change LDAP Server URI 278 managerPtr->getADConfigPtr()->lDAPServerURI("ldap://9.194.251.139/"); 279 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 280 "ldap://9.194.251.139/"); 281 282 fs::remove(tlsCacertfile.c_str()); 283 // Change LDAP Server URI to make it secure 284 EXPECT_THROW( 285 managerPtr->getADConfigPtr()->lDAPServerURI("ldaps://9.194.251.139/"), 286 NoCACertificate); 287 288 // check once again 289 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 290 "ldap://9.194.251.139/"); 291 292 managerPtr->restore(); 293 // Check LDAP Server URI 294 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 295 "ldap://9.194.251.139/"); 296 delete managerPtr; 297 } 298 299 TEST_F(TestLDAPConfig, testLDAPBindDN) 300 { 301 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 302 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 303 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 304 auto dbusPersistentFilePath = std::string(dir.c_str()); 305 306 if (fs::exists(configFilePath)) 307 { 308 fs::remove(configFilePath); 309 } 310 EXPECT_FALSE(fs::exists(configFilePath)); 311 MockConfigMgr* managerPtr = 312 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 313 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 314 tlsCertfile.c_str()); 315 316 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 317 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 318 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 319 320 managerPtr->createConfig( 321 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 322 "MyLdap12", ldap_base::Create::SearchScope::sub, 323 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 324 managerPtr->getADConfigPtr()->enabled(true); 325 326 // Change LDAP BindDN 327 managerPtr->getADConfigPtr()->lDAPBindDN( 328 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 329 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), 330 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 331 // Change LDAP BindDN 332 EXPECT_THROW( 333 { 334 try 335 { 336 managerPtr->getADConfigPtr()->lDAPBindDN(""); 337 } 338 catch (const InvalidArgument& e) 339 { 340 throw; 341 } 342 }, 343 InvalidArgument); 344 345 managerPtr->restore(); 346 // Check LDAP BindDN after restoring 347 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), 348 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 349 delete managerPtr; 350 } 351 352 TEST_F(TestLDAPConfig, testLDAPBaseDN) 353 { 354 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 355 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 356 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 357 auto dbusPersistentFilePath = std::string(dir.c_str()); 358 359 if (fs::exists(configFilePath)) 360 { 361 fs::remove(configFilePath); 362 } 363 EXPECT_FALSE(fs::exists(configFilePath)); 364 MockConfigMgr* managerPtr = 365 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 366 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 367 tlsCertfile.c_str()); 368 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 369 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 370 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 371 managerPtr->createConfig( 372 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 373 "MyLdap12", ldap_base::Create::SearchScope::sub, 374 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 375 managerPtr->getADConfigPtr()->enabled(true); 376 // Change LDAP BaseDN 377 managerPtr->getADConfigPtr()->lDAPBaseDN( 378 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 379 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), 380 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 381 // Change LDAP BaseDN 382 EXPECT_THROW( 383 { 384 try 385 { 386 managerPtr->getADConfigPtr()->lDAPBaseDN(""); 387 } 388 catch (const InvalidArgument& e) 389 { 390 throw; 391 } 392 }, 393 InvalidArgument); 394 395 managerPtr->restore(); 396 // Check LDAP BaseDN after restoring 397 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), 398 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 399 delete managerPtr; 400 } 401 402 TEST_F(TestLDAPConfig, testSearchScope) 403 { 404 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 405 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 406 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 407 auto dbusPersistentFilePath = std::string(dir.c_str()); 408 409 if (fs::exists(configFilePath)) 410 { 411 fs::remove(configFilePath); 412 } 413 EXPECT_FALSE(fs::exists(configFilePath)); 414 MockConfigMgr* managerPtr = 415 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 416 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 417 tlsCertfile.c_str()); 418 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 419 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 420 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 421 managerPtr->createConfig( 422 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 423 "MyLdap12", ldap_base::Create::SearchScope::sub, 424 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 425 managerPtr->getADConfigPtr()->enabled(true); 426 427 // Change LDAP SearchScope 428 managerPtr->getADConfigPtr()->lDAPSearchScope( 429 ldap_base::Config::SearchScope::one); 430 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 431 ldap_base::Config::SearchScope::one); 432 433 managerPtr->restore(); 434 // Check LDAP SearchScope after restoring 435 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 436 ldap_base::Config::SearchScope::one); 437 delete managerPtr; 438 } 439 440 TEST_F(TestLDAPConfig, testLDAPType) 441 { 442 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 443 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 444 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 445 auto dbusPersistentFilePath = std::string(dir.c_str()); 446 447 if (fs::exists(configFilePath)) 448 { 449 fs::remove(configFilePath); 450 } 451 EXPECT_FALSE(fs::exists(configFilePath)); 452 MockConfigMgr* managerPtr = 453 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 454 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 455 tlsCertfile.c_str()); 456 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 457 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 458 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 459 managerPtr->createConfig( 460 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 461 "MyLdap12", ldap_base::Create::SearchScope::sub, 462 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 463 managerPtr->getADConfigPtr()->enabled(true); 464 465 // Change LDAP type 466 // will not be changed 467 EXPECT_THROW(managerPtr->getADConfigPtr()->lDAPType( 468 ldap_base::Config::Type::OpenLdap), 469 NotAllowed); 470 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 471 ldap_base::Config::Type::ActiveDirectory); 472 473 managerPtr->restore(); 474 // Check LDAP type after restoring 475 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 476 ldap_base::Config::Type::ActiveDirectory); 477 delete managerPtr; 478 } 479 480 TEST_F(TestLDAPConfig, filePermission) 481 { 482 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 483 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 484 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 485 auto dbusPersistentFilePath = std::string(dir.c_str()); 486 487 if (fs::exists(configFilePath)) 488 { 489 fs::remove(configFilePath); 490 } 491 EXPECT_FALSE(fs::exists(configFilePath)); 492 MockConfigMgr* managerPtr = 493 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 494 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 495 tlsCertfile.c_str()); 496 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 497 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 498 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 499 managerPtr->createConfig( 500 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 501 "MyLdap12", ldap_base::Create::SearchScope::sub, 502 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 503 managerPtr->getADConfigPtr()->enabled(true); 504 505 // Permission of the persistent file should be 640 506 // Others should not be allowed to read. 507 auto permission = 508 fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read; 509 auto persistFilepath = std::string(dir.c_str()); 510 persistFilepath += ADDbusObjectPath; 511 persistFilepath += "/config"; 512 513 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission); 514 delete managerPtr; 515 } 516 517 TEST_F(TestLDAPConfig, ConditionalEnableConfig) 518 { 519 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 520 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 521 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 522 auto dbusPersistentFilePath = std::string(dir.c_str()); 523 524 if (fs::exists(configFilePath)) 525 { 526 fs::remove(configFilePath); 527 } 528 EXPECT_FALSE(fs::exists(configFilePath)); 529 MockConfigMgr* managerPtr = 530 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 531 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 532 tlsCertfile.c_str()); 533 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3); 534 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 535 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); 536 managerPtr->createConfig( 537 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 538 "MyLdap12", ldap_base::Create::SearchScope::sub, 539 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 540 541 managerPtr->createConfig( 542 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp", 543 "MyLdap123", ldap_base::Create::SearchScope::sub, 544 ldap_base::Create::Type::OpenLdap, "attr1", "attr2"); 545 546 // Enable the AD configuration 547 managerPtr->getADConfigPtr()->enabled(true); 548 549 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 550 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 551 552 // AS AD is already enabled so openldap can't be enabled. 553 EXPECT_THROW( 554 { 555 try 556 { 557 managerPtr->getOpenLdapConfigPtr()->enabled(true); 558 } 559 catch (const NotAllowed& e) 560 { 561 throw; 562 } 563 }, 564 NotAllowed); 565 // Check the values 566 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 567 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 568 // Let's disable the AD. 569 managerPtr->getADConfigPtr()->enabled(false); 570 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 571 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 572 // Now enable the openldap 573 managerPtr->getOpenLdapConfigPtr()->enabled(true); 574 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true); 575 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 576 577 delete managerPtr; 578 } 579 580 TEST_F(TestLDAPConfig, createPrivMapping) 581 { 582 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 583 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 584 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 585 auto dbusPersistentFilePath = std::string(dir.c_str()); 586 587 if (fs::exists(configFilePath)) 588 { 589 fs::remove(configFilePath); 590 } 591 EXPECT_FALSE(fs::exists(configFilePath)); 592 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 593 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 594 tlsCertfile.c_str()); 595 manager.createDefaultObjects(); 596 // Create the priv-mapping under the config. 597 manager.getADConfigPtr()->create("admin", "priv-admin"); 598 // Check whether the entry has been created. 599 EXPECT_THROW( 600 { 601 try 602 { 603 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 604 } 605 catch (const PrivilegeMappingExists& e) 606 { 607 throw; 608 } 609 }, 610 PrivilegeMappingExists); 611 } 612 613 TEST_F(TestLDAPConfig, deletePrivMapping) 614 { 615 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 616 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 617 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 618 auto dbusPersistentFilePath = std::string(dir.c_str()); 619 620 if (fs::exists(configFilePath)) 621 { 622 fs::remove(configFilePath); 623 } 624 EXPECT_FALSE(fs::exists(configFilePath)); 625 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 626 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 627 tlsCertfile.c_str()); 628 manager.createDefaultObjects(); 629 // Create the priv-mapping under the config. 630 manager.getADConfigPtr()->create("admin", "priv-admin"); 631 manager.getADConfigPtr()->create("user", "priv-user"); 632 // Check whether the entry has been created. 633 EXPECT_THROW( 634 { 635 try 636 { 637 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 638 manager.getADConfigPtr()->checkPrivilegeMapper("user"); 639 } 640 catch (const PrivilegeMappingExists& e) 641 { 642 throw; 643 } 644 }, 645 PrivilegeMappingExists); 646 647 // This would delete the admin privilege 648 manager.getADConfigPtr()->deletePrivilegeMapper(1); 649 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin")); 650 manager.getADConfigPtr()->deletePrivilegeMapper(2); 651 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user")); 652 } 653 654 TEST_F(TestLDAPConfig, restorePrivMapping) 655 { 656 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 657 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 658 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 659 auto dbusPersistentFilePath = std::string(dir.c_str()); 660 661 if (fs::exists(configFilePath)) 662 { 663 fs::remove(configFilePath); 664 } 665 EXPECT_FALSE(fs::exists(configFilePath)); 666 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 667 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 668 tlsCertfile.c_str()); 669 manager.createDefaultObjects(); 670 // Create the priv-mapping under the config. 671 manager.getADConfigPtr()->create("admin", "priv-admin"); 672 manager.getOpenLdapConfigPtr()->create("user", "priv-user"); 673 manager.restore(); 674 EXPECT_THROW( 675 { 676 try 677 { 678 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 679 } 680 catch (const PrivilegeMappingExists& e) 681 { 682 throw; 683 } 684 }, 685 PrivilegeMappingExists); 686 687 EXPECT_THROW( 688 { 689 try 690 { 691 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user"); 692 } 693 catch (const PrivilegeMappingExists& e) 694 { 695 throw; 696 } 697 }, 698 PrivilegeMappingExists); 699 } 700 701 TEST_F(TestLDAPConfig, testPrivileges) 702 { 703 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 704 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tlsCacertFile; 705 auto tlsCertfile = std::string(dir.c_str()) + "/" + tlsCertFile; 706 auto dbusPersistentFilePath = std::string(dir.c_str()); 707 708 if (fs::exists(configFilePath)) 709 { 710 fs::remove(configFilePath); 711 } 712 EXPECT_FALSE(fs::exists(configFilePath)); 713 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 714 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str(), 715 tlsCertfile.c_str()); 716 manager.createDefaultObjects(); 717 718 std::string groupName = "admin"; 719 std::string privilege = "priv-admin"; 720 size_t entryId = 1; 721 auto dbusPath = std::string(LDAP_CONFIG_ROOT) + 722 "/active_directory/role_map/" + std::to_string(entryId); 723 dbusPersistentFilePath += dbusPath; 724 725 auto entry = std::make_unique<LDAPMapperEntry>( 726 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName, 727 privilege, *(manager.getADConfigPtr())); 728 729 EXPECT_NO_THROW(entry->privilege("priv-operator")); 730 EXPECT_NO_THROW(entry->privilege("priv-user")); 731 EXPECT_NO_THROW(entry->privilege("priv-callback")); 732 } 733 734 } // namespace ldap 735 } // namespace phosphor 736