1 #include "config.h" 2 3 #include "phosphor-ldap-config/ldap_config.hpp" 4 #include "phosphor-ldap-config/ldap_config_mgr.hpp" 5 6 #include <sys/types.h> 7 8 #include <phosphor-logging/elog-errors.hpp> 9 #include <phosphor-logging/log.hpp> 10 #include <sdbusplus/bus.hpp> 11 #include <xyz/openbmc_project/Common/error.hpp> 12 #include <xyz/openbmc_project/User/Common/error.hpp> 13 14 #include <filesystem> 15 #include <fstream> 16 #include <string> 17 18 #include <gmock/gmock.h> 19 #include <gtest/gtest.h> 20 21 namespace phosphor 22 { 23 namespace ldap 24 { 25 namespace fs = std::filesystem; 26 namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server; 27 using NotAllowed = sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 28 using NotAllowedArgument = xyz::openbmc_project::Common::NotAllowed; 29 30 using Config = phosphor::ldap::Config; 31 using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common:: 32 Error::PrivilegeMappingExists; 33 34 class TestLDAPConfig : public testing::Test 35 { 36 public: 37 TestLDAPConfig() : bus(sdbusplus::bus::new_default()) 38 {} 39 void SetUp() override 40 { 41 using namespace phosphor::ldap; 42 char tmpldap[] = "/tmp/ldap_test.XXXXXX"; 43 dir = fs::path(mkdtemp(tmpldap)); 44 fs::path tlsCacertFilePath{TLS_CACERT_PATH}; 45 tlsCACertFile = tlsCacertFilePath.filename().c_str(); 46 fs::path tlsCertFilePath{TLS_CERT_FILE}; 47 tlsCertFile = tlsCertFilePath.filename().c_str(); 48 49 fs::path confFilePath{LDAP_CONFIG_FILE}; 50 ldapConfFile = confFilePath.filename().c_str(); 51 std::fstream fs; 52 fs.open(dir / defaultNslcdFile, std::fstream::out); 53 fs.close(); 54 fs.open(dir / nsSwitchFile, std::fstream::out); 55 fs.close(); 56 fs.open(dir / tlsCACertFile, std::fstream::out); 57 fs.close(); 58 fs.open(dir / tlsCertFile, std::fstream::out); 59 fs.close(); 60 } 61 62 void TearDown() override 63 { 64 fs::remove_all(dir); 65 } 66 67 protected: 68 fs::path dir; 69 std::string tlsCACertFile; 70 std::string tlsCertFile; 71 std::string ldapConfFile; 72 sdbusplus::bus_t bus; 73 }; 74 75 class MockConfigMgr : public phosphor::ldap::ConfigMgr 76 { 77 public: 78 MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath, 79 const char* dbusPersistentFile, const char* caCertFile, 80 const char* certFile) : 81 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile, 82 caCertFile, certFile) 83 {} 84 MOCK_METHOD1(restartService, void(const std::string& service)); 85 MOCK_METHOD1(stopService, void(const std::string& service)); 86 std::unique_ptr<Config>& getOpenLdapConfigPtr() 87 { 88 return openLDAPConfigPtr; 89 } 90 91 std::string configBindPassword() 92 { 93 return getADConfigPtr()->ldapBindPassword; 94 } 95 96 std::unique_ptr<Config>& getADConfigPtr() 97 { 98 return ADConfigPtr; 99 } 100 void restore() 101 { 102 phosphor::ldap::ConfigMgr::restore(); 103 return; 104 } 105 106 void createDefaultObjects() 107 { 108 phosphor::ldap::ConfigMgr::createDefaultObjects(); 109 } 110 111 bool secureLDAP() 112 { 113 return ADConfigPtr->secureLDAP; 114 } 115 116 friend class TestLDAPConfig; 117 }; 118 119 TEST_F(TestLDAPConfig, testCreate) 120 { 121 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 122 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 123 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 124 auto dbusPersistentFilePath = std::string(dir.c_str()); 125 126 if (fs::exists(configFilePath)) 127 { 128 fs::remove(configFilePath); 129 } 130 EXPECT_FALSE(fs::exists(configFilePath)); 131 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 132 dbusPersistentFilePath.c_str(), 133 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 134 135 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2); 136 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2); 137 EXPECT_CALL(manager, restartService("nscd.service")).Times(2); 138 139 manager.createConfig( 140 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp", 141 "MyLdap12", ldap_base::Create::SearchScope::sub, 142 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 143 manager.getADConfigPtr()->enabled(true); 144 145 manager.createConfig("ldap://9.194.251.137/", "cn=Users", 146 "cn=Users,dc=test", "MyLdap123", 147 ldap_base::Create::SearchScope::sub, 148 ldap_base::Create::Type::OpenLdap, "uid", "gid"); 149 manager.getOpenLdapConfigPtr()->enabled(false); 150 151 // Below setting of username/groupname attr is to make sure 152 // that in-active config should not call the start/stop service. 153 manager.getOpenLdapConfigPtr()->userNameAttribute("abc"); 154 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc"); 155 156 manager.getOpenLdapConfigPtr()->groupNameAttribute("def"); 157 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def"); 158 159 EXPECT_TRUE(fs::exists(configFilePath)); 160 EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(), 161 "ldap://9.194.251.136/"); 162 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com"); 163 EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp"); 164 EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(), 165 ldap_base::Config::SearchScope::sub); 166 EXPECT_EQ(manager.getADConfigPtr()->ldapType(), 167 ldap_base::Config::Type::ActiveDirectory); 168 169 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid"); 170 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid"); 171 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), ""); 172 EXPECT_EQ(manager.configBindPassword(), "MyLdap12"); 173 // change the password 174 manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14"); 175 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), ""); 176 EXPECT_EQ(manager.configBindPassword(), "MyLdap14"); 177 } 178 179 TEST_F(TestLDAPConfig, testDefaultObject) 180 { 181 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 182 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 183 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 184 auto dbusPersistentFilePath = std::string(dir.c_str()); 185 186 if (fs::exists(configFilePath)) 187 { 188 fs::remove(configFilePath); 189 } 190 EXPECT_FALSE(fs::exists(configFilePath)); 191 192 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 193 dbusPersistentFilePath.c_str(), 194 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 195 196 manager.createDefaultObjects(); 197 198 EXPECT_NE(nullptr, manager.getADConfigPtr()); 199 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr()); 200 EXPECT_EQ(manager.getADConfigPtr()->ldapType(), 201 ldap_base::Config::Type::ActiveDirectory); 202 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(), 203 ldap_base::Config::Type::OpenLdap); 204 } 205 206 TEST_F(TestLDAPConfig, testRestoresDefault) 207 { 208 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 209 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 210 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 211 auto dbusPersistentFilePath = std::string(dir.c_str()); 212 213 if (fs::exists(configFilePath)) 214 { 215 fs::remove(configFilePath); 216 } 217 EXPECT_FALSE(fs::exists(configFilePath)); 218 219 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 220 dbusPersistentFilePath.c_str(), 221 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 222 223 EXPECT_CALL(manager, stopService("nslcd.service")).Times(1); 224 EXPECT_CALL(manager, restartService("nslcd.service")).Times(0); 225 EXPECT_CALL(manager, restartService("nscd.service")).Times(0); 226 227 manager.restore(); 228 229 EXPECT_NE(nullptr, manager.getADConfigPtr()); 230 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr()); 231 EXPECT_EQ(manager.getADConfigPtr()->ldapType(), 232 ldap_base::Config::Type::ActiveDirectory); 233 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(), 234 ldap_base::Config::Type::OpenLdap); 235 EXPECT_FALSE(manager.getADConfigPtr()->enabled()); 236 EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled()); 237 } 238 239 TEST_F(TestLDAPConfig, testRestores) 240 { 241 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 242 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 243 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 244 auto dbusPersistentFilePath = std::string(dir.c_str()); 245 246 if (fs::exists(configFilePath)) 247 { 248 fs::remove(configFilePath); 249 } 250 EXPECT_FALSE(fs::exists(configFilePath)); 251 MockConfigMgr* managerPtr = 252 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 253 dbusPersistentFilePath.c_str(), 254 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 255 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 256 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 257 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 258 managerPtr->createConfig( 259 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 260 "MyLdap12", ldap_base::Create::SearchScope::sub, 261 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 262 managerPtr->getADConfigPtr()->enabled(false); 263 EXPECT_FALSE(fs::exists(configFilePath)); 264 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled()); 265 managerPtr->getADConfigPtr()->enabled(true); 266 267 EXPECT_TRUE(fs::exists(configFilePath)); 268 // Restore from configFilePath 269 managerPtr->restore(); 270 // validate restored properties 271 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled()); 272 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 273 "ldap://9.194.251.138/"); 274 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com"); 275 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp"); 276 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(), 277 ldap_base::Config::SearchScope::sub); 278 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(), 279 ldap_base::Config::Type::ActiveDirectory); 280 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid"); 281 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid"); 282 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), ""); 283 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12"); 284 delete managerPtr; 285 } 286 287 TEST_F(TestLDAPConfig, testLDAPServerURI) 288 { 289 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 290 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 291 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 292 auto dbusPersistentFilePath = std::string(dir.c_str()); 293 294 if (fs::exists(configFilePath)) 295 { 296 fs::remove(configFilePath); 297 } 298 EXPECT_FALSE(fs::exists(configFilePath)); 299 MockConfigMgr* managerPtr = 300 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 301 dbusPersistentFilePath.c_str(), 302 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 303 304 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 305 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 306 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 307 308 managerPtr->createConfig( 309 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 310 "MyLdap12", ldap_base::Create::SearchScope::sub, 311 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 312 managerPtr->getADConfigPtr()->enabled(true); 313 314 // Change LDAP Server URI 315 managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/"); 316 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 317 "ldap://9.194.251.139/"); 318 319 fs::remove(tlsCACertFilePath.c_str()); 320 // Change LDAP Server URI to make it secure 321 EXPECT_THROW( 322 managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"), 323 NoCACertificate); 324 325 // check once again 326 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 327 "ldap://9.194.251.139/"); 328 329 managerPtr->restore(); 330 // Check LDAP Server URI 331 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 332 "ldap://9.194.251.139/"); 333 delete managerPtr; 334 } 335 336 TEST_F(TestLDAPConfig, testLDAPBindDN) 337 { 338 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 339 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 340 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 341 auto dbusPersistentFilePath = std::string(dir.c_str()); 342 343 if (fs::exists(configFilePath)) 344 { 345 fs::remove(configFilePath); 346 } 347 EXPECT_FALSE(fs::exists(configFilePath)); 348 MockConfigMgr* managerPtr = 349 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 350 dbusPersistentFilePath.c_str(), 351 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 352 353 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 354 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 355 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 356 357 managerPtr->createConfig( 358 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 359 "MyLdap12", ldap_base::Create::SearchScope::sub, 360 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 361 managerPtr->getADConfigPtr()->enabled(true); 362 363 // Change LDAP BindDN 364 managerPtr->getADConfigPtr()->ldapBindDN( 365 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 366 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), 367 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 368 // Change LDAP BindDN 369 EXPECT_THROW( 370 { 371 try 372 { 373 managerPtr->getADConfigPtr()->ldapBindDN(""); 374 } 375 catch (const InvalidArgument& e) 376 { 377 throw; 378 } 379 }, 380 InvalidArgument); 381 382 managerPtr->restore(); 383 // Check LDAP BindDN after restoring 384 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), 385 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 386 delete managerPtr; 387 } 388 389 TEST_F(TestLDAPConfig, testLDAPBaseDN) 390 { 391 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 392 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 393 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 394 auto dbusPersistentFilePath = std::string(dir.c_str()); 395 396 if (fs::exists(configFilePath)) 397 { 398 fs::remove(configFilePath); 399 } 400 EXPECT_FALSE(fs::exists(configFilePath)); 401 MockConfigMgr* managerPtr = 402 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 403 dbusPersistentFilePath.c_str(), 404 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 405 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 406 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 407 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 408 managerPtr->createConfig( 409 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 410 "MyLdap12", ldap_base::Create::SearchScope::sub, 411 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 412 managerPtr->getADConfigPtr()->enabled(true); 413 // Change LDAP BaseDN 414 managerPtr->getADConfigPtr()->ldapBaseDN( 415 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 416 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), 417 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 418 // Change LDAP BaseDN 419 EXPECT_THROW( 420 { 421 try 422 { 423 managerPtr->getADConfigPtr()->ldapBaseDN(""); 424 } 425 catch (const InvalidArgument& e) 426 { 427 throw; 428 } 429 }, 430 InvalidArgument); 431 432 managerPtr->restore(); 433 // Check LDAP BaseDN after restoring 434 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), 435 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 436 delete managerPtr; 437 } 438 439 TEST_F(TestLDAPConfig, testSearchScope) 440 { 441 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 442 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 443 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 444 auto dbusPersistentFilePath = std::string(dir.c_str()); 445 446 if (fs::exists(configFilePath)) 447 { 448 fs::remove(configFilePath); 449 } 450 EXPECT_FALSE(fs::exists(configFilePath)); 451 MockConfigMgr* managerPtr = 452 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 453 dbusPersistentFilePath.c_str(), 454 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 455 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 456 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 457 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 458 managerPtr->createConfig( 459 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 460 "MyLdap12", ldap_base::Create::SearchScope::sub, 461 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 462 managerPtr->getADConfigPtr()->enabled(true); 463 464 // Change LDAP SearchScope 465 managerPtr->getADConfigPtr()->ldapSearchScope( 466 ldap_base::Config::SearchScope::one); 467 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(), 468 ldap_base::Config::SearchScope::one); 469 470 managerPtr->restore(); 471 // Check LDAP SearchScope after restoring 472 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(), 473 ldap_base::Config::SearchScope::one); 474 delete managerPtr; 475 } 476 477 TEST_F(TestLDAPConfig, testLDAPType) 478 { 479 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 480 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 481 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 482 auto dbusPersistentFilePath = std::string(dir.c_str()); 483 484 if (fs::exists(configFilePath)) 485 { 486 fs::remove(configFilePath); 487 } 488 EXPECT_FALSE(fs::exists(configFilePath)); 489 MockConfigMgr* managerPtr = 490 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 491 dbusPersistentFilePath.c_str(), 492 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 493 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 494 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 495 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 496 managerPtr->createConfig( 497 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 498 "MyLdap12", ldap_base::Create::SearchScope::sub, 499 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 500 managerPtr->getADConfigPtr()->enabled(true); 501 502 // Change LDAP type 503 // will not be changed 504 EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType( 505 ldap_base::Config::Type::OpenLdap), 506 NotAllowed); 507 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(), 508 ldap_base::Config::Type::ActiveDirectory); 509 510 managerPtr->restore(); 511 // Check LDAP type after restoring 512 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(), 513 ldap_base::Config::Type::ActiveDirectory); 514 delete managerPtr; 515 } 516 517 TEST_F(TestLDAPConfig, testsecureLDAPRestore) 518 { 519 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 520 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 521 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 522 auto dbusPersistentFilePath = std::string(dir.c_str()); 523 524 if (fs::exists(configFilePath)) 525 { 526 fs::remove(configFilePath); 527 } 528 EXPECT_FALSE(fs::exists(configFilePath)); 529 MockConfigMgr* managerPtr = 530 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 531 dbusPersistentFilePath.c_str(), 532 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 533 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 534 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 535 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 536 managerPtr->createConfig( 537 "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 538 "MyLdap12", ldap_base::Create::SearchScope::sub, 539 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 540 managerPtr->getADConfigPtr()->enabled(true); 541 EXPECT_TRUE(managerPtr->secureLDAP()); 542 managerPtr->restore(); 543 // Check secureLDAP variable value after restoring 544 EXPECT_TRUE(managerPtr->secureLDAP()); 545 546 delete managerPtr; 547 } 548 549 TEST_F(TestLDAPConfig, filePermission) 550 { 551 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 552 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 553 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 554 auto dbusPersistentFilePath = std::string(dir.c_str()); 555 556 if (fs::exists(configFilePath)) 557 { 558 fs::remove(configFilePath); 559 } 560 EXPECT_FALSE(fs::exists(configFilePath)); 561 MockConfigMgr* managerPtr = 562 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 563 dbusPersistentFilePath.c_str(), 564 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 565 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 566 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 567 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 568 managerPtr->createConfig( 569 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 570 "MyLdap12", ldap_base::Create::SearchScope::sub, 571 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 572 managerPtr->getADConfigPtr()->enabled(true); 573 574 // Permission of the persistent file should be 640 575 // Others should not be allowed to read. 576 auto permission = 577 fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read; 578 auto persistFilepath = std::string(dir.c_str()); 579 persistFilepath += adDbusObjectPath; 580 persistFilepath += "/config"; 581 582 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission); 583 delete managerPtr; 584 } 585 586 TEST_F(TestLDAPConfig, ConditionalEnableConfig) 587 { 588 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 589 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 590 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 591 auto dbusPersistentFilePath = std::string(dir.c_str()); 592 593 if (fs::exists(configFilePath)) 594 { 595 fs::remove(configFilePath); 596 } 597 EXPECT_FALSE(fs::exists(configFilePath)); 598 MockConfigMgr* managerPtr = 599 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 600 dbusPersistentFilePath.c_str(), 601 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 602 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3); 603 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 604 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); 605 managerPtr->createConfig( 606 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 607 "MyLdap12", ldap_base::Create::SearchScope::sub, 608 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 609 610 managerPtr->createConfig( 611 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp", 612 "MyLdap123", ldap_base::Create::SearchScope::sub, 613 ldap_base::Create::Type::OpenLdap, "attr1", "attr2"); 614 615 // Enable the AD configuration 616 managerPtr->getADConfigPtr()->enabled(true); 617 618 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 619 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 620 621 // AS AD is already enabled so openldap can't be enabled. 622 EXPECT_THROW( 623 { 624 try 625 { 626 managerPtr->getOpenLdapConfigPtr()->enabled(true); 627 } 628 catch (const NotAllowed& e) 629 { 630 throw; 631 } 632 }, 633 NotAllowed); 634 // Check the values 635 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 636 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 637 // Let's disable the AD. 638 managerPtr->getADConfigPtr()->enabled(false); 639 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 640 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 641 // Now enable the openldap 642 managerPtr->getOpenLdapConfigPtr()->enabled(true); 643 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true); 644 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 645 646 delete managerPtr; 647 } 648 649 TEST_F(TestLDAPConfig, createPrivMapping) 650 { 651 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 652 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 653 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 654 auto dbusPersistentFilePath = std::string(dir.c_str()); 655 656 if (fs::exists(configFilePath)) 657 { 658 fs::remove(configFilePath); 659 } 660 EXPECT_FALSE(fs::exists(configFilePath)); 661 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 662 dbusPersistentFilePath.c_str(), 663 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 664 manager.createDefaultObjects(); 665 // Create the priv-mapping under the config. 666 manager.getADConfigPtr()->create("admin", "priv-admin"); 667 // Check whether the entry has been created. 668 EXPECT_THROW( 669 { 670 try 671 { 672 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 673 } 674 catch (const PrivilegeMappingExists& e) 675 { 676 throw; 677 } 678 }, 679 PrivilegeMappingExists); 680 } 681 682 TEST_F(TestLDAPConfig, deletePrivMapping) 683 { 684 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 685 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 686 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 687 auto dbusPersistentFilePath = std::string(dir.c_str()); 688 689 if (fs::exists(configFilePath)) 690 { 691 fs::remove(configFilePath); 692 } 693 EXPECT_FALSE(fs::exists(configFilePath)); 694 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 695 dbusPersistentFilePath.c_str(), 696 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 697 manager.createDefaultObjects(); 698 // Create the priv-mapping under the config. 699 manager.getADConfigPtr()->create("admin", "priv-admin"); 700 manager.getADConfigPtr()->create("user", "priv-user"); 701 // Check whether the entry has been created. 702 EXPECT_THROW( 703 { 704 try 705 { 706 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 707 manager.getADConfigPtr()->checkPrivilegeMapper("user"); 708 } 709 catch (const PrivilegeMappingExists& e) 710 { 711 throw; 712 } 713 }, 714 PrivilegeMappingExists); 715 716 // This would delete the admin privilege 717 manager.getADConfigPtr()->deletePrivilegeMapper(1); 718 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin")); 719 manager.getADConfigPtr()->deletePrivilegeMapper(2); 720 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user")); 721 } 722 723 TEST_F(TestLDAPConfig, restorePrivMapping) 724 { 725 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 726 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 727 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 728 auto dbusPersistentFilePath = std::string(dir.c_str()); 729 730 if (fs::exists(configFilePath)) 731 { 732 fs::remove(configFilePath); 733 } 734 EXPECT_FALSE(fs::exists(configFilePath)); 735 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 736 dbusPersistentFilePath.c_str(), 737 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 738 manager.createDefaultObjects(); 739 // Create the priv-mapping under the config. 740 manager.getADConfigPtr()->create("admin", "priv-admin"); 741 manager.getOpenLdapConfigPtr()->create("user", "priv-user"); 742 manager.restore(); 743 EXPECT_THROW( 744 { 745 try 746 { 747 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 748 } 749 catch (const PrivilegeMappingExists& e) 750 { 751 throw; 752 } 753 }, 754 PrivilegeMappingExists); 755 756 EXPECT_THROW( 757 { 758 try 759 { 760 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user"); 761 } 762 catch (const PrivilegeMappingExists& e) 763 { 764 throw; 765 } 766 }, 767 PrivilegeMappingExists); 768 } 769 770 TEST_F(TestLDAPConfig, testPrivileges) 771 { 772 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 773 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 774 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 775 auto dbusPersistentFilePath = std::string(dir.c_str()); 776 777 if (fs::exists(configFilePath)) 778 { 779 fs::remove(configFilePath); 780 } 781 EXPECT_FALSE(fs::exists(configFilePath)); 782 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 783 dbusPersistentFilePath.c_str(), 784 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 785 manager.createDefaultObjects(); 786 787 std::string groupName = "admin"; 788 std::string privilege = "priv-admin"; 789 size_t entryId = 1; 790 auto dbusPath = std::string(LDAP_CONFIG_ROOT) + 791 "/active_directory/role_map/" + std::to_string(entryId); 792 dbusPersistentFilePath += dbusPath; 793 794 auto entry = std::make_unique<LDAPMapperEntry>( 795 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName, 796 privilege, *(manager.getADConfigPtr())); 797 798 EXPECT_NO_THROW(entry->privilege("priv-operator")); 799 EXPECT_NO_THROW(entry->privilege("priv-user")); 800 } 801 802 } // namespace ldap 803 } // namespace phosphor 804