1 #include "config.h" 2 3 #include "phosphor-ldap-config/ldap_config.hpp" 4 #include "phosphor-ldap-config/ldap_config_mgr.hpp" 5 6 #include <sys/types.h> 7 8 #include <sdbusplus/bus.hpp> 9 #include <xyz/openbmc_project/Common/error.hpp> 10 #include <xyz/openbmc_project/User/Common/error.hpp> 11 12 #include <filesystem> 13 #include <fstream> 14 #include <string> 15 16 #include <gmock/gmock.h> 17 #include <gtest/gtest.h> 18 19 namespace phosphor 20 { 21 namespace ldap 22 { 23 namespace fs = std::filesystem; 24 namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server; 25 using namespace sdbusplus::xyz::openbmc_project::Common::Error; 26 using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common:: 27 Error::PrivilegeMappingExists; 28 using Config = phosphor::ldap::Config; 29 30 class TestLDAPConfig : public testing::Test 31 { 32 public: 33 TestLDAPConfig() : bus(sdbusplus::bus::new_default()) 34 {} 35 void SetUp() override 36 { 37 using namespace phosphor::ldap; 38 char tmpldap[] = "/tmp/ldap_test.XXXXXX"; 39 dir = fs::path(mkdtemp(tmpldap)); 40 fs::path tlsCacertFilePath{TLS_CACERT_PATH}; 41 tlsCACertFile = tlsCacertFilePath.filename().c_str(); 42 fs::path tlsCertFilePath{TLS_CERT_FILE}; 43 tlsCertFile = tlsCertFilePath.filename().c_str(); 44 45 fs::path confFilePath{LDAP_CONFIG_FILE}; 46 ldapConfFile = confFilePath.filename().c_str(); 47 std::fstream fs; 48 fs.open(dir / defaultNslcdFile, std::fstream::out); 49 fs.close(); 50 fs.open(dir / nsSwitchFile, std::fstream::out); 51 fs.close(); 52 fs.open(dir / tlsCACertFile, std::fstream::out); 53 fs.close(); 54 fs.open(dir / tlsCertFile, std::fstream::out); 55 fs.close(); 56 } 57 58 void TearDown() override 59 { 60 fs::remove_all(dir); 61 } 62 63 protected: 64 fs::path dir; 65 std::string tlsCACertFile; 66 std::string tlsCertFile; 67 std::string ldapConfFile; 68 sdbusplus::bus_t bus; 69 }; 70 71 class MockConfigMgr : public phosphor::ldap::ConfigMgr 72 { 73 public: 74 MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath, 75 const char* dbusPersistentFile, const char* caCertFile, 76 const char* certFile) : 77 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile, 78 caCertFile, certFile) 79 {} 80 MOCK_METHOD1(restartService, void(const std::string& service)); 81 MOCK_METHOD1(stopService, void(const std::string& service)); 82 std::unique_ptr<Config>& getOpenLdapConfigPtr() 83 { 84 return openLDAPConfigPtr; 85 } 86 87 std::string configBindPassword() 88 { 89 return getADConfigPtr()->ldapBindPassword; 90 } 91 92 std::unique_ptr<Config>& getADConfigPtr() 93 { 94 return ADConfigPtr; 95 } 96 void restore() 97 { 98 phosphor::ldap::ConfigMgr::restore(); 99 return; 100 } 101 102 void createDefaultObjects() 103 { 104 phosphor::ldap::ConfigMgr::createDefaultObjects(); 105 } 106 107 bool secureLDAP() 108 { 109 return ADConfigPtr->secureLDAP; 110 } 111 112 friend class TestLDAPConfig; 113 }; 114 115 TEST_F(TestLDAPConfig, testCreate) 116 { 117 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 118 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 119 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 120 auto dbusPersistentFilePath = std::string(dir.c_str()); 121 122 if (fs::exists(configFilePath)) 123 { 124 fs::remove(configFilePath); 125 } 126 EXPECT_FALSE(fs::exists(configFilePath)); 127 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 128 dbusPersistentFilePath.c_str(), 129 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 130 131 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2); 132 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2); 133 EXPECT_CALL(manager, restartService("nscd.service")).Times(2); 134 135 manager.createConfig( 136 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp", 137 "MyLdap12", ldap_base::Create::SearchScope::sub, 138 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 139 manager.getADConfigPtr()->enabled(true); 140 141 manager.createConfig("ldap://9.194.251.137/", "cn=Users", 142 "cn=Users,dc=test", "MyLdap123", 143 ldap_base::Create::SearchScope::sub, 144 ldap_base::Create::Type::OpenLdap, "uid", "gid"); 145 manager.getOpenLdapConfigPtr()->enabled(false); 146 147 // Below setting of username/groupname attr is to make sure 148 // that in-active config should not call the start/stop service. 149 manager.getOpenLdapConfigPtr()->userNameAttribute("abc"); 150 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc"); 151 152 manager.getOpenLdapConfigPtr()->groupNameAttribute("def"); 153 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def"); 154 155 EXPECT_TRUE(fs::exists(configFilePath)); 156 EXPECT_EQ(manager.getADConfigPtr()->ldapServerURI(), 157 "ldap://9.194.251.136/"); 158 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com"); 159 EXPECT_EQ(manager.getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp"); 160 EXPECT_EQ(manager.getADConfigPtr()->ldapSearchScope(), 161 ldap_base::Config::SearchScope::sub); 162 EXPECT_EQ(manager.getADConfigPtr()->ldapType(), 163 ldap_base::Config::Type::ActiveDirectory); 164 165 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid"); 166 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid"); 167 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), ""); 168 EXPECT_EQ(manager.configBindPassword(), "MyLdap12"); 169 // change the password 170 manager.getADConfigPtr()->ldapBindDNPassword("MyLdap14"); 171 EXPECT_EQ(manager.getADConfigPtr()->ldapBindDNPassword(), ""); 172 EXPECT_EQ(manager.configBindPassword(), "MyLdap14"); 173 } 174 175 TEST_F(TestLDAPConfig, testDefaultObject) 176 { 177 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 178 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 179 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 180 auto dbusPersistentFilePath = std::string(dir.c_str()); 181 182 if (fs::exists(configFilePath)) 183 { 184 fs::remove(configFilePath); 185 } 186 EXPECT_FALSE(fs::exists(configFilePath)); 187 188 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 189 dbusPersistentFilePath.c_str(), 190 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 191 192 manager.createDefaultObjects(); 193 194 EXPECT_NE(nullptr, manager.getADConfigPtr()); 195 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr()); 196 EXPECT_EQ(manager.getADConfigPtr()->ldapType(), 197 ldap_base::Config::Type::ActiveDirectory); 198 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(), 199 ldap_base::Config::Type::OpenLdap); 200 } 201 202 TEST_F(TestLDAPConfig, testRestoresDefault) 203 { 204 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 205 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 206 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 207 auto dbusPersistentFilePath = std::string(dir.c_str()); 208 209 if (fs::exists(configFilePath)) 210 { 211 fs::remove(configFilePath); 212 } 213 EXPECT_FALSE(fs::exists(configFilePath)); 214 215 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 216 dbusPersistentFilePath.c_str(), 217 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 218 219 EXPECT_CALL(manager, stopService("nslcd.service")).Times(1); 220 EXPECT_CALL(manager, restartService("nslcd.service")).Times(0); 221 EXPECT_CALL(manager, restartService("nscd.service")).Times(0); 222 223 manager.restore(); 224 225 EXPECT_NE(nullptr, manager.getADConfigPtr()); 226 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr()); 227 EXPECT_EQ(manager.getADConfigPtr()->ldapType(), 228 ldap_base::Config::Type::ActiveDirectory); 229 EXPECT_EQ(manager.getOpenLdapConfigPtr()->ldapType(), 230 ldap_base::Config::Type::OpenLdap); 231 EXPECT_FALSE(manager.getADConfigPtr()->enabled()); 232 EXPECT_FALSE(manager.getOpenLdapConfigPtr()->enabled()); 233 } 234 235 TEST_F(TestLDAPConfig, testRestores) 236 { 237 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 238 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 239 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 240 auto dbusPersistentFilePath = std::string(dir.c_str()); 241 242 if (fs::exists(configFilePath)) 243 { 244 fs::remove(configFilePath); 245 } 246 EXPECT_FALSE(fs::exists(configFilePath)); 247 MockConfigMgr* managerPtr = 248 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 249 dbusPersistentFilePath.c_str(), 250 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 251 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 252 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 253 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 254 managerPtr->createConfig( 255 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 256 "MyLdap12", ldap_base::Create::SearchScope::sub, 257 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 258 managerPtr->getADConfigPtr()->enabled(false); 259 EXPECT_FALSE(fs::exists(configFilePath)); 260 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled()); 261 managerPtr->getADConfigPtr()->enabled(true); 262 263 EXPECT_TRUE(fs::exists(configFilePath)); 264 // Restore from configFilePath 265 managerPtr->restore(); 266 // validate restored properties 267 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled()); 268 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 269 "ldap://9.194.251.138/"); 270 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), "cn=Users,dc=com"); 271 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), "cn=Users,dc=corp"); 272 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(), 273 ldap_base::Config::SearchScope::sub); 274 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(), 275 ldap_base::Config::Type::ActiveDirectory); 276 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid"); 277 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid"); 278 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDNPassword(), ""); 279 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12"); 280 delete managerPtr; 281 } 282 283 TEST_F(TestLDAPConfig, testLDAPServerURI) 284 { 285 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 286 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 287 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 288 auto dbusPersistentFilePath = std::string(dir.c_str()); 289 290 if (fs::exists(configFilePath)) 291 { 292 fs::remove(configFilePath); 293 } 294 EXPECT_FALSE(fs::exists(configFilePath)); 295 MockConfigMgr* managerPtr = 296 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 297 dbusPersistentFilePath.c_str(), 298 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 299 300 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 301 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 302 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 303 304 managerPtr->createConfig( 305 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 306 "MyLdap12", ldap_base::Create::SearchScope::sub, 307 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 308 managerPtr->getADConfigPtr()->enabled(true); 309 310 // Change LDAP Server URI 311 managerPtr->getADConfigPtr()->ldapServerURI("ldap://9.194.251.139/"); 312 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 313 "ldap://9.194.251.139/"); 314 315 fs::remove(tlsCACertFilePath.c_str()); 316 // Change LDAP Server URI to make it secure 317 EXPECT_THROW( 318 managerPtr->getADConfigPtr()->ldapServerURI("ldaps://9.194.251.139/"), 319 NoCACertificate); 320 321 // check once again 322 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 323 "ldap://9.194.251.139/"); 324 325 managerPtr->restore(); 326 // Check LDAP Server URI 327 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapServerURI(), 328 "ldap://9.194.251.139/"); 329 delete managerPtr; 330 } 331 332 TEST_F(TestLDAPConfig, testLDAPBindDN) 333 { 334 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 335 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 336 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 337 auto dbusPersistentFilePath = std::string(dir.c_str()); 338 339 if (fs::exists(configFilePath)) 340 { 341 fs::remove(configFilePath); 342 } 343 EXPECT_FALSE(fs::exists(configFilePath)); 344 MockConfigMgr* managerPtr = 345 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 346 dbusPersistentFilePath.c_str(), 347 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 348 349 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 350 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 351 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 352 353 managerPtr->createConfig( 354 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 355 "MyLdap12", ldap_base::Create::SearchScope::sub, 356 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 357 managerPtr->getADConfigPtr()->enabled(true); 358 359 // Change LDAP BindDN 360 managerPtr->getADConfigPtr()->ldapBindDN( 361 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 362 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), 363 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 364 // Change LDAP BindDN 365 EXPECT_THROW( 366 { 367 try 368 { 369 managerPtr->getADConfigPtr()->ldapBindDN(""); 370 } 371 catch (const InvalidArgument& e) 372 { 373 throw; 374 } 375 }, 376 InvalidArgument); 377 378 managerPtr->restore(); 379 // Check LDAP BindDN after restoring 380 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBindDN(), 381 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 382 delete managerPtr; 383 } 384 385 TEST_F(TestLDAPConfig, testLDAPBaseDN) 386 { 387 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 388 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 389 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 390 auto dbusPersistentFilePath = std::string(dir.c_str()); 391 392 if (fs::exists(configFilePath)) 393 { 394 fs::remove(configFilePath); 395 } 396 EXPECT_FALSE(fs::exists(configFilePath)); 397 MockConfigMgr* managerPtr = 398 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 399 dbusPersistentFilePath.c_str(), 400 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 401 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 402 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 403 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 404 managerPtr->createConfig( 405 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 406 "MyLdap12", ldap_base::Create::SearchScope::sub, 407 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 408 managerPtr->getADConfigPtr()->enabled(true); 409 // Change LDAP BaseDN 410 managerPtr->getADConfigPtr()->ldapBaseDN( 411 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 412 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), 413 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 414 // Change LDAP BaseDN 415 EXPECT_THROW( 416 { 417 try 418 { 419 managerPtr->getADConfigPtr()->ldapBaseDN(""); 420 } 421 catch (const InvalidArgument& e) 422 { 423 throw; 424 } 425 }, 426 InvalidArgument); 427 428 managerPtr->restore(); 429 // Check LDAP BaseDN after restoring 430 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapBaseDN(), 431 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 432 delete managerPtr; 433 } 434 435 TEST_F(TestLDAPConfig, testSearchScope) 436 { 437 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 438 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 439 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 440 auto dbusPersistentFilePath = std::string(dir.c_str()); 441 442 if (fs::exists(configFilePath)) 443 { 444 fs::remove(configFilePath); 445 } 446 EXPECT_FALSE(fs::exists(configFilePath)); 447 MockConfigMgr* managerPtr = 448 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 449 dbusPersistentFilePath.c_str(), 450 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 451 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 452 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(3); 453 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 454 managerPtr->createConfig( 455 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 456 "MyLdap12", ldap_base::Create::SearchScope::sub, 457 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 458 managerPtr->getADConfigPtr()->enabled(true); 459 460 // Change LDAP SearchScope 461 managerPtr->getADConfigPtr()->ldapSearchScope( 462 ldap_base::Config::SearchScope::one); 463 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(), 464 ldap_base::Config::SearchScope::one); 465 466 managerPtr->restore(); 467 // Check LDAP SearchScope after restoring 468 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapSearchScope(), 469 ldap_base::Config::SearchScope::one); 470 delete managerPtr; 471 } 472 473 TEST_F(TestLDAPConfig, testLDAPType) 474 { 475 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 476 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 477 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 478 auto dbusPersistentFilePath = std::string(dir.c_str()); 479 480 if (fs::exists(configFilePath)) 481 { 482 fs::remove(configFilePath); 483 } 484 EXPECT_FALSE(fs::exists(configFilePath)); 485 MockConfigMgr* managerPtr = 486 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 487 dbusPersistentFilePath.c_str(), 488 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 489 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 490 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 491 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 492 managerPtr->createConfig( 493 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 494 "MyLdap12", ldap_base::Create::SearchScope::sub, 495 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 496 managerPtr->getADConfigPtr()->enabled(true); 497 498 // Change LDAP type 499 // will not be changed 500 EXPECT_THROW(managerPtr->getADConfigPtr()->ldapType( 501 ldap_base::Config::Type::OpenLdap), 502 NotAllowed); 503 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(), 504 ldap_base::Config::Type::ActiveDirectory); 505 506 managerPtr->restore(); 507 // Check LDAP type after restoring 508 EXPECT_EQ(managerPtr->getADConfigPtr()->ldapType(), 509 ldap_base::Config::Type::ActiveDirectory); 510 delete managerPtr; 511 } 512 513 TEST_F(TestLDAPConfig, testsecureLDAPRestore) 514 { 515 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 516 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 517 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 518 auto dbusPersistentFilePath = std::string(dir.c_str()); 519 520 if (fs::exists(configFilePath)) 521 { 522 fs::remove(configFilePath); 523 } 524 EXPECT_FALSE(fs::exists(configFilePath)); 525 MockConfigMgr* managerPtr = 526 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 527 dbusPersistentFilePath.c_str(), 528 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 529 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 530 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 531 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 532 managerPtr->createConfig( 533 "ldaps://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 534 "MyLdap12", ldap_base::Create::SearchScope::sub, 535 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 536 managerPtr->getADConfigPtr()->enabled(true); 537 EXPECT_TRUE(managerPtr->secureLDAP()); 538 managerPtr->restore(); 539 // Check secureLDAP variable value after restoring 540 EXPECT_TRUE(managerPtr->secureLDAP()); 541 542 delete managerPtr; 543 } 544 545 TEST_F(TestLDAPConfig, filePermission) 546 { 547 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 548 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 549 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 550 auto dbusPersistentFilePath = std::string(dir.c_str()); 551 552 if (fs::exists(configFilePath)) 553 { 554 fs::remove(configFilePath); 555 } 556 EXPECT_FALSE(fs::exists(configFilePath)); 557 MockConfigMgr* managerPtr = 558 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 559 dbusPersistentFilePath.c_str(), 560 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 561 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 562 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 563 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 564 managerPtr->createConfig( 565 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 566 "MyLdap12", ldap_base::Create::SearchScope::sub, 567 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 568 managerPtr->getADConfigPtr()->enabled(true); 569 570 // Permission of the persistent file should be 640 571 // Others should not be allowed to read. 572 auto permission = 573 fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read; 574 auto persistFilepath = std::string(dir.c_str()); 575 persistFilepath += adDbusObjectPath; 576 persistFilepath += "/config"; 577 578 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission); 579 delete managerPtr; 580 } 581 582 TEST_F(TestLDAPConfig, ConditionalEnableConfig) 583 { 584 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 585 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 586 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 587 auto dbusPersistentFilePath = std::string(dir.c_str()); 588 589 if (fs::exists(configFilePath)) 590 { 591 fs::remove(configFilePath); 592 } 593 EXPECT_FALSE(fs::exists(configFilePath)); 594 MockConfigMgr* managerPtr = 595 new MockConfigMgr(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 596 dbusPersistentFilePath.c_str(), 597 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 598 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3); 599 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 600 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); 601 managerPtr->createConfig( 602 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 603 "MyLdap12", ldap_base::Create::SearchScope::sub, 604 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 605 606 managerPtr->createConfig( 607 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp", 608 "MyLdap123", ldap_base::Create::SearchScope::sub, 609 ldap_base::Create::Type::OpenLdap, "attr1", "attr2"); 610 611 // Enable the AD configuration 612 managerPtr->getADConfigPtr()->enabled(true); 613 614 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 615 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 616 617 // AS AD is already enabled so openldap can't be enabled. 618 EXPECT_THROW( 619 { 620 try 621 { 622 managerPtr->getOpenLdapConfigPtr()->enabled(true); 623 } 624 catch (const NotAllowed& e) 625 { 626 throw; 627 } 628 }, 629 NotAllowed); 630 // Check the values 631 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 632 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 633 // Let's disable the AD. 634 managerPtr->getADConfigPtr()->enabled(false); 635 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 636 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 637 // Now enable the openldap 638 managerPtr->getOpenLdapConfigPtr()->enabled(true); 639 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true); 640 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 641 642 delete managerPtr; 643 } 644 645 TEST_F(TestLDAPConfig, createPrivMapping) 646 { 647 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 648 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 649 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 650 auto dbusPersistentFilePath = std::string(dir.c_str()); 651 652 if (fs::exists(configFilePath)) 653 { 654 fs::remove(configFilePath); 655 } 656 EXPECT_FALSE(fs::exists(configFilePath)); 657 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 658 dbusPersistentFilePath.c_str(), 659 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 660 manager.createDefaultObjects(); 661 // Create the priv-mapping under the config. 662 manager.getADConfigPtr()->create("admin", "priv-admin"); 663 // Check whether the entry has been created. 664 EXPECT_THROW( 665 { 666 try 667 { 668 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 669 } 670 catch (const PrivilegeMappingExists& e) 671 { 672 throw; 673 } 674 }, 675 PrivilegeMappingExists); 676 } 677 678 TEST_F(TestLDAPConfig, deletePrivMapping) 679 { 680 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 681 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 682 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 683 auto dbusPersistentFilePath = std::string(dir.c_str()); 684 685 if (fs::exists(configFilePath)) 686 { 687 fs::remove(configFilePath); 688 } 689 EXPECT_FALSE(fs::exists(configFilePath)); 690 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 691 dbusPersistentFilePath.c_str(), 692 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 693 manager.createDefaultObjects(); 694 // Create the priv-mapping under the config. 695 manager.getADConfigPtr()->create("admin", "priv-admin"); 696 manager.getADConfigPtr()->create("user", "priv-user"); 697 // Check whether the entry has been created. 698 EXPECT_THROW( 699 { 700 try 701 { 702 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 703 manager.getADConfigPtr()->checkPrivilegeMapper("user"); 704 } 705 catch (const PrivilegeMappingExists& e) 706 { 707 throw; 708 } 709 }, 710 PrivilegeMappingExists); 711 712 // This would delete the admin privilege 713 manager.getADConfigPtr()->deletePrivilegeMapper(1); 714 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin")); 715 manager.getADConfigPtr()->deletePrivilegeMapper(2); 716 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user")); 717 } 718 719 TEST_F(TestLDAPConfig, restorePrivMapping) 720 { 721 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 722 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 723 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 724 auto dbusPersistentFilePath = std::string(dir.c_str()); 725 726 if (fs::exists(configFilePath)) 727 { 728 fs::remove(configFilePath); 729 } 730 EXPECT_FALSE(fs::exists(configFilePath)); 731 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 732 dbusPersistentFilePath.c_str(), 733 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 734 manager.createDefaultObjects(); 735 // Create the priv-mapping under the config. 736 manager.getADConfigPtr()->create("admin", "priv-admin"); 737 manager.getOpenLdapConfigPtr()->create("user", "priv-user"); 738 manager.restore(); 739 EXPECT_THROW( 740 { 741 try 742 { 743 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 744 } 745 catch (const PrivilegeMappingExists& e) 746 { 747 throw; 748 } 749 }, 750 PrivilegeMappingExists); 751 752 EXPECT_THROW( 753 { 754 try 755 { 756 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user"); 757 } 758 catch (const PrivilegeMappingExists& e) 759 { 760 throw; 761 } 762 }, 763 PrivilegeMappingExists); 764 } 765 766 TEST_F(TestLDAPConfig, testPrivileges) 767 { 768 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile; 769 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile; 770 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile; 771 auto dbusPersistentFilePath = std::string(dir.c_str()); 772 773 if (fs::exists(configFilePath)) 774 { 775 fs::remove(configFilePath); 776 } 777 EXPECT_FALSE(fs::exists(configFilePath)); 778 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 779 dbusPersistentFilePath.c_str(), 780 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str()); 781 manager.createDefaultObjects(); 782 783 std::string groupName = "admin"; 784 std::string privilege = "priv-admin"; 785 size_t entryId = 1; 786 auto dbusPath = std::string(LDAP_CONFIG_ROOT) + 787 "/active_directory/role_map/" + std::to_string(entryId); 788 dbusPersistentFilePath += dbusPath; 789 790 auto entry = std::make_unique<LDAPMapperEntry>( 791 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName, 792 privilege, *(manager.getADConfigPtr())); 793 794 EXPECT_NO_THROW(entry->privilege("priv-operator")); 795 EXPECT_NO_THROW(entry->privilege("priv-user")); 796 } 797 798 } // namespace ldap 799 } // namespace phosphor 800