1 #include "config.h" 2 #include "phosphor-ldap-config/ldap_config.hpp" 3 #include "phosphor-ldap-config/ldap_config_mgr.hpp" 4 5 #include <phosphor-logging/log.hpp> 6 #include <phosphor-logging/elog-errors.hpp> 7 #include <sdbusplus/bus.hpp> 8 #include <xyz/openbmc_project/Common/error.hpp> 9 #include <xyz/openbmc_project/User/Common/error.hpp> 10 #include <sdbusplus/bus.hpp> 11 #include <gmock/gmock.h> 12 #include <gtest/gtest.h> 13 14 #include <filesystem> 15 #include <fstream> 16 #include <string> 17 #include <sys/types.h> 18 19 namespace phosphor 20 { 21 namespace ldap 22 { 23 namespace fs = std::filesystem; 24 namespace ldap_base = sdbusplus::xyz::openbmc_project::User::Ldap::server; 25 using NotAllowed = sdbusplus::xyz::openbmc_project::Common::Error::NotAllowed; 26 using NotAllowedArgument = xyz::openbmc_project::Common::NotAllowed; 27 28 using Config = phosphor::ldap::Config; 29 static constexpr const char* dbusPersistFile = "Config"; 30 using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common:: 31 Error::PrivilegeMappingExists; 32 33 class TestLDAPConfig : public testing::Test 34 { 35 public: 36 TestLDAPConfig() : bus(sdbusplus::bus::new_default()) 37 { 38 } 39 void SetUp() override 40 { 41 using namespace phosphor::ldap; 42 char tmpldap[] = "/tmp/ldap_test.XXXXXX"; 43 dir = fs::path(mkdtemp(tmpldap)); 44 fs::path tslCacertFilePath{TLS_CACERT_FILE}; 45 tslCacertFile = tslCacertFilePath.filename().c_str(); 46 fs::path confFilePath{LDAP_CONFIG_FILE}; 47 ldapconfFile = confFilePath.filename().c_str(); 48 std::fstream fs; 49 fs.open(dir / defaultNslcdFile, std::fstream::out); 50 fs.close(); 51 fs.open(dir / nsSwitchFile, std::fstream::out); 52 fs.close(); 53 } 54 55 void TearDown() override 56 { 57 fs::remove_all(dir); 58 } 59 60 protected: 61 fs::path dir; 62 std::string tslCacertFile; 63 std::string ldapconfFile; 64 sdbusplus::bus::bus bus; 65 }; 66 67 class MockConfigMgr : public phosphor::ldap::ConfigMgr 68 { 69 public: 70 MockConfigMgr(sdbusplus::bus::bus& bus, const char* path, 71 const char* filePath, const char* dbusPersistentFile, 72 const char* caCertFile) : 73 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile, 74 caCertFile) 75 { 76 } 77 MOCK_METHOD1(restartService, void(const std::string& service)); 78 MOCK_METHOD1(stopService, void(const std::string& service)); 79 std::unique_ptr<Config>& getOpenLdapConfigPtr() 80 { 81 return openLDAPConfigPtr; 82 } 83 84 std::string configBindPassword() 85 { 86 return getADConfigPtr()->lDAPBindPassword; 87 } 88 89 std::unique_ptr<Config>& getADConfigPtr() 90 { 91 return ADConfigPtr; 92 } 93 void restore() 94 { 95 phosphor::ldap::ConfigMgr::restore(); 96 return; 97 } 98 99 void createDefaultObjects() 100 { 101 phosphor::ldap::ConfigMgr::createDefaultObjects(); 102 } 103 104 friend class TestLDAPConfig; 105 }; 106 107 TEST_F(TestLDAPConfig, testCreate) 108 { 109 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 110 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 111 auto dbusPersistentFilePath = std::string(dir.c_str()); 112 113 if (fs::exists(configFilePath)) 114 { 115 fs::remove(configFilePath); 116 } 117 EXPECT_FALSE(fs::exists(configFilePath)); 118 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 119 dbusPersistentFilePath.c_str(), 120 tlsCacertfile.c_str()); 121 122 EXPECT_CALL(manager, stopService("nslcd.service")).Times(2); 123 EXPECT_CALL(manager, restartService("nslcd.service")).Times(2); 124 EXPECT_CALL(manager, restartService("nscd.service")).Times(2); 125 126 manager.createConfig( 127 "ldap://9.194.251.136/", "cn=Users,dc=com", "cn=Users,dc=corp", 128 "MyLdap12", ldap_base::Create::SearchScope::sub, 129 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 130 manager.getADConfigPtr()->enabled(true); 131 132 manager.createConfig("ldap://9.194.251.137/", "cn=Users", 133 "cn=Users,dc=test", "MyLdap123", 134 ldap_base::Create::SearchScope::sub, 135 ldap_base::Create::Type::OpenLdap, "uid", "gid"); 136 manager.getOpenLdapConfigPtr()->enabled(false); 137 138 // Below setting of username/groupname attr is to make sure 139 // that in-active config should not call the start/stop service. 140 manager.getOpenLdapConfigPtr()->userNameAttribute("abc"); 141 EXPECT_EQ(manager.getOpenLdapConfigPtr()->userNameAttribute(), "abc"); 142 143 manager.getOpenLdapConfigPtr()->groupNameAttribute("def"); 144 EXPECT_EQ(manager.getOpenLdapConfigPtr()->groupNameAttribute(), "def"); 145 146 EXPECT_TRUE(fs::exists(configFilePath)); 147 EXPECT_EQ(manager.getADConfigPtr()->lDAPServerURI(), 148 "ldap://9.194.251.136/"); 149 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com"); 150 EXPECT_EQ(manager.getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp"); 151 EXPECT_EQ(manager.getADConfigPtr()->lDAPSearchScope(), 152 ldap_base::Config::SearchScope::sub); 153 EXPECT_EQ(manager.getADConfigPtr()->lDAPType(), 154 ldap_base::Config::Type::ActiveDirectory); 155 156 EXPECT_EQ(manager.getADConfigPtr()->userNameAttribute(), "uid"); 157 EXPECT_EQ(manager.getADConfigPtr()->groupNameAttribute(), "gid"); 158 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), ""); 159 EXPECT_EQ(manager.configBindPassword(), "MyLdap12"); 160 // change the password 161 manager.getADConfigPtr()->lDAPBindDNPassword("MyLdap14"); 162 EXPECT_EQ(manager.getADConfigPtr()->lDAPBindDNPassword(), ""); 163 EXPECT_EQ(manager.configBindPassword(), "MyLdap14"); 164 } 165 166 TEST_F(TestLDAPConfig, testDefaultObject) 167 { 168 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 169 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 170 auto dbusPersistentFilePath = std::string(dir.c_str()); 171 172 if (fs::exists(configFilePath)) 173 { 174 fs::remove(configFilePath); 175 } 176 EXPECT_FALSE(fs::exists(configFilePath)); 177 178 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 179 dbusPersistentFilePath.c_str(), 180 tlsCacertfile.c_str()); 181 182 manager.createDefaultObjects(); 183 184 EXPECT_NE(nullptr, manager.getADConfigPtr()); 185 EXPECT_NE(nullptr, manager.getOpenLdapConfigPtr()); 186 EXPECT_EQ(manager.getADConfigPtr()->lDAPType(), 187 ldap_base::Config::Type::ActiveDirectory); 188 EXPECT_EQ(manager.getOpenLdapConfigPtr()->lDAPType(), 189 ldap_base::Config::Type::OpenLdap); 190 } 191 192 TEST_F(TestLDAPConfig, testRestores) 193 { 194 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 195 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 196 auto dbusPersistentFilePath = std::string(dir.c_str()); 197 198 if (fs::exists(configFilePath)) 199 { 200 fs::remove(configFilePath); 201 } 202 EXPECT_FALSE(fs::exists(configFilePath)); 203 MockConfigMgr* managerPtr = new MockConfigMgr( 204 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 205 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 206 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 207 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 208 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 209 managerPtr->createConfig( 210 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 211 "MyLdap12", ldap_base::Create::SearchScope::sub, 212 ldap_base::Create::Type::ActiveDirectory, "uid", "gid"); 213 managerPtr->getADConfigPtr()->enabled(false); 214 EXPECT_FALSE(fs::exists(configFilePath)); 215 EXPECT_FALSE(managerPtr->getADConfigPtr()->enabled()); 216 managerPtr->getADConfigPtr()->enabled(true); 217 218 EXPECT_TRUE(fs::exists(configFilePath)); 219 // Restore from configFilePath 220 managerPtr->restore(); 221 // validate restored properties 222 EXPECT_TRUE(managerPtr->getADConfigPtr()->enabled()); 223 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 224 "ldap://9.194.251.138/"); 225 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), "cn=Users,dc=com"); 226 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), "cn=Users,dc=corp"); 227 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 228 ldap_base::Config::SearchScope::sub); 229 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 230 ldap_base::Config::Type::ActiveDirectory); 231 EXPECT_EQ(managerPtr->getADConfigPtr()->userNameAttribute(), "uid"); 232 EXPECT_EQ(managerPtr->getADConfigPtr()->groupNameAttribute(), "gid"); 233 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDNPassword(), ""); 234 EXPECT_EQ(managerPtr->configBindPassword(), "MyLdap12"); 235 delete managerPtr; 236 } 237 238 TEST_F(TestLDAPConfig, testLDAPServerURI) 239 { 240 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 241 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 242 auto dbusPersistentFilePath = std::string(dir.c_str()); 243 244 if (fs::exists(configFilePath)) 245 { 246 fs::remove(configFilePath); 247 } 248 EXPECT_FALSE(fs::exists(configFilePath)); 249 MockConfigMgr* managerPtr = new MockConfigMgr( 250 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 251 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 252 253 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 254 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 255 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 256 257 managerPtr->createConfig( 258 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 259 "MyLdap12", ldap_base::Create::SearchScope::sub, 260 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 261 managerPtr->getADConfigPtr()->enabled(true); 262 263 // Change LDAP Server URI 264 managerPtr->getADConfigPtr()->lDAPServerURI("ldap://9.194.251.139/"); 265 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 266 "ldap://9.194.251.139/"); 267 268 // Change LDAP Server URI to make it secure 269 EXPECT_THROW( 270 managerPtr->getADConfigPtr()->lDAPServerURI("ldaps://9.194.251.139/"), 271 NoCACertificate); 272 273 // check once again 274 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 275 "ldap://9.194.251.139/"); 276 277 managerPtr->restore(); 278 // Check LDAP Server URI 279 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPServerURI(), 280 "ldap://9.194.251.139/"); 281 delete managerPtr; 282 } 283 284 TEST_F(TestLDAPConfig, testLDAPBindDN) 285 { 286 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 287 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 288 auto dbusPersistentFilePath = std::string(dir.c_str()); 289 290 if (fs::exists(configFilePath)) 291 { 292 fs::remove(configFilePath); 293 } 294 EXPECT_FALSE(fs::exists(configFilePath)); 295 MockConfigMgr* managerPtr = new MockConfigMgr( 296 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 297 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 298 299 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 300 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 301 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 302 303 managerPtr->createConfig( 304 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 305 "MyLdap12", ldap_base::Create::SearchScope::sub, 306 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 307 managerPtr->getADConfigPtr()->enabled(true); 308 309 // Change LDAP BindDN 310 managerPtr->getADConfigPtr()->lDAPBindDN( 311 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 312 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), 313 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 314 // Change LDAP BindDN 315 EXPECT_THROW( 316 { 317 try 318 { 319 managerPtr->getADConfigPtr()->lDAPBindDN(""); 320 } 321 catch (const InvalidArgument& e) 322 { 323 throw; 324 } 325 }, 326 InvalidArgument); 327 328 managerPtr->restore(); 329 // Check LDAP BindDN after restoring 330 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBindDN(), 331 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 332 delete managerPtr; 333 } 334 335 TEST_F(TestLDAPConfig, testLDAPBaseDN) 336 { 337 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 338 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 339 auto dbusPersistentFilePath = std::string(dir.c_str()); 340 341 if (fs::exists(configFilePath)) 342 { 343 fs::remove(configFilePath); 344 } 345 EXPECT_FALSE(fs::exists(configFilePath)); 346 MockConfigMgr* managerPtr = new MockConfigMgr( 347 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 348 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 349 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 350 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 351 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 352 managerPtr->createConfig( 353 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 354 "MyLdap12", ldap_base::Create::SearchScope::sub, 355 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 356 managerPtr->getADConfigPtr()->enabled(true); 357 // Change LDAP BaseDN 358 managerPtr->getADConfigPtr()->lDAPBaseDN( 359 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 360 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), 361 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 362 // Change LDAP BaseDN 363 EXPECT_THROW( 364 { 365 try 366 { 367 managerPtr->getADConfigPtr()->lDAPBaseDN(""); 368 } 369 catch (const InvalidArgument& e) 370 { 371 throw; 372 } 373 }, 374 InvalidArgument); 375 376 managerPtr->restore(); 377 // Check LDAP BaseDN after restoring 378 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPBaseDN(), 379 "cn=Administrator,cn=Users,dc=corp,dc=ibm,dc=com"); 380 delete managerPtr; 381 } 382 383 TEST_F(TestLDAPConfig, testSearchScope) 384 { 385 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 386 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 387 auto dbusPersistentFilePath = std::string(dir.c_str()); 388 389 if (fs::exists(configFilePath)) 390 { 391 fs::remove(configFilePath); 392 } 393 EXPECT_FALSE(fs::exists(configFilePath)); 394 MockConfigMgr* managerPtr = new MockConfigMgr( 395 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 396 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 397 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 398 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 399 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 400 managerPtr->createConfig( 401 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 402 "MyLdap12", ldap_base::Create::SearchScope::sub, 403 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 404 managerPtr->getADConfigPtr()->enabled(true); 405 406 // Change LDAP SearchScope 407 managerPtr->getADConfigPtr()->lDAPSearchScope( 408 ldap_base::Config::SearchScope::one); 409 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 410 ldap_base::Config::SearchScope::one); 411 412 managerPtr->restore(); 413 // Check LDAP SearchScope after restoring 414 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPSearchScope(), 415 ldap_base::Config::SearchScope::one); 416 delete managerPtr; 417 } 418 419 TEST_F(TestLDAPConfig, testLDAPType) 420 { 421 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 422 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 423 auto dbusPersistentFilePath = std::string(dir.c_str()); 424 425 if (fs::exists(configFilePath)) 426 { 427 fs::remove(configFilePath); 428 } 429 EXPECT_FALSE(fs::exists(configFilePath)); 430 MockConfigMgr* managerPtr = new MockConfigMgr( 431 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 432 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 433 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 434 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 435 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 436 managerPtr->createConfig( 437 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 438 "MyLdap12", ldap_base::Create::SearchScope::sub, 439 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 440 managerPtr->getADConfigPtr()->enabled(true); 441 442 // Change LDAP type 443 // will not be changed 444 EXPECT_THROW(managerPtr->getADConfigPtr()->lDAPType( 445 ldap_base::Config::Type::OpenLdap), 446 NotAllowed); 447 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 448 ldap_base::Config::Type::ActiveDirectory); 449 450 managerPtr->restore(); 451 // Check LDAP type after restoring 452 EXPECT_EQ(managerPtr->getADConfigPtr()->lDAPType(), 453 ldap_base::Config::Type::ActiveDirectory); 454 delete managerPtr; 455 } 456 457 TEST_F(TestLDAPConfig, filePermission) 458 { 459 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 460 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 461 auto dbusPersistentFilePath = std::string(dir.c_str()); 462 463 if (fs::exists(configFilePath)) 464 { 465 fs::remove(configFilePath); 466 } 467 EXPECT_FALSE(fs::exists(configFilePath)); 468 MockConfigMgr* managerPtr = new MockConfigMgr( 469 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 470 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 471 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(1); 472 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(1); 473 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(1); 474 managerPtr->createConfig( 475 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 476 "MyLdap12", ldap_base::Create::SearchScope::sub, 477 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 478 managerPtr->getADConfigPtr()->enabled(true); 479 480 // Permission of the persistent file should be 640 481 // Others should not be allowed to read. 482 auto permission = 483 fs::perms::owner_read | fs::perms::owner_write | fs::perms::group_read; 484 auto persistFilepath = std::string(dir.c_str()); 485 persistFilepath += ADDbusObjectPath; 486 persistFilepath += "/config"; 487 488 EXPECT_EQ(fs::status(persistFilepath).permissions(), permission); 489 delete managerPtr; 490 } 491 492 TEST_F(TestLDAPConfig, ConditionalEnableConfig) 493 { 494 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 495 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 496 auto dbusPersistentFilePath = std::string(dir.c_str()); 497 498 if (fs::exists(configFilePath)) 499 { 500 fs::remove(configFilePath); 501 } 502 EXPECT_FALSE(fs::exists(configFilePath)); 503 MockConfigMgr* managerPtr = new MockConfigMgr( 504 bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 505 dbusPersistentFilePath.c_str(), tlsCacertfile.c_str()); 506 EXPECT_CALL(*managerPtr, stopService("nslcd.service")).Times(3); 507 EXPECT_CALL(*managerPtr, restartService("nslcd.service")).Times(2); 508 EXPECT_CALL(*managerPtr, restartService("nscd.service")).Times(2); 509 managerPtr->createConfig( 510 "ldap://9.194.251.138/", "cn=Users,dc=com", "cn=Users,dc=corp", 511 "MyLdap12", ldap_base::Create::SearchScope::sub, 512 ldap_base::Create::Type::ActiveDirectory, "attr1", "attr2"); 513 514 managerPtr->createConfig( 515 "ldap://9.194.251.139/", "cn=Users,dc=com, dc=ldap", "cn=Users,dc=corp", 516 "MyLdap123", ldap_base::Create::SearchScope::sub, 517 ldap_base::Create::Type::OpenLdap, "attr1", "attr2"); 518 519 // Enable the AD configuration 520 managerPtr->getADConfigPtr()->enabled(true); 521 522 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 523 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 524 525 // AS AD is already enabled so openldap can't be enabled. 526 EXPECT_THROW( 527 { 528 try 529 { 530 managerPtr->getOpenLdapConfigPtr()->enabled(true); 531 } 532 catch (const NotAllowed& e) 533 { 534 throw; 535 } 536 }, 537 NotAllowed); 538 // Check the values 539 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), true); 540 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 541 // Let's disable the AD. 542 managerPtr->getADConfigPtr()->enabled(false); 543 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 544 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), false); 545 // Now enable the openldap 546 managerPtr->getOpenLdapConfigPtr()->enabled(true); 547 EXPECT_EQ(managerPtr->getOpenLdapConfigPtr()->enabled(), true); 548 EXPECT_EQ(managerPtr->getADConfigPtr()->enabled(), false); 549 550 delete managerPtr; 551 } 552 553 TEST_F(TestLDAPConfig, createPrivMapping) 554 { 555 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 556 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 557 auto dbusPersistentFilePath = std::string(dir.c_str()); 558 559 if (fs::exists(configFilePath)) 560 { 561 fs::remove(configFilePath); 562 } 563 EXPECT_FALSE(fs::exists(configFilePath)); 564 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 565 dbusPersistentFilePath.c_str(), 566 tlsCacertfile.c_str()); 567 manager.createDefaultObjects(); 568 // Create the priv-mapping under the config. 569 manager.getADConfigPtr()->create("admin", "priv-admin"); 570 // Check whether the entry has been created. 571 EXPECT_THROW( 572 { 573 try 574 { 575 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 576 } 577 catch (const PrivilegeMappingExists& e) 578 { 579 throw; 580 } 581 }, 582 PrivilegeMappingExists); 583 } 584 585 TEST_F(TestLDAPConfig, deletePrivMapping) 586 { 587 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 588 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 589 auto dbusPersistentFilePath = std::string(dir.c_str()); 590 591 if (fs::exists(configFilePath)) 592 { 593 fs::remove(configFilePath); 594 } 595 EXPECT_FALSE(fs::exists(configFilePath)); 596 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 597 dbusPersistentFilePath.c_str(), 598 tlsCacertfile.c_str()); 599 manager.createDefaultObjects(); 600 // Create the priv-mapping under the config. 601 manager.getADConfigPtr()->create("admin", "priv-admin"); 602 manager.getADConfigPtr()->create("user", "priv-user"); 603 // Check whether the entry has been created. 604 EXPECT_THROW( 605 { 606 try 607 { 608 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 609 manager.getADConfigPtr()->checkPrivilegeMapper("user"); 610 } 611 catch (const PrivilegeMappingExists& e) 612 { 613 throw; 614 } 615 }, 616 PrivilegeMappingExists); 617 618 // This would delete the admin privilege 619 manager.getADConfigPtr()->deletePrivilegeMapper(1); 620 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin")); 621 manager.getADConfigPtr()->deletePrivilegeMapper(2); 622 EXPECT_NO_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("user")); 623 } 624 625 TEST_F(TestLDAPConfig, restorePrivMapping) 626 { 627 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 628 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 629 auto dbusPersistentFilePath = std::string(dir.c_str()); 630 631 if (fs::exists(configFilePath)) 632 { 633 fs::remove(configFilePath); 634 } 635 EXPECT_FALSE(fs::exists(configFilePath)); 636 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 637 dbusPersistentFilePath.c_str(), 638 tlsCacertfile.c_str()); 639 manager.createDefaultObjects(); 640 // Create the priv-mapping under the config. 641 manager.getADConfigPtr()->create("admin", "priv-admin"); 642 manager.getOpenLdapConfigPtr()->create("user", "priv-user"); 643 manager.restore(); 644 EXPECT_THROW( 645 { 646 try 647 { 648 manager.getADConfigPtr()->checkPrivilegeMapper("admin"); 649 } 650 catch (const PrivilegeMappingExists& e) 651 { 652 throw; 653 } 654 }, 655 PrivilegeMappingExists); 656 657 EXPECT_THROW( 658 { 659 try 660 { 661 manager.getOpenLdapConfigPtr()->checkPrivilegeMapper("user"); 662 } 663 catch (const PrivilegeMappingExists& e) 664 { 665 throw; 666 } 667 }, 668 PrivilegeMappingExists); 669 } 670 671 TEST_F(TestLDAPConfig, testPrivileges) 672 { 673 auto configFilePath = std::string(dir.c_str()) + "/" + ldapconfFile; 674 auto tlsCacertfile = std::string(dir.c_str()) + "/" + tslCacertFile; 675 auto dbusPersistentFilePath = std::string(dir.c_str()); 676 677 if (fs::exists(configFilePath)) 678 { 679 fs::remove(configFilePath); 680 } 681 EXPECT_FALSE(fs::exists(configFilePath)); 682 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(), 683 dbusPersistentFilePath.c_str(), 684 tlsCacertfile.c_str()); 685 manager.createDefaultObjects(); 686 687 std::string groupName = "admin"; 688 std::string privilege = "priv-admin"; 689 size_t entryId = 1; 690 auto dbusPath = std::string(LDAP_CONFIG_ROOT) + 691 "/active_directory/role_map/" + std::to_string(entryId); 692 dbusPersistentFilePath += dbusPath; 693 694 auto entry = std::make_unique<LDAPMapperEntry>( 695 bus, dbusPath.c_str(), dbusPersistentFilePath.c_str(), groupName, 696 privilege, *(manager.getADConfigPtr())); 697 698 EXPECT_NO_THROW(entry->privilege("priv-operator")); 699 EXPECT_NO_THROW(entry->privilege("priv-user")); 700 EXPECT_NO_THROW(entry->privilege("priv-callback")); 701 } 702 703 } // namespace ldap 704 } // namespace phosphor 705