1 #include "config.h"
2
3 #include "phosphor-ldap-config/ldap_config.hpp"
4 #include "phosphor-ldap-config/ldap_config_mgr.hpp"
5 #include "phosphor-ldap-config/ldap_mapper_entry.hpp"
6
7 #include <sdbusplus/bus.hpp>
8 #include <xyz/openbmc_project/Common/error.hpp>
9 #include <xyz/openbmc_project/User/Common/error.hpp>
10
11 #include <filesystem>
12 #include <fstream>
13 #include <string>
14
15 #include <gmock/gmock.h>
16 #include <gtest/gtest.h>
17
18 namespace phosphor
19 {
20 namespace ldap
21 {
22 namespace fs = std::filesystem;
23 using namespace sdbusplus::xyz::openbmc_project::Common::Error;
24 using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
25 Error::PrivilegeMappingExists;
26
27 class MockConfigMgr : public phosphor::ldap::ConfigMgr
28 {
29 public:
MockConfigMgr(sdbusplus::bus_t & bus,const char * path,const char * filePath,const char * dbusPersistentFile,const char * caCertFile,const char * certFile)30 MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
31 const char* dbusPersistentFile, const char* caCertFile,
32 const char* certFile) :
33 phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
34 caCertFile, certFile)
35 {}
36 MOCK_METHOD1(restartService, void(const std::string& service));
37 MOCK_METHOD1(stopService, void(const std::string& service));
38
getADConfigPtr()39 std::unique_ptr<Config>& getADConfigPtr()
40 {
41 return ADConfigPtr;
42 }
43
createDefaultObjects()44 void createDefaultObjects()
45 {
46 phosphor::ldap::ConfigMgr::createDefaultObjects();
47 }
48 };
49
50 class TestLDAPMapperEntry : public testing::Test
51 {
52 public:
TestLDAPMapperEntry()53 TestLDAPMapperEntry() : bus(sdbusplus::bus::new_default()) {}
54
SetUp()55 void SetUp() override
56 {
57 char tmpldap[] = "/tmp/ldap_mapper_test.XXXXXX";
58 dir = fs::path(mkdtemp(tmpldap));
59
60 fs::path tlsCacertFilePath{TLS_CACERT_PATH};
61 tlsCACertFile = tlsCacertFilePath.filename().c_str();
62 fs::path tlsCertFilePath{TLS_CERT_FILE};
63 tlsCertFile = tlsCertFilePath.filename().c_str();
64 fs::path confFilePath{LDAP_CONFIG_FILE};
65 ldapConfFile = confFilePath.filename().c_str();
66
67 std::fstream fs;
68 fs.open(dir / tlsCACertFile, std::fstream::out);
69 fs.close();
70 fs.open(dir / tlsCertFile, std::fstream::out);
71 fs.close();
72 }
73
TearDown()74 void TearDown() override
75 {
76 fs::remove_all(dir);
77 }
78
79 protected:
80 fs::path dir;
81 std::string tlsCACertFile;
82 std::string tlsCertFile;
83 std::string ldapConfFile;
84 sdbusplus::bus_t bus;
85 };
86
TEST_F(TestLDAPMapperEntry,testMapperEntryCreation)87 TEST_F(TestLDAPMapperEntry, testMapperEntryCreation)
88 {
89 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
90 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
91 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
92 auto dbusPersistentFilePath = std::string(dir.c_str());
93
94 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
95 dbusPersistentFilePath.c_str(),
96 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
97 manager.createDefaultObjects();
98
99 std::string groupName = "testGroup";
100 std::string privilege = "priv-admin";
101 size_t entryId = 1;
102 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
103 "/active_directory/role_map/" + std::to_string(entryId);
104 auto persistPath = dbusPersistentFilePath + dbusPath;
105
106 auto entry = std::make_unique<LDAPMapperEntry>(
107 bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
108 *(manager.getADConfigPtr()));
109
110 EXPECT_EQ(entry->groupName(), groupName);
111 EXPECT_EQ(entry->privilege(), privilege);
112 }
113
TEST_F(TestLDAPMapperEntry,testMapperEntryGroupNameUpdate)114 TEST_F(TestLDAPMapperEntry, testMapperEntryGroupNameUpdate)
115 {
116 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
117 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
118 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
119 auto dbusPersistentFilePath = std::string(dir.c_str());
120
121 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
122 dbusPersistentFilePath.c_str(),
123 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
124 manager.createDefaultObjects();
125
126 std::string groupName = "testGroup";
127 std::string privilege = "priv-admin";
128 size_t entryId = 1;
129 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
130 "/active_directory/role_map/" + std::to_string(entryId);
131 auto persistPath = dbusPersistentFilePath + dbusPath;
132
133 auto entry = std::make_unique<LDAPMapperEntry>(
134 bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
135 *(manager.getADConfigPtr()));
136
137 std::string newGroupName = "newTestGroup";
138 entry->groupName(newGroupName);
139 EXPECT_EQ(entry->groupName(), newGroupName);
140
141 entry->groupName(newGroupName);
142 EXPECT_EQ(entry->groupName(), newGroupName);
143 }
144
TEST_F(TestLDAPMapperEntry,testMapperEntryPrivilegeUpdate)145 TEST_F(TestLDAPMapperEntry, testMapperEntryPrivilegeUpdate)
146 {
147 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
148 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
149 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
150 auto dbusPersistentFilePath = std::string(dir.c_str());
151
152 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
153 dbusPersistentFilePath.c_str(),
154 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
155 manager.createDefaultObjects();
156
157 std::string groupName = "testGroup";
158 std::string privilege = "priv-admin";
159 size_t entryId = 1;
160 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
161 "/active_directory/role_map/" + std::to_string(entryId);
162 auto persistPath = dbusPersistentFilePath + dbusPath;
163
164 auto entry = std::make_unique<LDAPMapperEntry>(
165 bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
166 *(manager.getADConfigPtr()));
167
168 entry->privilege("priv-operator");
169 EXPECT_EQ(entry->privilege(), "priv-operator");
170
171 entry->privilege("priv-user");
172 EXPECT_EQ(entry->privilege(), "priv-user");
173
174 entry->privilege("priv-user");
175 EXPECT_EQ(entry->privilege(), "priv-user");
176 }
177
TEST_F(TestLDAPMapperEntry,testMapperEntryInvalidPrivilege)178 TEST_F(TestLDAPMapperEntry, testMapperEntryInvalidPrivilege)
179 {
180 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
181 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
182 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
183 auto dbusPersistentFilePath = std::string(dir.c_str());
184
185 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
186 dbusPersistentFilePath.c_str(),
187 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
188 manager.createDefaultObjects();
189
190 std::string groupName = "testGroup";
191 std::string privilege = "priv-admin";
192 size_t entryId = 1;
193 auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
194 "/active_directory/role_map/" + std::to_string(entryId);
195 auto persistPath = dbusPersistentFilePath + dbusPath;
196
197 auto entry = std::make_unique<LDAPMapperEntry>(
198 bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
199 *(manager.getADConfigPtr()));
200
201 EXPECT_THROW(entry->privilege("invalid-privilege"), InvalidArgument);
202 EXPECT_THROW(entry->privilege(""), InvalidArgument);
203 }
204
TEST_F(TestLDAPMapperEntry,testMapperEntryDelete)205 TEST_F(TestLDAPMapperEntry, testMapperEntryDelete)
206 {
207 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
208 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
209 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
210 auto dbusPersistentFilePath = std::string(dir.c_str());
211
212 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
213 dbusPersistentFilePath.c_str(),
214 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
215 manager.createDefaultObjects();
216
217 auto objPath = manager.getADConfigPtr()->create("admin", "priv-admin");
218 std::string pathStr = objPath.str;
219 EXPECT_FALSE(pathStr.empty());
220
221 EXPECT_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"),
222 PrivilegeMappingExists);
223 }
224
TEST_F(TestLDAPMapperEntry,testMapperEntryEmptyGroupName)225 TEST_F(TestLDAPMapperEntry, testMapperEntryEmptyGroupName)
226 {
227 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
228 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
229 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
230 auto dbusPersistentFilePath = std::string(dir.c_str());
231
232 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
233 dbusPersistentFilePath.c_str(),
234 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
235 manager.createDefaultObjects();
236
237 EXPECT_THROW(manager.getADConfigPtr()->create("", "priv-admin"),
238 InvalidArgument);
239 }
240
TEST_F(TestLDAPMapperEntry,testMapperEntryDuplicateGroupName)241 TEST_F(TestLDAPMapperEntry, testMapperEntryDuplicateGroupName)
242 {
243 auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
244 auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
245 auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
246 auto dbusPersistentFilePath = std::string(dir.c_str());
247
248 MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
249 dbusPersistentFilePath.c_str(),
250 tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
251 manager.createDefaultObjects();
252
253 manager.getADConfigPtr()->create("admin", "priv-admin");
254
255 EXPECT_THROW(manager.getADConfigPtr()->create("admin", "priv-operator"),
256 PrivilegeMappingExists);
257 }
258
259 } // namespace ldap
260 } // namespace phosphor
261