1*64aa3d91SRavi Teja #include "config.h"
2*64aa3d91SRavi Teja
3*64aa3d91SRavi Teja #include "phosphor-ldap-config/ldap_config.hpp"
4*64aa3d91SRavi Teja #include "phosphor-ldap-config/ldap_config_mgr.hpp"
5*64aa3d91SRavi Teja #include "phosphor-ldap-config/ldap_mapper_entry.hpp"
6*64aa3d91SRavi Teja
7*64aa3d91SRavi Teja #include <sdbusplus/bus.hpp>
8*64aa3d91SRavi Teja #include <xyz/openbmc_project/Common/error.hpp>
9*64aa3d91SRavi Teja #include <xyz/openbmc_project/User/Common/error.hpp>
10*64aa3d91SRavi Teja
11*64aa3d91SRavi Teja #include <filesystem>
12*64aa3d91SRavi Teja #include <fstream>
13*64aa3d91SRavi Teja #include <string>
14*64aa3d91SRavi Teja
15*64aa3d91SRavi Teja #include <gmock/gmock.h>
16*64aa3d91SRavi Teja #include <gtest/gtest.h>
17*64aa3d91SRavi Teja
18*64aa3d91SRavi Teja namespace phosphor
19*64aa3d91SRavi Teja {
20*64aa3d91SRavi Teja namespace ldap
21*64aa3d91SRavi Teja {
22*64aa3d91SRavi Teja namespace fs = std::filesystem;
23*64aa3d91SRavi Teja using namespace sdbusplus::xyz::openbmc_project::Common::Error;
24*64aa3d91SRavi Teja using PrivilegeMappingExists = sdbusplus::xyz::openbmc_project::User::Common::
25*64aa3d91SRavi Teja Error::PrivilegeMappingExists;
26*64aa3d91SRavi Teja
27*64aa3d91SRavi Teja class MockConfigMgr : public phosphor::ldap::ConfigMgr
28*64aa3d91SRavi Teja {
29*64aa3d91SRavi Teja public:
MockConfigMgr(sdbusplus::bus_t & bus,const char * path,const char * filePath,const char * dbusPersistentFile,const char * caCertFile,const char * certFile)30*64aa3d91SRavi Teja MockConfigMgr(sdbusplus::bus_t& bus, const char* path, const char* filePath,
31*64aa3d91SRavi Teja const char* dbusPersistentFile, const char* caCertFile,
32*64aa3d91SRavi Teja const char* certFile) :
33*64aa3d91SRavi Teja phosphor::ldap::ConfigMgr(bus, path, filePath, dbusPersistentFile,
34*64aa3d91SRavi Teja caCertFile, certFile)
35*64aa3d91SRavi Teja {}
36*64aa3d91SRavi Teja MOCK_METHOD1(restartService, void(const std::string& service));
37*64aa3d91SRavi Teja MOCK_METHOD1(stopService, void(const std::string& service));
38*64aa3d91SRavi Teja
getADConfigPtr()39*64aa3d91SRavi Teja std::unique_ptr<Config>& getADConfigPtr()
40*64aa3d91SRavi Teja {
41*64aa3d91SRavi Teja return ADConfigPtr;
42*64aa3d91SRavi Teja }
43*64aa3d91SRavi Teja
createDefaultObjects()44*64aa3d91SRavi Teja void createDefaultObjects()
45*64aa3d91SRavi Teja {
46*64aa3d91SRavi Teja phosphor::ldap::ConfigMgr::createDefaultObjects();
47*64aa3d91SRavi Teja }
48*64aa3d91SRavi Teja };
49*64aa3d91SRavi Teja
50*64aa3d91SRavi Teja class TestLDAPMapperEntry : public testing::Test
51*64aa3d91SRavi Teja {
52*64aa3d91SRavi Teja public:
TestLDAPMapperEntry()53*64aa3d91SRavi Teja TestLDAPMapperEntry() : bus(sdbusplus::bus::new_default()) {}
54*64aa3d91SRavi Teja
SetUp()55*64aa3d91SRavi Teja void SetUp() override
56*64aa3d91SRavi Teja {
57*64aa3d91SRavi Teja char tmpldap[] = "/tmp/ldap_mapper_test.XXXXXX";
58*64aa3d91SRavi Teja dir = fs::path(mkdtemp(tmpldap));
59*64aa3d91SRavi Teja
60*64aa3d91SRavi Teja fs::path tlsCacertFilePath{TLS_CACERT_PATH};
61*64aa3d91SRavi Teja tlsCACertFile = tlsCacertFilePath.filename().c_str();
62*64aa3d91SRavi Teja fs::path tlsCertFilePath{TLS_CERT_FILE};
63*64aa3d91SRavi Teja tlsCertFile = tlsCertFilePath.filename().c_str();
64*64aa3d91SRavi Teja fs::path confFilePath{LDAP_CONFIG_FILE};
65*64aa3d91SRavi Teja ldapConfFile = confFilePath.filename().c_str();
66*64aa3d91SRavi Teja
67*64aa3d91SRavi Teja std::fstream fs;
68*64aa3d91SRavi Teja fs.open(dir / tlsCACertFile, std::fstream::out);
69*64aa3d91SRavi Teja fs.close();
70*64aa3d91SRavi Teja fs.open(dir / tlsCertFile, std::fstream::out);
71*64aa3d91SRavi Teja fs.close();
72*64aa3d91SRavi Teja }
73*64aa3d91SRavi Teja
TearDown()74*64aa3d91SRavi Teja void TearDown() override
75*64aa3d91SRavi Teja {
76*64aa3d91SRavi Teja fs::remove_all(dir);
77*64aa3d91SRavi Teja }
78*64aa3d91SRavi Teja
79*64aa3d91SRavi Teja protected:
80*64aa3d91SRavi Teja fs::path dir;
81*64aa3d91SRavi Teja std::string tlsCACertFile;
82*64aa3d91SRavi Teja std::string tlsCertFile;
83*64aa3d91SRavi Teja std::string ldapConfFile;
84*64aa3d91SRavi Teja sdbusplus::bus_t bus;
85*64aa3d91SRavi Teja };
86*64aa3d91SRavi Teja
TEST_F(TestLDAPMapperEntry,testMapperEntryCreation)87*64aa3d91SRavi Teja TEST_F(TestLDAPMapperEntry, testMapperEntryCreation)
88*64aa3d91SRavi Teja {
89*64aa3d91SRavi Teja auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
90*64aa3d91SRavi Teja auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
91*64aa3d91SRavi Teja auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
92*64aa3d91SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
93*64aa3d91SRavi Teja
94*64aa3d91SRavi Teja MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
95*64aa3d91SRavi Teja dbusPersistentFilePath.c_str(),
96*64aa3d91SRavi Teja tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
97*64aa3d91SRavi Teja manager.createDefaultObjects();
98*64aa3d91SRavi Teja
99*64aa3d91SRavi Teja std::string groupName = "testGroup";
100*64aa3d91SRavi Teja std::string privilege = "priv-admin";
101*64aa3d91SRavi Teja size_t entryId = 1;
102*64aa3d91SRavi Teja auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
103*64aa3d91SRavi Teja "/active_directory/role_map/" + std::to_string(entryId);
104*64aa3d91SRavi Teja auto persistPath = dbusPersistentFilePath + dbusPath;
105*64aa3d91SRavi Teja
106*64aa3d91SRavi Teja auto entry = std::make_unique<LDAPMapperEntry>(
107*64aa3d91SRavi Teja bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
108*64aa3d91SRavi Teja *(manager.getADConfigPtr()));
109*64aa3d91SRavi Teja
110*64aa3d91SRavi Teja EXPECT_EQ(entry->groupName(), groupName);
111*64aa3d91SRavi Teja EXPECT_EQ(entry->privilege(), privilege);
112*64aa3d91SRavi Teja }
113*64aa3d91SRavi Teja
TEST_F(TestLDAPMapperEntry,testMapperEntryGroupNameUpdate)114*64aa3d91SRavi Teja TEST_F(TestLDAPMapperEntry, testMapperEntryGroupNameUpdate)
115*64aa3d91SRavi Teja {
116*64aa3d91SRavi Teja auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
117*64aa3d91SRavi Teja auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
118*64aa3d91SRavi Teja auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
119*64aa3d91SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
120*64aa3d91SRavi Teja
121*64aa3d91SRavi Teja MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
122*64aa3d91SRavi Teja dbusPersistentFilePath.c_str(),
123*64aa3d91SRavi Teja tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
124*64aa3d91SRavi Teja manager.createDefaultObjects();
125*64aa3d91SRavi Teja
126*64aa3d91SRavi Teja std::string groupName = "testGroup";
127*64aa3d91SRavi Teja std::string privilege = "priv-admin";
128*64aa3d91SRavi Teja size_t entryId = 1;
129*64aa3d91SRavi Teja auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
130*64aa3d91SRavi Teja "/active_directory/role_map/" + std::to_string(entryId);
131*64aa3d91SRavi Teja auto persistPath = dbusPersistentFilePath + dbusPath;
132*64aa3d91SRavi Teja
133*64aa3d91SRavi Teja auto entry = std::make_unique<LDAPMapperEntry>(
134*64aa3d91SRavi Teja bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
135*64aa3d91SRavi Teja *(manager.getADConfigPtr()));
136*64aa3d91SRavi Teja
137*64aa3d91SRavi Teja std::string newGroupName = "newTestGroup";
138*64aa3d91SRavi Teja entry->groupName(newGroupName);
139*64aa3d91SRavi Teja EXPECT_EQ(entry->groupName(), newGroupName);
140*64aa3d91SRavi Teja
141*64aa3d91SRavi Teja entry->groupName(newGroupName);
142*64aa3d91SRavi Teja EXPECT_EQ(entry->groupName(), newGroupName);
143*64aa3d91SRavi Teja }
144*64aa3d91SRavi Teja
TEST_F(TestLDAPMapperEntry,testMapperEntryPrivilegeUpdate)145*64aa3d91SRavi Teja TEST_F(TestLDAPMapperEntry, testMapperEntryPrivilegeUpdate)
146*64aa3d91SRavi Teja {
147*64aa3d91SRavi Teja auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
148*64aa3d91SRavi Teja auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
149*64aa3d91SRavi Teja auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
150*64aa3d91SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
151*64aa3d91SRavi Teja
152*64aa3d91SRavi Teja MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
153*64aa3d91SRavi Teja dbusPersistentFilePath.c_str(),
154*64aa3d91SRavi Teja tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
155*64aa3d91SRavi Teja manager.createDefaultObjects();
156*64aa3d91SRavi Teja
157*64aa3d91SRavi Teja std::string groupName = "testGroup";
158*64aa3d91SRavi Teja std::string privilege = "priv-admin";
159*64aa3d91SRavi Teja size_t entryId = 1;
160*64aa3d91SRavi Teja auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
161*64aa3d91SRavi Teja "/active_directory/role_map/" + std::to_string(entryId);
162*64aa3d91SRavi Teja auto persistPath = dbusPersistentFilePath + dbusPath;
163*64aa3d91SRavi Teja
164*64aa3d91SRavi Teja auto entry = std::make_unique<LDAPMapperEntry>(
165*64aa3d91SRavi Teja bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
166*64aa3d91SRavi Teja *(manager.getADConfigPtr()));
167*64aa3d91SRavi Teja
168*64aa3d91SRavi Teja entry->privilege("priv-operator");
169*64aa3d91SRavi Teja EXPECT_EQ(entry->privilege(), "priv-operator");
170*64aa3d91SRavi Teja
171*64aa3d91SRavi Teja entry->privilege("priv-user");
172*64aa3d91SRavi Teja EXPECT_EQ(entry->privilege(), "priv-user");
173*64aa3d91SRavi Teja
174*64aa3d91SRavi Teja entry->privilege("priv-user");
175*64aa3d91SRavi Teja EXPECT_EQ(entry->privilege(), "priv-user");
176*64aa3d91SRavi Teja }
177*64aa3d91SRavi Teja
TEST_F(TestLDAPMapperEntry,testMapperEntryInvalidPrivilege)178*64aa3d91SRavi Teja TEST_F(TestLDAPMapperEntry, testMapperEntryInvalidPrivilege)
179*64aa3d91SRavi Teja {
180*64aa3d91SRavi Teja auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
181*64aa3d91SRavi Teja auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
182*64aa3d91SRavi Teja auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
183*64aa3d91SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
184*64aa3d91SRavi Teja
185*64aa3d91SRavi Teja MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
186*64aa3d91SRavi Teja dbusPersistentFilePath.c_str(),
187*64aa3d91SRavi Teja tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
188*64aa3d91SRavi Teja manager.createDefaultObjects();
189*64aa3d91SRavi Teja
190*64aa3d91SRavi Teja std::string groupName = "testGroup";
191*64aa3d91SRavi Teja std::string privilege = "priv-admin";
192*64aa3d91SRavi Teja size_t entryId = 1;
193*64aa3d91SRavi Teja auto dbusPath = std::string(LDAP_CONFIG_ROOT) +
194*64aa3d91SRavi Teja "/active_directory/role_map/" + std::to_string(entryId);
195*64aa3d91SRavi Teja auto persistPath = dbusPersistentFilePath + dbusPath;
196*64aa3d91SRavi Teja
197*64aa3d91SRavi Teja auto entry = std::make_unique<LDAPMapperEntry>(
198*64aa3d91SRavi Teja bus, dbusPath.c_str(), persistPath.c_str(), groupName, privilege,
199*64aa3d91SRavi Teja *(manager.getADConfigPtr()));
200*64aa3d91SRavi Teja
201*64aa3d91SRavi Teja EXPECT_THROW(entry->privilege("invalid-privilege"), InvalidArgument);
202*64aa3d91SRavi Teja EXPECT_THROW(entry->privilege(""), InvalidArgument);
203*64aa3d91SRavi Teja }
204*64aa3d91SRavi Teja
TEST_F(TestLDAPMapperEntry,testMapperEntryDelete)205*64aa3d91SRavi Teja TEST_F(TestLDAPMapperEntry, testMapperEntryDelete)
206*64aa3d91SRavi Teja {
207*64aa3d91SRavi Teja auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
208*64aa3d91SRavi Teja auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
209*64aa3d91SRavi Teja auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
210*64aa3d91SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
211*64aa3d91SRavi Teja
212*64aa3d91SRavi Teja MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
213*64aa3d91SRavi Teja dbusPersistentFilePath.c_str(),
214*64aa3d91SRavi Teja tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
215*64aa3d91SRavi Teja manager.createDefaultObjects();
216*64aa3d91SRavi Teja
217*64aa3d91SRavi Teja auto objPath = manager.getADConfigPtr()->create("admin", "priv-admin");
218*64aa3d91SRavi Teja std::string pathStr = objPath.str;
219*64aa3d91SRavi Teja EXPECT_FALSE(pathStr.empty());
220*64aa3d91SRavi Teja
221*64aa3d91SRavi Teja EXPECT_THROW(manager.getADConfigPtr()->checkPrivilegeMapper("admin"),
222*64aa3d91SRavi Teja PrivilegeMappingExists);
223*64aa3d91SRavi Teja }
224*64aa3d91SRavi Teja
TEST_F(TestLDAPMapperEntry,testMapperEntryEmptyGroupName)225*64aa3d91SRavi Teja TEST_F(TestLDAPMapperEntry, testMapperEntryEmptyGroupName)
226*64aa3d91SRavi Teja {
227*64aa3d91SRavi Teja auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
228*64aa3d91SRavi Teja auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
229*64aa3d91SRavi Teja auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
230*64aa3d91SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
231*64aa3d91SRavi Teja
232*64aa3d91SRavi Teja MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
233*64aa3d91SRavi Teja dbusPersistentFilePath.c_str(),
234*64aa3d91SRavi Teja tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
235*64aa3d91SRavi Teja manager.createDefaultObjects();
236*64aa3d91SRavi Teja
237*64aa3d91SRavi Teja EXPECT_THROW(manager.getADConfigPtr()->create("", "priv-admin"),
238*64aa3d91SRavi Teja InvalidArgument);
239*64aa3d91SRavi Teja }
240*64aa3d91SRavi Teja
TEST_F(TestLDAPMapperEntry,testMapperEntryDuplicateGroupName)241*64aa3d91SRavi Teja TEST_F(TestLDAPMapperEntry, testMapperEntryDuplicateGroupName)
242*64aa3d91SRavi Teja {
243*64aa3d91SRavi Teja auto configFilePath = std::string(dir.c_str()) + "/" + ldapConfFile;
244*64aa3d91SRavi Teja auto tlsCACertFilePath = std::string(dir.c_str()) + "/" + tlsCACertFile;
245*64aa3d91SRavi Teja auto tlsCertFilePath = std::string(dir.c_str()) + "/" + tlsCertFile;
246*64aa3d91SRavi Teja auto dbusPersistentFilePath = std::string(dir.c_str());
247*64aa3d91SRavi Teja
248*64aa3d91SRavi Teja MockConfigMgr manager(bus, LDAP_CONFIG_ROOT, configFilePath.c_str(),
249*64aa3d91SRavi Teja dbusPersistentFilePath.c_str(),
250*64aa3d91SRavi Teja tlsCACertFilePath.c_str(), tlsCertFilePath.c_str());
251*64aa3d91SRavi Teja manager.createDefaultObjects();
252*64aa3d91SRavi Teja
253*64aa3d91SRavi Teja manager.getADConfigPtr()->create("admin", "priv-admin");
254*64aa3d91SRavi Teja
255*64aa3d91SRavi Teja EXPECT_THROW(manager.getADConfigPtr()->create("admin", "priv-operator"),
256*64aa3d91SRavi Teja PrivilegeMappingExists);
257*64aa3d91SRavi Teja }
258*64aa3d91SRavi Teja
259*64aa3d91SRavi Teja } // namespace ldap
260*64aa3d91SRavi Teja } // namespace phosphor
261