summaryrefslogtreecommitdiffstats
path: root/test
Commit message (Collapse)AuthorAgeFilesLines
* Removing unused SetPassword D-Bus API methodSumanth Bhat2019-03-192-211/+22
| | | | | | | | | | | | Password update is done through pam_chauthtok() API, and don't use SetPassword. Removing the unused code. Tested-by: N/A. Change-Id: I42a5b7c73bc2cb2404801df1c1cd057a94a1a924 Signed-off-by: Sumanth Bhat <sumanth.bhat@intel.com> Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
* LDAP: Add the persistency for the "Enabled" propertyRatan Gupta2019-03-112-18/+55
| | | | | | | | | | | | | | | | This property will control that whether the LDAP service would be started or not. We are persisting this property using cereal, other properties is being persisted through nslcd.conf, nslcd doesn't give us a way to put this property under nslcd.conf. Tested By: Test the persistency of enabled property. Verified that it was getting persisted across restart/reboot. Change-Id: Id64b23b71865bac15d3be2d79abad615aa576bea Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
* squash the following commitsRatan Gupta2019-03-111-35/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LDAP: Adding support for extra properties Implement GetUserInfo function in phosphor-user-manager Squashing the commits due to phosphor-dbus-interfaces dependency as the interface gets merged and it requires implementation so it is a deadlock for both the commits. Implement GetUserInfo function in phosphor-user-manager There was need to have api which return privilege for ldap user. it was discussed in this commit https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-dbus-interfaces/+/12027/ and decided to have generic api. -Checks if user is local user, then returns map of properties of local user like user privilege,list of user groups,user enabled state and user locked state. -If its not local user, then it checks if its a ldap user, then get the privilege mapping for the LDAP group and returns. TestedBy: 1) getUserInfo with local user verify user details. 2) getUserInfo with ldap user having privilege mapper entry, verify user details. 3) getUserInfo with no existing user. check for exception UserNameDoesNotExist. Change-Id: I44af41953db60ff96b39498d72839c2ab64bc8bd Signed-off-by: raviteja-b <raviteja28031990@gmail.com> LDAP: Adding support for extra properties This commit also decouple the ldap service(nslcd) start with each property update,Now there is a D-bus property ldap service enabled which controls that whether the LDAP service will be restarted after each property update,so now user have an option to disable the ldap service and do multi- property update and then enable the service again. TestedBy: 1) Create the config with new added properties Verify that it was getting reflected on the D-bus object. 2) After making the change restarted the ldap-conf service Verify that new properties(usernameattr,groupnameattr) are correctly updated. 3) Authenticaton test Verify that LDAP authentication worked fine. 4) Set the enabled property to true Verify that it starts the nslcd service 5) Set the enabled property to false Verify that it stops the nslcd.service 6) Set the enabled property to true and change any other config property Verify that it starts the nslcd.service 7) Set the enabled property to false which stops the nslcd service and change any other config property. Verify that it doesn't start the nslcd service. Change-Id: Ie3ca04a2adbbb1fe113764199348c4f7ac67f648 Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
* Add unit tests for ldap mapper applicationTom Joseph2018-11-262-0/+160
| | | | | Change-Id: I2d75a4f2e27f6e6640e8a16cc7834116b260f547 Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
* phosphor-ldap-conf: nslcd restart service getting called twiceNagaraju Goruganti2018-11-191-7/+7
| | | | | | | | In the createconfig path nslcd restart service is getting called twice in a row, which not needed. Change-Id: Ib60d43110815758360aa6f0de0478ad784cf5a5a Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
* React to nsswitch config file changesDeepak Kodihalli2018-11-191-6/+0
| | | | | | | | | There's just one nsswitch config file now (instead of a default, an _linux and an _ldap). Make fixes in code relevant to this. Change-Id: I92362aac7a1f5e034cea06e9299f7e574dc2fab9 Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com> Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
* phosphor-ldap-conf: update nslcd.conf file with tls_cacertfile infoNagaraju Goruganti2018-11-191-21/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tls_cacertfile specifies the path to the X.509 certificate for peer authentication. Also updated the file with "tls_reqcert hard", to force the behavior: if no certificate is provided, or a bad certificate is provided, the session is immediately terminated. Tested: tested using below given commands 1.curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d \ '{"data":[true,"ldaps://<host_ip>/","cn=<user-id>,dc=Corp,dc=ibm,dc=com",\ "cn=Users,dc=Corp,dc=ibm,dc=com", "<password>",\ "xyz.openbmc_project.User.Ldap.Create.SearchScope.sub",\ "xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory"] \ }' https://$BMC_IP//xyz/openbmc_project/user/ldap/action/CreateConfig 2.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data":true}'\ https://$BMC_IP/xyz/openbmc_project/user/ldap/config/attr/SecureLDAP 3.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d \ '{"data":"ldap://<host_ip>/"}' \ https://$BMC_IP/xyz/openbmc_project/ldap/config/attr/LDAPServerURI when "/etc/ssl/certs/Root-CA.pem" doesn't exist on target, we get below given exception(if we try to set SecureLDAP is true): "DBusException: xyz.openbmc_project.Common.Error.NoCACertificate: \ Server's CA certificate has not been provided." Change-Id: I56ffe8b08bb71307b4f2bfe9cf935b6113e4579a Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com> Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com> Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
* phosphor-ldap-conf: add unit testsNagaraju Goruganti2018-11-193-0/+411
| | | | | | | | | Added uinit tests to create and to restore config file. Change-Id: Idf5231d46542cda1ff84241aa67aadd91a4788d6 Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com> Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com> Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
* Basic support for User manager serviceRichard Marian Thomaiyar2018-09-031-68/+65
| | | | | | | | Basic support for User Manager service methods are implemented. Change-Id: Id42432ec6dd421b99971268add931dcd70876f7c Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
* Fix to use mkstemp for temp shadow file creationRichard Marian Thomaiyar2018-01-191-24/+1
| | | | | | | | | Do not rely on randomString() for tempShadowFile, as it uses '/' in random set, and cause file creation error. Also, it's safe to use mkstemp to create temp shadow file with random name suffixing shadow file name. Change-Id: I0b80cc6d7c002e732e22f660e50b0701acac15fe Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
* Add GTEST casesVishwanatha Subbanna2017-10-122-0/+237
Fixes openbmc/openbmc#1714 Change-Id: I51964f16fc2ea733ee3b3ae822f72ac7b431189a Signed-off-by: Vishwanatha Subbanna <vishwa@linux.vnet.ibm.com>
OpenPOWER on IntegriCloud