def run_once(self): listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() # Sign in. Sign out happens automatically when cr goes out of scope. with chrome.Chrome(clear_enterprise_policy=False) as cr: listener.wait_for_signals(desc='Owner settings written to disk.') key = open(constants.OWNER_KEY_FILE, 'rb') hash = hashlib.md5(key.read()) key.close() mtime = os.stat(constants.OWNER_KEY_FILE).st_mtime # Sign in/sign out as a second user. with chrome.Chrome(clear_enterprise_policy=False, username=self._TEST_USER, password=self._TEST_PASS, gaia_id=self._TEST_GAIAID) as cr: pass # Checking mtime to see if key file was touched during second sign in. if os.stat(constants.OWNER_KEY_FILE).st_mtime > mtime: raise error.TestFail("Owner key was touched on second login!") # Sanity check. key2 = open(constants.OWNER_KEY_FILE, 'rb') hash2 = hashlib.md5(key2.read()) key2.close() if hash.hexdigest() != hash2.hexdigest(): raise error.TestFail("Owner key was touched on second login!")
class platform_SessionManagerBlockDevmodeSetting(test.test): """Verifies that session_manager updates the block_devmode flag to be in sync with the corresponding device setting.""" version = 1 def initialize(self): super(platform_SessionManagerBlockDevmodeSetting, self).initialize() ownership.restart_ui_to_clear_ownership_files() self._bus_loop = DBusGMainLoop(set_as_default=True) def run_once(self): try: if utils.system_output('crossystem mainfw_type') == 'nonchrome': raise error.TestNAError( 'State key generation only works on Chrome OS hardware') except error.CmdError, e: raise error.TestError('Failed to run crossystem: %s' % e) # Make sure that the flag sticks when there is no owner. set_block_devmode(True) cros_ui.restart() cros_ui.stop() if not get_block_devmode(): raise error.TestFail("Flag got reset for non-owned device.") # Test whether the flag gets reset when taking ownership. listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() with chrome.Chrome() as cr: listener.wait_for_signals(desc='Ownership files written to disk.') if get_block_devmode(): raise error.TestFail( "Flag not clear after ownership got established.") # Put a new owner key and policy blob in place, the latter of which # specifies block_devmode=true. cros_ui.stop(allow_fail=True) shutil.copyfile(os.path.join(self.bindir, 'owner.key'), constants.OWNER_KEY_FILE) shutil.copyfile( os.path.join(self.bindir, 'policy_block_devmode_enabled'), constants.SIGNED_POLICY_FILE) cros_ui.start() if not get_block_devmode(): raise error.TestFail( "Flag not set after starting with policy enabled.") # Send a new policy blob to session_manager that disables block_devmode. listener.listen_for_new_policy() with open(os.path.join(self.bindir, 'policy_block_devmode_disabled')) as f: session_manager_proxy = session_manager.connect(self._bus_loop) session_manager_proxy.StorePolicyEx( session_manager.make_device_policy_descriptor(), f.read()) listener.wait_for_signals(desc='Policy updated.') if get_block_devmode(): raise error.TestFail( "Flag set after updating policy to clear flag.")
def initialize(self): super(login_GuestAndActualSession, self).initialize() # Ensure a clean beginning. ownership.restart_ui_to_clear_ownership_files() bus_loop = DBusGMainLoop(set_as_default=True) self._session_manager = session_manager.connect(bus_loop) self._listener = session_manager.OwnershipSignalListener( gobject.MainLoop()) self._listener.listen_for_new_key_and_policy()
def initialize(self): super(login_CryptohomeOwnerQuery, self).initialize() # Ensure a clean beginning. ownership.restart_ui_to_clear_ownership_files() bus_loop = DBusGMainLoop(set_as_default=True) self._session_manager = session_manager.connect(bus_loop) self._listener = session_manager.OwnershipSignalListener( gobject.MainLoop()) self._listener.listen_for_new_key_and_policy() self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
def run_once(self): bus_loop = DBusGMainLoop(set_as_default=True) listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() with chrome.Chrome() as cr: listener.wait_for_signals(desc='Owner settings written to disk.') sm = session_manager.connect(bus_loop) retrieved_policy = sm.RetrievePolicy(byte_arrays=True) if retrieved_policy is None: raise error.TestFail('Policy not found.') self._validate_policy(retrieved_policy, cr.username)
def initialize(self): super(login_MultipleSessions, self).initialize() policy.install_protobufs(self.autodir, self.job) # Ensure a clean beginning. ownership.restart_ui_to_clear_ownership_files() self._bus_loop = DBusGMainLoop(set_as_default=True) self._session_manager = session_manager.connect(self._bus_loop) self._listener = session_manager.OwnershipSignalListener( gobject.MainLoop()) self._listener.listen_for_new_key_and_policy() self._cryptohome_proxy = cryptohome.CryptohomeProxy( self._bus_loop, self.autodir, self.job)
def run_once(self): pkey = ownership.known_privkey() pubkey = ownership.known_pubkey() # Pre-configure some owner settings, including initial key. poldata = policy.build_policy_data(self.srcdir, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]')) policy_string = policy.generate_policy(self.srcdir, pkey, pubkey, poldata) policy.push_policy_and_verify(policy_string, self._sm) # grab key, ensure that it's the same as the known key. if (utils.read_file(constants.OWNER_KEY_FILE) != pubkey): raise error.TestFail('Owner key should not have changed!') # Start a new session, which will trigger the re-taking of ownership. listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() self._cryptohome_proxy.mount(ownership.TESTUSER, ownership.TESTPASS, create=True) if not self._sm.StartSession(ownership.TESTUSER, ''): raise error.TestError('Could not start session for owner') listener.wait_for_signals(desc='Re-taking of ownership complete.') # grab key, ensure that it's different than known key if (utils.read_file(constants.OWNER_KEY_FILE) == pubkey): raise error.TestFail('Owner key should have changed!') # RetrievePolicy, check sig against new key, check properties retrieved_policy = self._sm.RetrievePolicy(byte_arrays=True) if retrieved_policy is None: raise error.TestError('Policy not found') policy.compare_policy_response(self.srcdir, retrieved_policy, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]'))
def push_policy_and_verify(policy_string, sm): """Push a device policy to the session manager over DBus. The serialized device policy |policy_string| is sent to the session manager with the StorePolicy DBus call. Success of the store is validated by fetching the policy again and comparing. @param policy_string: serialized policy to push to the session manager. @param sm: a connected SessionManagerInterface. @raises error.TestFail if policy push failed. """ listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_policy() sm.StorePolicy(dbus.ByteArray(policy_string), byte_arrays=True) listener.wait_for_signals(desc='Policy push.') retrieved_policy = sm.RetrievePolicy(byte_arrays=True) if retrieved_policy != policy_string: raise error.TestFail('Policy should not be %s' % retrieved_policy)
def run_once(self): # TODO(apronin): crbug.com/618392. This test flakes on these boards. boards_to_skip = ['tricky', 'peach_pit', 'falco'] board = utils.get_current_board() if board in boards_to_skip: logging.info("Skipping test run on %s.", board) return listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() # Sign in. Sign out happens automatically when cr goes out of scope. with chrome.Chrome(clear_enterprise_policy=False) as cr: listener.wait_for_signals(desc='Owner settings written to disk.') key = open(constants.OWNER_KEY_FILE, 'rb') hash = hashlib.md5(key.read()) key.close() mtime = os.stat(constants.OWNER_KEY_FILE).st_mtime # Sign in/sign out as a second user. with chrome.Chrome(clear_enterprise_policy=False, username=self._TEST_USER, password=self._TEST_PASS, gaia_id=self._TEST_GAIAID) as cr: pass # Checking mtime to see if key file was touched during second sign in. if os.stat(constants.OWNER_KEY_FILE).st_mtime > mtime: raise error.TestFail("Owner key was touched on second login!") # Sanity check. key2 = open(constants.OWNER_KEY_FILE, 'rb') hash2 = hashlib.md5(key2.read()) key2.close() if hash.hexdigest() != hash2.hexdigest(): raise error.TestFail("Owner key was touched on second login!")