def run_once(self):
# Mount the vault, connect to session_manager and start the session.
self._cryptohome_proxy.mount(ownership.TESTUSER,
ownership.TESTPASS,
create=True)
sm = session_manager.connect(self._bus_loop)
sm.StartSession(ownership.TESTUSER, '')
# No policy stored yet.
retrieved_policy = sm.RetrievePolicyEx(
session_manager.make_user_policy_descriptor(ownership.TESTUSER),
byte_arrays=True)
if retrieved_policy:
raise error.TestError('session_manager already has user policy!')
# And no user key exists.
key_file = ownership.get_user_policy_key_filename(ownership.TESTUSER)
if os.path.exists(key_file):
raise error.TestFail('%s exists before storing user policy!' %
key_file)
# Now store a policy. This is building a device policy protobuf, but
# that's fine as far as the session_manager is concerned; it's the
# outer PolicyFetchResponse that contains the public_key.
public_key = ownership.known_pubkey()
private_key = ownership.known_privkey()
policy_data = policy.build_policy_data()
policy_response = policy.generate_policy(private_key, public_key,
policy_data)
try:
sm.StorePolicyEx(
session_manager.make_user_policy_descriptor(
ownership.TESTUSER), dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException as e:
raise error.TestFail('Failed to store user policy', e)
# The policy key should have been created now.
self._verify_key_file(key_file)
# Restart the ui; the key should be deleted.
self._cryptohome_proxy.unmount(ownership.TESTUSER)
cros_ui.restart()
if os.path.exists(key_file):
raise error.TestFail('%s exists after restarting ui!' % key_file)
# Starting a new session will restore the key that was previously
# stored. Reconnect to the session_manager, since the restart killed it.
self._cryptohome_proxy.mount(ownership.TESTUSER,
ownership.TESTPASS,
create=True)
sm = session_manager.connect(self._bus_loop)
sm.StartSession(ownership.TESTUSER, '')
self._verify_key_file(key_file)
def run_once(self):
expected_owner = '*****@*****.**'
other_user = '******'
self.__start_session_for(expected_owner)
self.__start_session_for(other_user)
self._listener.wait_for_signals(desc='Initial policy push complete.')
# Ensure that the first user got to be the owner.
retrieved_policy = policy.get_policy(self._session_manager)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=expected_owner)
# bounce the session manager and wait for it to come back up before
# reconnecting.
cros_ui.restart()
self._session_manager = session_manager.connect(self._bus_loop)
# Destroy the owner's cryptohome and start sessions again in a
# different order
self.__start_session_for(other_user)
self.__start_session_for(expected_owner)
self._listener.wait_for_signals(
desc='Re-taking of ownership complete.')
# Ensure that the first user still gets to be the owner.
retrieved_policy = policy.get_policy(self._session_manager)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=expected_owner)
def initialize(self):
super(login_LoginSuccess, self).initialize()
bus_loop = DBusGMainLoop(set_as_default=True)
self._session_manager = session_manager.connect(bus_loop)
self._listener = session_manager.SessionSignalListener(
gobject.MainLoop())
def run_once(self):
sm = session_manager.connect(self._bus_loop)
# Start a session for the first user, and verify that no policy exists
# for that user yet.
if not sm.StartSession(self._user1, ''):
raise error.TestError('Could not start session')
policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True)
if policy_blob:
raise error.TestError('session_manager already has user policy!')
# Now store a policy. This is building a device policy protobuf, but
# that's fine as far as the session_manager is concerned; it's the
# outer PolicyFetchResponse that contains the public_key.
public_key = ownership.known_pubkey()
private_key = ownership.known_privkey()
policy_data = policy.build_policy_data(self.srcdir)
policy_response = policy.generate_policy(self.srcdir,
private_key,
public_key,
policy_data)
try:
result = sm.StorePolicyForUser(self._user1,
dbus.ByteArray(policy_response))
if not result:
raise error.TestFail('Failed to store user policy')
except dbus.exceptions.DBusException, e:
raise error.TestFail('Call to StorePolicyForUser failed', e)
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
sm = session_manager.connect(self._bus_loop)
sm.StartSession(ownership.TESTUSER, '')
poldata = policy.build_policy_data(owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
policy_string = policy.generate_policy(pkey, pubkey, poldata)
policy.push_policy_and_verify(policy_string, sm)
retrieved_policy = policy.get_policy(sm)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'))
try:
# Sanity check against an incorrect policy
policy.compare_policy_response(retrieved_policy,
owner=ownership.TESTUSER,
guests=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
except ownership.OwnershipError:
pass
else:
raise error.TestFail('Did not detect bad policy')
class platform_SessionManagerStateKeyGeneration(test.test):
'''Verifies that session_manager's GetServerBackedStateKeys DBus method
returns valid state keys.'''
version = 1
def initialize(self):
super(platform_SessionManagerStateKeyGeneration, self).initialize()
cros_ui.stop(allow_fail=True)
cros_ui.start()
self._bus_loop = DBusGMainLoop(set_as_default=True)
def run_once(self):
try:
if utils.system_output('crossystem mainfw_type') == 'nonchrome':
raise error.TestNAError(
'State key generation only works on Chrome OS hardware')
except error.CmdError, e:
raise error.TestError('Failed to run crossystem: %s' % e)
# Retrieve state keys.
session_manager_proxy = session_manager.connect(self._bus_loop)
state_keys = session_manager_proxy.GetServerBackedStateKeys(
byte_arrays=True)
# Sanity-check the state keys.
if len(state_keys) < 3:
raise error.TestFail("Not enough state keys")
if len(state_keys) != len(set(state_keys)):
raise error.TestFail("Duplicate state keys")
for state_key in state_keys:
if len(state_key) != 32:
raise error.TestFail("Bad state key size")
class platform_SessionManagerBlockDevmodeSetting(test.test):
"""Verifies that session_manager updates the block_devmode flag to be in
sync with the corresponding device setting."""
version = 1
def initialize(self):
super(platform_SessionManagerBlockDevmodeSetting, self).initialize()
ownership.restart_ui_to_clear_ownership_files()
self._bus_loop = DBusGMainLoop(set_as_default=True)
def run_once(self):
try:
if utils.system_output('crossystem mainfw_type') == 'nonchrome':
raise error.TestNAError(
'State key generation only works on Chrome OS hardware')
except error.CmdError, e:
raise error.TestError('Failed to run crossystem: %s' % e)
# Make sure that the flag sticks when there is no owner.
set_block_devmode(True)
cros_ui.restart()
cros_ui.stop()
if not get_block_devmode():
raise error.TestFail("Flag got reset for non-owned device.")
# Test whether the flag gets reset when taking ownership.
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
with chrome.Chrome() as cr:
listener.wait_for_signals(desc='Ownership files written to disk.')
if get_block_devmode():
raise error.TestFail(
"Flag not clear after ownership got established.")
# Put a new owner key and policy blob in place, the latter of which
# specifies block_devmode=true.
cros_ui.stop(allow_fail=True)
shutil.copyfile(os.path.join(self.bindir, 'owner.key'),
constants.OWNER_KEY_FILE)
shutil.copyfile(
os.path.join(self.bindir, 'policy_block_devmode_enabled'),
constants.SIGNED_POLICY_FILE)
cros_ui.start()
if not get_block_devmode():
raise error.TestFail(
"Flag not set after starting with policy enabled.")
# Send a new policy blob to session_manager that disables block_devmode.
listener.listen_for_new_policy()
with open(os.path.join(self.bindir,
'policy_block_devmode_disabled')) as f:
session_manager_proxy = session_manager.connect(self._bus_loop)
session_manager_proxy.StorePolicyEx(
session_manager.make_device_policy_descriptor(), f.read())
listener.wait_for_signals(desc='Policy updated.')
if get_block_devmode():
raise error.TestFail(
"Flag set after updating policy to clear flag.")
def initialize(self):
# Start with a clean slate wrt ownership
ownership.restart_ui_to_clear_ownership_files()
super(login_RemoteOwnership, self).initialize()
bus_loop = DBusGMainLoop(set_as_default=True)
self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
self._sm = session_manager.connect(bus_loop)
def initialize(self):
super(login_OwnershipRetaken, self).initialize()
# Start clean, wrt ownership and the desired user.
ownership.restart_ui_to_clear_ownership_files()
bus_loop = DBusGMainLoop(set_as_default=True)
self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
self._cryptohome_proxy.remove(ownership.TESTUSER)
self._sm = session_manager.connect(bus_loop)
def initialize(self):
super(login_GuestAndActualSession, self).initialize()
# Ensure a clean beginning.
ownership.restart_ui_to_clear_ownership_files()
bus_loop = DBusGMainLoop(set_as_default=True)
self._session_manager = session_manager.connect(bus_loop)
self._listener = session_manager.OwnershipSignalListener(
gobject.MainLoop())
self._listener.listen_for_new_key_and_policy()
def initialize(self):
super(login_CryptohomeOwnerQuery, self).initialize()
# Ensure a clean beginning.
ownership.restart_ui_to_clear_ownership_files()
bus_loop = DBusGMainLoop(set_as_default=True)
self._session_manager = session_manager.connect(bus_loop)
self._listener = session_manager.OwnershipSignalListener(
gobject.MainLoop())
self._listener.listen_for_new_key_and_policy()
self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
def run_once(self):
bus_loop = DBusGMainLoop(set_as_default=True)
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
with chrome.Chrome() as cr:
listener.wait_for_signals(desc='Owner settings written to disk.')
sm = session_manager.connect(bus_loop)
retrieved_policy = sm.RetrievePolicy(byte_arrays=True)
if retrieved_policy is None:
raise error.TestFail('Policy not found.')
self._validate_policy(retrieved_policy, cr.username)
def initialize(self):
super(login_MultipleSessions, self).initialize()
policy.install_protobufs(self.autodir, self.job)
# Ensure a clean beginning.
ownership.restart_ui_to_clear_ownership_files()
self._bus_loop = DBusGMainLoop(set_as_default=True)
self._session_manager = session_manager.connect(self._bus_loop)
self._listener = session_manager.OwnershipSignalListener(
gobject.MainLoop())
self._listener.listen_for_new_key_and_policy()
self._cryptohome_proxy = cryptohome.CryptohomeProxy(
self._bus_loop, self.autodir, self.job)
def run_once(self):
sm = session_manager.connect(self._bus_loop)
# Start a session for the first user, and verify that no policy exists
# for that user yet.
sm.StartSession(self._user1, '')
policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True)
if policy_blob:
raise error.TestError('session_manager already has user policy!')
# Now store a policy. This is building a device policy protobuf, but
# that's fine as far as the session_manager is concerned; it's the
# outer PolicyFetchResponse that contains the public_key.
public_key = ownership.known_pubkey()
private_key = ownership.known_privkey()
policy_data = policy.build_policy_data(self.srcdir)
policy_response = policy.generate_policy(self.srcdir, private_key,
public_key, policy_data)
try:
sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException as e:
raise error.TestFail('Call to StorePolicyForUser failed', e)
# Storing policy for the second user fails before his session starts.
try:
sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException:
pass
else:
raise error.TestFail('Storing policy should fail before the '
'session is started')
# Now start the second user's session, and verify that he has no
# policy stored yet.
sm.StartSession(self._user2, '')
policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True)
if policy_blob:
raise error.TestError('session_manager already has user policy!')
# Storing works now.
try:
sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException as e:
raise error.TestFail('Call to StorePolicyForUser failed', e)
# Verify that retrieving policy works too.
policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True)
if not policy_blob:
raise error.TestError('Failed to retrieve stored policy')
def run_once(self):
bus_loop = DBusGMainLoop(set_as_default=True)
sm = session_manager.connect(bus_loop)
cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
users = ['*****@*****.**', '*****@*****.**']
for user in users:
cryptohome_proxy.ensure_clean_cryptohome_for(user)
sm.StartSession(users[0], '')
self.__check_for_users_in_actives(users[:1],
sm.RetrieveActiveSessions())
sm.StartSession(users[1], '')
self.__check_for_users_in_actives(users, sm.RetrieveActiveSessions())
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
sm = session_manager.connect(self._bus_loop)
if not sm.StartSession(ownership.TESTUSER, ''):
raise error.TestFail('Could not start session for owner')
poldata = policy.build_policy_data(self.srcdir,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'),
proxies={'proxy_mode': 'direct'})
policy_string = policy.generate_policy(self.srcdir, pkey, pubkey,
poldata)
policy.push_policy_and_verify(policy_string, sm)
retrieved_policy = policy.get_policy(sm)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'),
proxies={'proxy_mode': 'direct'})
try:
# Sanity check against an incorrect policy
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=True,
whitelist=(ownership.TESTUSER,
'[email protected]'),
proxies={'proxy_mode': 'direct'})
except ownership.OwnershipError:
pass
else:
raise error.TestFail('Did not detect bad policy')
try:
sm.StopSession('')
except error.TestError as e:
logging.error(str(e))
raise error.TestFail('Could not stop session for owner')
def run_once(self):
bus_loop = DBusGMainLoop(set_as_default=True)
sm = session_manager.connect(bus_loop)
user = '******'
cryptohome.ensure_clean_cryptohome_for(user)
sm.StartSession(user, '')
try:
sm.StartSession(user, '')
except dbus.DBusException as d:
# If I knew how to get our custom dbus errors mapped into real
# exceptions in PyDBus, I'd use that here :-/
if 'already started a session' not in d.message:
raise error.TestFail(d)
else:
raise error.TestFail('Started second session for ' + user)
def run_once(self):
listener = session_manager.SessionSignalListener(gobject.MainLoop())
with chrome.Chrome():
sm = session_manager.connect(DBusGMainLoop(set_as_default=True))
# Tell session_manager that we're going all the way through
# creating a supervised user.
sm.HandleSupervisedUserCreationStarting()
sm.HandleSupervisedUserCreationFinished()
# Crashing the browser should not end the session, as creating the
# user is finished.
utils.nuke_process_by_name(constants.BROWSER)
# We should still be able to talk to the session_manager,
# and it should indicate that we're still inside a user session.
try:
state = sm.RetrieveSessionState()
except DBusException as e:
raise error.TestError('Failed to retrieve session state: ', e)
if state != 'started':
raise error.TestFail('Session should not have ended: ', state)
# Start listening to stop signal before the session gets killed.
listener.listen_for_session_state_change('stopped')
# Tell session_manager that a supervised user is being set up,
# and kill it in the middle. Session should die.
sm.HandleSupervisedUserCreationStarting()
nuke_browser_error = None
try:
utils.nuke_process_by_name(constants.BROWSER)
except error.AutoservPidAlreadyDeadError as e:
nuke_browser_error = e
logging.warning('Browser may have crashed untimely: ', e)
try:
listener.wait_for_signals(desc='Session stopped.',
timeout=self._SESSION_STOP_TIMEOUT)
except utils.TimeoutError as actual_problem:
if nuke_browser_error is not None:
actual_problem = nuke_browser_error
raise error.TestFail(actual_problem)
