Esempio n. 1
0
def test_insert_key(program, keyring):
    """ Tests that insert_key command actually puts the keys in the keyring """
    for key, descriptor in key_tests:
        # Inserting should give the appropriate descriptor
        output = program(key, "insert_key")
        assert output == descriptor

    # After insertion, check that all three keys are there
    for _, descriptor in key_tests:
        # Key should be in the keyring
        id1 = keyutils.search(keyring,
                              b'fscrypt:' + descriptor,
                              keyType=b'logon')
        assert id1 != None

        # Accessing the session keyring should give the same result
        id2 = keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
                              b'fscrypt:' + descriptor,
                              keyType=b'logon')
        assert id1 == id2

        # There should not be keys of type user
        id3 = keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
                              b'fscrypt:' + descriptor)
        assert id3 == None
Esempio n. 2
0
    def testRevoke(self):
        desc = b"dummy"
        session = keyutils.join_session_keyring()
        self.assertEqual(
            keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
        keyutils.revoke(session)
        try:
            keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc)
        except keyutils.Error as err:
            self.assertEqual(err.args[0], keyutils.EKEYREVOKED)
        else:
            self.fail("Expected keyutils.Error")

        # It is convenient to use this test to verify that session_to_parent()
        # is functional because at this point it is known that there is
        # no session keyring available.

        childpid = os.fork()
        if childpid:
            pid, exitcode = os.waitpid(childpid, 0)
            self.assertEqual(childpid, pid)
            self.assertTrue(
                os.WIFEXITED(exitcode) and os.WEXITSTATUS(exitcode) == 0,
                exitcode)
        else:
            rc = 1
            try:
                keyutils.join_session_keyring()
                keyutils.session_to_parent()
                rc = 0
            finally:
                os._exit(rc)

        self.assertEqual(
            keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
Esempio n. 3
0
 def testSession(self):
     desc = "test:key:02"
     val = "asdfasdfasdf"
     session = keyutils.join_session_keyring()
     keyId = keyutils.add_key(desc, val, session)
     self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), keyId)
     keyutils.join_session_keyring()
     self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
Esempio n. 4
0
 def testLink(self):
     desc = b"key1"
     child = keyutils.add_key(b"ring1", None, keyutils.KEY_SPEC_PROCESS_KEYRING, b"keyring")
     parent = keyutils.add_key(b"ring2", None, keyutils.KEY_SPEC_PROCESS_KEYRING, b"keyring")
     keyId = keyutils.add_key(desc, b"dummy", child)
     self.assertEqual(keyutils.search(child, desc), keyId)
     self.assertEqual(keyutils.search(parent, desc), None)
     keyutils.link(child, parent)
     self.assertEqual(keyutils.search(parent, desc), keyId)
Esempio n. 5
0
 def testSession(self):
     desc = b"test:key:02"
     val = b"asdfasdfasdf"
     session = keyutils.join_session_keyring()
     keyId = keyutils.add_key(desc, val, session)
     self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
         desc), keyId)
     keyutils.join_session_keyring()
     self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
         desc), None)
Esempio n. 6
0
 def testRevoke(self):
     desc = "dummy"
     session = keyutils.join_session_keyring()
     self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
     keyutils.revoke(session)
     try:
         keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc)
     except keyutils.Error as err:
         self.assertEqual(err.args[0], keyutils.EKEYREVOKED)
     else:
         self.fail("Expected keyutils.Error")
     keyutils.join_session_keyring()
Esempio n. 7
0
 def testRevoke(self):
     desc = b"dummy"
     session = keyutils.join_session_keyring()
     self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
         desc), None)
     keyutils.revoke(session)
     try:
         keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc)
     except keyutils.Error as err:
         self.assertEqual(err.args[0], keyutils.EKEYREVOKED)
     else:
         self.fail("Expected keyutils.Error")
     keyutils.join_session_keyring()
Esempio n. 8
0
def test_insert_flags(program, keyring):
    """ tests that the insertion flags give the correct prefixes """
    for flag, prefix in [("--ext4", b'ext4:'), ("--f2fs", b'f2fs:')]:
        output = program(test_key, "insert_key", flag)
        assert output == test_descriptor

        key_id = keyutils.search(keyring,
                                 prefix + test_descriptor,
                                 keyType=b'logon')
        assert key_id != None
Esempio n. 9
0
def invalidatePassword(keyDesc):
    if not _keyutils:
        return
    try:
        keyId = _keyutils.search(_keyring, keyDesc)
        _keyutils.revoke(keyId)
    except AttributeError:
        # Old keyutils, oh well
        return
    except _keyutils.Error as err:
        if err.args[0] != _keyutils.EKEYREVOKED:
            raise
Esempio n. 10
0
def invalidatePassword(keyDesc):
    if not _keyutils:
        return
    try:
        keyId = _keyutils.search(_keyring, keyDesc)
        _keyutils.revoke(keyId)
    except AttributeError:
        # Old keyutils, oh well
        return
    except _keyutils.Error as err:
        if err.args[0] != _keyutils.EKEYREVOKED:
            raise