def test_insert_key(program, keyring):
""" Tests that insert_key command actually puts the keys in the keyring """
for key, descriptor in key_tests:
# Inserting should give the appropriate descriptor
output = program(key, "insert_key")
assert output == descriptor
# After insertion, check that all three keys are there
for _, descriptor in key_tests:
# Key should be in the keyring
id1 = keyutils.search(keyring,
b'fscrypt:' + descriptor,
keyType=b'logon')
assert id1 != None
# Accessing the session keyring should give the same result
id2 = keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
b'fscrypt:' + descriptor,
keyType=b'logon')
assert id1 == id2
# There should not be keys of type user
id3 = keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
b'fscrypt:' + descriptor)
assert id3 == None
def testRevoke(self):
desc = b"dummy"
session = keyutils.join_session_keyring()
self.assertEqual(
keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
keyutils.revoke(session)
try:
keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc)
except keyutils.Error as err:
self.assertEqual(err.args[0], keyutils.EKEYREVOKED)
else:
self.fail("Expected keyutils.Error")
# It is convenient to use this test to verify that session_to_parent()
# is functional because at this point it is known that there is
# no session keyring available.
childpid = os.fork()
if childpid:
pid, exitcode = os.waitpid(childpid, 0)
self.assertEqual(childpid, pid)
self.assertTrue(
os.WIFEXITED(exitcode) and os.WEXITSTATUS(exitcode) == 0,
exitcode)
else:
rc = 1
try:
keyutils.join_session_keyring()
keyutils.session_to_parent()
rc = 0
finally:
os._exit(rc)
self.assertEqual(
keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
def testSession(self):
desc = "test:key:02"
val = "asdfasdfasdf"
session = keyutils.join_session_keyring()
keyId = keyutils.add_key(desc, val, session)
self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), keyId)
keyutils.join_session_keyring()
self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
def testLink(self):
desc = b"key1"
child = keyutils.add_key(b"ring1", None, keyutils.KEY_SPEC_PROCESS_KEYRING, b"keyring")
parent = keyutils.add_key(b"ring2", None, keyutils.KEY_SPEC_PROCESS_KEYRING, b"keyring")
keyId = keyutils.add_key(desc, b"dummy", child)
self.assertEqual(keyutils.search(child, desc), keyId)
self.assertEqual(keyutils.search(parent, desc), None)
keyutils.link(child, parent)
self.assertEqual(keyutils.search(parent, desc), keyId)
def testSession(self):
desc = b"test:key:02"
val = b"asdfasdfasdf"
session = keyutils.join_session_keyring()
keyId = keyutils.add_key(desc, val, session)
self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
desc), keyId)
keyutils.join_session_keyring()
self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
desc), None)
def testRevoke(self):
desc = "dummy"
session = keyutils.join_session_keyring()
self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc), None)
keyutils.revoke(session)
try:
keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc)
except keyutils.Error as err:
self.assertEqual(err.args[0], keyutils.EKEYREVOKED)
else:
self.fail("Expected keyutils.Error")
keyutils.join_session_keyring()
def testRevoke(self):
desc = b"dummy"
session = keyutils.join_session_keyring()
self.assertEqual(keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING,
desc), None)
keyutils.revoke(session)
try:
keyutils.search(keyutils.KEY_SPEC_SESSION_KEYRING, desc)
except keyutils.Error as err:
self.assertEqual(err.args[0], keyutils.EKEYREVOKED)
else:
self.fail("Expected keyutils.Error")
keyutils.join_session_keyring()
def test_insert_flags(program, keyring):
""" tests that the insertion flags give the correct prefixes """
for flag, prefix in [("--ext4", b'ext4:'), ("--f2fs", b'f2fs:')]:
output = program(test_key, "insert_key", flag)
assert output == test_descriptor
key_id = keyutils.search(keyring,
prefix + test_descriptor,
keyType=b'logon')
assert key_id != None
def invalidatePassword(keyDesc):
if not _keyutils:
return
try:
keyId = _keyutils.search(_keyring, keyDesc)
_keyutils.revoke(keyId)
except AttributeError:
# Old keyutils, oh well
return
except _keyutils.Error as err:
if err.args[0] != _keyutils.EKEYREVOKED:
raise
def invalidatePassword(keyDesc):
if not _keyutils:
return
try:
keyId = _keyutils.search(_keyring, keyDesc)
_keyutils.revoke(keyId)
except AttributeError:
# Old keyutils, oh well
return
except _keyutils.Error as err:
if err.args[0] != _keyutils.EKEYREVOKED:
raise