def run_once(self):
self.cryptohome_proxy = cryptohome.CryptohomeProxy()
# Leaf element of user path not owned by user.
user = utils.random_username()
path = cryptohome.user_path(user)
os.mkdir(path)
os.chown(path, 0, 0)
try:
self.require_mount_fail(user)
finally:
os.rmdir(path)
# Leaf element of system path not owned by root.
user = utils.random_username()
path = cryptohome.system_path(user)
os.mkdir(path)
os.chown(path, 1, 1)
self.require_mount_fail(user)
try:
self.require_mount_fail(user)
finally:
os.rmdir(path)
# Leaf element of path too permissive.
user = utils.random_username()
path = cryptohome.user_path(user)
os.mkdir(path)
os.chmod(path, 0777)
self.require_mount_fail(user)
try:
self.require_mount_fail(user)
finally:
os.rmdir(path)
# Non-leaf element of path not owned by root.
user = utils.random_username()
path = cryptohome.user_path(user)
parent_path = os.path.dirname(path)
os.chown(parent_path, 1, 1)
try:
self.require_mount_fail(user)
finally:
os.chown(parent_path, 0, 0)
# Non-leaf element of path too permissive.
user = utils.random_username()
path = cryptohome.user_path(user)
parent_path = os.path.dirname(path)
old_perm = os.stat(parent_path).st_mode & 0777
os.chmod(parent_path, 0777)
try:
self.require_mount_fail(user)
finally:
os.chmod(parent_path, old_perm)
os.chown(parent_path, 0, 0)
def test_mount_single(self):
"""
Tests mounting a single not-already-existing cryptohome. Ensures that
the infrastructure for multiple mounts is present and active.
"""
user = utils.random_username()
cryptohome.mount_vault(user, 'test', create=True)
cryptohome.unmount_vault(user)
def run_once(self):
self.cryptohome_proxy = cryptohome.CryptohomeProxy()
# Leaf element of user path is non-dir.
user = utils.random_username()
path = cryptohome.user_path(user)
utils.open_write_close(path, '')
try:
self.require_mount_fail(user)
finally:
os.remove(path)
# Leaf element of system path is non-dir.
user = utils.random_username()
path = cryptohome.system_path(user)
os.symlink('/etc', path)
try:
self.require_mount_fail(user)
finally:
os.remove(path)
# Non-leaf element of user path is non-dir.
user = utils.random_username()
path = cryptohome.user_path(user)
parent_path = os.path.dirname(path)
os.rename(parent_path, parent_path + '.old')
try:
utils.open_write_close(parent_path, '')
self.require_mount_fail(user)
finally:
# We can't just rely on the rename() to blow away the file -
# rename() will refuse to rename directories to non-directory names.
self.replace(parent_path + '.old', parent_path)
# Non-leaf element of system path is non-dir.
user = utils.random_username()
path = cryptohome.system_path(user)
parent_path = os.path.dirname(path)
os.rename(parent_path, parent_path + '.old')
try:
utils.open_write_close(parent_path, '')
self.require_mount_fail(user)
finally:
self.replace(parent_path + '.old', parent_path)
def nonexistent_user(self):
user = utils.random_username()
old_pass = '******'
new_pass = '******'
try:
cryptohome.change_password(user, old_pass, new_pass)
except:
pass
else:
raise error.TestFail('Migrated a nonexistent user.')
def test_mount_single(self):
"""
Tests mounting a single not-already-existing cryptohome. Ensures that
the infrastructure for multiple mounts is present and active.
"""
user = utils.random_username()
if not self.cryptohome_proxy.mount(user, 'test', create=True):
raise error.TestFail('Mount failed for %s' % user)
self.cryptohome_proxy.require_mounted(user)
if not self.cryptohome_proxy.unmount(user):
raise error.TestFail('Unmount failed for %s' % user)
def bad_password(self):
user = utils.random_username()
old_pass = '******'
new_pass = '******'
if not self.proxy.mount(user, old_pass, create=True):
raise error.TestFail('Could not create bad user.')
if not self.proxy.unmount(user):
raise error.TestFail('Could not unmount bad user.')
if self.proxy.migrate(user, 'bad', new_pass):
raise error.TestFail('Migrated with bad password.')
self.proxy.remove(user)
def bad_password(self):
user = utils.random_username()
old_pass = '******'
new_pass = '******'
cryptohome.mount_vault(user, old_pass, create=True)
cryptohome.unmount_vault(user)
try:
cryptohome.change_password(user, 'bad', new_pass)
except:
pass
else:
raise error.TestFail('Migrated with bad password.')
cryptohome.remove_vault(user)
def good(self):
user = utils.random_username()
old_pass = '******'
new_pass = '******'
cryptohome.mount_vault(user, old_pass, create=True)
cryptohome.unmount_vault(user)
cryptohome.change_password(user, old_pass, new_pass)
try:
cryptohome.mount_vault(user, old_pass)
except:
pass
else:
raise error.TestFail('Old password still works.')
cryptohome.mount_vault(user, new_pass)
cryptohome.unmount_vault(user)
cryptohome.remove_vault(user)
def good(self):
user = utils.random_username()
old_pass = '******'
new_pass = '******'
if not self.proxy.mount(user, old_pass, create=True):
raise error.TestFail('Could not create good user.')
if not self.proxy.unmount(user):
raise error.TestFail('Could not unmount good user.')
if not self.proxy.migrate(user, old_pass, new_pass):
raise error.TestFail('Could not migrate good user.')
if self.proxy.mount(user, old_pass):
raise error.TestFail('Old password still works.')
if not self.proxy.mount(user, new_pass):
raise error.TestFail('Could not mount good user.')
if not self.proxy.unmount(user):
raise error.TestFail('Could not unmount good user.')
self.proxy.remove(user)
def nonexistent_user(self):
user = utils.random_username()
old_pass = '******'
new_pass = '******'
if self.proxy.migrate(user, old_pass, new_pass):
raise error.TestFail('Migration nonexistent user.')