def run_once(self): # Mount the vault, connect to session_manager and start the session. self._cryptohome_proxy.mount(ownership.TESTUSER, ownership.TESTPASS, create=True) sm = session_manager.connect(self._bus_loop) sm.StartSession(ownership.TESTUSER, '') # No policy stored yet. retrieved_policy = sm.RetrievePolicyEx( session_manager.make_user_policy_descriptor(ownership.TESTUSER), byte_arrays=True) if retrieved_policy: raise error.TestError('session_manager already has user policy!') # And no user key exists. key_file = ownership.get_user_policy_key_filename(ownership.TESTUSER) if os.path.exists(key_file): raise error.TestFail('%s exists before storing user policy!' % key_file) # Now store a policy. This is building a device policy protobuf, but # that's fine as far as the session_manager is concerned; it's the # outer PolicyFetchResponse that contains the public_key. public_key = ownership.known_pubkey() private_key = ownership.known_privkey() policy_data = policy.build_policy_data() policy_response = policy.generate_policy(private_key, public_key, policy_data) try: sm.StorePolicyEx( session_manager.make_user_policy_descriptor( ownership.TESTUSER), dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException as e: raise error.TestFail('Failed to store user policy', e) # The policy key should have been created now. self._verify_key_file(key_file) # Restart the ui; the key should be deleted. self._cryptohome_proxy.unmount(ownership.TESTUSER) cros_ui.restart() if os.path.exists(key_file): raise error.TestFail('%s exists after restarting ui!' % key_file) # Starting a new session will restore the key that was previously # stored. Reconnect to the session_manager, since the restart killed it. self._cryptohome_proxy.mount(ownership.TESTUSER, ownership.TESTPASS, create=True) sm = session_manager.connect(self._bus_loop) sm.StartSession(ownership.TESTUSER, '') self._verify_key_file(key_file)
def run_once(self): expected_owner = '*****@*****.**' other_user = '******' self.__start_session_for(expected_owner) self.__start_session_for(other_user) self._listener.wait_for_signals(desc='Initial policy push complete.') # Ensure that the first user got to be the owner. retrieved_policy = policy.get_policy(self._session_manager) if retrieved_policy is None: raise error.TestFail('Policy not found') policy.compare_policy_response(self.srcdir, retrieved_policy, owner=expected_owner) # bounce the session manager and wait for it to come back up before # reconnecting. cros_ui.restart() self._session_manager = session_manager.connect(self._bus_loop) # Destroy the owner's cryptohome and start sessions again in a # different order self.__start_session_for(other_user) self.__start_session_for(expected_owner) self._listener.wait_for_signals( desc='Re-taking of ownership complete.') # Ensure that the first user still gets to be the owner. retrieved_policy = policy.get_policy(self._session_manager) if retrieved_policy is None: raise error.TestFail('Policy not found') policy.compare_policy_response(self.srcdir, retrieved_policy, owner=expected_owner)
def initialize(self): super(login_LoginSuccess, self).initialize() bus_loop = DBusGMainLoop(set_as_default=True) self._session_manager = session_manager.connect(bus_loop) self._listener = session_manager.SessionSignalListener( gobject.MainLoop())
def run_once(self): sm = session_manager.connect(self._bus_loop) # Start a session for the first user, and verify that no policy exists # for that user yet. if not sm.StartSession(self._user1, ''): raise error.TestError('Could not start session') policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Now store a policy. This is building a device policy protobuf, but # that's fine as far as the session_manager is concerned; it's the # outer PolicyFetchResponse that contains the public_key. public_key = ownership.known_pubkey() private_key = ownership.known_privkey() policy_data = policy.build_policy_data(self.srcdir) policy_response = policy.generate_policy(self.srcdir, private_key, public_key, policy_data) try: result = sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response)) if not result: raise error.TestFail('Failed to store user policy') except dbus.exceptions.DBusException, e: raise error.TestFail('Call to StorePolicyForUser failed', e)
def run_once(self): pkey = ownership.known_privkey() pubkey = ownership.known_pubkey() sm = session_manager.connect(self._bus_loop) sm.StartSession(ownership.TESTUSER, '') poldata = policy.build_policy_data(owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]')) policy_string = policy.generate_policy(pkey, pubkey, poldata) policy.push_policy_and_verify(policy_string, sm) retrieved_policy = policy.get_policy(sm) if retrieved_policy is None: raise error.TestFail('Policy not found') policy.compare_policy_response(retrieved_policy, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]')) try: # Sanity check against an incorrect policy policy.compare_policy_response(retrieved_policy, owner=ownership.TESTUSER, guests=True, whitelist=(ownership.TESTUSER, '[email protected]')) except ownership.OwnershipError: pass else: raise error.TestFail('Did not detect bad policy')
class platform_SessionManagerStateKeyGeneration(test.test): '''Verifies that session_manager's GetServerBackedStateKeys DBus method returns valid state keys.''' version = 1 def initialize(self): super(platform_SessionManagerStateKeyGeneration, self).initialize() cros_ui.stop(allow_fail=True) cros_ui.start() self._bus_loop = DBusGMainLoop(set_as_default=True) def run_once(self): try: if utils.system_output('crossystem mainfw_type') == 'nonchrome': raise error.TestNAError( 'State key generation only works on Chrome OS hardware') except error.CmdError, e: raise error.TestError('Failed to run crossystem: %s' % e) # Retrieve state keys. session_manager_proxy = session_manager.connect(self._bus_loop) state_keys = session_manager_proxy.GetServerBackedStateKeys( byte_arrays=True) # Sanity-check the state keys. if len(state_keys) < 3: raise error.TestFail("Not enough state keys") if len(state_keys) != len(set(state_keys)): raise error.TestFail("Duplicate state keys") for state_key in state_keys: if len(state_key) != 32: raise error.TestFail("Bad state key size")
class platform_SessionManagerBlockDevmodeSetting(test.test): """Verifies that session_manager updates the block_devmode flag to be in sync with the corresponding device setting.""" version = 1 def initialize(self): super(platform_SessionManagerBlockDevmodeSetting, self).initialize() ownership.restart_ui_to_clear_ownership_files() self._bus_loop = DBusGMainLoop(set_as_default=True) def run_once(self): try: if utils.system_output('crossystem mainfw_type') == 'nonchrome': raise error.TestNAError( 'State key generation only works on Chrome OS hardware') except error.CmdError, e: raise error.TestError('Failed to run crossystem: %s' % e) # Make sure that the flag sticks when there is no owner. set_block_devmode(True) cros_ui.restart() cros_ui.stop() if not get_block_devmode(): raise error.TestFail("Flag got reset for non-owned device.") # Test whether the flag gets reset when taking ownership. listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() with chrome.Chrome() as cr: listener.wait_for_signals(desc='Ownership files written to disk.') if get_block_devmode(): raise error.TestFail( "Flag not clear after ownership got established.") # Put a new owner key and policy blob in place, the latter of which # specifies block_devmode=true. cros_ui.stop(allow_fail=True) shutil.copyfile(os.path.join(self.bindir, 'owner.key'), constants.OWNER_KEY_FILE) shutil.copyfile( os.path.join(self.bindir, 'policy_block_devmode_enabled'), constants.SIGNED_POLICY_FILE) cros_ui.start() if not get_block_devmode(): raise error.TestFail( "Flag not set after starting with policy enabled.") # Send a new policy blob to session_manager that disables block_devmode. listener.listen_for_new_policy() with open(os.path.join(self.bindir, 'policy_block_devmode_disabled')) as f: session_manager_proxy = session_manager.connect(self._bus_loop) session_manager_proxy.StorePolicyEx( session_manager.make_device_policy_descriptor(), f.read()) listener.wait_for_signals(desc='Policy updated.') if get_block_devmode(): raise error.TestFail( "Flag set after updating policy to clear flag.")
def initialize(self): # Start with a clean slate wrt ownership ownership.restart_ui_to_clear_ownership_files() super(login_RemoteOwnership, self).initialize() bus_loop = DBusGMainLoop(set_as_default=True) self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop) self._sm = session_manager.connect(bus_loop)
def initialize(self): super(login_OwnershipRetaken, self).initialize() # Start clean, wrt ownership and the desired user. ownership.restart_ui_to_clear_ownership_files() bus_loop = DBusGMainLoop(set_as_default=True) self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop) self._cryptohome_proxy.remove(ownership.TESTUSER) self._sm = session_manager.connect(bus_loop)
def initialize(self): super(login_GuestAndActualSession, self).initialize() # Ensure a clean beginning. ownership.restart_ui_to_clear_ownership_files() bus_loop = DBusGMainLoop(set_as_default=True) self._session_manager = session_manager.connect(bus_loop) self._listener = session_manager.OwnershipSignalListener( gobject.MainLoop()) self._listener.listen_for_new_key_and_policy()
def initialize(self): super(login_CryptohomeOwnerQuery, self).initialize() # Ensure a clean beginning. ownership.restart_ui_to_clear_ownership_files() bus_loop = DBusGMainLoop(set_as_default=True) self._session_manager = session_manager.connect(bus_loop) self._listener = session_manager.OwnershipSignalListener( gobject.MainLoop()) self._listener.listen_for_new_key_and_policy() self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
def run_once(self): bus_loop = DBusGMainLoop(set_as_default=True) listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() with chrome.Chrome() as cr: listener.wait_for_signals(desc='Owner settings written to disk.') sm = session_manager.connect(bus_loop) retrieved_policy = sm.RetrievePolicy(byte_arrays=True) if retrieved_policy is None: raise error.TestFail('Policy not found.') self._validate_policy(retrieved_policy, cr.username)
def initialize(self): super(login_MultipleSessions, self).initialize() policy.install_protobufs(self.autodir, self.job) # Ensure a clean beginning. ownership.restart_ui_to_clear_ownership_files() self._bus_loop = DBusGMainLoop(set_as_default=True) self._session_manager = session_manager.connect(self._bus_loop) self._listener = session_manager.OwnershipSignalListener( gobject.MainLoop()) self._listener.listen_for_new_key_and_policy() self._cryptohome_proxy = cryptohome.CryptohomeProxy( self._bus_loop, self.autodir, self.job)
def run_once(self): sm = session_manager.connect(self._bus_loop) # Start a session for the first user, and verify that no policy exists # for that user yet. sm.StartSession(self._user1, '') policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Now store a policy. This is building a device policy protobuf, but # that's fine as far as the session_manager is concerned; it's the # outer PolicyFetchResponse that contains the public_key. public_key = ownership.known_pubkey() private_key = ownership.known_privkey() policy_data = policy.build_policy_data(self.srcdir) policy_response = policy.generate_policy(self.srcdir, private_key, public_key, policy_data) try: sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException as e: raise error.TestFail('Call to StorePolicyForUser failed', e) # Storing policy for the second user fails before his session starts. try: sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException: pass else: raise error.TestFail('Storing policy should fail before the ' 'session is started') # Now start the second user's session, and verify that he has no # policy stored yet. sm.StartSession(self._user2, '') policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Storing works now. try: sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException as e: raise error.TestFail('Call to StorePolicyForUser failed', e) # Verify that retrieving policy works too. policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) if not policy_blob: raise error.TestError('Failed to retrieve stored policy')
def run_once(self): bus_loop = DBusGMainLoop(set_as_default=True) sm = session_manager.connect(bus_loop) cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop) users = ['*****@*****.**', '*****@*****.**'] for user in users: cryptohome_proxy.ensure_clean_cryptohome_for(user) sm.StartSession(users[0], '') self.__check_for_users_in_actives(users[:1], sm.RetrieveActiveSessions()) sm.StartSession(users[1], '') self.__check_for_users_in_actives(users, sm.RetrieveActiveSessions())
def run_once(self): pkey = ownership.known_privkey() pubkey = ownership.known_pubkey() sm = session_manager.connect(self._bus_loop) if not sm.StartSession(ownership.TESTUSER, ''): raise error.TestFail('Could not start session for owner') poldata = policy.build_policy_data(self.srcdir, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]'), proxies={'proxy_mode': 'direct'}) policy_string = policy.generate_policy(self.srcdir, pkey, pubkey, poldata) policy.push_policy_and_verify(policy_string, sm) retrieved_policy = policy.get_policy(sm) if retrieved_policy is None: raise error.TestFail('Policy not found') policy.compare_policy_response(self.srcdir, retrieved_policy, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]'), proxies={'proxy_mode': 'direct'}) try: # Sanity check against an incorrect policy policy.compare_policy_response(self.srcdir, retrieved_policy, owner=ownership.TESTUSER, guests=True, whitelist=(ownership.TESTUSER, '[email protected]'), proxies={'proxy_mode': 'direct'}) except ownership.OwnershipError: pass else: raise error.TestFail('Did not detect bad policy') try: sm.StopSession('') except error.TestError as e: logging.error(str(e)) raise error.TestFail('Could not stop session for owner')
def run_once(self): bus_loop = DBusGMainLoop(set_as_default=True) sm = session_manager.connect(bus_loop) user = '******' cryptohome.ensure_clean_cryptohome_for(user) sm.StartSession(user, '') try: sm.StartSession(user, '') except dbus.DBusException as d: # If I knew how to get our custom dbus errors mapped into real # exceptions in PyDBus, I'd use that here :-/ if 'already started a session' not in d.message: raise error.TestFail(d) else: raise error.TestFail('Started second session for ' + user)
def run_once(self): listener = session_manager.SessionSignalListener(gobject.MainLoop()) with chrome.Chrome(): sm = session_manager.connect(DBusGMainLoop(set_as_default=True)) # Tell session_manager that we're going all the way through # creating a supervised user. sm.HandleSupervisedUserCreationStarting() sm.HandleSupervisedUserCreationFinished() # Crashing the browser should not end the session, as creating the # user is finished. utils.nuke_process_by_name(constants.BROWSER) # We should still be able to talk to the session_manager, # and it should indicate that we're still inside a user session. try: state = sm.RetrieveSessionState() except DBusException as e: raise error.TestError('Failed to retrieve session state: ', e) if state != 'started': raise error.TestFail('Session should not have ended: ', state) # Start listening to stop signal before the session gets killed. listener.listen_for_session_state_change('stopped') # Tell session_manager that a supervised user is being set up, # and kill it in the middle. Session should die. sm.HandleSupervisedUserCreationStarting() nuke_browser_error = None try: utils.nuke_process_by_name(constants.BROWSER) except error.AutoservPidAlreadyDeadError as e: nuke_browser_error = e logging.warning('Browser may have crashed untimely: ', e) try: listener.wait_for_signals(desc='Session stopped.', timeout=self._SESSION_STOP_TIMEOUT) except utils.TimeoutError as actual_problem: if nuke_browser_error is not None: actual_problem = nuke_browser_error raise error.TestFail(actual_problem)