def run_once(self):
sm = session_manager.connect(self._bus_loop)
# Start a session for the first user, and verify that no policy exists
# for that user yet.
if not sm.StartSession(self._user1, ''):
raise error.TestError('Could not start session')
policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True)
if policy_blob:
raise error.TestError('session_manager already has user policy!')
# Now store a policy. This is building a device policy protobuf, but
# that's fine as far as the session_manager is concerned; it's the
# outer PolicyFetchResponse that contains the public_key.
public_key = ownership.known_pubkey()
private_key = ownership.known_privkey()
policy_data = policy.build_policy_data(self.srcdir)
policy_response = policy.generate_policy(self.srcdir,
private_key,
public_key,
policy_data)
try:
result = sm.StorePolicyForUser(self._user1,
dbus.ByteArray(policy_response))
if not result:
raise error.TestFail('Failed to store user policy')
except dbus.exceptions.DBusException, e:
raise error.TestFail('Call to StorePolicyForUser failed', e)
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
sm = session_manager.connect(self._bus_loop)
sm.StartSession(ownership.TESTUSER, '')
poldata = policy.build_policy_data(owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
policy_string = policy.generate_policy(pkey, pubkey, poldata)
policy.push_policy_and_verify(policy_string, sm)
retrieved_policy = policy.get_policy(sm)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'))
try:
# Sanity check against an incorrect policy
policy.compare_policy_response(retrieved_policy,
owner=ownership.TESTUSER,
guests=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
except ownership.OwnershipError:
pass
else:
raise error.TestFail('Did not detect bad policy')
def run_once(self):
# Mount the vault, connect to session_manager and start the session.
self._cryptohome_proxy.mount(ownership.TESTUSER,
ownership.TESTPASS,
create=True)
sm = session_manager.connect(self._bus_loop)
sm.StartSession(ownership.TESTUSER, '')
# No policy stored yet.
retrieved_policy = sm.RetrievePolicyEx(
session_manager.make_user_policy_descriptor(ownership.TESTUSER),
byte_arrays=True)
if retrieved_policy:
raise error.TestError('session_manager already has user policy!')
# And no user key exists.
key_file = ownership.get_user_policy_key_filename(ownership.TESTUSER)
if os.path.exists(key_file):
raise error.TestFail('%s exists before storing user policy!' %
key_file)
# Now store a policy. This is building a device policy protobuf, but
# that's fine as far as the session_manager is concerned; it's the
# outer PolicyFetchResponse that contains the public_key.
public_key = ownership.known_pubkey()
private_key = ownership.known_privkey()
policy_data = policy.build_policy_data()
policy_response = policy.generate_policy(private_key, public_key,
policy_data)
try:
sm.StorePolicyEx(
session_manager.make_user_policy_descriptor(
ownership.TESTUSER), dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException as e:
raise error.TestFail('Failed to store user policy', e)
# The policy key should have been created now.
self._verify_key_file(key_file)
# Restart the ui; the key should be deleted.
self._cryptohome_proxy.unmount(ownership.TESTUSER)
cros_ui.restart()
if os.path.exists(key_file):
raise error.TestFail('%s exists after restarting ui!' % key_file)
# Starting a new session will restore the key that was previously
# stored. Reconnect to the session_manager, since the restart killed it.
self._cryptohome_proxy.mount(ownership.TESTUSER,
ownership.TESTPASS,
create=True)
sm = session_manager.connect(self._bus_loop)
sm.StartSession(ownership.TESTUSER, '')
self._verify_key_file(key_file)
def run_once(self):
sm = session_manager.connect(self._bus_loop)
# Start a session for the first user, and verify that no policy exists
# for that user yet.
sm.StartSession(self._user1, '')
policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True)
if policy_blob:
raise error.TestError('session_manager already has user policy!')
# Now store a policy. This is building a device policy protobuf, but
# that's fine as far as the session_manager is concerned; it's the
# outer PolicyFetchResponse that contains the public_key.
public_key = ownership.known_pubkey()
private_key = ownership.known_privkey()
policy_data = policy.build_policy_data(self.srcdir)
policy_response = policy.generate_policy(self.srcdir, private_key,
public_key, policy_data)
try:
sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException as e:
raise error.TestFail('Call to StorePolicyForUser failed', e)
# Storing policy for the second user fails before his session starts.
try:
sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException:
pass
else:
raise error.TestFail('Storing policy should fail before the '
'session is started')
# Now start the second user's session, and verify that he has no
# policy stored yet.
sm.StartSession(self._user2, '')
policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True)
if policy_blob:
raise error.TestError('session_manager already has user policy!')
# Storing works now.
try:
sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response))
except dbus.exceptions.DBusException as e:
raise error.TestFail('Call to StorePolicyForUser failed', e)
# Verify that retrieving policy works too.
policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True)
if not policy_blob:
raise error.TestError('Failed to retrieve stored policy')
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
sm = session_manager.connect(self._bus_loop)
if not sm.StartSession(ownership.TESTUSER, ''):
raise error.TestFail('Could not start session for owner')
poldata = policy.build_policy_data(self.srcdir,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'),
proxies={'proxy_mode': 'direct'})
policy_string = policy.generate_policy(self.srcdir, pkey, pubkey,
poldata)
policy.push_policy_and_verify(policy_string, sm)
retrieved_policy = policy.get_policy(sm)
if retrieved_policy is None: raise error.TestFail('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'),
proxies={'proxy_mode': 'direct'})
try:
# Sanity check against an incorrect policy
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=True,
whitelist=(ownership.TESTUSER,
'[email protected]'),
proxies={'proxy_mode': 'direct'})
except ownership.OwnershipError:
pass
else:
raise error.TestFail('Did not detect bad policy')
try:
sm.StopSession('')
except error.TestError as e:
logging.error(str(e))
raise error.TestFail('Could not stop session for owner')
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
# Pre-configure some owner settings, including initial key.
poldata = policy.build_policy_data(self.srcdir,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
policy_string = policy.generate_policy(self.srcdir,
pkey,
pubkey,
poldata)
policy.push_policy_and_verify(policy_string, self._sm)
# grab key, ensure that it's the same as the known key.
if (utils.read_file(constants.OWNER_KEY_FILE) != pubkey):
raise error.TestFail('Owner key should not have changed!')
# Start a new session, which will trigger the re-taking of ownership.
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
self._cryptohome_proxy.mount(ownership.TESTUSER,
ownership.TESTPASS,
create=True)
if not self._sm.StartSession(ownership.TESTUSER, ''):
raise error.TestError('Could not start session for owner')
listener.wait_for_signals(desc='Re-taking of ownership complete.')
# grab key, ensure that it's different than known key
if (utils.read_file(constants.OWNER_KEY_FILE) == pubkey):
raise error.TestFail('Owner key should have changed!')
# RetrievePolicy, check sig against new key, check properties
retrieved_policy = self._sm.RetrievePolicy(byte_arrays=True)
if retrieved_policy is None:
raise error.TestError('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'))
def run_once(self):
# Initial policy setup.
poldata = policy.build_policy_data(self.srcdir)
priv = ownership.known_privkey()
pub = ownership.known_pubkey()
policy.push_policy_and_verify(
policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
# Force re-key the device
(priv, pub) = ownership.pairgen_as_data()
policy.push_policy_and_verify(
policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
# Rotate key gracefully.
self.username = (''.join(random.sample(string.ascii_lowercase, 6)) +
"@foo.com")
password = ''.join(random.sample(string.ascii_lowercase, 6))
self._cryptohome_proxy.remove(self.username)
self._cryptohome_proxy.mount(self.username, password, create=True)
(new_priv, new_pub) = ownership.pairgen_as_data()
if not self._sm.StartSession(self.username, ''):
raise error.TestFail('Could not start session for random user')
policy.push_policy_and_verify(
policy.generate_policy(self.srcdir,
key=new_priv,
pubkey=new_pub,
policy=poldata,
old_key=priv), self._sm)
try:
self._sm.StopSession('')
except error.TestError as e:
logging.error(str(e))
raise error.TestFail('Could not stop session for random user')