def run_once(self): sm = session_manager.connect(self._bus_loop) # Start a session for the first user, and verify that no policy exists # for that user yet. if not sm.StartSession(self._user1, ''): raise error.TestError('Could not start session') policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Now store a policy. This is building a device policy protobuf, but # that's fine as far as the session_manager is concerned; it's the # outer PolicyFetchResponse that contains the public_key. public_key = ownership.known_pubkey() private_key = ownership.known_privkey() policy_data = policy.build_policy_data(self.srcdir) policy_response = policy.generate_policy(self.srcdir, private_key, public_key, policy_data) try: result = sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response)) if not result: raise error.TestFail('Failed to store user policy') except dbus.exceptions.DBusException, e: raise error.TestFail('Call to StorePolicyForUser failed', e)
def run_once(self): pkey = ownership.known_privkey() pubkey = ownership.known_pubkey() sm = session_manager.connect(self._bus_loop) sm.StartSession(ownership.TESTUSER, '') poldata = policy.build_policy_data(owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]')) policy_string = policy.generate_policy(pkey, pubkey, poldata) policy.push_policy_and_verify(policy_string, sm) retrieved_policy = policy.get_policy(sm) if retrieved_policy is None: raise error.TestFail('Policy not found') policy.compare_policy_response(retrieved_policy, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]')) try: # Sanity check against an incorrect policy policy.compare_policy_response(retrieved_policy, owner=ownership.TESTUSER, guests=True, whitelist=(ownership.TESTUSER, '[email protected]')) except ownership.OwnershipError: pass else: raise error.TestFail('Did not detect bad policy')
def run_once(self): # Mount the vault, connect to session_manager and start the session. self._cryptohome_proxy.mount(ownership.TESTUSER, ownership.TESTPASS, create=True) sm = session_manager.connect(self._bus_loop) sm.StartSession(ownership.TESTUSER, '') # No policy stored yet. retrieved_policy = sm.RetrievePolicyEx( session_manager.make_user_policy_descriptor(ownership.TESTUSER), byte_arrays=True) if retrieved_policy: raise error.TestError('session_manager already has user policy!') # And no user key exists. key_file = ownership.get_user_policy_key_filename(ownership.TESTUSER) if os.path.exists(key_file): raise error.TestFail('%s exists before storing user policy!' % key_file) # Now store a policy. This is building a device policy protobuf, but # that's fine as far as the session_manager is concerned; it's the # outer PolicyFetchResponse that contains the public_key. public_key = ownership.known_pubkey() private_key = ownership.known_privkey() policy_data = policy.build_policy_data() policy_response = policy.generate_policy(private_key, public_key, policy_data) try: sm.StorePolicyEx( session_manager.make_user_policy_descriptor( ownership.TESTUSER), dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException as e: raise error.TestFail('Failed to store user policy', e) # The policy key should have been created now. self._verify_key_file(key_file) # Restart the ui; the key should be deleted. self._cryptohome_proxy.unmount(ownership.TESTUSER) cros_ui.restart() if os.path.exists(key_file): raise error.TestFail('%s exists after restarting ui!' % key_file) # Starting a new session will restore the key that was previously # stored. Reconnect to the session_manager, since the restart killed it. self._cryptohome_proxy.mount(ownership.TESTUSER, ownership.TESTPASS, create=True) sm = session_manager.connect(self._bus_loop) sm.StartSession(ownership.TESTUSER, '') self._verify_key_file(key_file)
def run_once(self): sm = session_manager.connect(self._bus_loop) # Start a session for the first user, and verify that no policy exists # for that user yet. sm.StartSession(self._user1, '') policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Now store a policy. This is building a device policy protobuf, but # that's fine as far as the session_manager is concerned; it's the # outer PolicyFetchResponse that contains the public_key. public_key = ownership.known_pubkey() private_key = ownership.known_privkey() policy_data = policy.build_policy_data(self.srcdir) policy_response = policy.generate_policy(self.srcdir, private_key, public_key, policy_data) try: sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException as e: raise error.TestFail('Call to StorePolicyForUser failed', e) # Storing policy for the second user fails before his session starts. try: sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException: pass else: raise error.TestFail('Storing policy should fail before the ' 'session is started') # Now start the second user's session, and verify that he has no # policy stored yet. sm.StartSession(self._user2, '') policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Storing works now. try: sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) except dbus.exceptions.DBusException as e: raise error.TestFail('Call to StorePolicyForUser failed', e) # Verify that retrieving policy works too. policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) if not policy_blob: raise error.TestError('Failed to retrieve stored policy')
def run_once(self): pkey = ownership.known_privkey() pubkey = ownership.known_pubkey() sm = session_manager.connect(self._bus_loop) if not sm.StartSession(ownership.TESTUSER, ''): raise error.TestFail('Could not start session for owner') poldata = policy.build_policy_data(self.srcdir, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]'), proxies={'proxy_mode': 'direct'}) policy_string = policy.generate_policy(self.srcdir, pkey, pubkey, poldata) policy.push_policy_and_verify(policy_string, sm) retrieved_policy = policy.get_policy(sm) if retrieved_policy is None: raise error.TestFail('Policy not found') policy.compare_policy_response(self.srcdir, retrieved_policy, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]'), proxies={'proxy_mode': 'direct'}) try: # Sanity check against an incorrect policy policy.compare_policy_response(self.srcdir, retrieved_policy, owner=ownership.TESTUSER, guests=True, whitelist=(ownership.TESTUSER, '[email protected]'), proxies={'proxy_mode': 'direct'}) except ownership.OwnershipError: pass else: raise error.TestFail('Did not detect bad policy') try: sm.StopSession('') except error.TestError as e: logging.error(str(e)) raise error.TestFail('Could not stop session for owner')
def run_once(self): pkey = ownership.known_privkey() pubkey = ownership.known_pubkey() # Pre-configure some owner settings, including initial key. poldata = policy.build_policy_data(self.srcdir, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]')) policy_string = policy.generate_policy(self.srcdir, pkey, pubkey, poldata) policy.push_policy_and_verify(policy_string, self._sm) # grab key, ensure that it's the same as the known key. if (utils.read_file(constants.OWNER_KEY_FILE) != pubkey): raise error.TestFail('Owner key should not have changed!') # Start a new session, which will trigger the re-taking of ownership. listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) listener.listen_for_new_key_and_policy() self._cryptohome_proxy.mount(ownership.TESTUSER, ownership.TESTPASS, create=True) if not self._sm.StartSession(ownership.TESTUSER, ''): raise error.TestError('Could not start session for owner') listener.wait_for_signals(desc='Re-taking of ownership complete.') # grab key, ensure that it's different than known key if (utils.read_file(constants.OWNER_KEY_FILE) == pubkey): raise error.TestFail('Owner key should have changed!') # RetrievePolicy, check sig against new key, check properties retrieved_policy = self._sm.RetrievePolicy(byte_arrays=True) if retrieved_policy is None: raise error.TestError('Policy not found') policy.compare_policy_response(self.srcdir, retrieved_policy, owner=ownership.TESTUSER, guests=False, new_users=True, roaming=True, whitelist=(ownership.TESTUSER, '[email protected]'))
def run_once(self): # Initial policy setup. poldata = policy.build_policy_data(self.srcdir) priv = ownership.known_privkey() pub = ownership.known_pubkey() policy.push_policy_and_verify( policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm) # Force re-key the device (priv, pub) = ownership.pairgen_as_data() policy.push_policy_and_verify( policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm) # Rotate key gracefully. self.username = (''.join(random.sample(string.ascii_lowercase, 6)) + "@foo.com") password = ''.join(random.sample(string.ascii_lowercase, 6)) self._cryptohome_proxy.remove(self.username) self._cryptohome_proxy.mount(self.username, password, create=True) (new_priv, new_pub) = ownership.pairgen_as_data() if not self._sm.StartSession(self.username, ''): raise error.TestFail('Could not start session for random user') policy.push_policy_and_verify( policy.generate_policy(self.srcdir, key=new_priv, pubkey=new_pub, policy=poldata, old_key=priv), self._sm) try: self._sm.StopSession('') except error.TestError as e: logging.error(str(e)) raise error.TestFail('Could not stop session for random user')