Home | History | Annotate | Download | only in login_SavePassword 
      1 # Copyright 2018 The Chromium OS Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 import json
      6 import os
      7 
      8 from autotest_lib.client.bin import utils
      9 from autotest_lib.client.common_lib import error
     10 from autotest_lib.client.cros.enterprise import enterprise_policy_base
     11 
     12 
     13 class login_SavePassword(enterprise_policy_base.EnterprisePolicyTest):
     14     """
     15     Test to make sure that during logon, the user's password is defined in the
     16     keyring if and only if the ${PASSWORD} variable is defined in the user's
     17     OpenNetworkConfiguration policy.
     18 
     19     """
     20 
     21     version = 1
     22 
     23     def initialize(self):
     24         """
     25         Initialize this test.
     26 
     27         """
     28         super(login_SavePassword, self).initialize()
     29 
     30     def run_once(self, onc_definition, expect_password):
     31         """
     32         Run the test.
     33 
     34         @param onc_definition: Filename containing an OpenNetworkConfiguration
     35                                definition.
     36 
     37         @param expect_password: True if the password is expected to be present
     38                                 in the keyring, False otherwise.
     39 
     40         """
     41         with open(os.path.join(self.bindir, onc_definition)) as f:
     42             data = json.load(f)
     43         self.setup_case(user_policies={'OpenNetworkConfiguration': data})
     44 
     45         # Check the /proc/keys file to see if a password key is defined.
     46         password_file_cmd = 'cat /proc/keys | grep password:'
     47         try:
     48             output = utils.run(password_file_cmd).stdout
     49             # If there is a password key, check to see the password is the same.
     50             saved_password = utils.run("keyctl pipe 0x" +
     51                                        output.split(" ")[0]).stdout
     52             # self.password is set by the base class
     53             if expect_password and saved_password != self.password:
     54                 raise error.TestFail(
     55                         'Password is not saved for ONC with ${PASSWORD} '
     56                         'variable. Expected: %s Saved: %s',
     57                         self.password, saved_password)
     58             elif not expect_password and saved_password:
     59                 raise error.TestFail(
     60                         'Password is saved but ONC did not have ${PASSWORD} '
     61                         'variable')
     62         except error.CmdError:
     63             if expect_password:
     64                 raise error.TestFail(
     65                         'Password is not saved for ONC with ${PASSWORD} '
     66                         'variable')
     67