Home | History | Annotate | Download | only in login_RemoteOwnership 
      1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 import logging, random, string, os
      6 from dbus.mainloop.glib import DBusGMainLoop
      7 
      8 from autotest_lib.client.bin import test, utils
      9 from autotest_lib.client.common_lib import error
     10 from autotest_lib.client.common_lib.cros import policy, session_manager
     11 from autotest_lib.client.cros import cros_ui, cryptohome, ownership
     12 
     13 
     14 class login_RemoteOwnership(test.test):
     15     """Tests to ensure that the Ownership API can be used, as an
     16        enterprise might, to set device policies.
     17     """
     18 
     19     version = 1
     20 
     21     def setup(self):
     22         os.chdir(self.srcdir)
     23         utils.make('OUT_DIR=.')
     24 
     25 
     26     def initialize(self):
     27         # Start with a clean slate wrt ownership
     28         ownership.restart_ui_to_clear_ownership_files()
     29         super(login_RemoteOwnership, self).initialize()
     30 
     31         bus_loop = DBusGMainLoop(set_as_default=True)
     32         self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
     33         self._sm = session_manager.connect(bus_loop)
     34 
     35 
     36     def run_once(self):
     37         # Initial policy setup.
     38         poldata = policy.build_policy_data(self.srcdir)
     39         priv = ownership.known_privkey()
     40         pub = ownership.known_pubkey()
     41         policy.push_policy_and_verify(
     42             policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
     43 
     44         # Force re-key the device
     45         (priv, pub) = ownership.pairgen_as_data()
     46         policy.push_policy_and_verify(
     47             policy.generate_policy(self.srcdir, priv, pub, poldata), self._sm)
     48 
     49         # Rotate key gracefully.
     50         self.username = (''.join(random.sample(string.ascii_lowercase,6)) +
     51                          "@foo.com")
     52         password = ''.join(random.sample(string.ascii_lowercase,6))
     53         self._cryptohome_proxy.remove(self.username)
     54         self._cryptohome_proxy.mount(self.username, password, create=True)
     55 
     56         (new_priv, new_pub) = ownership.pairgen_as_data()
     57 
     58         if not self._sm.StartSession(self.username, ''):
     59             raise error.TestFail('Could not start session for random user')
     60 
     61         policy.push_policy_and_verify(
     62             policy.generate_policy(self.srcdir,
     63                                    key=new_priv,
     64                                    pubkey=new_pub,
     65                                    policy=poldata,
     66                                    old_key=priv),
     67             self._sm)
     68 
     69         try:
     70             self._sm.StopSession('')
     71         except error.TestError as e:
     72             logging.error(str(e))
     73             raise error.TestFail('Could not stop session for random user')
     74 
     75 
     76     def cleanup(self):
     77         # Best effort to bounce the UI, which may be up or down.
     78         cros_ui.stop(allow_fail=True)
     79         self._cryptohome_proxy.remove(self.username)
     80         cros_ui.start(allow_fail=True, wait_for_login_prompt=False)
     81         super(login_RemoteOwnership, self).cleanup()
     82