1105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 2105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone# Use of this source code is governed by a BSD-style license that can be 3105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone# found in the LICENSE file. 4105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 55d010aa50a0694d498e8317fd8044e56474ce7edChris Masoneimport gobject, os 664170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masonefrom dbus.mainloop.glib import DBusGMainLoop 7105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 8105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masonefrom autotest_lib.client.bin import test, utils 9d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masonefrom autotest_lib.client.common_lib import error 10e0b08e6170b57f90262726eb7f04e059cb47419cHsinyu Chaofrom autotest_lib.client.common_lib.cros import policy, session_manager 11e0b08e6170b57f90262726eb7f04e059cb47419cHsinyu Chaofrom autotest_lib.client.cros import constants, cros_ui, cryptohome, ownership 12105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 13105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 14d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masoneclass login_OwnershipRetaken(test.test): 15d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone """"Ensure that ownership is re-taken upon loss of owner's cryptohome.""" 16105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone version = 1 17105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 18105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone _tempdir = None 19105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone _got_new_key = False 20105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone _got_new_policy = False 21105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 22105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone def setup(self): 23105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone os.chdir(self.srcdir) 24105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone utils.make('OUT_DIR=.') 25105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 26105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 27105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone def initialize(self): 28105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone super(login_OwnershipRetaken, self).initialize() 29d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone # Start clean, wrt ownership and the desired user. 30a2b32851e8716f188dde273c73f4c76058bbd289Chris Masone ownership.restart_ui_to_clear_ownership_files() 31d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone 3264170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone bus_loop = DBusGMainLoop(set_as_default=True) 3364170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop) 3464170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone self._cryptohome_proxy.remove(ownership.TESTUSER) 3564170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone 3664170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone self._sm = session_manager.connect(bus_loop) 37105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 38105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 39105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone def run_once(self): 40105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone pkey = ownership.known_privkey() 41105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone pubkey = ownership.known_pubkey() 42105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 43105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone # Pre-configure some owner settings, including initial key. 44d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone poldata = policy.build_policy_data(self.srcdir, 45d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone owner=ownership.TESTUSER, 46d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone guests=False, 47d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone new_users=True, 48d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone roaming=True, 49d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone whitelist=(ownership.TESTUSER, 50d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone 'a@b.c'), 51d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone proxies={ 'proxy_mode': 'direct' }) 52d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone policy_string = policy.generate_policy(self.srcdir, 53d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone pkey, 54d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone pubkey, 55d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone poldata) 5664170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone policy.push_policy_and_verify(policy_string, self._sm) 57105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 58105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone # grab key, ensure that it's the same as the known key. 59105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone if (utils.read_file(constants.OWNER_KEY_FILE) != pubkey): 60a175e52efd0272340e93f71ab54dd02766659baaChris Masone raise error.TestFail('Owner key should not have changed!') 61105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 62105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone # Start a new session, which will trigger the re-taking of ownership. 633d68fe8213ef86684d7911f889d56d1345bf3272Chris Masone listener = session_manager.OwnershipSignalListener(gobject.MainLoop()) 643d68fe8213ef86684d7911f889d56d1345bf3272Chris Masone listener.listen_for_new_key_and_policy() 6564170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone self._cryptohome_proxy.mount(ownership.TESTUSER, 6664170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone ownership.TESTPASS, 6764170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone create=True) 6864170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone if not self._sm.StartSession(ownership.TESTUSER, ''): 693d68fe8213ef86684d7911f889d56d1345bf3272Chris Masone raise error.TestError('Could not start session for owner') 70105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 713d68fe8213ef86684d7911f889d56d1345bf3272Chris Masone listener.wait_for_signals(desc='Re-taking of ownership complete.') 72105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 73105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone # grab key, ensure that it's different than known key 74105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone if (utils.read_file(constants.OWNER_KEY_FILE) == pubkey): 75105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone raise error.TestFail('Owner key should have changed!') 76105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 77105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone # RetrievePolicy, check sig against new key, check properties 7864170f8e7053f92f4bbad501c61a352fdabf6d82Chris Masone retrieved_policy = self._sm.RetrievePolicy(byte_arrays=True) 79105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone if retrieved_policy is None: 803d68fe8213ef86684d7911f889d56d1345bf3272Chris Masone raise error.TestError('Policy not found') 81d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone policy.compare_policy_response(self.srcdir, 82d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone retrieved_policy, 83d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone owner=ownership.TESTUSER, 84d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone guests=False, 85d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone new_users=True, 86d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone roaming=True, 87d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone whitelist=(ownership.TESTUSER, 'a@b.c'), 88d976e0ed3cb28e532f15826c5071149b8fabeaf8Chris Masone proxies={ 'proxy_mode': 'direct' }) 89105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 90105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone 91105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone def cleanup(self): 92105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone if self._tempdir: self._tempdir.clean() 939fef4639415a0481373e073f40b7c32ed93a99b5Chris Masone cros_ui.restart() 949fef4639415a0481373e073f40b7c32ed93a99b5Chris Masone self._cryptohome_proxy.remove(ownership.TESTUSER) 95105706efb7ebc97575dafd7a92bb815f79d8bb47Chris Masone super(login_OwnershipRetaken, self).cleanup() 96